Restricting minor features by user Age

As listed in the Terms of Service by Roblox, you cannot restrict access to your game based on AccountAge. A lot of social groups on Roblox do this to stop trollers and exploiters creating new accounts to bypass bans, but this is frowned upon by Roblox as unique users are quite common on the platform.

However, when it comes to my game I’m thinking of restricting an Application Submission ui for users under - say the age of 10 - very small age and mostly made to stop exploiters from clogging the application servers by creating new accounts and just spamming it up. This is the only feature i’m thinking of restricting in the game in regards to age - the entire game is able to be played - they just can’t apply for a group position via the in-game submission ui - it will be hidden for these users.
Is it allowed to restrict small features like this to stop abuse of the system and deter away people who do this? Is it worth doing - what if some users under the age of 10 want to apply?

Is this allowed? Should Id do it if it is allowed? Is it recommended I take this action to prevent future conflict of the idea that exploiters can keep creating new accounts to fire a remote to post an application to the application database?
Users can only submit one application - so the issue is just with users creating a lot of accounts and posting 1 application per account.


Overall the rules in regards to AccountAge are very vague besides the obvious mentions - i’d like some clarity.


You can do as you please with AccountAge, but the moment you start becoming a front page or popular game with a persistent user base 24/7, account banning by age is frowned upon because new users could join Roblox and then be put off just because they’re a new user.

Maybe include other features like a typing test, revolving remote event security key, using ui with server sided scripts only that checks how long a user did an application and decline if they did it too fast.


Where does it say this? The only mentions of “age” in the ToU are “features may depend on your age”, “provide an accurate age”, a bunch of “agents”, and a California specific law. The rules about “age” in the Community Rules all seem to refer to actual IRL age as well. (It’s all stuff like Agencies, don’t ask for PII including age, users of all ages are on platform, no discrimination based on age, <13s can’t view links.)

Ignoring whether it’s allowed or not, hiding it won’t actually do anything to prevent exploiters. Plenty of them use really old PGed accounts, and most exploiters I’ve seen use at least 2019 accounts, if not older.


As @posatta said, they use old accounts so they can bypass the system. They could literally make 50 accounts, wait a number of days, then they have a whole fleet of bots that can bypass your system. And a lot of botting services will likely use the same bots over and over again, so they can get really old accounts.


This isn’t a good decision. A person can make multiple accounts and wait for a month to start exploiting. If you want to prevent this, I’d say the best option is to make a script that prevents certain exploits.

Account Integrity Score, which is a system which could be verified by a number of factors is a better system than AccountAge.

Lets say a bot attempts to attack your game with 0 save data, 0 RAP, 0 Friends etc; Account Integrity of that account is zero

Of course, you would have to create this system yourself, but the concept is there.

Relying on just account age is weak as many of these bots rely on pre-existing accounts due to the fact that you now need a captcha to create new accounts


Definitely not! This would discourage newer players from the platform as they have limited abilities, and not to mention this would be super ineffective in stopping more than just innocent players.

And if you want to restrict your game based on AccountAge, all you are doing is hurting yourself. Many exploiters have very old alts and will have no problem getting around your age filter. There are alternative routes you could take for prevention of exploiting that would be much more practical than restricting users based on AccountAge, especially considering that doing so would have barely any effect on the users you are trying to stop.

Realistically, your application center will not be botted, but if you are really concerned about it then you could add your own human verification system at the end of the application so that most bots aren’t getting through. (ex. a minor recreation of re captcha)


You are right it is pretty vague, my opinion on this is that the rule only applies for restriction on a user to a game based off their age. I don’t think that hiding UI is actually against those rules.

The only problem I can see is that since your game is ALL UI, you are essentially not giving them the ability to “play” the game. So it’s a little weird not really an exact answer for this. All I can say is that, their are other ways if you are using Trello API, to stop spam as well as show no difference to the user but when they apply the application doesn’t go through.

I’d say you shouldn’t make it as obvious but at the same time I personally feel like a developer has the right to control the access to their game. It’s a very vague line to be honest. Though Roblox still has a point in a way that their are individuals that might be new players that are interested in applying. So you might want to consider other solutions to this problem.

(It’s all stuff like Age ncies, don’t ask for PII including age, users of all ages are on platform, no discrimination based on age, <13s can’t view links.)

People still discriminate based upon age, for example me.

I don’t really think it’s in regards to preventing “exploiters.” It seems to be more of so, in regards to limiting the age, so that little kids under 10 years old, cannot get a “higher” rank and or position within the group.

Bear runs one of the biggest Hotel groups on the platform, and I believe, he’s trying to make sure that the community of staff members, are filled by people that know what they’re doing. It’s not like people won’t play the game, even if they cannot become a staff member, if you get what I’m saying.

That makes sense, though if it is still little kids, they could know what they are doing.
So it all just depends on their maturity

That’s true. With a group of over 1 Million members;!/about

I don’t know if they’re really going to be scared of a few people dropping out. :man_shrugging:

1 Like

Now that you brought that up, if there going to have little kids in the group, who would bother to check through a million people.

1 Like

The process of checking age, isn’t going through the group members, and targeting who is what age.

All it’s doing, is closing off the accessibility to apply for a staff position within the group, if, your account age is set to under 10 years old. (Not like the roblox account creation date, but rather the age of the individual in real life.)

Although people might find it bad for new users, I honestly have no problem with it, its the best way to prevent exploiters and such, however if you are referring this to only the Application Center and not the original hotel game then thats a no problem as you are not “losing players” you are rather “losing the potential for young users to get a job”

You can’t check this. It would be a major violation of COPPA if Roblox started giving devs access to user’s PII. Also, the post says and mostly made to stop exploiters […] creating new accounts, which doesn’t make sense in the context of actual ten year olds.


Indeed. I therefore do not know how he thinks he would be able to identify an individuals account age, as he mentioned in the original post.

He’s saying he wants to check how old the account itself is, as in how long it’s been since it was created. This is super easy to check. He also probably means ten days.


It wouldn’t make sense, if his group is a hotel group, with 1 Million members, attracting probably 98% of younger kids, to restrict applications for his group to accounts over 10 years old… To me, I don’t really know why he’d want to do that, and I don’t believe that’s what he was intending.

The revenue is coming from those with accounts less than 10 years since creation… The context just doesn’t really fit into the situation.