Response to code safety review discussion

The person who was bribed was an outsourced employee. I doubt the people reviewing your code are the outsourced ones. If they are then we have an issue.

Because the ToS says that NSFW content isn’t allowed, regardless of the place being private or not. Please read the ToS.

I’ve heard that Roblox’s moderation is outsourced to a third party that also moderates different sites with different guidelines. (Good reason for Roblox’s terrible moderation). The code-reviewing moderators are likely also outsourced, no matter how ‘specially-trained’ they are. You are right. We have an issue. The bribed employee also had access to sensitive info, so why is a third party getting access to users’ sensitive info?!

2 Likes

It has been over a month and the majority of our security concerns still have not been addressed. I doubt they ever will. The response post was probably only made to just cool down some of the outrage sparked by the first post. They only said just enough to make people accept the update.

And also the fact that the feature was kept hidden for a long tiem does not make it any better. Roblox were not transparent with this update at all. I don’t get what was the point of hiding it for months. Roblox should have more transparency not less. If some feature is too controversial for them to talk about then it probably should not exist in the first place. The fact that they hid this kind of stuff for a long time and won’t answer our concerns nor even acknowledge them means that the feature not right and should not exist.

I demand that a follow-up post should be made where they would explain

  • Why they hid the update for so long.

  • The reason the system was implemented.

  • Are the “specially trained individuals” third party contractors.

  • What guarantees we have that these people won’t just CTRL C & CTRL V our scripts&other assets.

  • What guarantees we have againts reviewers leaking API keys, encryption keys, tokens and intellectual property.

  • What about open source chat filters, antivirus plugins or other moderation related scripts which do include inappropriate words so they can be prevented.

To me it just seems that Roblox is trying to push the majority of the legit concerns under the rug and trying to make people forget about the feature.

Also this kind of system probably uses op a lot of the moderation budget. Yet the issues it is supposed to tackle seem nonexistent.

7 Likes

AFAIK the “specially-trained individuals” were exposed as Indians hired from some company that provides persons for moderating social medias.

2 Likes

Again, I know that. I’m saying that if it happened to the employee, why should it not be able to happen to the code reviewers?

1 Like

No one here seems to know what the hell they are talking about. Everyone has this presumptious attitude that Roblox is in the wrong and that your rights are being infringed.

You are wrong. I will explain why:

Legal:
As a user of Roblox software, and using a Roblox account, you are subject to the Roblox Terms of Service at all times. And if you use your account/software, you are agreeing to anything and everything in the terms of service.

Roblox is providing you a license to use their software for free; and in return you agree to follow the Terms of Service.

The Roblox Terms of Service clearly states:


Roblox hosts your games for you free of charge. In return, you provide them the ability to inspect (refered to as screening or pre-screening) any and all areas of your places to determine if they are compliant with the terms of service.

As you have agreed to this by using the platform, you have no right to privacy in your code.
There are other sections of the terms of service that state this in various manners. Obviously this doesn’t mean they can use your code. Using and viewing code are two very different things, this is discussed under the rights of User Generated Content and Intellectual Properties section.

Ethical:
Roblox may have a bunch of ethical obligations here, that is what many people here are trying to talk about. But there are many more people who seem to have no idea what their rights actually are, and are making claims that Roblox should not, does not have to, or cannot do what they are doing.

An ethical obligation is, in regards to a privately licensed product, is optional on Roblox’s behalf. Obviously there are many reasons Roblox has chosen to take an ethical approach, COPPA is an example where Roblox has done this to attract a wider audience. (and COPPA is part of the reason why Roblox inspects places/code in the first place)

Roblox may have an ethical obligation to notify you if they have accessed your code, flagged you for review, or otherwise done anything that might inflict you, but they do NOT have a legal obligation to do so; because you have agreed to the terms of service where they clearly state they DON’T HAVE TO NOTIFY YOU OF ANYTHING. Please, understand the difference between ethical and legal obligations.

You cannot disagree with the Terms of Service and then choose to use the software anyway. You cannot have both.

Final statement:
I’m not saying that nobody has the right to criticize Roblox for their business practice, but you must understand the circumstances that surround this. This is nothing new; Roblox has always inspected peoples places, and the Terms of Service has always granted them this right - but they usually keep quiet about it. The only reason people are having this ridiculous outrage is because they spoke about it publicly.

A lot of the legitimate arguments are being drowned out in this thread by people who have a poor understanding of the situation and feel the need to share their two cents; this needs to stop. Either be informed about the subject, or just simply stop talking.

The point of inspecting peoples places is to determine the following:
Does your place, and your code, comply with:

The Roblox Community Rules
The Roblox Terms of Service
Any of the other Roblox legal documents

If it does, you should have no problem. But it’s the ones that don’t that are the problem. Roblox cannot just ignore the ones that don’t comply. That would be a legal nightmare.

Roblox has a responsibility to protect their name for many reasons. For one, inspecting places is specifically targeting for enforcement of the legal documents, and ensuring compliance with COPPA. Additionally, if Roblox did not enforce their own rules on the platform, there would be the potential for a legal battle that could be cited against Roblox if they were not consistent with their terms. If they enforced their terms in some places, but not in others, this would set a precedent that probably affect Roblox negatively in the legal perspective. Consistency is important when you’re talking with lawyers. If roblox makes a rule, but fails to enforce it, then they are opening themselves up to legal claims (in certain specific circumstances, like IP enforcement for example). This is why people hire lawyers to close these gaps, and this is why the terms of service is filled with so much legal mumbo-jumbo

For as long as Roblox decides to associate their name with your content, and provide you a wide array of services via their software that many other game developers spend a lot of money for, (and in fact roblox pays a lot of people money to make games here), Roblox will always retain the right to do what they want with your content, short of breaching the rights they have provided to you in the Terms of Service (regarding UGC and IP ownership); which they have always (to my knowledge) respected.

I seriously doubt they will ever relinquish this right, because quite frankly, any decent business owner would have the same policy if they were in this position.

So please; do not make the legal argument; it has no place here.

4 Likes

And for the record, I have seen so much outrage here from people who show examples of where Roblox has used their ability to enforce their rules. Most of the examples that are being given here where people are being banned, are usually their own fault.

If you breach the terms of service, in a place that you hold ownership of, whether it is your content, or somebody elses; you are responsible. You are always responsible for the content of your own place. Same way that you are responsible if there are legally prohibited items in your car and the police find it; you, at the end of the day, are always responsible.

The alternative is that no one is responsible. And that’s just stupid.

You have agreed to be responsible for your own content, and so you must. If you put something in your place that breaks the rules, and you get banned; then take the ban as a warning for what it was. Don’t go and complain on a public forum about how you were unfairly banned when you are basically showing the world that you were in fact in the wrong. Whether it was intentional or not.

if you use free models, that’s fine; but understand that any model you insert into your place, you are responsible for.

“officer, I didn’t put those in my car, I have no idea where those came from? oh well! not my fault I guess”
See how stupid that sounds? This is what a lot of people sound like here.

Roblox bans people because it’s a deterrent, punishment, or “time-out”. If you break the terms of service, you will get warned, banned, or terminated. If you get a temporary ban, the expectation is that you will accept the ban and leave until you are allowed back. If you login to another account to circumvent the ban, you are again, breaching the terms of service; which is why you can be banned again. Take the ban, learn from it, and move on. It seperates you from the platform for a period of time to: 1. Show roblox is serious, and 2. give you time to think about your actions and how to respond. Make an effort to not break the rules. This is the same reason we have laws, courts, and prisons.

Be vigilant about what you include in your games, and you’ll be fine.

1 Like

If I was banned, and I thought I deserved it, would I even bother wasting my time or other people’s time trying to protest about it on a public forum or Roblox appeals?

I agree with you on this spot. They likely did have access to peoples’ places since the creation of Roblox, however, I’m pretty sure they rarely checked places for code. They would have instead checked the game or reports sent by the player.

That’s not true. People get banned for absurd reasons all the time, even if they didn’t violate the Rules. I’ve seen instances of users getting banned for assets uploaded years ago, and a developer randomly getting a 3-day ban for uploading the OFFICIAL Roblox NFL helmet of the Washington Redskins. Even more recently, a developer got banned for using a custom chat filter on top of Roblox’s one, despite it being expressly allowed by the rules.

Does that mean developers are going to have to upload assets on an alt, while on a VPN to stay safe?

3 Likes

Also, keep in mind the minute or so it might take to become available for access depending on upload speed.

But yes, your case is incredibly powerful as a talking point against Roblox’s moderation and policies.

3 Likes

Unfortunately, that is rapidly becoming my habit.

5 Likes

If I was banned, and I thought I deserved it, would I even bother wasting my time or other people’s time trying to protest about it on a public forum or Roblox appeals?

a LOT of people do. While I do acknowledge that there are absurd bans, there is a proper system to appeal and discuss them and this is not the place. I think NickiSCP’s case is a good example of where the moderation system has failed; but this is not a discussion about the moderation system.

I agree with you on this spot. They likely did have access to peoples’ places since the creation of Roblox, however, I’m pretty sure they rarely checked places for code. They would have instead checked the game or reports sent by the player.

And they always have. I’ve talked to Roblox staff members about it in the past. It’s a legal responsibility they have to bare when you look at their style of game and the market. While Roblox can usually figure out if your game breaks TOS by playing it, there are many cases where developers hide things in their game that the public cannot see.

That’s not true. People get banned for absurd reasons all the time, even if they didn’t violate the Rules. I’ve seen instances of users getting banned for assets uploaded years ago, and a developer randomly getting a 3-day ban for uploading the OFFICIAL Roblox NFL helmet of the Washington Redskins. Even more recently, a developer got banned for using a custom chat filter on top of Roblox’s one, despite it being expressly allowed by the rules.

Again this is an argument you can have with the moderation. While I agree, sometimes the things they moderate are ridiculous, that’s not what this discussion is about. A person mentioned earlier that their friend had inserted a script into their game that had some sort of sexual aspect hidden in the code. Claiming they didn’t know it was there, so it wasn’t their fault; because it’s not their script.

This is where responsibility comes in. if the police find drugs in your car, you are determined the owner, if no one takes responsibility. This is the same.

of course, my statement only applies if you are in the wrong; but a lot of people seem to have a hard time believing they break the rules.

1 Like

The appeals system is broken enough that most appeals for false bans get tossed out with a copy+paste. NickoSCP only managed to get his account back because he could discuss about his ban here.

If the public cannot see it, why even bother to review it? :thinking:

It could have been discovered simply by playing the game unless the script was broken or wasn’t visible to the client. And in that case, there’s no reason to review the code.

2 Likes

That was before Remotes existed, and if it was after, it’s either the game devs fault or a really good hacker (Like really good)

They do that, because they might forget about it when you finally made the place open, I’m on roblox’s side for this topic.

1 Like

And what if he was an 8 year old and the person that sent it was like 20?

1 Like

The appeals system is broken enough that most appeals for false bans get tossed out with a copy+paste. NickoSCP only managed to get his account back because he could discuss about his ban here.

I agree, the appeals system is broken. I was terminated once before, and I was unterminated because I had help from a popular person. But again, this discussion is about review of code; not the moderation systems failures.

If the public cannot see it, why even bother to review it? :thinking:

There are a lot of reasons, and a lot of them have to do with COPPA.

I can’t speak for COPPA entirely because I haven’t read it; but our Canadian equivalent is called the Privacy Act, and it has a government ministry that enforces it. It is likely similar to COPPA.

The Privacy Act has restrictions on how much data you are allowed, as website/company/whatever; to collect. And it has even more intense restrictions on children. Because Roblox relies on its certification to be compliant with COPPA, this brings young players (children) to the platform. If Roblox didn’t comply with COPPA, then Roblox would be prohibited from allowing people of that age group to create an account. They would lose a significant playerbase.

So this law applies to Roblox; and Roblox must ensure that all things on the website that are accessible by chidren remain compliant; so, you do this with moderation. Roblox’s old method of moderation (no filter, but ban users who swear) was NOT significant enough to keep roblox compliant with COPPA; which is why the change for a filter was made.

But that’s on Roblox’s end; lets talk about the developer end. As a developer, you can script your game to collect data; you can ask people questions, you can collect statistics, and you can use all of this to improve your game or just overall track how the game is doing. But you CANNOT ask people their name, or how old they are; for example.

But people could choose to make that. And usually they do that with a prompt in game; and in most cases a moderator can figure that out by playing the game.

But Roblox supports external API’s; a developer could for example require you to verify anything they want via an API (discord, trello, anything really). Vulnerable people, especially kids, can fall victim to this easily.

This is a good example of why Roblox would NEED to see your scripts; to see if you are doing malicious things. This is one example of many; and it didn’t take me very long to come up with a half ass reason.

Another example is if you have sexual morphs in your game that are only accessible by the owner. Nobody would see it unless the owner wanted you too; this could be controlled by a script.

And the only way to verify that, is to inspect the games code.

Yet another simple example.

But nobody here understands the gravity of what is possible; just because people cannot see it, does not mean it is against the rules.

Bad people will always find a way to exploit kids.

2 Likes

6 posts were split to a new topic: Response to code safety review discussion (Private Discussion)

*Any of our concerns

There is likely a sketchy reason behind that so it is unlikely that they’ll tell us

It was likely implemented to prevent the .01% chance that a PR crisis would occur if there was big boy words in the code

I’m sure they would fire them if they did that


That’s not a proper argument. Lying about your age is a form of fraud. The same argument can be made about lying that you are 13+ when you are actually 12 and using discord.

People need to stop going off topic! When people say it doesn’t work they mean it’s basically a auto deny system with no proper investigation.

1 Like

They answered a few in vague ways. They answered some of our concerns, though, so it’s only the majority that were left unaddressed.

1 Like