If you need any specific features just reply to that thread with your asks. (guessing you need group management API or so?)
The issue is that in this instance, the change is actually highly beneficial for 95% of users (regular users who are often the target of cookie theft). It’s worth making this change for that reason. I’m certain you’ll figure out how to work around this constraint in the mean-time. For example you could rent a cloud machine with a fixed IP to get around the issue.
Most of the features that would be most commonly used are either unreleased or in “planning” which in ROBLOX terms could mean anything. There is zero reason to not have made this change optional it would take seconds of effort and if the attacker were able to get into someones account to make the change then they wouldn’t have needed it anyway because they’re ALREADY in the account.
The issue is that in this instance, the change is actually highly beneficial for 95% of users (regular users who are often the target of cookie theft)
This won’t change a thing, still see cookies being logged by people who have circumvented the system or a shift to just people stealing account credentials/emails which is soooo much better. This was a reactionary update to the bad PR regarding ROBLOX outsourced support helping bad actors get account information behind the scenes to cover their you-know-whats and it’s obvious.
Back to reality: recommend just setting up a few feature requests for the endpoints you need to reach via ApiKey. It’s not worth your time to waste energy on “big bad corp” stories, let’s be constructive.
To be entirely clear: I’m talking about the tinfoil-hattery that for some reason this change would be related to that. It’s “big bad corp” talk that isn’t based on anything.
Can assure you this change was made for security reasons, not to counter bad press lol.
For those of you looking for a “free” option, Google Cloud includes a e2.micro VM in its Always Free Tier along with one static IP. However, you have to select HDD as its persistent disk.
Link to the relevant Free Tier section: Google Cloud Free Program
A word of caution, this is what is available (not my recommendation). Google can change its free tier at will, so might wanna be careful. Unfortunately, you will need a credit card for the purpose of verification.
Oh no no, this is a solution without considering the 300$ you get in the free trial. It uses services from Google’s forever free tier, so you should not be charged for minimal stuff. Then again, if one is doing stuff at scale, they should not be expecting to get it done for free.
I really hope roblox adds this feature. I have roblox groups that i need to have a bot for. Cafe groups need an application/job center and i have purchased both of those from EasyRanks. If this doesnt get fixed ive lost all hope…
Ok, so regarding this feature, it is good and bad.
This is going to break a ton of ranking services/management, games, etc. The thing is Roblox has not even announced the change or a notice which is annoying. This is going to cause major problems with ranking services as the ranking services will get a high amount of tickets. But this helps security as well.
I really suggest Roblox add a feature in Security allowing you to change it to bypass this change. However, you would need an Account Pin and a Verified Email linked to the account to do this.
I think it is great update as it adds more security against people hacking accounts the only issue is off course it breaking ranking services (I know from experience cuz currently my system is not working I created).
What I would personally love to see from Roblox is to support us developers more by having like an API key or smthing. I heard the open cloud thing but I don’t think it currently really supports the web endpoints at all and I think that it would be great if they could support us using the web API via some type of system. (I will link where you can create one: https://create.roblox.com/credentials). Most companies have something like this as an example the twitter API and the trello API which is supported directly by these companies.
I have a ranking bot which was broke thanks to this update. I use JavaScript with discord.js and noblox to make it pretty much. My bot also does other ROBLOX related things, all of which no longer work.
Bots still can work with a VPN AS LONG AS YOU HAVE A STATIC IP! You can use an SSH terminal to get the cookie from the VPN’s IP (bit more complicated than that but this isn’t a tutorial).
It’s a problem when it comes to having a dynamic IP, if using something like Repl or Glitch. You won’t have it working using these most likely.
Personally, I think this is the worst feature to ever be implemented into Roblox. It’s well known that young kids don’t remember their passwords, as well as parents who set up the account. So picture yourself as a 6-year-old. You’re going to your friend’s house… You take your little iPad or whatever. When you connect to your friend’s network you’re gonna be logged out, and potentially lose months of work. Or even if your in your own home, if the power goes out and your router is offline for over around 8 hours, most IPS will assign another IP automatically which would trigger a cookie reset. Now that we have seen this is detrimental to young kids, let’s explore how much this will be hurting botters or cookie loggers. Now, it won’t require any exploits to get around this… simply use a VPS (a VPS is not a VPN) like digital ocean, set up a private proxy, and then that could be used to bypass the cookie situation at least for botters. Now for cookie loggers, it would be a bit more difficult but also easy. It is worth noting that most cookie loggers don’t actually create the cookie logging programs, so it will take a few months for this to get implemented. But they could easily bypass this by hosting a proxy on the victim’s device, and that should be enough time to steal all the items. It wouldn’t even need to be port forwarded, Cloudflare provides options to give port forwarding effects without opening ports. All in all, this is essentially a completely WORTHLESS implementation, but at least Roblox is trying.
