Removing Support for Third Party Closed Source Modules

The entire point of having that setting is to inform users that arbitrary code may be run though.

We need paid models. Has someone made a feature request like this before?

I really don’t feel like the whole community’s opinion is being taken in on this. I think this is a change that should not be made because there are TONS of services on ROBLOX that require Private Modules. Looking at others replies tells me that there are probably TONS of more options that should have been discussed before making a decision that would impact the developer community this much.

Most players absent-mindedly put closed source module backdoors into their games. Although removing closed source modules is a step in the right direction for reasons other then just backdoors, I’m pretty sure the same type of people who carelessly insert random models will accidentally insert a heavily obfuscated backdoor. As I’m sure that once closed source modules are gone, malicious players will just switch to obfuscation.

Like you said either way someone is going to get a backdoor into their game. So why remove Private Modules when you could take steps to make them safer on the developer.

If we are on a team create on the game, Can we use close source modules?

Why are you so sure they didn’t discuss other options?

Obfuscated code can still be dissected and audited. You don’t even need to deobfuscate it, you can just poke and prod with shim functions and log what it’s trying to do. You can’t do this with private modules.

I would have liked to been told what kind of options were explored then because it just really seems like they jumped to a irrational sulution, but we all have our opinions!

Roblox is a ginormous company, especially on the engineering side. It’s extremely unlikely that there were no other options discussed. Likewise, Roblox is not obligated to share other discussed options.

I understand that but like I said it seems like they didn’t. I also understand that ROBLOX is not obligated to share other discussed options but maybe it would have helped to inform the developers that this solution wasn’t their first idea.

Third party private modules had flaws anyways. I’m glad they are being removed.

Currently with these it is possible to trick someone into using a module that may do some real work, yet it has a hidden backdoor for its author to execute code in your server, or might just be plain malicious. I’d rather use open source modules than risk my game getting hijacked.

There isn’t a point in keeping your modules closed source either. Whatever you try hiding, there was always a way for others to get it. Even with closed source modules. Hiding/obfuscation is pointless.

In fact, we should embrace the open source movement. We can only benefit from sharing our code.

Will an alternative to private modules be provided? Will they, once removed, possibly come back, and be sandboxed? Only time will tell. But limiting yourself to open source modules rather is many times better than being under the threat of getting your game hijacked.

All this post really is atm is discussing with points that have already been told, I could probably give a reply to a lot of posts for the removal of private modules but it seems like everyone just brings back the same arguments even when they already got responded too.

I couldn’t give a % for people for and against it, but from all the opinions I have heard (from players and developers) the majority is against the removal of private modules, I already know I’ll hear someone say to that “players aren’t properly informed and therefore won’t be able to make such a decission correctly” in case that happens, my answer is very simple, players will be the ones that’ll suffer from this change too and therefore shouldn’t be ignored.

Like my (and other people’s) replies to posts, it’s clear that the removal of private modules has these pros and cons

pros

• more open sourced scripts
• scammers won’t be able to abuse them (as much)

cons

• no replacement will be given (in a reasonable time)
• for a similar functionality you basicly need to put so much work (and maybe even money) in things like obfuscation, servers, …
• some devs won’t even be able to find a similar functionality and will be forced to open source it which will result them not making money of private modules
• increase of botted models
• it will not stop scammers (or even slow them down)

Note, not all pros/cons are listed.

ROBLOX Airline groups will be heavily impacted by this. Companies like exaTech and Airplo rely on the modules to practically keep the games secure and functional. Although, it was a good choice to remove them because as said above, this system had small flaws and big flaws, basically each flaw is like one hole in a ship, enough of them to sink it entirely.

Not really, and obfuscation is pointless.

What? If they can make good modules, they can definitely make good games. They can make money off of the games they make instead.

I said before that these aren’t perfect, just similar and “not really” means nothing if you don’t even take the time to explain what you mean with “not really”, obfuscation takes work, hosting servers takes work (and sometimes money), that’s what I meant

I think you didn’t read the part “of private modules”, and like I said on sh, game developing is more than just scripting, it’s a completely different thing

Hosting servers shouldn’t take a lot of work

Obfuscation might take work. It shouldn’t be your only defence against people who copy scripts and whatnot. It’s pointless. And I’ve already stated why.

Collaborate with other people. Or do it all yourself.

Your first point “hosting servers shouldn’t take a lot of work”
This depends, for someone experienced in that field, it’s probably simple, but for people who know nothing about it, it’s very hard
For your second point, yes, I know that obfuscation is pointless, it was just an example

It’s hard to find people trustable, and if you can trust people you can trust private modules too, what’s your point? (People can do more harm than private modules, allowing them in basicly means they can do whatever they want with your game, even reupload it)

And making games yourself takes a while and isn’t easy

Besides that, a point I forgot to mention, the overall quality of private (now open sourced) modules might decrease due to devs not making money of them (like you said, they’d switch to games or something else)

yes, making money isn’t a big factor for everyone, but generally it’s still a factor lots of people care about

If trust is an issue then just do it by yourself.

If you look up exatech, they don’t even plan on open-sourcing a 2 year old product and they continue to say for security reasons. First off, not sure why you would throw a product used by so many in the bin, but also what is so important that’d you rather hide from hundereds permanently then show? This is why private modules are bad. You have absolutely no idea what is running in the background or when the code is updated.

This might be off-topic, but I’m sure it would help everyone, including Roblox staff, get a gist on the developer community’s thoughts on this…