[Unofficial] ShortBlox: URL shorters for social media

https://user.rblx.name/username is now a thing. The way it currently work makes it hard to separate it at the same level. Either have a subdomain or a subdirectory (before or after rblx.name).


Looks like Roblox have started implementing deep linking into the mobile app, using AppsFlyer and the ro.blox.com domain, so this is an awesome web counterpart! :grin:


That’s cool. Just to be clear, this is nothing to do with those efforts. Just community resources for the community, heh.


How am I meant to use this?
Like a Link or something?

And plus, anyone can IP Grab using this link shortner.

1 Like

People cannot ip grab using this. The links only redirect to specific places on Roblox (whether it’s Devforum or the actual website) and not any arbitrary link.


It’s for things like social media where you might be limited by the amount of characters you can use, or where you might want to display a shorter link.

Take this tweet for example by @RDevCentral:

Roblox increased Premium Payouts! Looks like us developers are going to make some more Robux! https://devforum.roblox.com/t/increasing-premium-payouts/753309 #RobloxDev #Roblox #RobloxDevs

This could be shortened like so:

Roblox increased Premium Payouts! Looks like us developers are going to make some more Robux! https://devforum.link/753309 #RobloxDev #Roblox #RobloxDevs

Leaving you more room for text. It makes posting links in places like Discord servers, game/asset descriptions, posters, etc. easier and more readable too.


To quote myself

So you can use any of those domains for linking to a specific kind of content. On social media or on platforms like Discord. I’ve provided a how to guide for each domain.

This is not true. The URL redirect has been designed that not even I know who uses it (outside of what CloudFlare gives me), only Cloudflare does.

The redirect is designed to minimise users trying XSS via my redirects through forcing the use of the relevant ID.
The requests are direct and can be easily proven via relevant tools.

Output of running wget (a common Linux command) through my URL shortner.

If there are any relevant security threats, please immediately contact security@railworks2.com. Depending on the nature of the issue, I am happy to offer payment for your time.


It would be cool if you, instead of the ID, have the name.


Could you be more specific?

If you’re referring to username, you can use https://user.rblx.name/railworks2


Like instead of a group ID, you could have group names or with devforum links with the name instead of ID.
I don’t know much about URL shorteners, though

1 Like

Ah right. At this time, that isn’t really feasible. Sorry.


Are you collecting analytics? if so please provide a GDPR compliant Privacy Policy or block European IP addresses

Cloudflare gives you the location of a request, you can easily make analytics of what location accesses what groups

As mentioned in that comment, I only have access to the data Cloudflare offers all their clients. This does include analytics, however the entire service (excluding domain ownership) from DNS to redirecting users is handled under Cloudflare and thus their policy, which can be found @ https://www.cloudflare.com/en-gb/privacypolicy/

I contacted my local data protection authority (the ICO) before going live and made sure it was acceptable under GDPR, I cannot speak for CCPA or other data protections laws. If I hosted the server which directed the user, the appropriate legal documents would be provided

I want to be very clear, on this

This is not accurate. I only see at the domain level, I do not know which UGC is being used expect the general type found by using a specific domain (not sub-domain).

If you used a specific group, I do not know about that, I only know a request from a region of the world accessed my service and only for up to 30 days.

If you used an username instead of an ID, I would have no idea that it was the case. Again only that a request was issued for my domain.

EDIT: To be deadly clear. I believe in being open and direct when dealing with something like this, trust is important and that’s why I’m taking this deadly seriously.

  • I have now included that a sub-processor has been used.

  • I am not a data controller or data processor under the GDPR [See this document from the ICO] therefore I am not required by law to offer such a privacy policy.

  • Even if I was a data controller or data processor, GDPR does not apply. See: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/#pd5

  • All data lasts with CloudFlare for up to 30 days.

  • The data I have access to is limited and only provided under Cloudflare and their privacy policy. If you needed to issue a GDPR request, you would need to do it to them. This is by design.

  • If at any time was any of this was to change, I would offer a public announcement on such a change and offer a reasonable amount of time. If required, I would also also issue direct to user notices of such a change.

  • I am here to help make a community resource, not mishandle personal data. As a British citizen and a privacy focused person, ensuring that your data is dealt with appropriately is key to me. I would had preferred you to had privately spoken to me regarding any legal issues. However for the benefit of the wider community, I am choosing to respond publicly.


Cloudflare rays (and IP addresses) are sufficiently anonymous such that a privacy policy is not required. Your IP address isn’t personal data, hence why the entire internet (such as your website, https://goldy.dev/) don’t require a privacy policy - only when you tie personal data to that IP address does it become an issue.

This is the sort of thing you should query in private messages, as to avoid this confusion that has beset this thread.


That’s not how that works. Like, at all.

The GDPR concerns itself specifically with personally-identifiable information (they call it PII for short) and not with general analytics. Only some information is considered PII, including stuff like name, age, gender, home address, email addresses and such things. Note that IP addresses and user agents are not personally-identifiable information under the GDPR.

Furthermore, if you collect this information and aggregate it into analytics, i.e. which countries interact with the service the most, which assets get the most interaction, etc. that information by nature is anonymous and data processors can collect that information to their heart’s content and be perfectly compliant while doing so. CloudFlare themselves only give you anonymous data!

There could possibly be an issue if he required a sign-up with an email address and collected this information on a per-user basis, but even in those cases, he’s allowed to collect the information as long as he provides clear reasons for why he’s collecting that information and has a legal basis and the user’s consent for doing so.

Please learn how the underlying policies work before you make posts asking service providers to shut down their service across the entire EU.


Thanks for this resource, I will definitely be utilising this in the future, especially on twitter so I can make my tweets longer!

Yes, I believe it is pretty easy to get someone’s IP address :slight_smile: Like can’t you use Developer Tools on Google Chrome to find someone’s IP address

Quick guide for copy pasting:

Games: rblx.games/[ID]
DevForum topics: devforum.link/[ID]
DevForum profiles: user.devforum.link/[NAME]
Assets in the Library: rblx.media/[ID]
Groups: rblx.social/[ID]
Users by ID: rblx.name/[ID]
Users by name: user.rblx.name/[NAME]


Small update:

Based on user requests, for all the DevForums folks out there. https://user.devforum.link/railworks2
(Keep your suggestions coming!)

Some things I got planned:

  • Official website (rather than just a redirect)
  • Official browser extension
    (if you got any tips, let me know!)

I think this is great but say you want to type links much easier. It can be hard to remember even the ID. That’s why I personally use Google Firebase’s dynamic link functions and I can manage multiple domains (such as giyt.page.link and rblx.page.link, these will return a 404 as there’s nothing on the end). I find it easy to manage and then I can share links to games and groups easier and remember them easily too. An example is a link I’ve been created that links to Bloxburg (https://rblx.page.link/Bloxburg). Sadly though, Google offers no way to automatically import links and the links have to be case sensitive as far as I’m aware.