Introducing: Plugin Marketplace!

Personally I think this is impossible for Roblox to support. There is no good solution.

1. If plugins are closed source people will stop using them.
2. If plugins sources are visible when you purchase them Roblox plugin pirating will be a genuine thing that can’t be protected against.
3. If plugin sources are not visible before purchasing how will people know it’s a scam, virus, backdoor, etc.
4. If the plugin is malicious how can anyone verify this to report it without wasting money?
5. If Roblox moderators have access to plugin source what happens if a moderator’s account is breached? Can’t plugins then be downloaded by the attacker for free and leaked to the public?

And as I stated above, what’s preventing them from then leaking the source they downloaded as a free trial? It must be closed source to prevent this but that defeats the purpose since backdoors can still be hidden.

My thoughts on the matter.

As many have already stated, there’s simply no good way to ensure that your release will not be copied and redistributed for free. Since the dawn of UGC on the platform, this has always been an issue. Take the clothes catalog for example. No matter what you search for, you’re sure to find about a thousand (or more) blatant copies. In the modern catalog, it is impossible to find original work, and ROBLOX’s moderation hasn’t proven itself capable of dealing with this in the slightest.

This leaves two potential avenues here.

The First Avenue: ROBLOX could allow the source of Plugins to be private. Personally, I, like many others, take the additional time to vet a developer’s Plugins before allowing them onto the project. Why? Because I recall the events that took place before the removal of Private Modules, and I understand that the risk is far too great to ignore. To ensure that you understand the vitality of my point, let’s come up with a hypothetical here:

It’s nearing Christmas, and a front-page developer wants to monetize on this by pushing a Holiday themed update. Knowing that a half-baked retexture would be frowned upon by their community, the developer contacts a trusted builder to redecorate their game. The builder joins the studio, decorates, and then leaves. Satisfied with the builder’s work, the developer pays them, pushes the update, and goes to bed. When they wake up, they return to their computer and find that their account had been terminated. They contact ROBLOX, but the damage had already been done. In this timeframe, they’ve lost the majority of their player base, and rumors were spreading around like wildfire. What happened? The builder that the developer had hired was using a highly recommended Private Plugin for artificial lighting. As the builder was working, the Plugin silently embedded a line of obfuscated, malicious code into the source an existing Script. When the game was published, players began flooding into the new version. Shortly after, the keeper of this Plugin was notified that his malicious code made its way into a front-page game. As the developer slept, they then triggered a payload, resulting in the game prompting gullible users for their password. Many of which happily complied. By the time ROBLOX shut the game down, hours had passed, and the keeper had exploited the developer’s community to compromise thousands of accounts.

I’ve seen discussion regarding the idea of sandboxing Plugins, however, this was already brought up as a case before Private Modules were removed. It wasn’t feasible then, it’s likely not feasible now.

The Second Avenue: ROBLOX sandboxes the publishing of plugins (free or not) to a small subset of players. As the Library stands, it inspires a safe way for Players to install and distribute assets. If this transpired, it would send the distribution of Plugins back to how it was in 2012, where players would have to host Plugins for download on potentially malicious third party sites. A change like this would murder the feature in its entirety.

In summary
I see no possible way that this feature can be executed without problematic reception. This is not a model that can succeed on ROBLOX, and this dreadful line of thinking will only platform havoc.

I don’t agree with this. If Roblox created a powerful feature for sandboxing plugins (i.e. controlling exactly what they can do) then I think closed source plugins will be perfectly acceptable.

You could say the same about someone who pays for a plugin, and tries to leak it.

It was always feasible to sandbox private modules, the issue was that there was so much public demand for them to be removed that Roblox didn’t have the time or resources to spend months upon months creating a sandbox system for them.

Roblox is 100% capable of doing it for both plugins and private modules, it’s just a matter of how technically complicated it is and how much reward there is for the cost.

That’s exactly why I started developing my own plugin at one point. The plugin used my sandbox (titled H3x because I have terrible naming skills ) to execute plugins in a simulated environment which was indistinguishable from a real environment. My prototype didn’t allow for much without editing plugin source but I came up with ways to

1. Create a simulated copy of the place similar to Sandboxie sandboxes.
2. Detect access to certain maliciously used or performance impacting functions (notably getfenv)
3. Pretend to execute code plugins insert in a live server in the sandbox to allow detection of backdoors which only activate in live servers
4. A lot of other ideas

If Roblox makes plugins closed source I will not be using a majority of plugins anymore, my own plugin’s progress will be pointless, and I know others will feel the same way. I simply cannot trust Roblox to provide the tools and control I want in plugins and honestly I don’t want to support plugins if I can’t see what they are doing even if I can control what they’re doing.

Which I did. That’s my point. The free trial idea only makes this easier and allows anyone to load the plugin offline and make edits.

Is the robux that you get form selling plugins devexable?

Yeah but then the plugin creator is limited, and ROBLOX can’t really “sandbox” plugins and make them useful at the same time then.

image697×206 9.78 KB

Jokes aside, that’s what I would hope the plugin marketplace would be. A reasonable amount of Robux for something that makes your life more interesting or better. I’m hoping it won’t become a paywall for new developers, because I can easily see it being a deal breaker if the first thing people see is that they have to pay to get good plugins. My first impression is that it will be exactly that though.

(In case it wasn’t clear I was joking about 10 robux for a fun plugin being extortion. Please no flag.)

Likes or dislikes, downloads, can be botted. As many assets found in Toolbox and in other places on Roblox

Sorry about that, and thanks for your report. This feature was temporarily disabled while we fix the moderation query.

I personally dislike this update, if plugins start costing robux it’ll likely be impossible to find a free or cheap plugin that’s actually decent in a few years. Plugins like F3X will possibly cost 200-500…which is unfair to any future developers.

Not to mention that plugins usually get abandoned or broken after less than a year, plus the plugins with prices look so low-effort anyway.

And these 5 overpriced plugins that cost robux appeared on the develop page like a day after this update happened. How many more of these are gonna pop-up on the catalog after a year? Hundreds?

I mean, come on.

25 robux to copy and paste trees?

250 robux to place avatars in Roblox Studio?

30 robux to put models in a game?

I dont want hundreds of these useless plugins clogging up the develop page in a year, the plugin thing they’re going for will just end up like clothing.

What about the people that just build to experiment or to make models for everyone to use? Do they need Premium to do a decent job?

What’s stopping people from just using Blender or Youtube tutorials to build what they want anyway? All this will do is just drive people AWAY from Studio.

Heck, no one buys clothing anymore because of the garbage the whole catalog goes through now. The same thing will just happen to Plugins.

k71581×868 200 KB

If something like this will be done anyway, just do it right.

-Make the price limit low for the public, like 300 or 400.

We dont need to spend 10 dollars on something that can be accomplished by looking at a Youtube video.

-Make it so only well-known developers can sell expensive plugins.

As long a well-known experienced Dev is working on the plugin, it’s likely legit and worth the expensive price. ( Unless it comes off as low-effort by glancing at the title and description. )

-Add a plugin demo that lasts for 10 minutes.

People can get tricked into buying a garbage plugin, because of this. We need some way to insure that whatever we choose is the right choice.

-Make it so broken plugins are no longer sellable.

New updates ALWAYS break something. So a system that scans the code of a plugin to see if it’s properly functioning or not is very helpful. If the code is botched and no longer working, whatever plugin it scans should automatically be marked as offsale. At least until a fix is made.

I dont look forward to this, but if at least one of these suggestions make it into the update. It has a chance to succeed.

I’m more concerned about free plugins that are used by lots of developers suddenly becoming paid, especially devs who are starting out and can’t buy it (because they, say, used all of their robux on audios, ads and what not.)

I’m all for selling more things in the marketplace, but this ain’t it in my opinion. Plugins have been free for so long and just making them paid with very little fore-warning is pretty bad. I’m all for letting NEW plugins become paid, but old plugins should stay free no matter what. This is so developers don’t lose access to plugins they depend on and may not be able to pay for at the time, stopping their workflow, even if only temporarily. This will only create competition as people will just make their own versions of paid plugins to release, or modify “lite” / free versions to have the features of the “pro” versions. Not only this, but what’s stopping people from scamming? We see this with paid access games, it will for sure happen with paid plugins, too.

This just ain’t it imo

I mean this is cool because it allows for devs to be supported for their plugins BUT how will you enforce a restriction on pirated plugins? Like if Dave (for example) paid for plugin ‘A’, what is stopping Dave from re-releasing to the public for free?

Can people stop repeating the same points?

This is going to turn out just like the private modules thread at this rate. Everyone is saying the exact same thing. I’m sure the admins are already well aware of our concerns, so can we stop repeating everything? This thread will get clogged with the same stuff instead of new arguments for/against the update.

@orangewarrior78

This won’t work because if you send the plugin to the user, even for 10 minutes, the source is on their PC and it will be easy to steal it and get the plugin for free.

Impossible to support solving all problems? Yes. We are just going to have to deal with inevitable problems that will plague marketplaces. The marketplace is an opt in system. If you don’t want to deal with the inherent problems with selling software, you don’t have to! Nobody in any industry has solved such fundamental problems.

Its unfair to the creators to not get the option to monetize their work.

Its up to the consumer to know what they are buying. To help this all plugins should allow multiple images and video links like game pages do. Nobodys going to buy assets off the Unity marketplace unless there is an actual showcase for it.

My problem is more that I will no longer have access to a lot of plugins and there’s not any way for me to easily trust them at all. People will abuse the system a lot and it’s going to create a lot of mess. I will genuinely just stop using plugins or at least limit myself to free ones assuming they do not change anything related to free ones if there are issues.

This is why no plugin should ever be closed source. You are paying for the code and should get full right to see the code and modify it to your hearts content. Imagine buying a car but not being allowed to look at the engine. I don’t consider piracy a big enough reason to counter this.

You took the plugins while they were free. They are on your system right now. The current version are yours to keep and modify. Roblox can’t change this.