This is great news. I hope bans can also be implemented in groups as originally promised.
Upon reading about the API, I have a few concerns:
We also expect developers to post their experience rules somewhere accessible to all users, and provide a way for users to appeal.
What would Roblox recommend as an appeal process? A lot of games use Discord. However, Discord is only allowed for users 13 years old and older, which Roblox knows.
Additionally, rule lists are typically numbered to allow players to easily refer to specific rules. This next part concerns me:
If the message is text filtered, the request will fail and the ban will not be applied.
This part seems flawed. I’d like to hear more details about this. Developer-made bans that exist currently allow the message, but filters it so it sends while being tagged. I believe this is a much better option than to refuse to initiate the ban at all. This is especially concerning with flaws in the filter, which can include the flagging of rule numbers.
No such thing as a perfect anticheat, there will be flaws in any one of them. if this were the case then I would assume (hopefully) that roblox would be able to and apply such a thing already
regardless of how flawed it is, there is the outlined issue of players not being able to appeal due to these factors regardless of the efficency of the anticheat. simply ignoring an audience is a bad call especially if that audience is the target audience for your game
Most likely that account is a throwaway exploiting account. There are no traces to the main account, and the user could still be spending hundreds of robux on the game on their game.
simply kicking the user, especially if they were an exploiter, likely makes it easier to just identify and work around whatever is triggering the kick. kicking them allows for easy trial and error
if the kicks were logged to the developer in some way, this is less of an issue since they can identify the trend and ban them manually but this doesnt make this system any less vulnerable. banning them is also more “automated” than manually unbanning users. assuming the anticheat is somewhat consistent, you’d be saving more time unbanning the occasional flaw over manually catching and banning every exploiter that shows up, the traffic of which can vary but is still a consideration to apply
and this is only looking at exploiters, there may be more people removed depending on whatever rules the developer has for their game
you could probably add a counter that counts the amount of times a player is kicked before banning them to alleviate this but depending on how this is set up, the exploiter could either reset this value anyway and if not, still has some room for trial and error.
I think a general rule of thumb when it comes to cyber security is that nothing is perfectly safe. someone could break into anything if they have the resources and knowledge to do so. Securities online act as deterrents, not absolute solutions
like a lock, it may keep people out but someone who really wants to get past it could brute force / destroy it or just lockpick it.
The idea you suggested is great but it’s too hacky as well, some developers detect if exploiters set their walkspeed on client and just straight up ban them if the walkspeed has changed whatsoever to a unliking value.
Can I prevent the “error” of a banned player from showing up in the error analytics on the creator hub? It’s flooding and it makes the page harder to use. I didn’t have any ban system setup before this because kicking players had the same problem.
Roblox moderators rarely join the experience to moderate it. They actually have access to viewing its contents. There is also automatic moderation when you write code, where inappropriate things can be flagged for manual moderation.
The idea is very interesting though, but really there’s no way to prevent admins from moderating you. Also admins have many alt accounts, look at some of their QA groups which are littered with them.
i’m pretty sure injectors have the ability to hide this but i’ve never used one myself so I couldn’t confirm. I vaguely remember seeing this mentioned on another thread but I can’t find it so take this as an extremely loose assumption
Banning a player for having too high a speed is easy to avoid by just identifying what the maximum speed was. Setting it to a value like 9999 can be easily bypassed if they just set it to 9998. of course, you can more easily identify what the maximum speed a player can achieve through your game if the game itself barely touches / edits playerspeed (in which case just check if its higher than 16.)
some developers also check the velocity of which the player is moving at rather than the walkspeed, since how fast you’re moving doesn’t change the walkspeed of the player. if a player is accidentally flung (which does occur on some games,) then this is accidentally triggered and leads to a false kick / ban
note that if the exploiter does use this ^^, any security set up for walkspeed changes is now nullified completely. I think this gets my point across about solutions being bypassed with the right thinking
if detecting a large change triggers it then they can also just fire the same remoteevent multiple times instead of making one large change. though this is avoided by sanity checks which i believe.
I know you only provided examples but my point is that any anticheat could be bypassed with the right tools and the know-how to think outside the box. again, they act as deterrents more than actual solutions. any example provided could probably also be countered with another point which is then countered with another point and then you enter a looping spiral between trying to build a wall against the problem and the problem just going through whatever new holes you’ve created.
TL;DR: people should probably always factor the fact their systems can fail, which links back to my main point. people should be able to appeal regardless of any factors such has being unable to join discord or whatever other sites were suggested.
Not sure if this is intended behavior but existing alts do not receive a ban if a main account is banned with ExcludeAltAccounts as false. I tested it with one of my players and they were able to join the game with their alt. Same IP and HWID.
Do note that this can be viewed through features such as changing who can join your game (when games are put under review, nobody can join them) etc.
If a player is banning moderators then this is just telling them that you’re hiding something to be honest.
as for the webside obfuscation, I don’t actually have a lot of knowledge on this, if any so I wouldn’t be able to awnser your question on that matter but I’m sure there are threads that dicuss this exact topic that could either act as support for your concerns or alleviate it by expressing what roblox does as workarounds for that issue