[Private modules] New way of securing code?

In the real-world, you won’t find “private” code. It’s just not a thing. Perhaps some applications are completely compiled and distributed without source code, but that’s just because it’s the easiest way to distribute in some cases.

If you’re trying to create a service for other users, the code itself should not be private. Instead, your backend servers (or whatever else you are building to support the service) is what will remain private.

Code distributed to the consumers of your service should always be auditable.

For some reason, this is an unpopular opinion here. But I really ask you all to consider the way services are created and consumed outside of Roblox.

11 Likes

In the real world we are able to protect our IP by real world laws in both Closed Source and Open Source work.
Compiled software is done for more than just convenience of distribution.

1 Like

Sure, but the TOS of items on Roblox is very clear on this matter. Check out the Intellectual Property section on the TOS.

1 Like

Yes it is and by Open Sourcing our code on Roblox we grant all users the ability to use, copy and re-distribute our code without credit needing to be given to the original creator. People use Private Modules in a similar way to a Compiled Application due to the source protection it offers.

We are not after preventing Roblox using this code, we are after preventing other users of the platform claiming the work for themselves and devaluing all effort that went into it.

4 Likes

That’s a license you grant to Roblox, but not necessarily to users. If you release your work under a compatible “source-available” license, then you can request for infringements of that license to be removed.

6 Likes

I’m not aware of anywhere that is stated.

And a little further down in that section:



Now, this is the situation as is and perhaps Roblox would be kind enough to change this in their Terms of Use. But as of right now, publishing a free model, shirt, texture, animation, or uncopylocked place is allowing other players to use it to their own profit without any expectation of recompense to the original developer.

Now, even if Roblox was to change this and allow licensing within the platform (greatly increasing mediation costs from subatomic to astronomical) then protecting modules would not be the same as protecting other resources. Here is why:

  1. On a platform largely made up of children who don’t understand the importance of respecting copyright laws and indeed can hardly be expected to, the only prevention without strong enforcement is the difficulty of obtaining the content. For parts in places, textures, and other assets this can be difficult and generally only those with the ability to understand licenses are able to do it (although grantedly, most probably never read them). Shirts used to be easily stolen by decreasing the asset ID in the url by 1, but because this was so rampant Roblox had to hide this. Still today there are hundred of copies of old shirts people liked so would copy and change up to resell. Likewise to shirts and in contrast to stealing places, stealing an open source module would be as easy as opening it up like any other script.
  2. The definition of stealing code can lead to a lot of grey areas. All code is built from the same building blocks and syntax. Many scripts already contain similar sections. Also instead of “quoting” a script, “paraphrasing” or completely restructuring to the same effect is also possible.
  3. Scripts unlike other asset types can contain novel or unique ideas, like trade secrets. These ideas may be what sets some modules apart and reward/motivate the developer. Once these ideas are leaked, they can be changed to be almost unrecognizable or interpreted as a concurrent coincidental discovery. As @Ncuti_Gatwa said, stealing is

To wrap it up

So even if Roblox was to change their Terms of Use, I don’t see a large influx of developers rushing to share their code for the above risks.

Trust me, I would love to see a time when the whole world progressed on free labor, however an economy must be put into place to direct resources to endeavors which actually matter and motivate those who would lack motivation otherwise. To not provide financial benefit through wealth sharing throughout the community is to economically say that developing services for other developers is not a time-worthy pursuit and does not matter. I say contrary.

6 Likes

I was going to reply with exactly this. This is one of those things that exists on Roblox for some reason and people have adapted to the need for “private” code. I don’t think anything directly accessible to the end-user should be private.

1 Like

Yep same over here! Using private module to get the whitelist and to load private assets if the owner/group is whitelisted. With this being up I will also lose my business. I hope they will come out with a solution/alternative for this quickly!

6 Likes

I wouldn’t say people have adapted to the need for private Modules because people have always tried ways of keeping ownership of their code or unique ideas whilst allowing others to still use it on Roblox.
The earliest way was to compile the script into Lua byte-code and call loadstring on it (This was easy to reverse but it at least helped). The only people that I’d say have adapted to this paradigm specifically are those who have relied on selling private code as their primary source of income.

The main reasons why people want to keep their code secure are clearly explained in @IdiomicLanguage’s last reply (here) and are not issues that have only appeared as a result of private modules being possible.

In an ideal world where people don’t not steal other peoples work and benefit from it themselves and Roblox protect our IP from such acts, I’d agree that all public code should be open source because there’d be nothing for the original creator to lose.

2 Likes

You’re basically saying that Roblox, more or less a game development platform like Unreal Engine 4 or Unity, should allow proprietary code & stuff like that to be hidden from developers. Most if not all code from the UE4
Marketplace is easily accessible & editable. There’s honestly no reason why developers on Roblox can’t allow the same freedom. The “unique” ideas aren’t really unique when you can easily replicate them just by studying how it functions. Sure, you might have secretive web endpoints, or a fancy algorithm, but on the surface, to a player, the internal code structure does not matter.

The idea of using ModuleScripts or models in general as a way to gain income is against the TOS, too I think, or Roblox might’ve changed that. I know at one point, selling “Free” Models was against the TOS.

If we want proprietary assets to be on the Roblox platform, it should be officially supported and moderated by Roblox staff - not through the abuse of a feature that’s not even serving it’s intended purpose in that instance.

We could prevent copying by having a object similar to a package link, which already prevents the deletion of said package link. It would basically be a package link, but have the original creator, upload date, etc. etc. All descendants under the model couldn’t have their parent changed, nor could they be reuploaded by someone other than the creator.

1 Like

Your solution would also need to protect the rights of the developer too. It’s no good doing all that and then the other developer can just copy and paste the contents of the modules in full or in part and add them to their own projects, stripping away all previous credit or value the project had from the original developer.

The unique ideas and proprietary code argument is that we don’t want other developers or users to be able to just recreate these by looking at our code and seeing exactly how we do it. We keep them closed source to keep them unique and proprietary and that value is lost the instant they are leaked. (I’ve had first hand experience of this happening to my code which is why I am bias and believe an absolute way to protect our original ideas needs to exist [IRL original ideas are protected by the IPO]).

4 Likes

Then that’s exactly why you should keep it in your own game? If you’re going to give something to someone, you’re giving it to them.

1 Like

That’s what a license is for. I allow you to use my product within these terms, and reserve the right to terminate this access for any reason if deemed being abused. There, I just gave you access to my project, without giving up my competitive advantage.

1 Like

That’s not what’s being asked for, but I agree

It seems that the forum has broken into three points of view. Right now, private modules exist without any code review process or safety to the user and pose a huge security threat. No one likes this. Roblox’s response to this threat is to require all shared code to be public starting February 1st, with possible options for sandboxing code or selective sharing in the future. This will make all modules open source and free. Because paid modules incentivize innovation and is already a major part of many developers’ income, two alternatives have been proposed:

  • Continue to make modules public, but change the terms of use to allow authors to publish it under different licenses. Provide a method of infringement mediation through Roblox.
  • Continue to remove private modules, but make protected modules to allow authors to grant access to the code. Provide a method of code review and certification (doesn’t have to be Roblox).

What do the readers think? Free modules will always exist, but should current private module owners make their modules:

  • Open source & free
  • Licensed source w/ mediation
    As @Anaminus says: “If you release your work under a compatible ‘source-available’ license, then you can request for infringements of that license to be removed.”
  • Protected source w/ certifications
    As @IdiomicLanguage says: “Perhaps a third party, trusted by both the private module developer and the user, could certify that the code is safe without [publicly releasing the source].”
  • Other

0 voters

I tried to keep this post neutral, please let me know in a direct message if you think a view was poorly represented.

2 Likes

What I said and what Anaminus said aren’t exactly mutually exclusive (although I worded it wrong). Open source is built entirely upon licensing.

Edit:

Hmm, actually, nevermind.

I see where the license comes into play. :smile:

1 Like

This cannot be more false. Contacting Roblox support and asking them to remove games using your code will not end in your favor, ever. I had a guy helping work on my game at one point and he ended up not ever doing anything so I fired him. He got mad and took the game files elsewhere and uploaded it, selling everything at half price of the real game. I’ve reported this game several times for stealing my code and I always get the same runaround saying that it’s my fault for allowing him to edit the game/view the code. The game is still up and still making money to this day despite several attempts to get it taken down.

5 Likes

What did you guys discuss in your contract about licensing/ownership of the work? As far as Roblox is concerned, when you give someone access to something via Studio then that other person has ownership of the assets, but if you decided something else in the contract you would have to pursue that legally outside of Roblox.

1 Like

Exactly my point. Now imagine making something open sourced then having thousands of people using it and you try to remove certain peoples’ ability to use it. You’d have to handle all of that in court because Roblox wouldn’t just remove it like Anaminus said. Open source licensing just isn’t the way to go.

2 Likes