I understand that developer freedom is what gives the game its magic, but think about it in a general way: Why would you (the developer) want to know what badges a player who isn’t even in your game has?
I’m in favor of less censorship, however, I believe there are certain things that don’t make sense to defend.
The point is clear: If the player is on your server, you can still see their badges even if the game doesn’t have them. In other words, this is an update to avoid snooping on something the developer doesn’t have access to and shouldn’t have access to.
Can we possibly get an OAuth alternative that would allow experience developers to access badge information without restrictions under their own experiences?
Some experiences and moderators rely on checking badges for potential exploiters, and this would allow them to build external tooling to continue to do so.
Why do you need to do this though? If the purpose for checking them is to prevent badge exploits wouldn’t you check badges for players that have played your game, not other games?
yeah Some experiences and moderators rely on checking badges for potential exploiters, and this would allow them to build external tooling to continue to do so.
If this isn’t a feature, it should become one.
I feel like this is definitely a good workaround to these changes, and it still allows the user to have full control over their privacy.
Whilst I understand the point of the BadgeAsync change, I feel like there are just better ways to implement this feature. I suggest a user toggle so the user can choose whether they allow badges to remain fully private or otherwise inside of the profile settings under privacy.
I am not talking about a developer, i am talking about a moderation team, not all devs want or knows how to do these types of checks.
I am not excusing it, but since roblox is suppose to be for everyone, i see no reason to “restrict” something that has been working for “moderators”, that don’t have access to a games scripts, being able to implement things etc.
All the moderators have access to is roblox’s api’s in order to gather evidence such as this.
@Noble_Draconian It isn’t to prevent exploiting in front of it.
But rather ban exploiters that has been caught or been suspected during.
Let’s say Player 1 reports Player 2 for exploiting, to get all the badges, they haven’t unlocked.
Then a moderator for that game, can use my example2 from earlier, to check when the badge was awarded, in order to determine if the user exploited, to ban them.
But if this gets locked down, it’s just another way to say “Hey moderators, get out, we don’t need you, since there’s no way to gather this evidence anymore”.
The wording here doesn’t make sense, can you elaborate?
You can still do these checks in-game though? If the game has moderators it likely has some kind of moderator UI / system that should be able to add a button to query a user’s badges from that game.
Honestly in some cases it could be. You have to look at this from the perspective of an average school kid and what they consider important and sensitive. Lets say a kid loves to play a certain game. Some other kids at school think that game is lame and start teasing anyone who plays it. The kid in question has a badge for that game and is friends with these other kids on Roblox. They hide their game activity and their inventory. But oh no! Their friends can still find out if they have played the game by looking at their badges!
They are not removing the ability to check if people own badges.
They are removing the ability to see badges from random games you didn’t create when the player is offline. The only use case for this is for a player to see someone else’s badge history when they are not currently in the server to share it. And again this only applies to games you don’t own.
I think the point they are trying to make is that it can be used as evidence someone exploited in your game by a moderator using the web side of the tooling to examine the timestamps of the badges to see if they were awarded implausibly fast. They are basically saying this is good because even if a dev doesn’t implement custom functionality this can be done out of the box today.
Not sure I agree though, a dev could add this with a single datastore where timestamps are saved on a badge award and then allow mods to query this with a simple command. I don’t think we need systems that compensate for lazy devs.
The only other possible use-case I could imagine is as part of some larger security check where an account is flagged as suspicious for having too few badges overall and the web side of things allows one to check the timestamps to prevent people bypassing this by joining a game that just gives you 100 badges.
While I am all for privacy, I am saddened that the better alternatives are currently not in place as of this announcement. This change will basically halt my game progress website completely.
Enforcing such strict privacy requirements while not allowing users to adjust what others can see by type is not good. As it currently stands you must make your entire inventory public in order for public badge checking to be possible, which sucks.
The problem is that developers and moderators will not be able to see badges when the suspected user is not in-game if the user has this privacy setting enabled.
There currently isn’t anything to continue to support allowing moderators/tooling to do this (at least that I can tell from this announcement), so it will cause problems for games that do rely on this.
If these games were that concerned about badges then they should have already been caching what badges the player has been awarded and at what times in a datastore to begin with. This really feels like it is on those games if they didn’t already account for this scenario.
Yes, they should be caching badges, but this API existed without restrictions, so they didn’t.
I do believe there should be at least an OAuth alternative, so tooling can still continue to work, exploit detection or not, albeit needing to update their code to support OAuth.
This is just an excuse for being lazy, this change is good and I have seen many cases before of people investigating someone else’s badges to find 1 odd badge they obtained years ago to frame them as a horrible person, when that badge does not necessarily mean so
Being too lazy to update your code does not beat stopping these drama seeking investigators from snooping through people’s badges
Who would account for a scenario that couldn’t have possibly been predicted? If this is already accessible, why would they waste time recreating a system that already existed?
Why do your moderators need to see badges from random games you don’t own? If the request is called from your game, for a badge you made, you will not see any change in functionality.
This also, their responses have been confusing and I do not see how seeing other experiences’e badges could be used as a reliable metric for stopping exploiters