I appreciate the clarification (I had to reread it a few times but most of my questions are answered) but I’m still concerned about secrets like API keys and tokens. Is there something in the work to hide these things or are we expected to just accept that staff will see them? If that’s the case, would it be possible to have a system put in place to notify us when a staff member has seen our code so that we can change these keys if we so desire?
While I certainly share your curiosity, I must point out that revealing these kind of details of the inner-workings of the system would likely aid those that try to evade it.
For concerns regarding secrets such as API keys, I recommend supporting feature requests such as this one:
(Support here meaning give it a like or add your additional use cases in comments.)
It would be nice to know precisely what these rules are, since while this post is more precise in some areas it continues to be vague in others.
Is there any plan to inform the developer on devforum, by email, or by Roblox PM that the “special team” is checking my game? (Edit: So some users can void their API keys till a way to store API key’s is in place?)
Any way that an alternative method of appealing will be in place?
Not always. Certain information regarding process, excluding the actual moderation criteria, can be shared so that we know that they are taking some protection. We would hope that the team is under strict NDA, that the information has strict IT controls that prevent it from leaving the network (once the employee accesses it), and that code is more protected than some image already available for viewing in the catalog. Unfortunately, these are things that we don’t know exist (although I hope they do).
Edit: I misunderstood the question, That said, this is still info that we would like to see.
We understand this is the goal, but many developers are worried because they still don’t understand what conditions can cause their code to be flagged in the first place. Unless this is clarified, developers will assume that their private code can be read/stolen by moderators at any time.
That’s unfortunately not a good enough response to that concern. This is a problem that Roblox created with their own policies, and they should have addressed it before now, or should at the very least be addressing it actively. Supporting a feature request that may or may not be implemented (and if it is, may take an indeterminate amount of time to be added and enabled) is not a solution.
The question was not regarding information of the manual review and how it was treated, and this is information that I too would like to see divulged. Nevertheless, my comment was on the topic of the inner-workings of the automatic review system.
I’d assume this team is under immense scrutiny while they are inspecting specific portions of games, and they would be engineers since they need to review code (not the same people who moderate images/sounds/etc). It seems somewhat paranoid to assume an engineer is going to risk “stealing” code or intentionally reading code they’re not supposed to when all of their actions that they are performing as part of this review team are closely logged and monitored. Maybe we should have a little bit more faith in the people running this platform?
I mean, not really the best clarification, doesn’t answer a lot of our concerns, but thanks?
It’s good that developer relations seems to be aware of feature requests like these
However, are any solutions, such as those put forth in said feature requests, being considered or developed right now? Until these problems have been addressed with implemented features, I’m not really comfortable with this code moderation system when it comes to handling these secrets.
The amount of times roblox has screwed developers over means I personally feel I want a bit more security then just putting faith into some random engineer who roblox has not even released the rules they are following.
Thank you for the update but this really wasn’t addressed in the post. How are we supposed to protect our API keys? We don’t have to trust your specially trained team just because you tell us to.
We aren’t exactly paranoid about our code getting stolen but we have the right to not want other people to see it.
There is a Russian saying you are no doubt aware of: Trust, but verify.
I have complete faith in the good intentions of the engineering team at Roblox. But faith does not carry the same value as strong publicly-disclosed policies and well-established security standards.
I appreciate that code is being reviewed. I appreciate that attention is being given to keep our community, players and customers safe. I appreciate that Roblox took the time to clarify these issues and I hope they continue to do so.
But I still want better security for my code.
Seems like a very gross correlation – Roblox does take content ownership very seriously in my experience. This would be a super delicate process and I really don’t think they would be doing this in the first place if they didn’t think it absolutely necessary. Besides, it clearly says code being flagged is a very rare case and that a manual review goes on top of this before any action is taken, so I’m not really worried about my code being read at all. It seems like you have to mess up pretty bad for your code to get attention in the first place.
Luckily this post is a little shorter so I read it all a few times actually. But I really believe this moderation should only apply to free models and plugins, or anything where code is public.
But, if the game code is never public, then there’s no point in moderating something that doesn’t exist to a player.
Please. Only apply this to public code. Otherwise it is the equivalent of moderating absolutely nothing.
It’s good to have some transparency. But this does not address most of the issues at hand
Who is this ‘specially-trained’ team and what is the possibility that they have the ability to access the .Source property of scripts
What’s stopping a bad-actor in this team from accessing and releasing our secret API keys?
If Roblox are clear on what this team can actually do once inside a game, it would help clear up alot of confusion about the ‘code safety review’ issue. If they can or cannot read our scripts once inside a game, we would like to know this through a plain-written confirmation.
Saying ‘to check it out’ is a very vague response as it could leaves open the possibility from doing anything
What are these strict rules, again whats saying that there is a less-than-favourable team member going in and phishing out API keys to distribute.
We need more transparency Roblox.
The issue is that the code may implement features that are against ToS, for example a filter bypass so certain users are allowed to swear, in violation of Roblox’s chat filter.
PS: This is only one example, there are endless scenarios.
Can you give us an idea of what type of code might be flagged?
I understand that the goal is to protect the system from being worked around but I and others are curious to know what types of “activities” might be flagged. I’ve seen that personal information and threats are a concern but exactly how does the system scan code?