Response to code safety review discussion

Many of these scripts date back to years, some even 2008. That is plenty of time for anyone to take a free model or plugin. Someone could be falsely banned for using a free model that they put in their game years ago.

A bot doesnt take manpower. I hardly see how it is a waste of time.

Also, you are missing a lot of the point. Roblox has always had access to your places. Always. They always have and always will.

Giving the moderation staff access to your places hardly constitutes a waste of time, considering that they are probably investigating something if they even are accessing your places.

This thread is not about reforming the moderation system.

I would also hope you would have had strict rules in place revolving around giving out user data, but that did not seem to stop a breach.

In the light of recent events do you really expect us to trust anyone reading our code.

Remember how everyone was scared that admins would leak the code? Well, an admin was just caught being bribed by a hacker (and accepting) to release user information.

You guys need to start taking more care of the website. This isn’t the same thing as the code review topic, but it’s very similar.

The person who was caught was a moderator, not an admin.
I’m pretty sure they don’t have access to user places/code.

That doesn’t matter. The point is that if it happened to a moderator, it could most certainly happen to a code reviewer.

Most of that probably goes into growing the platform. It’s kind of hard to tell for sure though, they have mentioned in the past their profitability, which makes sense considering what Roblox sells.

I’ve noticed that there is a “Loyal Since” and “This User is a Protected User!” part on the “Account” section of the admin panel. I’m assuming that “loyal” or “Protected” users are users favorited by Roblox and will gain lighter moderation actions when found to be violating the terms of service. Many users on Roblox are constantly reprimanded for doing something that they aren’t allowed to, but at the same time, other users are doing the same thing and getting away with it. I suppose this would be the same thing with the code-reviewing system. Certain games will be exempt from it (for example, front page games) and other games might get reviewed even more.

(The image is a photo of the customer support panel taken by the hacker)

@I_lovejava1 The fact that someone maliciously got access to a backend system has nothing to do with the fact that Roblox reviews certain flagged games for malicious code.

Also, I would assume that Protected Users would be users that require a higher level of authority to authorize any bans/warnings. This would be very important for users such as the owners of top games like Jailbreak and Adopt Me!. If such a system were not implemented then such users could have their game accidentally terminated.

I think there general point was if roblox staff are being bribed by hackers then this could happen to any roblox team.

No, it has to do with the fact that a worker leaked the information. It is just as likely for a code reviewer to do the same.

The post I replied to has been edited but you can infer the context easily

Yes and no. It simply proves that having a “specially trained team” is not as secure as they want us to believe. To err is human, and they’re putting our secret keys and trade secrets in the hands of people that we did not authorize ourselves.

This light of recent events, should we expect a change to this? The person didn’t seem to have attempted to attack developers, but whose to say that this isn’t the first time. The person who did this got their monetary gain and now they’re going for attention, but how do us devs know that there isn’t others being bribed currently.

Except roblox is not trying to get it taken down. Why? They had a spokesperson speak about it, meaning they acknowledged the presence of the article.
Regarding your main point: Roblox does admit issues, but they rarely do anything about it.

And? Like said before, how can we trust roblox mods to read OUR CODE, which may contain private info, if the team can mess up like this?

I fail to see how this is favoritism. Youtube has a similar system, so does Twitch, so do many platforms with content creators. Twitter didn’t do this and a rogue employee deleted a high profile account, so now they also do this. If it’s use is what I assumed, then it simply means that authorization is required for actions taken against the account, not that actions won’t be taken.

Not to mention it was sold for a small amount for private info for over 1 billion players, I think it was $500?

And we can’t trust them. Corrupt employees are everywhere. How do you think so many people get hacked? Because of corrupt phone employee carriers.
As long as there is something a certain team in roblox can access, it is able to be accessed from corrupt employees. Regardless, if a corrupt employee wanted to they could’ve always accessed our place and then our code.

I think you need to check your facts. The article that the screenshot was from says that a “very small amount” of users were affected.

So? Just because someone so happens to do the same thing ROBLOX does doesn’t make it right. Not to mention the fact that ROBLOX is a company many people put private info on, like emails.