With the recent announcement of display names, the outlook is grim. As we’ve seen through popular social media platforms that have separate usernames and display names, the work it takes to successfully impersonate someone is insanely easy.
With this new addition, I am calling for Roblox to add a proper verification system for developers, star creators, and Roblox staff members.
As we all know, it is part of human nature to not read more than one has to (normally). Still having the username being displayed won’t be enough to prevent impersonation. Having something similar to the Twitter verification tick would probably be the best course of action.
This would be displayed throughout all of Roblox. Website, game leaderboards, chats, etc. I have something like this and this in mind.
While this certainly wouldn’t totally stop impersonation it will severely limit its reach and impact.
What are your thoughts?
**edit: probably wouldn’t be necessary for Roblox staff & star members as they already have special signs in game
This seems more like a compromise rather than a solution.
I can’t imagine all the kids joining my game named “NewFissy” or “Builderman”. How are you even supposed to differentiate between people?
Also, examples like this elsewhere have absolutely failed. Twitter does a HORRENDOUS job at verifying people quickly or reasonably. Would there be an application? Would roblox just choose who gets it?
Thing is, just because you aren’t a developer doesn’t mean you can’t be impersonated. In my opinion, the real solution to the problem is to prioritize Usernames over DisplayNames and allow games to use Display Names if applicable within their game. Maybe a setting in studio called “UseDisplayNames” so developers can choose whether to prioritize them in their game. As for the website, if it says a game is by “Vmena” then it better be by me and nobody else.
You really think kids will understand what the verified check mark means? No, they will see it’s the same game they’ve always been playing by the same creator even though it’s false.
My biggest issue with this is the way you propose it, doesn’t really solve the problem.
Having something like a selection or application process for getting developers verified will be slow and inaccurate.
If anything, the process should be completely automated. Only people who use the same DisplayName as their Username will be marked as “Verified”. This will stop a rush of developers all signing up and competing for the same names.
Still doesn’t solve the issue though… I’d much rather roblox start removing accounts that have been inactive forever or allow users to delete their own accounts to clear up more username space. This way of doing it will only cause more problems.
Just because you aren’t a developer doesn’t mean you can’t be impersonated. You could also be a dev for a major group and have no place visits but be a very popular dev. In reality, as long as you’re Username matches your Display, that is enough verification you are who you say you are.
Verification seems way to elitist imo. It feels like we should’ve just kept the same stuff we had now and not change it. I don’t think display names was a good idea because it basically allows people to impersonate. Weirdly, there’s no indication of what measures they took to ensure that people aren’t impersonated. Part of me is like, “yay people won’t think I was born in 2003 anymore” and the other part of me is like, “ok so, we basically copied discord…”.
If I make an account named Yaboi437378 right now and leave my display name as my Username, I should be marked as verified instantly. There should be no prequalifications to get verified status, only having the same display name as your username.
After all, if you own the Username nobody else can have the same one. You are who you say you are.
I guess, but impersonation will still be an issue. Most children won’t know to look for the check mark and will fall for the scams easily. ROBLOX would literally have to put a warning on games owned by people with the same name as a verified user that “this user is not verified and may not be who they say they are…” Tbh solving the problem would to literally just prioritize Username on the website and DisplayName in-game. Much better compromise to make that mostly solves impersonation along with lack of user’s ability to “express themselves” however they feel.
Right, but only so many people can create variations of DreamCraft before none of them look like the real name any more. Allowing users to literally make their names identical will make me have to doubt every single game that I join and have to go to the owner’s profile to make sure it’s the real person. Very bad UX.
There already is a system to prevent impersonation in display names. The filter for the display names does not allow any username that:
is inappropriate for Roblox (swear words, etc.)
is or is similar to the username of a Roblox staff member
is or is somewhat similar to the username of any user that is in the Roblox Video Stars program (Their YouTube/Twitch usernames are allowed if it is different from their Roblox username and star creators previous usernames seem to be allowed for example: “StarCode_RealKreek” is not allowed but “RealKreek” is allowed)
is or is similar to the username of a well known Roblox developer that would be a big target for impersonation such as MiniToon or asimo3089. (you could make an account with a name such as “asimo3089Fan” or something like that but just “asimo3089” would only be allowed by asimo3089)
is trying to impersonate Roblox staff (Examples: “RobloxStaff”, “RobloxEmployee”, etc. just like the regular username filter)
Obviously this filter is not perfect and can be bypassed (I am not going to share these bypasses publicly so that they don’t get abused)
You can bypass almost anything on the site by using a different font, encoding or character sequence. Strings are interpreted as normal strings and are compared to based on a pre-determined value. These values do not account for different font, encoding or sequence. In addition, you can use this same tactic to evade the filter. The people who created the inputs forgot to sanitize it correctly lol.
What makes this worse is that it works on the actual PATCH request that pushes literal changes to the display name when invoked as you can see here I was able to set my Display Name to “Roblox” by using a different encoding process.
The only reason I’m saying this is because Roblox should take this into account if this feature or any feature like this comes into play. The approval system is automatic and if all it takes is finding some random site and messing around with the encoding, you can get away with a lot of stuff that you shouldn’t be able to. Hiding bypasses do not fix the root issue or issues that make this persistent and annoying to watch in-game.