Improvements to Marketplace Safety

Yes they can, they just can’t add their ID again lol.

It’s likely that the ID would be blacklisted after an account termination.

How about introducing a different type of checkmark whether it’s a different color or whatever for Trusted Developers only, I’ll leave it to you guys decide who isn’t and who is a trusted developer.

I think this might be an addition to be considered, keeping the whole ID/phone verified creators will get a checkmark thing in mind.

If I’m not mistaken, non-ID voice chat is being rolled out gradually and is only available in random countries/regions at this time; I get that many people are excited for this but it could unfortunately also be problematic…

Why is Phone Number being used as a verification source when it actively hinders the security of your account.

It is still possible to reset your password through a phone number which opens the hole for SIM swap attacks like we saw last year in 2021.

To the people saying ID can be cross-referenced between accounts, it cant. Roblox doesn’t actively store that data on their servers as per their privacy policy.

While it does pose an attack risk, it may have simply been to make marketplace verification more accessible due to popular feedback against ID requirements for the marketplace.

This is won’t help with safety what so ever. Just because someone verifies themselves via ID or phone-number doesn’t mean that they’re trustworthy. I don’t judge trustworthiness off of a badge. I judge it off the character themselves.

This won’t help with safety, and honestly it just feels like a push for ID-Verification.

And speaking of ID-Verification, why is a phone required now? Why did you remove the ability to just upload a photo from your computer? Not everyone owns a smartphone. E.g. someone might only have a computer and isn’t old enough–and or cannot afford–to have a phone (By old enough I mean where they’re under 18 and unable to legally sign a contract for the phone).

Just curious what the point of removing it was.

Edit: I am glad to see that you’re working on improving safety, but I just think this doesn’t really do much (If anything) to improve it. I’m also glad to see we can now verify by phone number opposed to being forced to use an ID. However, I have a question, will phone verification allow you access to voice-chat? There are kids 10 and under with phones on plans, they would be able to use their number and get verified, correct? Glad you can use this option though, I still don’t have intent of verifying but I think this might be a slightly better method.

They did not remove ID verification, I think you can be either phone verified or ID-verified for the marketplace benefits (you do not have to do both). I just verified my phone (but not my ID) and I now have access to the increased limits (I still have the option to begin age verification though).

You’re missing the point.

Account security is not a thing you can just be naive about, if your phone number gets leaked and you have it tied to your Roblox account. You’re screwed.

As we saw. If you’re a high profile target. People are going to try and get into your account with any means they can, password stuffing, SIM swapping, etc.

Even if your account has barely any value, if someone wants your account for whatever reason, leaving such a backdoor open is a problem that needs to be fixed.

Even with 2FA, getting SIM swapped is not a pleasant experience, imagine having all your calls and texts go to someone else’s phone and now your phone reports as “No Carrier”. Have fun at the phone shop on that day.

This can all be avoided if phone-based password resets are removed from the website.

What I mean is that they can’t just create a new account and immediately upload to the toolbox and have their model be findable. If they can’t use their ID again, then they can’t have their assets be shown publicly again (at least with the default settings, according to the quote below).

Finally we got this added, it’s nice that I don’t even need an ID anymore but will this also gain 100 audio limits?

NVM FOUND IT LET’S GOOOO

I never said they removed it. I said they removed the ability to upload an image from desktop, and that you now are required to have a phone.

They could verify with fake numbers. I’m pretty sure there’s a site where you can generate a phone number and use it for stuff. (I don’t remember the name, but they probably wouldn’t have trouble getting around this).

Edit: Just did a quick google search and already found some stuff.

I don’t want to verify ID for privacy reasons. And for the phone number I don’t have that because you can reset password with it which opens up a security hole…

Maybe add using devex as a way to be verified too.

I like this change, however:

What will stop users from using a fake/temporarily phone number from a website to verify them self?

You can read verrifs privacy policy, they delete the image right after you verify. And it takes 1 minute it All done by a robot.

You still can if you open inspect and copy the link to the verification in the network tab.

Nothing… however random dudes uploading a couple models with a virus in them isn’t a big deal, that’s not what causes problems for the marketplace (they’ll eventually get banned).

What causes problems for the marketplace is dedicated attackers creating thousands of different accounts to spam the marketplace with bad models, and procuring thousands of fake/temporary phone numbers is significantly harder.

Good intentions, not so well executed.
As multiple people here said, having a verified phone number and/or email does not prove a person is trustworthy. I think it would be much better if there was a way that a model would be checked for malicious scripts prior to uploading it to the marketplace.

And regarding the verified check mark, I think it should be earned rather than obtained through verification. Similarly, how you earn trust on devforum, you should be able to get trust on the marketplace for posting amazing, original creations without any viruses in them, and those who do indeed upload creations with malicious scripts should be restricted or completely banned from the marketplace.

I honestly can say this was a good update. I am happy to see security updates being developed but not forcing those who cannot or don’t want to ID verify have an option to still use the platform on the same level as those who do. I know people are going to hate on this, but in my opinion, what’s wrong with having a filter on those who choose not to verity at all. I’d be unhappy if this was only for ID verified, but most people have phones these days so it gives everybody an option to be seen. It isn’t perfect, but it is a step in the right direction in my opinion.

Good change.