It’s annoying to kick/ban someone from your game, and then have them constantly create new accounts to try and evade the ban. Since MAC/IP bans aren’t an option, I think that a salted, hashed version of the player’s e-mail address available to developers would be nice.
Pretty simple, salted hashes wouldn’t give anything away about the player’s e-mail address, but it would allow us developers to easily identify if an account is associated with a certain e-mail (DIY poison bans, for example).
If implemented, it should be a read-only property under the player object that can be accessed by scripts/localscripts (Eg. “UniqueID”) It would be the salted (And hashed) version of the player’s e-mail address that is associated with their account.
Although I would agree, this would be a nice feature, the problem still stands that players can make accounts not affiliated with their previous emails, making the problem this is solving still a problem.
What stops them from creating a new account on a different email? IP banning won’t work, so why would you think banning them off of their email (which can be changed easier) would work? The usefulness of banning particular accounts can be answered by this question:
Does banning some accounts of one particular person prevent them from doing something that they are unable to do on other accounts? Of course, the answer to this is always no. It doesn’t matter which account someone uses to harass your game. If this is about that guy spamming your game (which you still haven’t taken me up on my offer on those two features to stop him – you must not want him to stop), you should know that something like this won’t stop him. He’s created alternate accounts countless times before and he will do so again.
Just create a hash of all the computer’s hardware, and allow us to use that to identify them. Will it stop everyone? NO. I personally have three computers, and one is hypervisor for spinning up small virtual machines. However, I don’t think most people have more than one computer. Most exploiters on ROBLOX are script kiddies anyways, so identifying them by hardware would be the best option for this option. ROBLOX already had all this information under debug settings, and is technically accessible under Lua, but protected with a higher context.
The reason I chose e-mail specifically is because it’s been proposed in the past to have IP addresses be used, but that was shot down (b/c of address assignment). The idea of using MAC addresses from the NICs was also shot down, due to the permission required to see something like that (Along with MAC spoofing).
Doesn’t have to be a salted, hashed e-mail though - Roblox could make their own unique ID to identify accounts that are linked together based upon what they think are appropriate requirements to identify a unique user.
We understand, it’s just that if players wanted to make a non associated account, they could, no matter what ROBLOX does or tracks, so keeping this sort of data is pointless
There’s a decent selection of services out there that provide temporary email addresses. You get access to an inbox for ten minutes or so before it self destructs. I imagine anyone going through the trouble of creating alternate accounts would be more than happy to add one of these tools to their arsenal.
COPA (Child Online Protection Act) prevents the tracking or storing of personally identifiable information for users under 13. Providing any type of salted, hashed email address or IP address might violate this law.
