[Private modules] New way of securing code?

This cannot be more false. Contacting Roblox support and asking them to remove games using your code will not end in your favor, ever. I had a guy helping work on my game at one point and he ended up not ever doing anything so I fired him. He got mad and took the game files elsewhere and uploaded it, selling everything at half price of the real game. I’ve reported this game several times for stealing my code and I always get the same runaround saying that it’s my fault for allowing him to edit the game/view the code. The game is still up and still making money to this day despite several attempts to get it taken down.

5 Likes

What did you guys discuss in your contract about licensing/ownership of the work? As far as Roblox is concerned, when you give someone access to something via Studio then that other person has ownership of the assets, but if you decided something else in the contract you would have to pursue that legally outside of Roblox.

1 Like

Exactly my point. Now imagine making something open sourced then having thousands of people using it and you try to remove certain peoples’ ability to use it. You’d have to handle all of that in court because Roblox wouldn’t just remove it like Anaminus said. Open source licensing just isn’t the way to go.

2 Likes

Closed source also has the problem that its flaws can’t be detected as quickly as in open source. Assume that a private module contains code that conflicts with the GDPR. Now this code can be conveniently hidden intentionally, or it might have ended up there by accident. If the module were open source, this problem could be detected by anyone using the module.

Obviously this point also holds for games. I think it’s more important for modules, though, because their code may spread more widely. Also, game developers should be responsible for what is in their games, and when using a private module they can’t even know what they’re responsible for.

When it comes to protecting intellectual property, there seems to be a problem for many developers. However, we shouldn’t settle for the simplest possible solution because of its downsides. I personally support an open-source licensing system and appropriate co-operation between Roblox and developers to prevent infringements.

A potential problem this may pose is something that YouTube has also been struggling with, that is, false positives. Given that Roblox as a platform isn’t as large, we can hope that human moderators could be able to deal with this more properly.

1 Like

My quote above from the Terms of Use:

Yeah, as @buildthomas said and I said above, Roblox doesn’t care right now about licensing or privacy once you make your modules public. That is what will happen to all code if it is made public come February. No protection. Changes definately need to be made, we can all agree on that. We disagree on how though.


The GDPR issue is a problem with private modules as is, not with the proposed protected source system. The review and certification process would detect violations like this and be conducted by a third party whom both the module developer and game developer can trust. It is true that not all bugs would be caught in a single code review, but the certification isn’t to certify that the source is bug free. It is to say that the module doesn’t send information off to some IP in China and is safe for the game developer to use. I’m working on a system right now, but its development is slow and some parts are difficult without Roblox internal support.

2 Likes

Of course not, because you’re not using the process outlined in the ToS defined specifically for handling infringements (DMCA). The implication of my point is that you’re prepared to take the measures necessary to defend your IP. This involves correctly licensing your IP in the first place, and following established procedure when infringements occur. You’ll have to be willing to do this all on your own; no company has an obligation to defend your IP beyond what is required by law.

If you don’t feel like playing this game, then you’re free to slap on a permissive license, and get back to programming, drawing, composing, or whatever else it is that really matters.

2 Likes

And this is the problem. While I can agree Roblox shouldn’t be held accountable for protecting your IP on the platform, removing private modules is removing my IP’s only protection. I can’t go through all this legal trouble to protect my stuff. I’m a minor myself, so I can’t even sign a contract. And even if I did all that stuff, could you really imagine suing or taking action on every violator of your IP? On a platform as large as Roblox this isn’t feasible in the slightest. We shouldn’t be distracted from the fact that Roblox is mostly played and developed on by kids, and legal stuff makes no sense to them at all. (myself included)

My point is, private modules were Roblox’ only simple way of protecting IP in free models. Now they’re leaving, and there’s no simple, first party alternative. It’s incredibly frustrating.

7 Likes

Fair enough. I believe including such a third party may not be as scalable as delegating the work of checking the modules to their users, but it may be a good compromise.

@wind_o: It is an undesirable consequence that copyright owners must experience stress about their work being protected. However, I think that is part of the responsibility when it comes to becoming a copyright holder, just like creating the work is.

So essentially, a developer must do extra work to protect their IP, but this is for the sake of users’ safety, the other option being that malware is widely distributed via private modules. I’m assuming that if the work really matters, the developer is prepared to do it.

I’ve been working on my GitHub project (roblox-dissector) for a year (including some breaks). I have never gotten any money for it. Still, it is important, so I continue to work on it, sometimes up to 10 hours a day. I very rarely get any money for coding, yet I continue to do it. This should prove that securing one’s income is a great motivating factor for protecting IP with other means.

2 Likes

Aha! It has been revived! I’ll take the bait, here are some more thoughts:

An excellent point! I plan to overcome this issue by employing economic principles. I was actually working on the protected modules service when I got the notification of your message. I plan to ask for compensation for my time spent creating the service and reviewing/certifying code. This has a couple advantages:

  • I’ll only have work if the module developers value protecting their code more than the cost of the service; this proves the value of the service by asking developers to put their money where their mouth is.
  • If the demand outmatches my capacity, I have two options as in classic economic supply and demand. Either I can scale up and hire help (which would be quite a process to ensure the same standards) or I can raise the cost so only the most worthwhile modules become certified.

I really believe that a certification service is valuable. It benefits many people involved including:

  • Game Developers: it helps them determine which modules are safe and which may be risky. This is especially helpful to developers who don’t have the ability to check code for safety, but it also benefits game developers who can by allowing them to spend their valuable time elsewhere. This reduced risk and increased time is valuable.
  • Roblox: Any benefit to Roblox’s developers is a benefit to the Roblox platform. Reduced risk means less stolen places and disillusioned developers. It also centralizes code review; with public modules each developer who wants to know if the module is safe must review the code. One experienced developer reviewing code is more worthwhile than a thousand reviews by new scripters and takes man-hours versus man-hour days away from game development. It also helps new developers by simplifying game development by removing the need to check for insecure code (as long as only certified code is used).
  • Module developers: This one is pretty obvious. It protects their IP, taking a huge load off of them and putting it in more specialized hands with lots of practice doing so.
  • Me: I get food on my table. Yay! In addition to monetary compensation, it also increases my notoriety by helping others and proving my worth in a position of trust. It’s a pretty sweet gig if you ask me!
  • Exploiters: This service helps them by… by… Oh, well, I guess this service doesn’t help EVERYONE involved. As the number of certified modules increases, the places for them to hide becomes smaller and smaller as well as less trusted. This distrust devalues whatever module they are hiding in until ultimately they are starved of victims… a dire prospect indeed!

Here are two feature I plan to utilize to keep code safe in addition to my reviews:

  • All protected code will run on my server in an environment without external access except to a single place instance. My server environment has no ‘HTTP service’. The code on my server is completely safe; however, it could cause problems through its interaction with the public code running on the place instance.
  • I’ll add in the option for game developers to use my sandbox (found here) to enforce game-specific restrictions on code like removing access to standard library functions, whitelisting and blacklisting instance access, limiting function call depth, or even limiting run time. This will be an optional feature due to the overhead.
Current Progess

I’ve been working on a custom web server built in C and Lua to host this service… Over the weekend I got my domain certificate and enabled HTTPS on the login page:


(Yes, that’s the URL. If you go there now you’ll see exactly that and nothing more. This is the only implemented page. In addition, my server may crash due to odd requests from untested browsers. I quickly hacked together a HTTP parser and am working on a more robust method now. Also note that service may be dropped at anytime as I push updates to core functionality like that parser.)

7 Likes

This has strayed way off of the OP’s original question. Keep ideologies and opinions in the announcement for the removal of private modules.

4 Likes