Removing Support for Third Party Closed Source Modules


But removing private models won’t completely stop the problem. Removing PMs won’t stop the problem. You could remove the whole site’s communications and it would still happen. You can try to patch features but it would still happen. There’s no one way to fix this issue. I think it’s more to do with how roblox was developed. If you look at another game, for example Minecraft, they have single player and multiplayer games, and people wishing to escape the danger of exploits on multiplayer would go to single player games, hence why minecraft appears safer then roblox. I’d say add a single player feature, however, roblox’s building is on roblox studio and testing is by default single player so I can’t really say how to do it.



Single player Roblox exists, it’s just a 1 player server. Roblox as a platform is inherently social. According to the Roblox Corp website

Roblox is a global platform that brings people together through play. It enables anyone to imagine, create, and have fun with friends as they explore millions of interactive 3D experiences produced by independent developers and creators. We believe in building a safe, civil, and diverse community—one that inspires and fosters creativity and positive relationships between people around the world.

Original quote adjusted by the use of formatting, for the original message in the full context visit

Looking at that quote, having a dedicated single player is possible but isn’t something Roblox is fully designed for.

If you want further support for single player, visit #platform-feedback and give ideas.

1 Like


This should not be closed until it goes live with an announcement that it happened.



Yes, that will indeed be the case. (apparently some people are misinterpreting your sentence)



It doesn’t stop it, although it will make lives easier to determine which private module is the source of the issue. To give an example, if a game has say 5 private modules and currently contains malicious content only when certain users enter the game (creators of the malicious content), it would be nearly impossible to find out which of the 5 private modules caused this issue. Since the malicious part of the module only works when the creator of the malicious code enter the game, it would be both hard to maintain a game while also guessing which one of the five modules would have the malicious code.

On the other hand, if all five were forced to be open source, the developer of the game would simply have to just take a quick look through the code. If anything seems suspicious, then that module could then be removed from the game, making the culprit of malicious content much more easier to find than if the code were to be private.



It will be annoying, however, to find a alternative for this. Roblox said they would add it, but they have yet to announce one.



I’m very excited for this to be removed. Developers should not be okay with code they cannot read or observe running in their games, and people who are worried about their code being stolen need to accept that when they give out their code to people, that is an unfortunate reality. Especially so when selling it. I know this is an unpopular opinion but it’s better for roblox’s safety and for all of the developers who use roblox.



Should Roblox or Photoshop open source their software? Is this what you’re getting at? If so, I really don’t understand why you think this way. Do you want there to be no profits via software? Everything should just be open source?



Neither are a lot of genuine private modules.



Modules can be updated at any time without you or your player base knowing, and cause serious damage. It is of course expected that most people have a genuine drive to provide a service however that is quickly overshadowed by the possibility of somebody for example instantly parenting a ScreenGui with malicious images to your game servers through a closed source module, or other worse scenarios.



I’ve argued this many, many times, and this is the last time I’m going to say it:

Open source scripts are fully capable of doing the exact same thing. If your worry is about kids seeing something inappropriate because of private modules, then might as well remove open source scripts as well. The focus is kids, right? Most of the kids here do not know how to script, or recognize malicious code. Because of this, it makes no difference if it is a private module or not.

Not going to reply to this anymore, it’ll just lead to another argument which I have already done somewhere above in this thread.



In this situation, if you mean images rather than generating an image with a ton of little frames, moderation failed and let some inappropriate images slip through the system, therefore an entire feature should be disabled? Seems to me that, in this specific situation that you are mentioning, Roblox should improve their moderation rather than disabling an entire feature that genuine non-malicious people rely on.

As for this, I’ve mentioned before, open-sourced code can be updated at any time as well. And I can script it so that it fetches the code from elsewhere, so people that are attempting to make a game but aren’t very good at coding would likely not bother to tinker with my code to remove the auto-updating feature. It would be very easy to convince a lot of people to leave the auto-update functionality in the code with a lot of big warnings telling them that the script will break if they remove it or something.



In the case of malice code in private modules vs open modules or scripts. I believe private modules could be more damaging and expose more players to inappropriate things if the coder had that much ill will. Beside that it is just bad for your game to depend on something you have have no control over and corporations can be held responsible for nefarious code in side the software they make.

1 Like


If you sell your software to people, then yes, you are agreeing that it is open to be looked at and scrutinized. In the end, you own your code, and if you give your code away you cannot be upset when it is used improperly. ROBLOX does not force you to give away code.

The private module system may be a luxury to those who make them, because they get to run what is essentially freemodels into your game without consequence and you have no way of knowing what is being ran, but for everyone else it’s a terrible solution.

1 Like


Are you sure you can view the Photoshop and Roblox source code? I don’t think so. :thinking:. I still don’t know why people are trying to push open source on everything. Just because you don’t want to make money selling services and believe open source is a gift from god, doesn’t mean we have to think the same thing. Closed source is how money is made. If we had to open our modules, then people will take it and republish it as their own.

When did I ever say that?

Not just that. Look at Terbyte services, for the 1 millionth time. They had a genuine use for private modules. I did as well. Not every single private module is a virus.

I’ve seen bypassed images before. There are still bypassed images. Just go to V3rmillion. Should we just delete decals on Roblox?



I completely agree.

  • but open source!!!
    Open Source is not a “gift from god” as you said, people’s jobs and livelihoods depend on private modules to keep their intellectual property safe. What are you going to do? Sue a 12-year-old for reusing your code?

There are even real businesses that operate on Roblox, who depend, or depended, on private modules for their company.

  • malicious!!
    Malicious models existed before private modules, and they won’t be removed after.

Malicious users have exploited everything and used social engineering. If you download a virus onto your Windows PC, do you blame Microsoft? Should Microsoft ban applications from accessing the file system?

  • Summary
    At the end of the day, this update won’t change anything. I believe it will cause more harm than good.

This thread is just divulging into an endless repetitive cycle, it should probably be locked.


split this topic #1006

A post was merged into an existing topic: Off-topic and bump posts



The “It can be updated at any time” argument should not be used if you want private modules gone. Why not? Because any application you have on your computer does the same…

Discord auto-updates, Roblox auto-updates, Photoshop auto-updates, everything auto-updates and you’re complanining about private modules doing so too.

Roblox and all applications you have on your computer can be updated (almost) without you knowing it and can cause harm to your computer - do they? No they don’t, because they would have lost money, trustworthiness and all that, basically would have stopped existing.

Currently, there is no way for Roblox to have a legitimate marketplace, people can bot everything and anything just by snapping their fingers.
So maybe, yeah, private modules should never have existed, but that’s too late now, you can’t simply remove a feature so many people use and rely on just because you could not find a solution for it quickly enough.

If people are willing to sacrifice their account or game for the sake of using a necessary service, granted they are fully aware of this, and they still want to do this, why do you so badly want to stop them? It was even stated that removing private modules won’t even stop the malicious content in free models or plugin - so why remove, and why now before a replacement has been made? What makes this so urgent? I personally believe you should be focusing more on preventing botted or malicious uploads instead of removing a service that so many people use - I bet this thread is amongst the most popular topics on the forum (I don’t have full access to the forums).

I am (technically) taking a higher risk by installing Roblox Studio and Player, compared to using private modules in my virtual game that cannot access my computer by UGC (user generated content).
Yeah, at the point when you’re making millions of Robux and when you are afraid of losing your account, you are no longer using private modules (or maybe you do : o)

If you manage to give a proper answer to the following questions I and I’m sure many others would be pleased:

  • Why the hassle
  • Why remove before you have made a proper replacement
  • Why don’t you open source Roblox
  • What have you done to stop botting and malicious content, if this is your reasoning for remove Private Modules.
  • How do you think this will affect the developer community.

I am not trying to harass or look down on you, I am simply stating my own opinions and asking questions as to why. Please, on behalf of all services and users and groups offering people to use their services, stop this removal. It does not benefit anyone (except the haters, eh?), and there is no replacement of any kind.

How you are going to solve the problems is something I’m not pajd to do, but it is something we service providers will be losing money on if you don’t.

Can you please lock this topic now?

Locking threads down because of surprisingly high activity seems unprofessional for a professional company. You should be allowed to say your opinions granted they follow the rules, Your post seems rather off-topic as it brings no real value to the actual discussion, just saying :wink:



Can we please stop with the “company” argument. Just because people profit off of private modules doesn’t mean they shouldn’t be removed for their security risk…

1 Like

  1. Private modules should never have existed. Seranok has said this is a driving reason for their removal.
  2. This is a security risk and waiting 12 months to remove it when the majority of models on the front page have back doors in them is insane.
  3. You can decompile any program on your computer and get a rough idea of what it does, Roblox included. You cannot do that with private modules.
  4. See #1.
  5. This has been answered by the nearly thousand replies.

If you’re going to reply, please at least read the the other posts in the thread. Every single one of your bullet points has been addressed multiple times.

And yes. I believe this thread should be locked because of exactly that. High activity is one thing. Going in circles because people cannot be bothered to read the other posts in the thread is quite another.

@Seranok Can we get a status update on this change? Has the flag been switched yet?