Response to code safety review discussion

Now that’s way better! And I belive that if moderators are fast enough, there may even be a possibility to end those stupid “free robux” scam games on ROBLOX.

ROBLOX being allowed to read private code including private information such as API keys is not “way better” - it is way worse.

6 Likes

Roblox allowing people to read code isn’t going to end scams. It’s just a waste of moderation resources since code isn’t seen by the player, and also a privacy breach.

5 Likes

Hmm, I belive too that ROBLOX should really improve and spend time with actual problems like hackers, scammers and so on as their moderation is not really great.

With way better I mean that it sounds better if we put in like swearwords in the code and get banned over it even tho nobody will ever see that. But I have to agree, them reading our private code is not really that cool

I think this code review should be only for people who ROBLOX suspects of dangerous activity, not just people who are regular users, but that’s what I think.

1 Like

ROBLOX moderation is not good, ROBLOX should be embrassed for this.

4 Likes

Problem is, many users have been terminated with no context, and this really didn’t cover much except the swearing area.

4 Likes

Except multiple users have been terminated and/or reterminated after their appeal, my point was to say that this didn’t change much.

I don’t get what your point is.

When people get terminated or banned, it is usually because they did something stupid to get in trouble.

This discussion has nothing to do with punishment towards people who break the rules, or undoing those punishments. That is handled by appeals. This has to do with how roblox goes about inspecting your places.

Anyways; like I said before. Roblox has been inspecting places since the platform was made in 2007; and they will do it for as long as the platform exists. The Terms of Service explicitly make this clear that anything you make on Roblox can be accessed and inspected by the admins at any time.

While you do have a point in saying that the appeals/moderation system is separate to the code review system, it is not a fair to make the assumption that they are completely separate. When code is wrongly reviewed and a user is falsely punished for it, that’s when problems start to arise because that user now hast to go through the same appeals system that many developers have been complaining about for years. If appeals in regard to the code review system where handled separate to the standard appeals system then your point would be valid, however as we all know Roblox is not very generous in the ways of moderation and appeals and so such luxuries remain nonexistent.

1 Like

I’ve already experienced a false-positive from this system.

I received a message from Roblox on April 19th saying that a Discord link was found in one of my game’s scripts and that I must remove it within 48 hours. I have a few issues with this:

  • This isn’t correct. My game doesn’t have a Discord link in the scripts. Is Roblox talking about my webhook links? These are allowed, and I do not want anyone else looking at them.

  • I didn’t notice that message until 11 days later. I can’t be the only developer who doesn’t actively read their Roblox messages (I have thousands of them and my notifications are always full). Why wasn’t I emailed about this? Any time a developer is contacted for an urgent matter, Roblox should email the developer to ensure that we can’t possibly miss it.

  • Roblox’s message contained no information regarding where the problematic script is, what its name was, what line the problem was on etc. This made it even more nerve-wracking to try to figure out how I received the message; it was bad enough that Roblox thought my game contained a Discord invite link when I knew that it didn’t, it was even worse that I was left clueless as to what Roblox identified as the problem. I can only guess that Roblox thought my webhook was an invite link, but I can never know for sure.

  • My webhooks are (for obvious reasons) never shown to the players, so my experience with the code safety review system makes it much harder for me to trust that we have nothing to worry about if potentially problematic content is never seen by our players.

I appear to have gotten lucky that nothing ended up happening - I didn’t remove the Discord invite link from my game within 48 hours because it never existed. The system incorrectly detected that there was one. I’m very uncomfortable with the fact that I nearly received moderation action because of this.

I get the intentions behind the system - offsite links such as Discord invite links are against the rules, and you don’t want people circumventing the rules by putting the invite links into the games themselves. However, if that is the goal, then this system isn’t anywhere near enough. If you really want to remove all offsite links from games, you’d need to scrape not just scripts but every single object with a string property, even deprecated ones like hint objects and message objects. I wouldn’t support that, but if Roblox wanted to realize their goal of cracking down on offsite links in games, that’s what they’d need to do.

To be clear, I think the mere fact that I did not receive moderation action could mean that Roblox’s team may have been aware that my case was a false positive and decided not to take action against my game or my account, but the experience still made me uneasy about this system because I can’t know that with certainty. I don’t know who the team is, what they’re thinking, or what role they did or did not play in my experience with the system. I don’t know what decisions were made by the automated system and what decisions were made by human beings. I didn’t receive any follow-up messages after Roblox’s initial message informing me that I must update my game to comply with the rules. I don’t know if Roblox’s team manually discovered that I was complying with the rules, or if Roblox detected that I added (unrelated) updates to my game during the 48 hour grace period and assumed that I must have fixed the problem. I just don’t know what happened. I don’t know how exactly my code got flagged or why exactly I ended up being spared from moderation.

I still appreciate that Roblox made a second thread, but it doesn’t really address most of my concerns. There’s still significant privacy concerns considering that they can (and apparently already have) viewed my HttpService links, and it’s still unclear what can and can’t be flagged or moderated. There’s a lot I still wish I knew about how the system works. Does a player first have to report the game for the automated system to look for inappropriate content, or does the automated system scrape everything without exception? Are the warning messages sent to the developers after the automated system found something, or are they not sent until after Roblox’s team manually verified that there is a problem?

I’m sorry for how this reply is all over the place, I’m a little overwhelmed and it’s hard to find the right words to express my confusion.

19 Likes

I think a better thing to ask for would be to make appeals better, rather than making a seperate system/staff for appeals just because of code review; that is a bandaid fix that fixxes nothing - and there is no guarentee it would be better than standard appeals.

People have been being banned via place reviews for years. Everyone is acting like this is some new unfair thing just because Roblox publicly spoke about it.

Yes, how dare they.

sarcasam

1 Like

Taken out of context, cases like @NickoSCP’s seem counter to what this announcement, and the announcement prior says about this system.

From what I’ve heard, Nicko made a custom chat interface which censors inappropriate words. Without feeling the need to inform him on what he was terminated for, this “specially-trained team” decided to terminate his account. His account was then unterminated around the time this announcement was made, then reterminated shortly after.

Why was his account terminated in the first place? Why was it unterminated? Most importantly, why was it terminated again? For me and many others, this creates many red flags. The system seems more automated than anything, especially when those moderating flagged code aren’t identified. Especially when there isn’t a system implemented for warning flagged individuals, because things like certain words bypassing custom chat interfaces can simply be mistakes or oversights.

We deserve to know more about this system in general. Who’s doing the moderating? What are the criteria for flagged code to be reviewed? Exactly how is it that our privacy (personal keys and the like) are being protected with such an invasive system in place? You can’t simply say that moderators will only review “parts of the game’s code” and expect people to trust or believe you; especially when you don’t tell us who this “specially-trained team” consists of.

Overall, this seems like a sugarcoating of simple invasion of privacy. Leaving context absent only makes the system more suspicious, and more of a legal liability for the Roblox company.

4 Likes

Roblox just needs one chipotle health crisis before regulatory bodies across the world go on the offensive. Keep in mind that our target audience is children. Imagine if a viral game suddenly flipped a switch and exposed thousands of users to obscene scenes and profanity. Extraordinary measures need to be taken to maintain the security of this platform, so I think this type of code review is entirely warranted.

Exploits leak server scripts from time to time, so I think anyone who is storing confidential information in their code has misguided perceptions of information security. This isn’t to say that I wouldn’t like more transparency or that flaws in security are acceptable – we just need to have realistic expectations of how a platform this large can create a safe environment for kids 100% of the time, without fail, 24/7.

As to just inform you, I’ve did something else that was involved about code reviewal.

I’ve finally received an informal message about my accounts current termination status, which is now unterminated for sure. The period that I randomly had access to my account was considered a ‘glitch’ and that I wasn’t supposed to be ‘unterminated’. The only reason why I’ve been now unable to appeal myself to be unterminated is that the Roblox Staff told me that the community sage members were upset about my ban reason. Roblox themselves wouldn’t of ever unterminated me if it wasn’t for voicing my opinion about this strict system that penalized my account for over 4 months. I’ve even contacted appeals over ten times and they only bothered to listen to my first email and declined me regardless.

The system in place, I have no idea if it’s been made to be more relaxed about the instant account actions but there needs to be another system in place for accounts that has been on Roblox for over two years, is on the DevForum as a Member trust level and higher, and even have their account signed up to be a beta user. The system in place didn’t bother checking any of that to decide if the ‘termination’ would even be fair.

I hope they give us another update about what the situation about this is because I’m already 100% still not comfortable with editing scripts on my own account without the fear of being terminated for over four months again.

6 Likes

And I’ll be alright with that.

However, I don’t think issuing a termination to my account that had no visits and was just uploaded three minutes ago was fair for me.

Then not even able to ask the appeals team to help appeal this and fix my code that I had to find out what happened.

Mind you, this happened in January, my account termination and I didn’t know what to do to appeal.

It was only till I saw this devforum post about it, voiced my opinion, that the Roblox community finally helped me get unterminated. Yes, the Roblox community unterminated me, not Roblox themselves.

I’ve now set the game to be private, archived, etc as for some reason I can’t even update the game as it fails to publish or even use revision history. I can edit and see the exact code that got me terminated and nobody can play the game because of the ‘permission levels are too low for you to join this game’ message. I don’t even want to ask the Roblox team to help me delete the game outright because I fear they’ll see it again and the cycle repeats.

2 Likes

Regardless, this still does beg the question: What exactly are the criteria for code to be flagged? I’ve seen a couple players already experiencing false-positive warnings from the system. Considering the untermination of your account was dubbed a ‘glitch,’ it’s all but confirmed that the system is heavily automated. What if other players experiencing false-positive warnings get falsely terminated? There’s definitely a level of trust to be regained between developers and Roblox.

Roblox providing conclusive context which explain these reports of false-positives and ‘glitches’ would be a good start.

6 Likes

From the new post it appears that it is not targeted towards Lua viruses at all and instead towards bad language, threats and personal information.