Response to code safety review discussion

This update is sort of good, but it needs to be fixed and needs some major improvements. I’m sure the creators of front page games would not like anyone seeing their private API keys and secrets, no matter how “specially trained” the people seeing it are. I understand Roblox wants inappropriate content out of roblox, and those sorts of games have been a big problem recently. However, if a rouge mod can be bribed into exposing the Customer Service Panel, I don’t see how the “specially trained team” couldn’t be. Just my opinion on this update.

Storing private keys in scripts is a bad practice. Go support one if the feature requests for a key storage api. There’s a link to it somewhere in this thread.

Yeah, I just gave that as an example. Honestly though, my group’s game has a Trello app key and token in the Adonis admin script, and I don’t want no ‘specially trained team’ snooping around there.

I can see how this update can be beneficial when it comes to safety concerns (in specific situations) but you also have to look at the many drawbacks that come with this update. How can we trust a team that we do not even know to read our scripts without sharing/leaking our source code, trade secrets, API keys, or the like.

I’m concerned as to whether this team has to comply with some sort of a non-disclosure agreement before being able to access our code. I am also wondering about the legal implications in the chance that any of this confidential information were to be leaked by any of these “team members.”
Who would be held responsible for any damages? ROBLOX?

All in all, I appreciate the follow up but I also agree with many others in this thread that it does not address many of the original concerns expressed in the original post. I would appreciate if ROBLOX would follow up again to clear up the remaining concerns that us developers have.

I’m still baffled as to why or what caused my account to still be terminated for over 4 months and not have a single reply from Roblox Staff or any message from their code reviewal team.

I have gotten one reply, but it was from one single Roblox Staff stating that they noticed the Roblox ‘internals team’ having a high amount of community sage members upset about my termination reason and my termination was uplifted. This person just wanted it as an informal message, letting me know about what is happening. Roblox Staff couldn’t even message me about my own account… who can?

They claim the time that I was ‘secretly unterminated’ was a glitch. Why was the code reviewal team having glitches regarding account terminations?

Is there changes to how the code reviewal team is moderating our games since January, when I got terminated for ‘inappropriate code’? Months before this post was finally brought to our attention.

Is the team reviewing our code going to give us a grace period to fix our human mistakes instead of instant account termination for ‘not being smart enough’?

Is there anything game developers should highly consider when developing their game?

I’m still highly weary of even developing on my main account anymore, only developing on group games, because I’ve already lost an account that I’ve had since I was a kid and greatly still miss that account and want to play all the old favorite games I’ve favorited on it. I’m relieved that I can keep this account yet again, but now knowing that Roblox is still busy focusing on expanding their platform to have features like SurfaceAppearance is really cool.

I’ll just step my foot into the door and still say, they really need to give us another update about this. What changed? Why was I ‘glitch unterminated’? Is the code reviewal team giving grace periods to check what’s wrong in our scripts?

I really don’t mind if Roblox lets developers know that their game is getting reviewed or maybe improve on the ‘code reviewal team’ to developers communication instead of sliding bans left and right.

Why not protect against malicious code, like backdoors scripts, namely getfenv? People would much appreciate that more than not being able to say something like “John Smith” in their code.

This really isn’t relevant to the context. If you find a backdoor, you should use the “Report Abuse” feature on it, and it will be forwarded to Roblox moderation.

This is much better, although I’m still worried about other people I don’t know looking at my code. Other than that, this update is pretty reasonable.

I also have a question, lets say I invited ‘Bob’ to team create, and he put in malicious code, that leaks someones personal info. He could just easily get us both banned, and/or frame me for it, and I’ll be terminated. So are y’all also be able to see who typed the code? (I apologize if this question is already answered, I didn’t look through the whole post)

I want to address somethings:
#1. I hate people trying to look at our code
#2. The safeguards are only if (for example) a scammer tries to do a password giver for a scam game, viruses, and other things.
#3. People who are trained may sometimes get that code to put it in their game. I don’t feel like these “Trained people” may be reliable at all times.

Sadly this doesnt work all the time. I’ve tried loads of times to get a malicious copy of my plugin taken down. They asked me to make a video explaining why the code of that copy was malicious. So i did, i showed and explained what the malicious code they added into my plugin did, yet the answer i got was “Our team of engineers will look into it” ; that was 3 months ago and that malicious copy is still available for everyone to download. And you could clearly see that this was the typical easy plugin dupe with a malicious chain of requires.

Doesn’t work all the time? I feel like it practically doesn’t work at all unless you get attention to the post.

41 days ago, reported a few modules.

I recall clicking ‘report abuse’ nearly 4 times on these modules.
Yet no action.

112 days ago, reported a module that was used to load an server sided exploit tool. Even went through the process of explaining and searching whoever had access to this exploit.

I recall clicking ‘report abuse’ also.
No action.

What code are they even reviewing? I don’t get it.
Roblox practically would destroy the use of these ugly ‘chain require’ loading backdoors by simply content deleting ’ ’ instantly.
It’s already suspicious enough that a script should hide behind a ‘require’ and return it.

This should not have happened in the first place, imo as long as no one sees it, it does not need to be moderated.

roblox moderation has been a huge problem for years. and this might be one of the wort cases ive seen of faulty roblox moderation. i hope you get unbanned. s e r i o u s l y

I’ve already finally been unterminated over waiting 4 months.

However, I hadn’t had a single staff member come forward and tell me what exactly happened.

The only ‘informal’ message I received was one staff telling me that they were considering along with several community sage members what happened to my account and decided to un-terminate me.

That’s it, there was no heads up for me.

So by now, for safety. I have to strictly edit group games only and never touch ‘personal games’ as that was to why I got terminated. Having an account that’s not well known and making a mistake on it can get you terminated fast compared to editing a group with a lot of users on it are the people that gets the ‘heads up, edit this n that’.

That’s not right, everyone needs to be treated equally.

wow dude. roblox moderation has been terrible these last couple years. but your case is the worst i have ever seen

Yeah, why use thoose moderators for something that people can’t see? its useless

Why not use thoose moderators for report review or something like that?

No one wants this update. This is a extremely weird and dumb update. Why are you moderating code which no one is meant to see. Code is private should never be moderated. Why are you wasting resources on this when you could actually be improving moderation. Just get rid of this update and never make this mistake again. You’ve discouraged people from staying on this platform and they left cause of this. ROBLOX already had a lot of limitations compared to other game engines, and now you’re doing this? Just get rid of this no one wants this. This isn’t even a big issue. You have ruined moderation even more.

Don’t know much about this, but here are my two cents.
Okay, this could help prevent the “Bad side of roblox”, like “condo” games or whatever they are called now.
Personal information could be: In a team create in a close-group of friends, who talk through the code. Who wants that info shared to a group of moderators, who we have no proof if they even are good?
Personal Threats: Why would this even matter, if it is a solo group?
And Frankly, Roblox needs to be a BIT more transparent on this, and the rules.
A corrupt team create worker could go on, and report, and give away that said private information.
Just my Two Cents

First of all, you shouldn’t be putting your personal info inside of your code. Second, if they want to share info they should do so via discord or some other type of program that’s used for that. Third, Threats are still threats. It doesn’t matter where you place them, they are still threats.

It doesn’t make it anymore okay that our work is being checked by people we don’t know, have no reason to trust, and could be from another region entirely (language barrier, different copyright laws).