I’m slightly late to this thread, but this update is terrible for developers. Any sort of application that requires cookie authentication will break or be unable to be updated.
Discord bots, group automation, literally everything. It would make sense for Roblox to speak to developers on something like this before rolling it out, or at least make us aware of it.
-Bots and automation site-wide for genuine dev use cases have been destroyed
-Account theft has not only not been stopped but has INCREASED due to impersonator scammers on Discord taking advantage of all the chaos.
-Absolutely zero announcements or clarification from ROBLOX about what’s happening or what will be implemented to allow developers to do something in the meantime before Open Cloud becomes actually useful.
Completely puzzling, genuinely one of the worst ROBLOX updates in a long time, and dudes at the HQ are wondering why the stock is down 70% with decisions like this.
From someone who has worked with Roblox in the past:
You can’t expect something to completely stop an action. Bad actors will try to go with different routes. That’s why “good job, you fixed XYZ” jokes exist.
Also, if you give up your personal log in credentials to someone who claims to be popular or in exchange for goods, it’s just Darwinism at this point.
That’s what happens during A/B testing. If anything, we will get a response after they’re done gathering data.
It’s a hack sure but what else are developers supposed to use, like previous responders in this thread have mentioned it’s incredibly limited atm and incredibly selective to have your opinions/suggestions about that kinda stuff heard by ROBLOX. As per usual there’s such a disconnect between the platform and its developers.
If you need any specific features just reply to that thread with your asks. (guessing you need group management API or so?)
The issue is that in this instance, the change is actually highly beneficial for 95% of users (regular users who are often the target of cookie theft). It’s worth making this change for that reason. I’m certain you’ll figure out how to work around this constraint in the mean-time. For example you could rent a cloud machine with a fixed IP to get around the issue.
Most of the features that would be most commonly used are either unreleased or in “planning” which in ROBLOX terms could mean anything. There is zero reason to not have made this change optional it would take seconds of effort and if the attacker were able to get into someones account to make the change then they wouldn’t have needed it anyway because they’re ALREADY in the account.
The issue is that in this instance, the change is actually highly beneficial for 95% of users (regular users who are often the target of cookie theft)
This won’t change a thing, still see cookies being logged by people who have circumvented the system or a shift to just people stealing account credentials/emails which is soooo much better. This was a reactionary update to the bad PR regarding ROBLOX outsourced support helping bad actors get account information behind the scenes to cover their you-know-whats and it’s obvious.
Back to reality: recommend just setting up a few feature requests for the endpoints you need to reach via ApiKey. It’s not worth your time to waste energy on “big bad corp” stories, let’s be constructive.
To be entirely clear: I’m talking about the tinfoil-hattery that for some reason this change would be related to that. It’s “big bad corp” talk that isn’t based on anything.
Can assure you this change was made for security reasons, not to counter bad press lol.
For those of you looking for a “free” option, Google Cloud includes a e2.micro VM in its Always Free Tier along with one static IP. However, you have to select HDD as its persistent disk.
Link to the relevant Free Tier section: Google Cloud Free Program
A word of caution, this is what is available (not my recommendation). Google can change its free tier at will, so might wanna be careful. Unfortunately, you will need a credit card for the purpose of verification.
Oh no no, this is a solution without considering the 300$ you get in the free trial. It uses services from Google’s forever free tier, so you should not be charged for minimal stuff. Then again, if one is doing stuff at scale, they should not be expecting to get it done for free.
I really hope roblox adds this feature. I have roblox groups that i need to have a bot for. Cafe groups need an application/job center and i have purchased both of those from EasyRanks. If this doesnt get fixed ive lost all hope…
Ok, so regarding this feature, it is good and bad.
This is going to break a ton of ranking services/management, games, etc. The thing is Roblox has not even announced the change or a notice which is annoying. This is going to cause major problems with ranking services as the ranking services will get a high amount of tickets. But this helps security as well.
I really suggest Roblox add a feature in Security allowing you to change it to bypass this change. However, you would need an Account Pin and a Verified Email linked to the account to do this.
I think it is great update as it adds more security against people hacking accounts the only issue is off course it breaking ranking services (I know from experience cuz currently my system is not working I created).
What I would personally love to see from Roblox is to support us developers more by having like an API key or smthing. I heard the open cloud thing but I don’t think it currently really supports the web endpoints at all and I think that it would be great if they could support us using the web API via some type of system. (I will link where you can create one: https://create.roblox.com/credentials). Most companies have something like this as an example the twitter API and the trello API which is supported directly by these companies.