Response to code safety review discussion

Hey developers,

We hear your feedback and we want to provide a clearer explanation of how, when, and why code can be flagged as a safety concern and what to expect during this process.

This process was put in place to identify and prevent malicious activity on the platform and is intended to stop such activity without disrupting legitimate developers.

We’re looking to flag content that’s dangerous or harmful to our community, not find swear words in scripts that would never be seen by players.

Code Privacy Concerns

One of the biggest concerns we observed was around code privacy and protecting personal keys.

Our automated review system looks for malicious behavior in code. In the rare event that code gets flagged by the system as a potential safety concern, a very small, specially-trained team goes in-game as players to check it out.

In certain cases, parts of the game’s code may be manually reviewed by that team, who will check to see what the specifically concerning code does. We have strict rules in place determining when developer code can be seen and this is only done in the context of platform safety concerns.

The majority of the folks reading this will never have code flagged by the system.

Moderation Concerns

While we are not looking to punish anyone for using profanity in their code that is never seen by players, we do take seriously content that, when shared, is dangerous or harmful to others in our Community such as making threats to others, posting someone else’s personally-identifiable information without permission, etc. We generally do not consider Team Create sessions to be shared content, these sessions are private; however, if someone with access reports offensive content, we will investigate the author. Please refer to the Roblox Community Rules for more information on what is not allowed when content can be viewed by others.

We hope that this better explains the policy and we appreciate having this open dialogue with you. We’ll continue to follow up on developer feedback.

Thanks,
Developer Relations

This topic was automatically opened after 15 minutes.

This post does not address many of our concerns on the previous post, other than the one regarding custom chat filters on top of Roblox’s own filter. This post does not touch base with the privacy concern regarding closed source code, nor give any insight on the “specially-trained team” that reads our code without our consent. I don’t want my closed source scripts being read without my consent, that’s all there is to it. Who even cares what my code says if no one else sees it except me? If you’re going to post a follow-up, please include the actual concerns addressed multiple times in the over 1,000 replies on the original post.

What a relief!

Thanks for the quick response; this clarified many of the questions that developers had. Now we don’t have to worry about getting banned!

Edit:

A good point was brought up by @Elttob.

How do we know this team won’t look at our API keys when investigating a script?

Glad to see a response!! Unfortunate a few of the questiosn I asked was answered though.

not find swear words in scripts that would never be seen by players.

Is all content containing “swear words” flagged via automation, or not at all. I feel all inappropriate content should be flagged because its hard to tell whether anything is ever exposed to a player.

In certain cases, parts of the game’s code may be manually reviewed by that team, who will check to see what the specifically concerning code does.

One of my biggest worries is that all of this can be mitigated by code obfuscation. How is this prevented? Do you dump string constants? What if string constants are “encrypted” and then “decrypted” during runtime?

I love that the site is having moderation put in place to remove innapropiate places however I am unsure how this can be done without instantly running into a steel wall that is hard to drill through. ’

In short:
I trust your team, and hopefully everyone else can!

Awhile that I DID appreciate that I’ve finally gotten attention to have my account undeleted/unterminated but wasn’t informed that it was undeleted/unterminated.
Edit: Gotten re-terminated.

I thank the Roblox Devforum for helping me voice my opinion about why I was upset about the sudden and instant termination that came out of nowhere.

I just hope to see that Roblox will be sure to help developers know what code in their game, be it a ‘generic response’ saying that something might be checked when code is to be looked at is greatly appreciated. I just wish the system was put in place differently rather with warnings and the typical moderation style that Roblox had in the past.

Some people may still be upset that Roblox can and may look at your code, but it is their platform that you are developing on and they’ll need to make sure the content you make will still ablide by COPPA. Only thing that I ask about if Roblox has to look at your code, is that you’ll be sent an email and a PM on Roblox about the ‘special team’ is taking a look at your code to ensure its safe for Roblox so I can prepare to void my API keys for my personal preference that some people do have.

I’m concerned that we still don’t really know what’s happening (or being worked on) with API keys and other secrets to protect them, if anything. Totally on board with the premise of stopping malicious behaviour on the platform, but we really need a clear answer for this.

What procedures are in place when code gets reviewed (regarding privacy). I understand that it doesn’t happen often, but it still does not offer any explanation on steps taking to ensure code does not get leaked (accidentally or not). More clarification on this would be welcome.

I have some questions from this that aren’t answered yet.

1. Will this apply to private games (e.g. friends only)?
2. If you do somehow get flagged even though the system is to not find swear words in scripts, would you still get punished for them?
3. Will these new rules be retroactively applied to old games and models?
4. “a very small, specially-trained team goes in-game as players to check it out.” does this mean game scripts will only be checked out if the team suspects something is up?
5. Would we ever get a notification our game was checked out if it were to be flagged for whatever reason? (even if falsely flagged)

Thanks for clearing it up some

That might be helpful because it could eliminate most virus models on Roblox.
But what if a random player re-uploads a model that contained a malicious script without knowing. Would they getting a warning/ban? Sometimes some models trick new developers into reuploading stuff for Robux and then giving themself admin or destroying their game. This might cause newer creators to stop developing in Roblox as it might be a ‘risk’.

These concerns are pretty explicitly addressed. I encourage you to re-read the original post.

Regarding “who cares about this if my code is closed-source”:

A solution for private / API keys is STILL needed

A lot of devs were mostly concerned about personal keys, and still are. There should be a feature built-in to place these keys, outside of scripts. It has been suggested many times, and removes a big part of the privacy and security concern. It also has added benefits such as not needing to remove API keys during a team create session.

Feature Request:

Otherwise, I’m going to have to start changing my keys every week. That’s just absurd.

Can moderators see script commit history, so they know who exactly wrote a specific piece of code? What if I am a part of a TC (author or not) and someone does something stupid. How do we know the correct person is punished if it truly does “pose a threat to the Roblox Community”? That is one question I am sure many want to see clarification about.

I can answer these two:

2. This system isn’t looking for profanity, so no, as long as it’s not exposed to players.
3. Correct. Scripts won’t be reviewed unless the team goes in-game and finds some concerning content to check up on.

What about someone who used to have access, but no longer does? Or anyone who might be concerned their personal data has been stored in scripts in the game?

Thanks for addressing some of the concerns regarding this system. Although, I would like to know more about how it handles utf-8 encoded strings as these could be implemented in a malicious way.

While I certainly appreciate the response, and recognize that it addresses some important questions; one point is still unanswered:

Will we be notified if our code has been manually reviewed?

I for one would like to use such information to update my API keys, paranoid as I may be.

Why are Team Create sessions considered private, while non-Team Create sessions aren’t? Can we get more clarification on why it’s private?

coef, I totally respect you, but being completely honest the OP doesn’t address everything. Many developers, myself included, are concerned about how exactly our secrets (API keys, for example) are protected during the moderation process. At the time of writing, this isn’t specified in the post.