I’ve already experienced a false-positive from this system.
I received a message from Roblox on April 19th saying that a Discord link was found in one of my game’s scripts and that I must remove it within 48 hours. I have a few issues with this:
This isn’t correct. My game doesn’t have a Discord link in the scripts. Is Roblox talking about my webhook links? These are allowed, and I do not want anyone else looking at them.
I didn’t notice that message until 11 days later. I can’t be the only developer who doesn’t actively read their Roblox messages (I have thousands of them and my notifications are always full). Why wasn’t I emailed about this? Any time a developer is contacted for an urgent matter, Roblox should email the developer to ensure that we can’t possibly miss it.
Roblox’s message contained no information regarding where the problematic script is, what its name was, what line the problem was on etc. This made it even more nerve-wracking to try to figure out how I received the message; it was bad enough that Roblox thought my game contained a Discord invite link when I knew that it didn’t, it was even worse that I was left clueless as to what Roblox identified as the problem. I can only guess that Roblox thought my webhook was an invite link, but I can never know for sure.
My webhooks are (for obvious reasons) never shown to the players, so my experience with the code safety review system makes it much harder for me to trust that we have nothing to worry about if potentially problematic content is never seen by our players.
I appear to have gotten lucky that nothing ended up happening - I didn’t remove the Discord invite link from my game within 48 hours because it never existed. The system incorrectly detected that there was one. I’m very uncomfortable with the fact that I nearly received moderation action because of this.
I get the intentions behind the system - offsite links such as Discord invite links are against the rules, and you don’t want people circumventing the rules by putting the invite links into the games themselves. However, if that is the goal, then this system isn’t anywhere near enough. If you really want to remove all offsite links from games, you’d need to scrape not just scripts but every single object with a string property, even deprecated ones like hint objects and message objects. I wouldn’t support that, but if Roblox wanted to realize their goal of cracking down on offsite links in games, that’s what they’d need to do.
To be clear, I think the mere fact that I did not receive moderation action could mean that Roblox’s team may have been aware that my case was a false positive and decided not to take action against my game or my account, but the experience still made me uneasy about this system because I can’t know that with certainty. I don’t know who the team is, what they’re thinking, or what role they did or did not play in my experience with the system. I don’t know what decisions were made by the automated system and what decisions were made by human beings. I didn’t receive any follow-up messages after Roblox’s initial message informing me that I must update my game to comply with the rules. I don’t know if Roblox’s team manually discovered that I was complying with the rules, or if Roblox detected that I added (unrelated) updates to my game during the 48 hour grace period and assumed that I must have fixed the problem. I just don’t know what happened. I don’t know how exactly my code got flagged or why exactly I ended up being spared from moderation.
I still appreciate that Roblox made a second thread, but it doesn’t really address most of my concerns. There’s still significant privacy concerns considering that they can (and apparently already have) viewed my HttpService links, and it’s still unclear what can and can’t be flagged or moderated. There’s a lot I still wish I knew about how the system works. Does a player first have to report the game for the automated system to look for inappropriate content, or does the automated system scrape everything without exception? Are the warning messages sent to the developers after the automated system found something, or are they not sent until after Roblox’s team manually verified that there is a problem?
I’m sorry for how this reply is all over the place, I’m a little overwhelmed and it’s hard to find the right words to express my confusion.
I think a better thing to ask for would be to make appeals better, rather than making a seperate system/staff for appeals just because of code review; that is a bandaid fix that fixxes nothing - and there is no guarentee it would be better than standard appeals.
People have been being banned via place reviews for years. Everyone is acting like this is some new unfair thing just because Roblox publicly spoke about it.
Taken out of context, cases like @NickoSCP’s seem counter to what this announcement, and the announcement prior says about this system.
From what I’ve heard, Nicko made a custom chat interface which censors inappropriate words. Without feeling the need to inform him on what he was terminated for, this “specially-trained team” decided to terminate his account. His account was then unterminated around the time this announcement was made, then reterminated shortly after.
Why was his account terminated in the first place? Why was it unterminated? Most importantly, why was it terminated again? For me and many others, this creates many red flags. The system seems more automated than anything, especially when those moderating flagged code aren’t identified. Especially when there isn’t a system implemented for warning flagged individuals, because things like certain words bypassing custom chat interfaces can simply be mistakes or oversights.
We deserve to know more about this system in general. Who’s doing the moderating? What are the criteria for flagged code to be reviewed? Exactly how is it that our privacy (personal keys and the like) are being protected with such an invasive system in place? You can’t simply say that moderators will only review “parts of the game’s code” and expect people to trust or believe you; especially when you don’t tell us who this “specially-trained team” consists of.
Overall, this seems like a sugarcoating of simple invasion of privacy. Leaving context absent only makes the system more suspicious, and more of a legal liability for the Roblox company.
Roblox just needs one chipotle health crisis before regulatory bodies across the world go on the offensive. Keep in mind that our target audience is children. Imagine if a viral game suddenly flipped a switch and exposed thousands of users to obscene scenes and profanity. Extraordinary measures need to be taken to maintain the security of this platform, so I think this type of code review is entirely warranted.
Exploits leak server scripts from time to time, so I think anyone who is storing confidential information in their code has misguided perceptions of information security. This isn’t to say that I wouldn’t like more transparency or that flaws in security are acceptable – we just need to have realistic expectations of how a platform this large can create a safe environment for kids 100% of the time, without fail, 24/7.
As to just inform you, I’ve did something else that was involved about code reviewal.
I’ve finally received an informal message about my accounts current termination status, which is now unterminated for sure. The period that I randomly had access to my account was considered a ‘glitch’ and that I wasn’t supposed to be ‘unterminated’. The only reason why I’ve been now unable to appeal myself to be unterminated is that the Roblox Staff told me that the community sage members were upset about my ban reason. Roblox themselves wouldn’t of ever unterminated me if it wasn’t for voicing my opinion about this strict system that penalized my account for over 4 months. I’ve even contacted appeals over ten times and they only bothered to listen to my first email and declined me regardless.
The system in place, I have no idea if it’s been made to be more relaxed about the instant account actions but there needs to be another system in place for accounts that has been on Roblox for over two years, is on the DevForum as a Member trust level and higher, and even have their account signed up to be a beta user. The system in place didn’t bother checking any of that to decide if the ‘termination’ would even be fair.
I hope they give us another update about what the situation about this is because I’m already 100% still not comfortable with editing scripts on my own account without the fear of being terminated for over four months again.
However, I don’t think issuing a termination to my account that had no visits and was just uploaded three minutes ago was fair for me.
Then not even able to ask the appeals team to help appeal this and fix my code that I had to find out what happened.
Mind you, this happened in January, my account termination and I didn’t know what to do to appeal.
It was only till I saw this devforum post about it, voiced my opinion, that the Roblox community finally helped me get unterminated. Yes, the Roblox community unterminated me, not Roblox themselves.
I’ve now set the game to be private, archived, etc as for some reason I can’t even update the game as it fails to publish or even use revision history. I can edit and see the exact code that got me terminated and nobody can play the game because of the ‘permission levels are too low for you to join this game’ message. I don’t even want to ask the Roblox team to help me delete the game outright because I fear they’ll see it again and the cycle repeats.
Regardless, this still does beg the question: What exactly are the criteria for code to be flagged? I’ve seen a couple players already experiencing false-positive warnings from the system. Considering the untermination of your account was dubbed a ‘glitch,’ it’s all but confirmed that the system is heavily automated. What if other players experiencing false-positive warnings get falsely terminated? There’s definitely a level of trust to be regained between developers and Roblox.
Roblox providing conclusive context which explain these reports of false-positives and ‘glitches’ would be a good start.
Op stated that the system scans threats, personal info etc.
Furthermore this kind is system is not trivial for detecting backdoors as there are billions of ways to implement one and they are hard to detect unlike the inappropriate content which has inappropriate strings or comments.
Stop believing that one team of members waste’s Roblox’s resources. Roblox is not that small of a company. They multitask its not like their only working on this. So please stop assuming that Roblox is wasting all their resources on this small project.
Half of the developer community cares about this update. Most people are relieved including other developers since Roblox responded. It is their platform and they make the rules. This applies to unity to if you break their TOS, they can get your account suspended and remove you from your game. You just seem to complain about every single matter, if you have a problem with this platform go find something else. By the way, if you really want absolute control make your own game engine. Stop complaining, I get some of your concerns but at this point your overreacting.
All tho I really don’t want Roblox admins snooping around my scripts, instead of moderating the Developers based on their scripts, breaching their privacy. You should really turn your focus to some of the Developer’s bad business practices (get rich quick etc…) or exploiters instead.
I do agree with your first point, my argument was more of an example and a better moderation system would be more beneficial than splitting it into two.
On your second point, just because people aren’t aware of something happening before it is publicly spoken about does not make it okay. It is reasonable for roblox to review scripts on uncopylocked games of free models, however going through your scripts that are never shown to anyone is not only a waste of resources but a stupid idea.
Uh. I don’t think you understand what I’m saying here. I’m saying that there is no reason to waste moderation resources on this update.
You are wrong. Only about a sixth of the community likes this update.
I’m not overreacting. I am protective of my intellectual property. ROBLOX can make its own rules, but they need to expect lots of backlash, especially over this update.
The fact that you are saying, “go make your own engine” is absurd. You don’t understand how much money and time that takes.
I want to add that I made a poll with a total of 70 voters. 61 voters said they didn’t like the update, 9 said they did. You can’t say that half of the community likes this update when this poll obviously says otherwise.
The poll shows that 87.1% of ROBLOX disliked the update.
ROBLOX still needs to explain why they think it’s more important to have their moderators spend time moderating things that are PRIVATE vs. content that is PUBLIC such as messages and misbehavior on the platform.
It’s not a stupid idea; it’s done for a very specific reason.
To find people who create malicious games that break the terms of service.
Be it some sex game, a phishing prompt or a game that tracks some sort of data without your permission; it could be literally anything.
Roblox owns the entire platform and you can never tell them that they don’t have the right to read the code that you upload to it. Because they do have the right. It’s in the terms of service.
All of the things you listed that this system can attempt to find could be found using the reports system.
Roblox should be investing resources into fixing their moderation system, so that reports are actually read by a human (assuming the account that sent the report is at least one year old). Currently, I do not even bother to use the report function. If roblox fixed their moderation system, then this system could be used on games that received reports and free models. Otherwise it is just a waste. I think a roblox user would be able to identify if a… erm… graphic male reproductive organ… were to appear on a character better than a bot that reads through code and attempts to find a part where it creates 2 spheres and a cylinder with their colour set to skin colour. As for data tracking, what data would be tracked? What would that data be used for? The roblox website probably has more trackers than any roblox game.