Removing Support for Third Party Closed Source Modules


#857

Some people make Robux by selling clothing, creating games, trading, etc. and some made Robux by selling their services. I hope this can continue correctly.


#858

Have you looked at changing your system to have a module that acts as an RPC stub and then moving the confidential / secret logic components of your code to a remote server?


#859

I know absolutely nothing about web development or web servers, so I’m afraid I can’t do that.


#860

I really don’t lose or gain anything because I don’t use closed source modules but I agree that removing them does not solve the issue. Much like virus’s that spread with regular scripts, most starting developers don’t know in depth coding knowledge, hence why they get a program to do what many of us would just program ourselves. The added fact that the model’s comment section is so full of spam that a person trying to warn others gets drowned out hurts this solution even more.

I am sure Roblox has a lot of bright minds on this. Just think it over Roblox, I am sure you can come up with an amazing alternative.


#861

This post was flagged by the community and is temporarily hidden.


#862

You do not need to publicly post a private message and ask for opinions on it. On top of this please keep discussion related to this topic on this thread, there is no need to message staff about your stance on something when there is a thread made specifically for the topic.

If you want to share your opinion on the removal of support for private modules you should do it here. If someone wishes to express support or to disagree with what you said, they will address that here and you can respond to it too.


#863

Why does everyone supporting private modules seem to think that just shoving the risk on the end user is ok? Roblox is a platform that is very strong about being a safe place for people to create and play games, it would be a complete dereliction of duty for Roblox to just say “its your problem, you accept all risk, have fun” especially when I have seen private modules being used to literally generate pornography on Gui’s in game.

Private Modules are not the root cause but they are overwhelmingly the attack vector, removing them is a good idea. Terabyte Services could have rewritten their code to use HTTPService and chose not to (as I discussed with them on Discord).


#864

“ROBLOX will not be held liable if you get hacked.” What does this even mean? Private modules (and scripts) can run malicious code, but hacking? I don’t think so.


#865

And that is exactly what im doing. I messaged that to a staff member because we were both previously already having a conversation together in DMs about the topic. (That discussion is not included in the picture, only my idea is).


#866

Personally I would want to take security over a specific business model.

Our case is rare and is something that I’ve accepted. We made the immediate decision to migrate to obfuscated code.

My only concern is the protection of my employer’s IP. From a personal view, I want to offer a product to the Roblox community and not want the product be misused. Its why we have our own licence, EULA, privacy policy and terms. (Along with a security bounty and the ability to report people misusing the IP)

Originally I was very anti removal but the actions of some have shown detriment to the cause. Terabyte adding that partition was unacceptable, while the idea had some grounds the fact that it was completly bias and has no grounds to research. What if the results was manipulated?


#867

I see your point, and like I said in my picture above, I understand they are removing this feature in the interest of safety. There are tons if malicious private modules on the site and this would eliminate them. But, would the amount of malicious codes deleted outweigh the amount of good code and good services deleted? Would more bad code be deleted then good code, or more good code be deleted? I guess it is up to interpretation.


#868

Without context it simply looked like instead of posting your opinion here you instead sent a paragraph to him in an attempt to get your point across. (Which might I say has been reiterated quite alot in this thread now).


#869

Yes I can see that. But just for everyone’s information, I did have a conversation with the staff prior to this.


#870

When I wrote my position on this more thoroughly I found that models with private module backdoors had accumulated at least 27 million takes, I’d say this massively overwhelms the people who use them for legitimate purposes at the moment (which while noble, is also, arguably, not many people)


#871

My arguments have literally been for their removal …


#872

There isn’t a side of the argument that doesn’t do this unless you propose Roblox moderation.

This is a case for Roblox to moderate all shared scripts instead of ‘shoving the risk on the end user’ which is what happens before or after the proposed change.


#873

As far as I’m concerned, there’s no other platform like roblox to enables users to make their own games entirely. This gives people opportunity to make some income by providing services that may benefit their game. This will get rid of that entirely.


#874

To everyone claiming that Roblox needs to protect users from toolbox models, think of it like this;

If you install a virus on your computer? Is it the fault of Microsoft or Apple (or whatever OS you use)? Of course not, that would be ridiculous right? So if a user inserts a malicious model; is it Roblox’s fault?

Common sense is the best defence. While I understand the points may come from, but companies like Polymatic can have engineers working on finding alternative means to protect code or to use laws to protect their source. The everyday developer, like Terabyte cannot do this easily. While Terabyte could be open source, and there would be no issues, there are people like wind_o and smartTech who use private modules to protect their paid products (e.g. Check Me In), which is used by hundreds, if not thousands, of groups.

We aren’t asking for Roblox to just keep modules in their current state, we’re just asking for Roblox to provide a good alternative so we can manage and continue with our business.

But they’re FREE models!!!

Think of Models like Software (which is the case with large scripts). People can still pirate software, people can still leak software, but hiding the code with possible methods is still better and safer than just having no protection and being forced to tick the box that says Put model in PUBLIC DOMAIN.

There is paid software (like CMI), there is free software (like Terabyte), there is open source software (like Adonis), and there is malicious software (like the backdoors).


#875

Oh, so thats why microsoft is making windows defender better and better against viruses. It may not be their fault, but it’s their platform, and yet they’re fixing the fault of the users in many cases.

In my opinion, telling everyone to use common sense is a bad argument against this, problem with common sense, is that it’s not common. People think differently, and don’t have the same knowledge as others. It’s really up to roblox to ensure the people who don’t have “common sense” also don’t have a bad experience with the platform, and private backdoors are not a great experience if you’re just getting into development, and are not entirely sure how to make something yet. They also may not understand how to research developers or about modules


#876

Except the user has the choice to disable windows defender in this situation. We’re being robbed of our choice.