GeorgeTheRacer says the following message, he asked me to post because he is not a member of ROBLOX DevForum:
How to solve the problem of people “stealing” models and re-posting them.
If you buy a model, instead of showing up in the “My Models” tab, it shows up in the “Bought Models” tab.
Any bought model is automatically put into a special model, that when put into a game cannot be modified.
Exception for part colors, or decals placed onto the model. Everything else is untouchable.
When a user then attempts to save the model to their models, it disallows them. The model would be “encrypted” of sorts.
When the model is put into a place, the place is copylocked and can is no longer available to be Team Create Enabled. If the model is to be put into a Team Create server, ROBLOX Studio will present an error saying that it cannot be done.
As well, as content creator who dirty deletes the model (changes the model from it’s state when people purchased it, to a single block or whatever, or changes the model to something completely different from what people were originally buying) will be placed on probation from selling models (as a “scam” prevention) for a period of time, and the model will be set back to it’s original version and no longer updatable. However, I do not believe making the model unable to be updated from the get go is not the right move, because sometimes certain issues with models arise from various ROBLOX updates, and the creator may need to update certain things to make it work correctly again.
I don’t think this would work out, because anything on the client that can be read, can also be stolen. Players can just make a script that makes a clone of the model without the special parts, copying over the properties of the “locked” parts to regular versions of the parts.
Someone mentioned near the top that it was unfeasible to check every model if it’s a copy. So why not just check models that are reported as copies, and look for something like a % similarity automatically, to give users faith in the report system working, and to cut back on the number of model to model comparisons that are needed to be done.
I know I’d report stolen copies of my stuff if I knew they’d get removed. I’ve also been told a few times where someone reported re-posted models of my stuff for me, and messaged me to tell me about it.
If I can save the file, I can change it outside of Roblox - I can make sure it looks like a totally valid normal free model by removing that Paid property. The billions of existing free models don’t have a Paid property, so if I just remove it alltogether, Roblox won’t know the difference.
I can also copy parts of the file into another file, and remove other sorts of added “security checks” that’ll just bloat the file you’re saving without providing proper security.
When saving a RobloxLocked object, that property is lost, and thus the item is no longer locked for edit.
The ClassName of instances are RobloxLocked, but I can change that in the XML file easily, and unknown properties will just be ignored when loading in the object.
Actual ReadOnly properties aren’t saved anywhere, i.e. for Attachments, screen sizing / absolute sizing, etc. It is calculated in-game.
I guess your point seems a little unclear to me.
If roblox implemented a read-only (Property cannot be modified by you in scripts, or by pressing the check box) to ALL models as part of an update,
A. That would affect all models
and B. When you saved it to a file the property value would also be saved.
And I am a bit confused - when you talk about copying parts of the file are you talking about it in Studios, or actually editing the information which makes up the file? Because in the later case - no. I doubt very much that anyone would go to that much trouble or even be able to. And in the other case, since the paid property is still around and (as I suggested in my post) roblox scans outgoing publishing models against a list of the ones used in the project (which might also be saved with the downloaded place), then there is no real issue there either.
Please, if I misunderstood you let me know what you meant.
Thanks,
Dev.
Well I guess largely because it wouldn’t be useful. Place stealing would only occur if the place was able to be edited by other people (not copy-locked, or others invited to team create). In both of those cases this property ouldn’t matter either.
It’s already out there for free - Developers choice, no anti-theft needed or wanted.
You’re only inviting people you trust (hopefully) which should eliminate place theft.
Is that what you meant?
I am referring to the later case, yes - text editors won’t care about you changing some “rbxmx” file, because you’re allowed to do so.
All models up till now doesn’t have that paid property or a tie to a specific asset ID.
I can create models and never upload them, but save them as files.
I can also create models which I both upload and save as files. Both are currently considered the same when you save it to a file.
As for the scanning, good luck scanning the roughly 891,100,000 assets uploaded so far. It’s probably not impossible, but it’s neither something I see happen this century.
Things to consider:
Free models aren’t just “Models”. They aren’t tied to a specific instance in-game, but rather a set of instances.
Content from free models can be distributed with Free Models, Plugins, Local Files, Uncopylocked Places, Team Create, source code can be shared in plaintext (if not, we’re at the topic of locked modules, and I’d yell “malicious code alert” all day long) etc.
Owned models can be downloaded locally from the https://www.roblox.com/asset/?id=assetid endpoint. It can be seen, changed and saved from within Studio, as discussed previously in this post.
As for earning some money / ruining other people’s work, a buzzword I hear going around is V3rmillion - I bet you people would try and abuse other people’s paid models if it was to become a thing.
As another note, after my larger post above, what we are talking about now is a really tiny minority of people who would not only go to the trouble of purchasing, and finding a way around the preventative measures, but then ALSO pay a substantial upload fee to re-sell it. If you argue that people might put it out for free, that could be true - however, I think it could be made fairly difficult to get rid of the “paid” tag from a model, in numerous ways - from not alowing the ungrouping of said model, or by making it a part property instead so that no matter how you reshuffle them they still have the paid flag. There are plenty of other ways to enforce this and I’m sure Roblox could figure out how to do so if they were going to run with the idea.
No, people can save the client side of a game with exploits, and upload it for themselves - that’s place stealing.
By client side of a game I mean buildings, guis, localscripts, and modulescripts.
I’m asking you why hasn’t roblox implemented what you’re suggesting if it’s possible?
The answer is: anything able to be seen can also be taken. You’re client is given the local script instructions (yes it may be encrypted, but there are decompilers for lua that work) Same goes with build, except it’s not even encrypted!
There was once a similar feature request to this (or it was a subdiscussion in some other topic about monetization) and a lot of people said there’s no automated way of stopping it.
A nice idea I offered was that you could report stolen assets (optionally: only if you owned the original one) and would get the earnt money from the thief. Sounds decent, but would get complex if the thief earnt money more than 3 days ago (pending sales) and spent that money. Rolling parts of the whole roblox economy back for small incidents like these seem a bit… excessive…
like several people here, I mostly just make assets, so this would be nice
This is automated and instant. Players would only need to report once, and the system could easily run a check to determine the similarity instantly and then take action against the copied model and owner of the copied model (based on update/upload date)
Eh, the issue is that I could upload a copy and then report the original. If you check for “Last Updated”, whenever I update my model, clones suddenly are older. If you check “Created”, I could just upload a copy of something to a (very) old model I have and act as if I made the original long ago.
Would need to check (the similarity between) different versions of the same model too. You’d have to calculate the oldest version by going backwards in the version history as long a similarity is >95% or so. Only problem is that with big updates (resulting in low similarity) my “version chain” would be “split”, which leads to other issues.
I like the system (with the version history part added), but it would only be able to automatically detect almost identical copies, while a lot of people might recolor models (eh, not exactly theft) or change some code in scripts (add 5 commands to the 200 already present and change all credits). Would be a good thing to have, though, even without monetization.
So yea, version history checking would kind of be the only solution.
To address your adding extra stuff thing, you can just check to see if part of one is in the other. I’m pretty sure there’s super efficient search algorithms for this that already exist
Bigger changes could be an issue, but there can still be the option to actually report to human moderators for checking.
At some point the kid is gonna make a mistake, he’s gonna forget to use a vpn, or forget to change stuff up - and at that point if someone reports, you know the person’s ip and therefore all of his associated accounts…
Firstly, I don’t really understand what you mean. Why would some arbitrary ‘please do not modify me’ to the client do anything? Exploiters can override anything they want easily, including readonly (which already exists, btw)
Secondly, yes - people would def. go to the trouble, and they already do. Not just this, but the fact that you believe people won’t go to the effort is a terrible security ideology.
Thirdly, that’s a horrible plan which was already discussed, tested, and failed. It would have so many false positives and it just wouldn’t be effective enough - all you have to do is change around a part’s position fractionally and you defeat any hash comparison algorithm, whilst a dynamic machine learning algorithm would be far too difficult to maintain to a proper standard. Generally, just no.
Not really - it’s not a solution, more another even larger issue that is created by this plan.
Likewise, read my reply to @DevUltra for my explanation to why adding a comparison algorithm is a terrible idea
Also, there is an option to report stolen content to human moderators - email info@roblox.com, however ROBLOX mods literally could not cope with the number of assets that would be submitted if a formal stolen asset report is added as an easy little button - even now it’s very challenging for them to prove it’s the same
And no, most professionals won’t forget something so painfully basic - at least not twice in a row, lol
tl;dr this idea won’t work on paper, and won’t work on practice
You make one mistake, JUST ONE!!! And roblox knows you did it, your ip, and your main account.
Also changing 1 part will not completely remove similarity, do ctrl f on your computer and search for a phrase. That phrase is the original model, while the stolen one is the document ur searching