Secure the game voting feature

Roblox has a vulnerable voting system.

For your game to be voted on, you must meet two loose qualifications

1. You must play the game

2. You must have a verified email attached to the account voting

While these were a somewhat reliable screening process back when the voting system was originally released years ago… There has been no additional contingencies implemented to keep up with the times.

Last night on 5/6/19 at 8:00PM EST, my game Koala Cafe hit 1K+ concurrent players, although to my dismay they were actually bots programmed to dislike whatever game they’re playing.

Below is a screenshot of the inflated player count, example of what the bots looked like, and my previous like ratio.

As you can see, 1.2K players and a 61% dislike ratio.

This is what the accounts looked like, it looks similar to the front page bots that have been plaguing the games page.

55%20PM1126×738 540 KB

This can severely impact medium level developers like myself, due to recent changes on Robloxs side that put so much emphasis on the like ratio of the game, its the first thing players see when they are on the games page.

If they continue to offset my like ratio even further, this could prevent players from even joining my game… thinking its a bad game in general. The ratio is to allow transparency, aiding players on which games are great and which games are bad. If the ratio is so easily spoofed, it needs to have more checks and balances in it.

Here are some possible solutions I’ve thought of that could help secure the feature, making it harder to spoof.

1. Roblox recently released “Funcatpcha” a feature which adds an extra layer of security to automation, this feature helped reduce group wall spam, and bots joining groups. This could possibly be implemented to help add an extra layer of security to the Voting system.

2. Use an algorithm which looks for multiple things, games played… how the game was played… if they interacted with a game like an actual human would ect… and then allow them to have the ability to use the Voting system.

3. Youtube has a feature where if your videos hit 300 views or so, all views are automatically checked to ensure they were not inflated by a fake source. You could implement this for the voting system and do a manual review as well.

Most importantly work with developers to help support them and remove the botted dislikes or likes to ensure a fair playing field for everyone

I currently have my game set to group only, this is costing me money and players. I made this post to help spread awareness and start the discussion so that the Roblox team can take action accordingly.

Thanks for reading,
Logan

I must agree. One of my games became a victim of bots for a while ago and therefore got more dislikes than likes, which makes people play another game than mines. And that again makes me lose revenue and possible players.

This is a smart way of controlling player votes. There are alot of games that in the past, have been dislike botted beyond compare, and people would be surprised how much this effects people’s opinions of a game or platform.

I hope Roblox introduce this!

I can see how botting the voting system can be a huge problem now. This game created just yesterday is now on the front page as #1 popular sort for me https://www.roblox.com/games/3158851680/4-Player-War-Tycoon

If they can bypass the new captcha with 8000 bots I’m sure we will be seeing plenty of games start to get dislike botted very soon.

I wonder if they’re just bots made before the captchas?

Either way this needs to be dealt with. I’m sick and tired of bots ruining everything.

Start adding captchas for when a rating is filed in, just like posting a group wall comment

Game voting would slow to a crawl if captchas were implemented. Nobody wants to fill out a captcha to give an impulse opinion on a game.

Playing devils advocate for a minute - what if voting was only enabled for users that have spent at least $5 over the lifetime of their account? This would permanently render bot services unprofitable. I know steam does something similar.

There is already 100% captcha on login. If they got past that, plastering captchas elsewhere on the site won’t help.

If they’re using the RobloSecurity cookie it bypasses the captcha.

Just because you secure one gate doesn’t mean you shouldn’t add captchas elsewhere on the site.

Surely just make voting only do-able by veteran accounts

Yes, they could create all the accounts and wait a year to dislike your game, but by that time the persons probs forgot about you and your game anyway.

@BuildIntoGames That suggestion could possibly work, maybe requiring a user to have made a purchase of robux or builders club over the lifetime of an account, could greatly reduce bot activity but punish every game overall, as feedback would be limited to only paying users.

I think a better solution would be Roblox having a system which would flag bursts of 1000 dislikes all within <5 minutes, and set them for a manual review to check the accounts.

@EchoReaper I think it would nice to see it implemented for the time being… if it happens to make an effect great, if it doesn’t curb the botting then it could be removed just as quick as it came.

On a side note;

There is no such thing as a quick feature implementation. I encourage you to read this post which explains all of the planning, preparing, and standard corporate bureaucracy that is necessary for any change. Things like captcha especially have to be thought out thoroughly, as they can have a drastic effect on user engagement – higher friction = more opportunity for real users to not bother.

Why don’t we leave this up to professionals to determine. Captchas always have been and always will be a request out of desperation from the community – it doesn’t have enough information to determine the negative impact they will have on real users, whether it will actually stop bots, or if Roblox is already working on something that will solve this.

Sorry for the random revival of this post, but recently I’ve seen a couple of people, including my friends who have been experiencing dislike-bot attacks, and one of them ended up getting their game terminated for it a day ago (reinstated after a week). Their game got to recommended randomly and stayed their for a few days but within an hour of the server being attacked by dislike bots, it got content deleted.

In short, is there anything being done to sort this issue, as while it isn’t predominantly affecting any of the vastly popular developers, it certainly causes issues for mid-tier/low-tier developers with upstarting games. It is important to attain to these developers as they will be the future of this platform, and I have no doubt that as more games get botted, and more people get banned, the less likely developers will put out games here.

They straight up removed comments because of bots. I see no reason whatsoever to not lock game ratings to only people who have spent robux on that particular game. At this point it is becoming far too common for people to get thousands of dislikes on their game or have over 3 botted games on the front page with over 10,000 players each and a 90%+ likes. The like ratio has never been useful and never is accurate. If a game is too hard and it’s suppose to be hard, tons of players will dislike it because they can’t beat it and boom the game has 60% like ratio even if it’s a 90% like ratio for people good at the game or paying customers.

EDIT: POGGERS! My game is now at 58% like ratio because players can’t beat it easily Totally reflects the quality of the game because 90% of the Roblox player base are children and can’t beat a level… it’s been years since Roblox has even touched likes, please do something already it’s a billion dollar company… like ratio is displayed on the games page, it literally will turn off players if a game has <80% likes…

There are a lot of prehistoric accounts that got stolen. Also, they could as well just steal an active account without 2-step and dislike a game while the user is offline.

Hacking into 1 players account who is a veteran and disliking a game is a massive difference from botting hundreds of thousands of new accounts. 1 random dislike isn’t gonna be the noticeable.

Not to mention that botting thousands of accounts is more than likely a hundred times easier than trying to get access into an old account

You would be surprised by the contrary. Roblox had almost no security measures before the time 2-step was added, meaning exploiters could basically leave a bruteforce program for days (that is what happened to my account once). If it is of a good quality, it will start searching through basic words, adding numbers here and there. Roblox is a community made out of mostly children. The passwords are basically not much harder than guessing 5555.

Doesn’t change the fact that how many bots go into games vs how many people get hacked. You can just create hundreds of bots at once to destroy a games like/dislike ratio. If a veteran system was announced this would completely solve the like/dislike problem once and for all. Plus, when someones trying to get into your account, they want your stuff, not to go dislike a game.

Waiting a year to be able to vote is way too much. Even a third of true new users don’t stay for that long.

Rather wait a year and get good ratings on my game over have it get botted, ruin my ratings and thus ruin any potential my game has