RoStats 》Stats For Developers (Roblox LinkedIn)

How kind of you!

At this time images and gifs, soon hopefully links.

We mean all images you upload we can use to feature our users work in marketing and other events.

They do somewhat state how passwords are stored albeit considerably vague, with no mention on what DB technology they’re using, how their infrastructure is handled or how they’re preventing attack vectors through user inputs / other means.
http://i.pyxlwuff.dev/r1cmj.png

Would like to mention as a brit that we carried over GDPR protections into the Data Protection Act 2018 after leaving the EU, but as a brit who’s dealt with websites and web infrastructure myself I can provide my own vector regarding the act. Their owner is, according to their devforum profile, based within the UK. Our laws state they must register with our country’s ICO to store certain user data that they are collecting on their website (such as email addresses - since they are personally identifiable).

Considering they’re dodging questions regarding how their website works and how user data is stored (including their ToS/Privacy policy mashup which is basically just a template that anybody can use). The GDPR/DPA also allows a user the “right to forget” - however no such mentions can be found in their documentation for any data controller contacts at all, along with no guarantee as to how long the data is even stored for, who has access to the data, and what they do with it.

Regarding copyright, they really need to make a stance on how copyright claims are dealt with and how to contact them regarding a takedown request if needed. Considering there’s no email to contact them at all regarding practically anything is a major red flag which seriously needs to be addressed.

4 Likes

While I can’t answer copyright and GDPR questions, I can answer about data and passwords, all users data are encrypted and hashed with a randomly generated salt for each user according to one of our developers.

I’ve already contacted our technical team to reach out to you and respond as quickly as possible.

  • Roman
    Junior Moderator and Senior Skill Reviewer @RoStats

Edit: bcrypt is used.

A benefit? I’d totally LOVE to have a p2w linkedln. Getting outshined by people who just bought a subscription! Nice!

when did I say that those who pay get exposure. That is unfair and would be contraversial. What premium would get you is custom branding for your rostats profile and custom background for your profile. For example, you can have a custom url for your profile, so instead of going to https://www.rostats.info/profile/{user id} you would go to https://www.rostats.info/{custom string here}. In no way will we ever offer anything that is P2W as that degrades our platform.

Thank you for telling us about the flaw with our website. This will be fixed ASAP as our users do have a right to know all the info being stored about them and how their info is being stored and used. We also should have a cookie banner, which hasn’t been added due to my negligence.

1 Like

Hello all, RoStats didnt comply fully to GDPR and we needed to register with the ICO to legally collect personal info so now we need to temporarily close rostats until this issue is fixed, the image below is what you will see when visiting the website currently, this is normal! Thank you for all the reports, and we’ll let you know when we’re back!

1 Like

“We mean all images you upload we can use to feature our users work in marketing and other events.”

If you mean that, you should write that in the legal agreement, not on a forum where your word means nothing.

1 Like

The privacy policy says that in different words, I just explained it in simpler terms, so there’s no reason to change anything.

what that means is that we can use the images to benefit the website. We are currently using the images to create a new visual criteria for skill application readers. The authors of the images will be credited in the criteria and their images will be watermarked if they haven’t already been watermarked already.

The privacy policy says that in different words

Different words have different meanings. You also are not claiming the right to use intellectual property, only saying you’ll use it. In other words, you’re openly admitting to copyright theft, as you do not have the right to use those images or the ownership of them.

1 Like

If users agree to the terms and privacy conditions then they agree that they allow us to use their images in a way to benefit the platform. In no way shape or form is rostats claiming ownership of any images submitted via the skill application.

1 Like

Inorder to be legally allowed to use the images they give you, you need the rights to use their IP which you do not claim in ur privacy policy. All it needs is a “By uploading your files you grant RoStats the right to use the intellectual property of the images for …”

3 Likes

I’d recommend you getting a VPS or self-hosting (For the love of God, don’t use AWS if you can avoid it)
image

Also if people are talking about SSL/TLS encryption not being on your website, I’d suggest CloudFlare as it also offers DDoS protection (https://cloudflare.com/)
I recommend you turn on Flexible or Full (Don’t forget to also force HTTPS)

5 Likes

All of the issues you said were resolved, also we use heroku for hosting not AWS.

Platform as a Service =/= Infrastructure as a Service

Heroku is hardly considered a hosting service, just a glorified docker container with jacked up pricing.

1 Like

Ohhhhhhh, I see what you mean. I know Heroku uses AWS but you are also paying for the convenience that Heroku offers, Heroku does the setup for you and other menial stuff.

I believe your service is down again, image
What language you programming the handler in? Node.JS using ExpressJS?

1 Like

We’re still down, we haven’t re-released please wait for us to announce that we’ve re-opened.

Refer to this post: RoStats 》Stats For Developers (Roblox LinkedIn) - #160

Thanks,
Roman

Hey, I’d also suggest you get a StatusPage (like https://status.roblox.com/ or https://discordstatus.com/)
Statuspage | Atlassian is what many people use

1 Like

Good thought, but not plausible. If our site is down, it’s down. We would need another domain to handle the status page which won’t be happening at this time.