I’m attempting to create a game that allows you to write notes to yourself.
My question is if I were to encrypt the text before saving it, rendering anyone, including me, impossible to read it, would I need to filter it due to COPPA/Roblox’s ToS?
I intend to encrypt the text by randomly generating a passphrase server-side, and asking the user to write it down somewhere safe. I’m not allowing the user to create their own. I will repeatedly tell the user not to tell others their passphrase. This is based on Public-key cryptography.
Regardless of what you want to do, the hard-and-fast rule here is to look at the circumstances sans your encryption system as, in the end, that’s irrelevant to determining if filtering is required.
You are permitted to store any strings in your DataStore as well as work with them on the server since you need them to make your game function in the first place, but at any point if the client needs access to said string to display it, it must be filtered first. Text pulled from a DataStore that will be displayed to the user must be filtered irrespective of what systems are applied to that string before it’s sent.
In short: yes, you still need to filter them even if they are encrypted before showing them to the client. You can save raw strings or save an encrypted string, absolutely. Once you pull that encrypted string from a DataStore whether you decrypt it or not with the intention of sending it to the client to be displayed, it must be filtered.
If I were to encrypt it in a way that saved it as a string of random words that wouldn’t be filtered, e.g., “Hello!” is saved as “real north game shape finish age pay rather invent continent”. Then “real north game shape finish age pay rather invent continent” is shown to the client.
Then, as they enter their passphrase, it is slowly decrypted, client-side. I don’t want to push the limits, but I also don’t want to abandon this project, as I’ve fallen in love with the idea.
“real north game shape finish age pay rather invent continent” must be filtered because it is pulled from the DataStore and then shown to the client. The same case would be applicable if you just pulled “Hello!” from the DataStore.
Any client-based input that is saved to a DataStore must be filtered when it’s taken out and then given to the client, no limits, even if the text in the end is only visible to the client and not others.
You are indirectly saving the client’s input by encrypting something they typed, no? Direct or indirect, you’re saving something that a client typed and displaying it to them in a later session. That’s enough information to say that you still need to filter it after pulling it from storage, whether or not the text that’s shown is encrypted or not.
The encryption part may be presenting confusion or complexity to the root question which is if you should be filtering or not after pulling a string from storage that will be sent to the client. Systems aside, this flow is the fundamental part of things. And the answer is yes, it must be filtered. You cannot pull a string from your storage and display it without filtering it, whether or not it goes through your encryption system.
You won’t need to filter after the string is encrypted, so you can go directly from Encrypted String to Save Encrypted String without the Filter Encrypted String stage. The issue is Load Encrypted String. That is where Filter Encrypted String belongs, after Load Encrypted String and before Display Encrypted String.
So, it’s fine if I filter the encrypted string after I load it?
In-text form:
The user enters “Hello!” in this system.
I give them a passphrase to write down.
The user leaves after doing this.
I encrypt “Hello!” with the passphrase.
I save this encrypted text. Not the raw text.
The user comes back.
I filter the encrypted text.
The filtered, still encrypted, text is shown. “real north…”
The user inputs their passphrase. “Test Passphrase…”
A script uses this passphrase to decrypt the now shown, filtered, encrypted text, into decrypted text.
The user is shown decrypted text. “Hello!”
Yep, that’s what I’ve been saying. Filtering is required when you load the string, not when you save it. The flow you’ve transcribed here is fine. Just for safety’s sake I would also filter the post-decrypted text as a user could decrypt text containing inappropriate language and you would be held accountable. So that’d add one more step here:
A script uses this passphrase to decrypt the now shown, filtered, encrypted text, into decrypted text.
(Added) The decrypted text is filtered.
The user is shown the above filtered, decrypted text. “Hello!”
