Removing Support for Third Party Closed Source Modules

Didn’t know about the plugins loading in private modules, that is dodgy. The models however are a different matter.


Models do the same thing.


But it’s your choice if you use a model that requires a private module.


Models also have viruses in them. Removing this feature temporarily is combating this issue.


A group pays me to use a private module that runs their game, I can no longer do that. I know that the front page models require private modules with backdoors in, can we get over that part and onto the bit where this is kinda a problem.


The following thread explores ways of improving the distribution of closed source code. If you have any particular requirements that aren’t already covered, you can voice them here:


Back doors and/or place stealing isn’t a problem to you? Seems to me like you would rather be paid than protect vulnerable users.


A choice that a lot of younger developers might not know any better about. Exploiters of this nature rely on the developer having no clue about viruses or backdoor scripts in models. They might also pray on people who are just starting out.

Also, for your issue of premium scripts, encrypt the variables, make it hard to directly edit, but maintain the non-anonymity of the script. The security threat with module scripts has exponentially increased recently, with the advent of place-stealers, backdoors, viruses, etc.

If the people are paying you for a service, you should be able to entrust them with the source of an item that you gave them.


No, no. I don’t use free models, but I frequently use private modules as a way of keeping the source code inaccessible to the person I am making it for - basically proprietary scripts.


The reason I don’t trust them is because they hire other developers who have game access who I would prefer not leak several weeks/months of work.

[EDIT] - and just obfuscating it or making it hard to edit is an inconvenience and less secure than a private module. I know this solution fixes the backdoor issue, but it also creates other problems that I really do not want overlooked.


It’s arguably more secure than a private module for developers.

I’m more than certain Roblox is going to endorse the premium script model. I don’t see why you want to hide your source code though if you’re being paid. Developers on Unity & Unreal Engine 4 charge money for their assets, and I’m more than certain their source code is editable & readable. Of course, they both have moderation that will strike down any duplicated code or premium asset.

Perhaps we should look towards a new section on Roblox where it’s nothing but premium and or tailored assets. Would definitely be 100x better than hiding code behind a door that no one can access.


I understand the point of removing them. Whether I want my source code secure is up to me, and I’m sure I’m not the only person on roblox who works for groups and keeps their code in private modules. This is still going to be a problem for some people unless a feature is developed where we can secure/limit who can read scripts.

The scenario is working for a group where you can’t trust everyone who develops for them OR if you want to “license” a script to someone and have them pay monthly to use it.

I hope you understand my concern, I’m not asking for private modules to stay, I’m asking for some alternative.


I have a couple of legitimate services I’ve provided through private modules for a long time - unfortunately I won’t be able to open source them due to use of API Keys etc, however I do think this update is positive and needed to happen.


Maybe you could parameterize them in some sort of configuration?


True but it’s not just an issue with the module users; it’s an issue with the module creators too. They want to discourage the latter group, I think (and keep things as simple as possible for beginner developers).


Well, if that’s the case, perhaps you have to first contact Roblox, and have them monitor the code you are sending them, while maintaining the anonymity of your source code. Any updates you publish to that code would be reviewed by Roblox. This could also be done by high-profile users on the forums, the ones who are trusted, like Emerald, Clone, and a few other people on these forums.

There are legit uses for PrivateModules, yes but they’re such an abusable feature that it’s insane to keep them as they are.


I can’t disagree


My expectations is that they’ll heavily obfuscate all their code including a backdoor.

It’s disappointing the change but was something expected after a plaster repair.
I hope something appropriate will come soon to replace this to allow users to operate a business model around freeware and proprietary systems without being forced to heavily obfuscate their code in order to keep their unique product a reality. Requiring constant updates on developers to make it harder to break.


I support this. Private modules were already useless to me since I couldn’t test them in Studio.


How is this going to be approached? Will the “allowed” creators be able to see the source code of shared modules or not?