Preventing people from stealing assets

(Not sure if that goes in that category.)

I was recently working on a In-Flight-Entertainment, but I was wondering - how to prevent people from stealing the GUI and the code. And sense closed modules were removed, I am wondering what is the most secure way of preventing people stealing your assets, whilst giving access to your buyers.
I’ve had testing some ways - HTTP requests, obfuscation, authorization, but they seem that they are not really secure.
So, what is the most efficient way of preventing your code from being stolen?


I’ve written this essay a million times, but it boils down to You Can’t.

I’d suggest reading these for more detailed background on how content theft on Roblox works:


You can’t prevent local scripts/GUIs from being stolen. Or anything accessible to the client (except server scripts) for that matter. Making HTTP requests, obfuscation to hide your code is silly and unreasonable. Plus, no offense, but your project isn’t anywhere near big enough to even be worth stealing in the first place. Plus it won’t hurt if it goes unnoticed. Plus stealing assets is against the rules so you can always report anyone you believe to have stolen your work without your permission


Anything that’s replicated to the client cannot exactly be prevented from being stolen as far as I am aware.

There’s nothing you can do. Anything you create that is local is just that… Local to the computer of the person that’s playing your game. It’s their computer, all data runs through it and as such can be taken.

It’s like if I sent you a file, you accepted it, then I asked you to not open it. There’s nothing stopping you from doing so.

You can keep module scripts closed-source; they can still be require()'d remotely as long as the place owner has the script in their inventory.

If you publish a module script for other people to use in their games, then it has to be open-source.

1 Like

While on the surface closed-source modules are a good idea. They are still not secure. The code is running from stored memory on your computer. As such, it can be examined by someone willing to spend the time to locate it. It wont perfectly match your code, because of the nature of how lua compiles, but they’ll be able to read it.

HI there,

This is not true. I know some method what can help with this problem. Simply make local script and in that put all of the Screen Guis. Make simple code to when player will add, then it will change parent. When the game will be downloaded, then the exploiter will not see the Screen Guis because Dex Explorer are not have information about him self (Client) so he will not see the Screen Guis.

That won’t do absolutely anything, any exploit has a complete control over the client. In fact even bigger than roblox studio, they even have access to nil. Even putting the gui in ServerStorage and cloning/deleting it when needed still wouldn’t work because eventually all of the gui will be inside of the client anyways.

It will, Client cannot see him self in downloaded,

What are you even talking about my guy? Exploits can see everything on the client, end of the story.

1 Like

You can think of it like websites I can inspect any website to see all the images and html/JavaScript code and I can even change it to make the website look any way I wish for instance I can make the Roblox website look like I have 9999999999 robux but this change is only done locally it does not effect Robloxs servers

The same is true for LocalScripts and your assets clients can view, edit and add just like we can view, edit and add to websites

Yep. Like that joke about hacking NASA with HTML. You just change stuff in the browser and viola, you hacked NASA with HTML. The problem is, nobody else can see it. LOL.

When you will download the game, then you cannot see other players in game:GetService(“Players”).RandomPlayer and in RandomPlayer IS NOT “PlayerGui” its only in current local player but, when the game will install successful then the hacker cannot see him self in downloaded file