I’m generalizing, but casual thieves are casual about using your stolen assets. Serious thieves are serious about using your stolen assets. There’s one that you need to worry about more than the other.
1 Like
Battlefield 4 doesn’t have a site where you can copy and paste their sounds.
Yeah, you can record them in game or even use exploits but that’s so much more difficult. Roblox is in my opiniom starting to become a serious development platform and this type of stuff is really unacceptable
1 Like
Does BF4 even maintain a multi-user CDN? I’m not seeing a comparison. The proper comparison might be Amazon’s AWS. You definitely can just download anything from AWS if you know where it is.
Maybe what you should argue for is to not default audio uploads to the public library?
I can’t even begin to understand why there are people arguing against this kind of thing.
Why is it so important for some people here that our assets remain so easily usable by people we don’t want?
Yeah, we get it, it only makes it harder. That’s he only thing we actually want.
This isn’t pointed directly at you but I do see some people trying to point out why this might not be a good idea.
4 Likes
Ignore ScriptOn’s comparison – it was bad. See Anaminus’s post for why this can be solved, and see my previous post for why “you only need to worry about serious/dedicated thieves” is wrong.
I’m just not convinced by your reasoning or by Anaminus’s, that’s the thing. If the client can download it, I can download it just as easily. It’s really not that hard to figure out Fiddler.
Keep in mind that I’m not personally against the notion of this thread, I’m mostly just playing the devil’s advocate.
Do you even know how to use Fiddler to steal assets from places? Because I sure don’t, and I doubt little Johnny can either considering I couldn’t figure it out back when I tested to see how problematic it was, and I’m a tech nerd in college.
Yes, Fiddler is easy to open up. Is it easy to steal assets from ROBLOX though? No. They don’t pop up in the left list by default because they’re not sent over in raw png/etc files. Go try to steal assets from a ROBLOX game with Fiddler before you claim it’s so easy practically anyone can do it :)
6 Likes
I sure don’t know how to steal assets from games, and I imagine it would be whole lot of work to figure out how. I don’t understand how you aren’t convinced by simple logic? Stop displaying all of our assets on a big page for everyone to use. It’s not that crazy to imagine…
6 Likes
Uh… are you sure about that? Just because the Content-Type header isn’t set doesn’t mean the asset isn’t just a PNG or MP3. Upon joining a game, I see a lot of HTTPS requests to assetgame.roblox.com. Fiddler literally walks you through how to see decrypted traffic when you click on these. Hint: it’s a simple checkbox. You’re probably not seeing them show up because they’re cached and the client isn’t actually requesting them…
Regardless, if you know the asset ID, you can get it just by using the same URL that Roblox uses. This URL isn’t exactly secret. If this wasn’t the case, you’d have a hard time playing any games. Any header the client sends can be faked. Security by obscurity isn’t security at all.
Maybe what you should argue for is to not default audio uploads to the public library?
1 Like
My point stands. I had issues and I’m a tech nerd – jcfc is also unable to steal assets through packet sniffing. If you were correct, we wouldn’t have had any issue. Cheat Engine has even more tutorials than Fiddler, but
-
We dont see huge numbers of players speedhacking and noclipping through levels, so your assumption that just because there are tutorials and you find it easy, that everyone can do it, is moot
-
ROBLOX actively does something about CE (changing memory addresses, disconnecting the client if CE is open, etc) even though it meets your criteria of “everyone can do it not worth bothering with”, so again your point that just because it’s “easy” means nothing should/can be done is moot.
If private assets didn’t show up in the library via “Show Unavailable Items”, then users wouldn’t be able to steal assets easily. It is a separate solution I’d like to see alongside the proposed one. It works to an extent @boo_ooo except that if a copyright holder requests a stolen asset be taken down (which they can do regardless of how effective you think it is), the original asset has to be taken down as well if the thief is using your AssetId which may not be common but can still happen. Locking AssetId means your original asset can never be used in games without permission and it never needs to be taken down if you got appropriate permissions from the IP holder.
4 Likes
Another possible mechanism would be to detect when a non-free asset is used in a place and provide some message to the offender and/or the author.
3 Likes
Because somebody can bypass an anti-cheat engine does it mean we should get rid of all anti cheat measures?
What would that do?
CheatEngine is not a good comparison at all. Besides, you’re still missing my point in the first place. I said that serious thieves will get it anyway. This is still true. You don’t even need Fiddler, you just need the asset ID. This is why I was suggesting that the asset ID shouldn’t be publicly available on the website.
Maybe what you should argue for is to not default audio uploads to the public library?
Regardless, you should really make more of an effort to keep your posts on-topic instead of veering off about CheatEngine or Fiddler, both of which really have nothing to do with this. And being more polite wouldn’t hurt either. It’s pretty hard to make a persuasive argument with rudeness.
Would you still want roblox to improve asset protection if it meant that a miniscule group of people could still steal your assets?
- Yes
- No
0 voters
You keep missing the point. I couldn’t care less if someone uses some hacky program to steal my stuff, that happens on every game everywhere ever. I just want my stuff to not be so ridiculously easily available on my profile.
1 Like
???
Seriously. I’ve repeated this three times already in this thread.
Maybe what you should argue for is to not default audio uploads to the public library?
I was never arguing against the notion of securing asset rights more.
1 Like
Oh… you and echo got off topic and it confused me a bit.
Yeah, whatever can be done I’m for it.
1 Like
No problem. I was mostly trying to demonstrate why no one should waste time on an elaborate plan to try to seal off everything when the most glaringly obvious method could be stopped with minimal effort…
2 Likes
This mentality of “if it doesn’t fix the problem wholly and entirely, it’s not worth it” that I’ve been seeing lately on a variety of topics is getting old. I don’t want a foolproof barricade to keep my assets from being stolen, I just want it to not be a walk in the park.
10 Likes