As a Roblox developer, it is currently too hard to rely on TouchTransmitters securely as they are riddled with issues. TouchTransmitters (and in a lot of ways, Roblox physics itself, but that’s not related to this request) are still very much geared towards Roblox before FilteringEnabled, and I feel require some changes.
If Roblox is able to address this issue, it would improve my development experience because it would improve the security and reliability of Touched events.
Currently TouchTransmitters have the following behaviour, which I feel to be very undesirable:
- The client can invoke touches for parts extremely far away from themselves. I feel that Roblox should employ their own checks for this rather than developers as many developers do not know to do this in the first place, how to do this, and nor do many developers want to do this themselves anyway. Even Roblox’s own items, including most, if not all sword tools suffer from this and allow an exploiter to trigger touches to the sword Handle for anyone in the game, no matter how far. DoomSpire Brickbattle, SOFTH, and Catalog Heaven are classic examples of where this has been frequently abused.
- The client can invoke touches for anchored parts, and parts they do not even have network ownership of. If one part is not owned by the client who is sending the touch, it should be ignored by the server. The server should simulate all touches for server owned parts, and should only authorize touches between two clients where the two objects are likely to be able to collide.
- Sometimes it is even impossible to employ distance checks from a developer standpoint because objects are so large simply checking distances cannot work, and because developers don’t have the tools to do these checks, often times they must use arguably hacky solutions such as using GetTouchingParts on a scaled up version of an object, performing different raycasts, etc.
I feel that this post, posted by @Shedletsky, is very clear evidence that TouchTransmitters are not very well understood among most developers, and their security quirks can be quite discouraging/hacky to work around. They do not really follow the rules of FilteringEnabled, and are the cause of many bad exploits which you would never expect.