Response to code safety review discussion

I’m concerned that we still don’t really know what’s happening (or being worked on) with API keys and other secrets to protect them, if anything. Totally on board with the premise of stopping malicious behaviour on the platform, but we really need a clear answer for this.

What procedures are in place when code gets reviewed (regarding privacy). I understand that it doesn’t happen often, but it still does not offer any explanation on steps taking to ensure code does not get leaked (accidentally or not). More clarification on this would be welcome.

I have some questions from this that aren’t answered yet.

1. Will this apply to private games (e.g. friends only)?
2. If you do somehow get flagged even though the system is to not find swear words in scripts, would you still get punished for them?
3. Will these new rules be retroactively applied to old games and models?
4. “a very small, specially-trained team goes in-game as players to check it out.” does this mean game scripts will only be checked out if the team suspects something is up?
5. Would we ever get a notification our game was checked out if it were to be flagged for whatever reason? (even if falsely flagged)

Thanks for clearing it up some

That might be helpful because it could eliminate most virus models on Roblox.
But what if a random player re-uploads a model that contained a malicious script without knowing. Would they getting a warning/ban? Sometimes some models trick new developers into reuploading stuff for Robux and then giving themself admin or destroying their game. This might cause newer creators to stop developing in Roblox as it might be a ‘risk’.

These concerns are pretty explicitly addressed. I encourage you to re-read the original post.

Regarding “who cares about this if my code is closed-source”:

A solution for private / API keys is STILL needed

A lot of devs were mostly concerned about personal keys, and still are. There should be a feature built-in to place these keys, outside of scripts. It has been suggested many times, and removes a big part of the privacy and security concern. It also has added benefits such as not needing to remove API keys during a team create session.

Feature Request:

Otherwise, I’m going to have to start changing my keys every week. That’s just absurd.

Can moderators see script commit history, so they know who exactly wrote a specific piece of code? What if I am a part of a TC (author or not) and someone does something stupid. How do we know the correct person is punished if it truly does “pose a threat to the Roblox Community”? That is one question I am sure many want to see clarification about.

I can answer these two:

2. This system isn’t looking for profanity, so no, as long as it’s not exposed to players.
3. Correct. Scripts won’t be reviewed unless the team goes in-game and finds some concerning content to check up on.

What about someone who used to have access, but no longer does? Or anyone who might be concerned their personal data has been stored in scripts in the game?

Thanks for addressing some of the concerns regarding this system. Although, I would like to know more about how it handles utf-8 encoded strings as these could be implemented in a malicious way.

While I certainly appreciate the response, and recognize that it addresses some important questions; one point is still unanswered:

Will we be notified if our code has been manually reviewed?

I for one would like to use such information to update my API keys, paranoid as I may be.

Why are Team Create sessions considered private, while non-Team Create sessions aren’t? Can we get more clarification on why it’s private?

coef, I totally respect you, but being completely honest the OP doesn’t address everything. Many developers, myself included, are concerned about how exactly our secrets (API keys, for example) are protected during the moderation process. At the time of writing, this isn’t specified in the post.

I appreciate the clarification (I had to reread it a few times but most of my questions are answered) but I’m still concerned about secrets like API keys and tokens. Is there something in the work to hide these things or are we expected to just accept that staff will see them? If that’s the case, would it be possible to have a system put in place to notify us when a staff member has seen our code so that we can change these keys if we so desire?

While I certainly share your curiosity, I must point out that revealing these kind of details of the inner-workings of the system would likely aid those that try to evade it.

For concerns regarding secrets such as API keys, I recommend supporting feature requests such as this one:

(Support here meaning give it a like or add your additional use cases in comments.)

It would be nice to know precisely what these rules are, since while this post is more precise in some areas it continues to be vague in others.

Is there any plan to inform the developer on devforum, by email, or by Roblox PM that the “special team” is checking my game? (Edit: So some users can void their API keys till a way to store API key’s is in place?)

Any way that an alternative method of appealing will be in place?

Not always. Certain information regarding process, excluding the actual moderation criteria, can be shared so that we know that they are taking some protection. We would hope that the team is under strict NDA, that the information has strict IT controls that prevent it from leaving the network (once the employee accesses it), and that code is more protected than some image already available for viewing in the catalog. Unfortunately, these are things that we don’t know exist (although I hope they do).
Edit: I misunderstood the question, That said, this is still info that we would like to see.

We understand this is the goal, but many developers are worried because they still don’t understand what conditions can cause their code to be flagged in the first place. Unless this is clarified, developers will assume that their private code can be read/stolen by moderators at any time.