They can always have a third party (e.g. friend, relative) sell the scripts and share the profits. It would be difficult to find sufficient evidence that the scripts were stolen.
Roblox has been showing favoritism in many areas around the platform, like the UGC catalog, the Video star program and not suprisingly, the moderation system. Roblox will likely put certain favored games on a code-reviewing whitelist, which would make the code in those games exempt from the filter. That would be unfair to developers of games that aren’t on the whitelist.
I’m sure Roblox keeps a log of when anyone accesses a users code. Now this would be helpful in many situations, because in the event that they do find something out or someone reports that moderator, Roblox could easily look at the logs and check who accessed what.
Also why wouldn’t Roblox track what happens on their systems? They could easily look at their system logs to find out what files were transferred, etc.
I do see your point though, as it’s impossible to stop anything from happening.
Isn’t this type of lawsuit primarily for security cameras and building owners?
They would need your password AND your email to break into your email account. If they only know your email, the worst they can do is send spam messages. Emails aren’t sensitive information unlike passwords or credit card numbers.
So rather than an automated system flagging code and having a human read over the code, the automated system flags the code and then a moderator will test to see if the game is inappropriate? That’s my understanding of what I read, I just want someone to back me up on that.
After reading through the topic, I can say one of the points that I mentioned in the original discussion seems like it was resolved:
Verdict? As long as that/those stray piece(s) of code isn’t shown to anybody in a public way, any games should be clear. Leaving --comments with a bit of swear (not encouraging anybody to do so) I guess is fine, as long as nobody has to see it (except Roblox).
Besides that, after all the clarification, it still feels like I need to at least keep most of my code clean and worry-free in most of my open games, but that might be that side of me being (too) safe around my coding. But after looking through what everyone else has to say - summarized; there are some questions still left unanswered.
(Not going to be that one person who points it all out though.)
Yes and no. If businesses have fake cameras, they basically bought themselves a lawsuit.
Roblox isn’t as likely to have this; however, this does not mean they aren’t at risk.
From what I can tell, yes, you are right, except for that the moderators, if they see suspicious activity in game, will then look into the code. Here are some hypothetical example for the game getting taken down:
Example 1 - Scam game
Mods receive a flag for free Robux.
They go in game and receive a “free Robux” prompt.
Since there is suspicious activity in game, they check the code to make sure that it was the developer (could’ve been an exploiter, or in some other way not the developer’s fault).
They find the free Robux code, and confirm the developer’s guilt.
The game gets taken down.
Example 2 - Custom chat filter for “free Robux”
Mods receive a flag for free Robux.
They go in game, and no suspicious activity happens (the custom chat filter was working behind the scenes, keeping users safe).
Nothing happens, since there was nothing wrong in game.
Example 3 - Exploiter creating inappropriate content
Mods receive the same flag for the free Robux chat filter in Example 2.
When they join, there’s an exploiter creating inappropriate content.
To make sure that this wasn’t the developer’s doing, they inspect in game code.
They find nothing in the code to suggest the developer is at fault.
The game is left alone, since although the exploiter was an issue, it was not the developer’s fault, since the developer’s innocence has been backed up by the code.
All three were flagged for the same reason. However, Example 1 was a legitimate danger for account safety, Example 2 was a false positive, and Example 3 was a false positive, but with the coincidence of some fishy activity in game unrelated to the developer.
Note: this is all from my understanding of how the system works and may not be entirely correct.
@incapaxx@Conejin_Alt Keep your ridiculous arguing out of here.
You can’t completely trust these “specially trained” staff members if you don’t know who they are.
However, it’s completely exaggerated to think that every single one of them decides to go rogue, take information that means almost nothing, get it past the rest of Roblox staff, AND share it.
At most, only one member would try. Even then, that’s unlikely.
While you do have a point in saying that not everyone in the “specially trained” team is evil, that does not mean that a security flaw is excusable. It’s wrong to say everyone is out to steal your code, however it is foolish to not prepare for that scenario. In exploit detection the main rule is to never trust the client and treat anyone as though they have malicious intent, I think the same rule should be applied here.
Personally I don’t see why an engineer would risk his reputation and his salary to go and sell some random user’s code. Especially since the majority of code is case-specific, and if there was some cool module, I’m sure the engineers looking at the code are well able to code the same thing themselves.
You’re forgetting that these aren’t just some random volunteers. They are trained engineers who have spent many years working and learning to get to a point where they are hired by Roblox. They work in silicon valley in San Francisco, all the salaries at tech companies there are very high. To sell some user’s code or an API key wouldn’t even pay for a few day’s rent in the area. Not only that, but they would get caught, fired, and have trouble finding another job.
This is Roblox’s platform and they have to abide by certain regulations (COPPA, etc). They are perfectly within their rights and obligations to scan content made or uploaded to the site.
I’m glad that Roblox has this automated system in place to catch inappropriate/illegal content before it is ever seen by anyone. I’m also glad that it doesn’t automatically ban people but rather goes through manual review first. If anyone has a better idea to this which is more efficient and won’t accidentally ban people and doesn’t require thousands of moderators then I’m sure there are many companies besides Roblox who would love to hear it.
I may sound a bit too to-the-point, but I think some people are making a big deal out of something that is actually helping them. And there have been some workarounds discussed to some of the problems anyway. Rather than dissing a feature which helps you and keeps your players safe, you should go to the appropriate feature request post or make a new feature request for something which will solve any issues you may have. Example: SecretService - A service for securely storing application secrets
This is a start, but it does not answer my main concerns and seems to downplay our privacy concerns.
No matter what, having anyone besides my team read the games code puts the project, and websites I have secrets for, at risk.
If it is possible for my code to be reviewed, I have to assume it will be. And from what I’ve seen there is no reasonable mechanism in place to protect secrets. Data stores are not a reasonable means to protect secrets (it is a hack to use it to store secret code and no assurance is given to the security of the service for keys). A proposal being available does not change this, it’s not implemented.
Does this only apply when the game is saved online or does this apply to all games?
This does not tell me if my private games can be reviewed.
I’ve since quit Roblox (only visiting occasionally looking for a response like this), which I feel is important context to my response.
Can’t you just understand? We don’t want this!
How has this effected anyone? I can’t name anything.
There may be some cases where this can be done but our player base can’t determine whether content inside the game isn’t appropriate.
I don’t want some random person looking at my code and I will have no choice but to use one of those script protection services so none of these people can read my code! I don’t trust them!
I completely support the intentions behind this update for open-source code. What I don’t like is how it affects closed-source scripts that aren’t for sale or anything (eg. “main” scripts for a game that is not uncopylocked). The worst thing a closed-source game script can do is break the Roblox ToS, and these games have been caught countless times prior to this update. I also dislike that Roblox has given no clarification on the “specially-trained team” that are supposedly reading our code.
For open source scripts, this update is amazing and it will help out a lot of devs make sure that content they use in their game is not causing vulnerabilities in their games without their consent. I dislike the use of this system to moderate closed-source scripts, however, and I dislike the lack of reasoning Roblox gave when asked about closed-source script moderation.
Roblox unfortunately has a case of creating good updates once a century. The rest are either terrible updates or updates that hardly affect anything. Who’s idea was it to remove the game categories search feature? Who came up with the bright idea of thinking it would be 100% fine to just look at our code, including API keys for things such as spreadsheets. This is a terrible idea, and not many people are supporting this update at all. Take a good look at the disagreement on this post that has over 136 comments, along with the original post that has 1000. This website in reality should be a partnership, not a one way dictatorship of owner to developer. Just know that if Roblox were to lose many of its creators it would fail horribly. Without developers, there’s no players. Without players there is no Roblox. This doesn’t seem like “empowering” the creators WHATSOEVER.
Don’t do anything wrong and they won’t look at your code. Simple as that. Also they’ve created tons of great updates recently. I don’t know where you’ve been. They’ve had FiB 2.5, Game Permissions. Unified Marketplace Fee, they’re getting a new Dragger, new Asset Manager, they have Configure Group and Configure Item on mobile now, and they’ve tripled Premium Payouts.