Response to code safety review discussion

No, you’re misunderstanding what malicious means, it’s not code that isn’t functional / destroys the game. You should think about code that inserts inappropriate content into the game under certain conditions. That compromises player safety because they are subjected to the inappropriate content (i.e. NSFW, bigotry, etc).

6 Likes

That’s absolutely stupid. I don’t want Roblox engineers to get harassed because they’re doing their jobs protecting players from getting into highly inappropriate NSFW/nazi/etc games.

18 Likes

It’s stupid that I want to know who’s looking at my private code?

I think it’s very reasonable.

3 Likes

I have a solution for that - It’s called the reporting system. If that can be fixed, then there is absolutely no reason for this announcement/update.

2 Likes

While I disagree with how it was phrased, @ChasingNachos has a very valid point. Moderation teams need to be completely transparent in how they operate, otherwise, the community has no trust in them. For proof, just look at the real-life debate over the FISA courts.

Briefly, FISA courts were created under the PATRIOT Act to allow for foreign surveillance… with very loose definitions on the term. What makes it worse is that their proceedings, procedures, motions, organization, everything is completely closed off to the public. Try pulling a FOIA request on FISA if you don’t believe me.

ROBLOX moderation should NEVER be this closed off. This is a game platform played and developed on by a mostly U-16 crowd. The implications of an angry teenager with programming knowledge having their game removed because of the mysterious process we have little to no information on is very, very concerning to me, both for them and ROBLOX.

You bring up valid points in harassment and where they are mostly targeting with this system. I agree that they shouldn’t get harassed, but that’s completely different from the subject of the topic. Harassing ROBLOX staff is grounds for termination(in my opinion); it’s a non-issue to me. Worse comes to worst and serious threats start showing up, legal action can be pursued. This isn’t as much of an issue as I think you make it out to be, but I acknowledge it is an issue nonetheless.

Further, when you say they’re focusing on targetting NSFW content, is that something that can be focused on from a coding perspective? Isn’t that more of a content issue? I admit I am not a programmer, but as far as I’m aware, if there isn’t content to be posted, wouldn’t any action taken by that code to show said non-existent content be mute? I’m not a programmer, so I don’t entirely know, but it seems to me that it would be far better to focus on content and not code.

I will reiterate my previous suggestion: revamp the entire asset moderation system. It would solve all these issues, and more, if the system was less focused on censoring ridiculous words such as “water” or “beat,” rejecting audio files that include a new VST that the system hasn’t seen, and terminating accounts without warning.

Don’t mean to come off as rude at all, if I do I sincerely apologize. I simply can understand everyone’s frustration.

12 Likes

Except it is not. That is why many posts are posted under the Roblox account – for the safety of the author. The exact same with moderation. I personally disagree 101% with this moderation but moderators should always be anonymous. Imagine a little kid getting moderated and he could see who moderated him. He’s probably gonna threaten him and insult him or etc.

We don’t need identity of moderator. We need more transparency. Roblox staff has been very lacking with transparency and that’s really all we are wanting.

4 Likes

Reporting systems are all fine and good for the things that happen live (like in chat) but it means that someone already got exposed to the bad content.

It’s like reporting that a nuke went off, rather than restricting the sale of materials needed to construct a nuke.

The reporting system does work, contrary to what you’re saying. It may not provide feedback and there’s certainly room for improvement but it isn’t broken. I’ve seen players get removed out of a live game minutes after being reported, multiple times.

Roblox has to take precautions to ensure that NSFW/bigoted/illegal/etc content is removed and never seen by players. If you have a better way of doing this then I’m sure everyone would love to hear it.

Also, this is an automated system. No moderator does anything until something is flagged, so it’s not a waste of time. Yes, there may be some false positives, but I’m sure we’d all much rather have that as opposed to things slipping through the cracks.

5 Likes

I do have one more curiosity.

If this moderation process works the way it does, how come there are people being instantly terminated for stuff in their private development games?

For example, as mentioned in other posts, being terminated within minutes of inappropriate stuff inserted by a team create participant, or being terminated for having script text inside a private game no one else should have been able to access.

This is the process as I understood it:

With those other posts talking about bans that seem to have deviated from this process, are there other moderation bots inspecting games and their scripts?

I’d hate to be banned forever for a single mistake, by a moderation bot of all things. That would be a horrible way to go.

8 Likes

Additionally, how could moderators investigate reports? Let’s say a game shows inappropriate content to all users bar admins, or only a specific group.

In situations like this, engineers would need to investigate the code to resolve the report.

Replacing the automated flag system with a report system is not a solution to the issue @ChasingNachos raised.

4 Likes

This is certainly better, but we’re still missing a bit of information, like what about API keys, obfuscated code etc.

1 Like

This too could be abused. For example, put profane words in a key, and use them for a chat message, instead of being an API token. Although I do agree with the feature request, it’s not failsafe, and I would understand Roblox not wanting to completely hide these keys.

You could check the keys usage though. If it only is used for a https request vs sending to all players, you would be able to tell.

Additionally, there are already ways to accomplish private keys using httpservice and a database or server. The point is, it’s already possible so it’s not like this adds more security issues, as it puts it under Roblox’s own servers.

The use case which you provided can already be done without a key service, so how does adding one make that risk worse?

2 Likes

Think that you have created an account with a personal password and maybe verified with an email. I think that’s more personal than a code, if you think that people looking through your code is not safe, then think about using a new account with a new password and email.

Responding you: To keep a safe community, they are Roblox employees, what they would do with your code, there’s a 0.000000000001% chance that an employee leak your code for free, they are just doing their job.

Actually @Conejin_Alt, you cannot say that

People are messed up, and will do what they think will give them more power or recognition. Imagine a code that isn’t “malicious” or “bad” but it gets flagged. There is nothing (Or at least it doesn’t sound like anything is preventing it) stopping that employee from highlighting the code and hitting ctrl+c, or downloading the code for their personal uses.

While I understand why my email and password might be known, for one they cannot do anything WITH my email, besides sending me my 2FA code/other emails. My password, honestly ANYONE can gain access to a password in numerous ways, and passwords really cannot be foolproof. Code, however, CAN be personal, with keys, etc. (Don’t quote me on this part, not the best scripter here.) Examples such personal information in code, the programmer might not want other people to see that, but can be seen anyway. And apparently Roblox has been looking at code for a bit before even telling us. I don’t see any reason moderation teams need access to it, players are not able to view it.

As stated by other users,

This could be a better use of these wasted moderation resources. Things such as the report button never seem to have any effect on users that violate TOS.

All in all, I think Roblox should give us more information on this, I find it suspiciously vague they’re being (although some may disagree with me) and I think they need to do a bit better with this. I mean, developers, the ones who make the games, are QUITTING the platform over this. Does that not raise questions?

I’d also like to see more answers to Hex’s post, please show me if there are, as I did not see any.

(Also, sorry for the mess, I am having a hard time reading it, and I posted it…)

8 Likes

It would not be visible. If you just put it in the script itself, these moderators could see it.
If it’s in KeyService, it’s not visible to anyone.

True. I agree.

I could see KeyService being used for things like datastore encryptions too, so I don’t think this is a good idea.

1 Like

A lot of people, for some reason, aren’t taking into account that Roblox is most likely using legal documents to prevent the leaking or stealing of personal scripts.

I mean, think of it logically. If word got out that staff were stealing developers scripts, it would erupt in absolute chaos. It would be a night mare for Roblox PR, developers would be throwing the forum upside down, people would quite, etc, Not to mention the Legal trouble that might follow.

I mean it’s basic business practice to have binding contracts for well… everything. You have to remember that these are actual people which the Roblox corporation can take legal action on. They aren’t just some developer that scammed you across the screen which you can do nothing about.

These are people that interact with other people, and are hired by Roblox. I’m sure that Roblox would try to keep developers well being a top priority.

Please take everything I say with a grain of salt, as Roblox would need to verify this. I’m just assuming as it would be basic businessmen practice.

5 Likes

They can always have a third party (e.g. friend, relative) sell the scripts and share the profits. It would be difficult to find sufficient evidence that the scripts were stolen.


Roblox has been showing favoritism in many areas around the platform, like the UGC catalog, the Video star program and not suprisingly, the moderation system. Roblox will likely put certain favored games on a code-reviewing whitelist, which would make the code in those games exempt from the filter. That would be unfair to developers of games that aren’t on the whitelist.

3 Likes

I’m sure Roblox keeps a log of when anyone accesses a users code. Now this would be helpful in many situations, because in the event that they do find something out or someone reports that moderator, Roblox could easily look at the logs and check who accessed what.

Also why wouldn’t Roblox track what happens on their systems? They could easily look at their system logs to find out what files were transferred, etc.

I do see your point though, as it’s impossible to stop anything from happening.

I appreciate the clarification. This has answered my concerns.

Isn’t this type of lawsuit primarily for security cameras and building owners?

They would need your password AND your email to break into your email account. If they only know your email, the worst they can do is send spam messages. Emails aren’t sensitive information unlike passwords or credit card numbers.