Removing Support for Third Party Closed Source Modules

I suggested an implementation of the Unity or Unreal Asset Store here on Roblox.

Any code that is closed-source would of course have to be reviewed first by Roblox first, or only trusted developers could publish closed-source items. The code to these items, if set by the uploader would be unable to be viewed or uploaded as a free asset by the buyer.

19 Likes

It doesn’t matter. When you upload the model to the library for free, you agree that it’s 100% free for users to edit and use as they please. That’s literally in fine print now.

Hiding code in any way should not be allowed since technically all free models have the same license, regardless of what the uploader says it is.

Yeah it might lead to copies, but that’s what happens when you make something a free model. It’s 100% free.

16 Likes

Disallowing code obfuscation is actually counter-productive in that it prevents honest developers from working to their full potential. People wanting to distribute malicious code will not be adhering to these rules, and attempting to enforce such a rule is a moderation effort Roblox is not equipped to deal with.

Also open-source doesn’t mean more secure, there’s been examples of this before. NPM being recent example

6 Likes

As LordHammy said, RIP Kohl’s Admin and many other modules developers have provided for the public to use. But this is a step in the right direction since I once encountered an issue where a user tried to do something malicious to one of my places one year ago.

6 Likes

I’m not saying it’s more secure. I’m saying that hiding your code for a “freemium product” is not a good reason to keep private modules since all models should be 100% open source.

If you or someone else wants to obfuscate your code, that’s fine. But it should still be available for all to see.

7 Likes

We shouldn’t keep private modules, at least, not in their current state. It would be nice if there was some other way to make proprietary scripts.

13 Likes

I honestly don’t see how this would work… Private modules were the only way to keep hard work out of malicious hands. This isn’t on anyway going to stop these botted models and it wouldn’t stop the majority of underaged users from using the malicious copies.
I honestly believe because of this, people who open their source, especially if it’s something that shouldn’t be really opened like an admin or a driving script, both exploits will be easier to be made and botted reuploads will get worse.
If you do want to help, actually solve the problem with botting and taking in reports into consideration, this would stop this a lot more better.
Also, do do the whitelist thing…

37 Likes

I am incredibly disappointed that this was the course of action decided upon but it’s understandable given how quickly a solution was needed. I’m hoping in the future we’ll see more viable methods for hiding code because as people have shown before and in this thread there are perfectly legitimate reasons for allowing private code.

Not to repeat Anaminus but there’s currently an active thread (that I happened to have created) for more serious discussion of alternatives located here:

At the moment though I worry about the impact this will have on people who use modules to hide web APIs and those who sell products/used private modules to ensure their copy of code was the only one. Again, I’m disappointed in Roblox, even though I understand why.

25 Likes

Smart move to be honest. There’s just too many risks associated with something like this. Props.

9 Likes

In my opinion this is a REALLY good move that should’ve been implemented long ago. It was something that I recently thought about as developers have been getting GDPR takedown requests. If a game has closed source modules and those modules access data stores there’s really no way to delete player data stored there.

7 Likes

Make a feature request for having a similar but less exploitable version of privatemodules included in the upcoming packages feature, although I think something like it might already be in the to do list for packages

On the main topic: it’s about time we got rid of privatemodules yeahhhh :yum:

7 Likes

I do honestly like how most of you go “Yay, it’s about time.” This will ruin complex scripts that need to be privated. For instance, a secret API key or a part of code which if released won’t be as useful because people know how it works. This IS going to ruin a lot of good people.

Thanks Roblox, yet again pushing your fault onto us…

26 Likes

I’ve also suggested a Asset-Store type deal where you can upload your paid-assets and have them be closed-source.

9 Likes

This is a wonderful change. I don’t know why this wasn’t the norm to begin with. Free models requiring third party closed-source modules are dirty and barely contribute anything worthwhile, can’t even open them up and learn anything from them and can’t trust them. If you need to make the module closed source, chances are you either aren’t doing something right (lets not leave a bunch of API keys or something in there) or (more likely) you’re being a bit greedy. There’s no reason a game should ever be able to remotely load something that the place owner either doesn’t own or can’t take and read, and allowing such to happen gave rise to the massive amounts of “backdoored” models that seem to be everywhere.

Will games still be able to use closed-source modules that the game creator has in their inventory (but didn’t necessarily make?)

Good stuff :+1:

18 Likes

That would be a great idea, a controlled place with assets made by trusted developers. Even if it’s closed source Roblox would have checked it and said A-okay.
It is honestly getting to the point where the majority of the model/ plugin catalog is malicious and private modules are apart of it. However this isn’t the best way to go.

7 Likes

You shouldn’t be leaving a bunch of sensitive keys sitting in an uploaded module. Flaws have been found multiple times that have allowed people to steal closed-source modules. Doing so would be bad practice and waiting for disaster.

8 Likes

Well then the model can’t be publish to the public, beating the idea to make something public in the first place.

7 Likes

Code can still be hidden and/or obfuscated. It’s just that now you can look at the source; making sense of it is a different story.

9 Likes

Edit:
Seems to be nothing more than an explorer-UI after being stripped down. Apologies for the previous post. :smile:

9 Likes

Adonis is open source. It can’t really be leaked seeing as I leaked it then on day one lol. Dex explorer is just a GUI that was made by I believe Raspbi pi or someone else that was originally intended to be used for exploiting, but I clipped it down to just be a normal explorer, and without an actual exploit it can’t do anything, especially server related. People requested that I add it due to how feature rich it is, so I did (with credit to the original creator.)

9 Likes