User Verification

With the recent announcement of display names, the outlook is grim. As we’ve seen through popular social media platforms that have separate usernames and display names, the work it takes to successfully impersonate someone is insanely easy.
With this new addition, I am calling for Roblox to add a proper verification system for developers, star creators, and Roblox staff members.

As we all know, it is part of human nature to not read more than one has to (normally). Still having the username being displayed won’t be enough to prevent impersonation. Having something similar to the Twitter verification tick would probably be the best course of action.

This would be displayed throughout all of Roblox. Website, game leaderboards, chats, etc. I have something like this and this in mind.

While this certainly wouldn’t totally stop impersonation it will severely limit its reach and impact.

What are your thoughts?

**edit: probably wouldn’t be necessary for Roblox staff & star members as they already have special signs in game

92 Likes

Something like that would be awesome to have:

As I will also extend onto the idea, it should be available for those who are a Regular here or just have enough visits/follower count on Roblox to become verified.

11 Likes

Here’s some good concepts I’ve found:

Thanks @ItsAmmon for the concepts!

11 Likes

LOL I just was posting these! Great minds think alike

5 Likes

This seems more like a compromise rather than a solution.

I can’t imagine all the kids joining my game named “NewFissy” or “Builderman”. How are you even supposed to differentiate between people?

Also, examples like this elsewhere have absolutely failed. Twitter does a HORRENDOUS job at verifying people quickly or reasonably. Would there be an application? Would roblox just choose who gets it?

Thing is, just because you aren’t a developer doesn’t mean you can’t be impersonated. In my opinion, the real solution to the problem is to prioritize Usernames over DisplayNames and allow games to use Display Names if applicable within their game. Maybe a setting in studio called “UseDisplayNames” so developers can choose whether to prioritize them in their game. As for the website, if it says a game is by “Vmena” then it better be by me and nobody else.

You really think kids will understand what the verified check mark means? No, they will see it’s the same game they’ve always been playing by the same creator even though it’s false.

12 Likes

Yes! I made this request as more of a compromise than anything. In my 10+ years on the site I’ve found that Roblox rarely tends to reverse decisions. So I figured a compromise was better than none.

8 Likes

My biggest issue with this is the way you propose it, doesn’t really solve the problem.

Having something like a selection or application process for getting developers verified will be slow and inaccurate.

If anything, the process should be completely automated. Only people who use the same DisplayName as their Username will be marked as “Verified”. This will stop a rush of developers all signing up and competing for the same names.

Still doesn’t solve the issue though… I’d much rather roblox start removing accounts that have been inactive forever or allow users to delete their own accounts to clear up more username space. This way of doing it will only cause more problems.

6 Likes

I like that proposed solution. Have to have matching username/display to be verified.

What about a place visit gate or something similar?

2 Likes

Just because you aren’t a developer doesn’t mean you can’t be impersonated. You could also be a dev for a major group and have no place visits but be a very popular dev. In reality, as long as you’re Username matches your Display, that is enough verification you are who you say you are.

3 Likes

Verification seems way to elitist imo. It feels like we should’ve just kept the same stuff we had now and not change it. I don’t think display names was a good idea because it basically allows people to impersonate. Weirdly, there’s no indication of what measures they took to ensure that people aren’t impersonated. Part of me is like, “yay people won’t think I was born in 2003 anymore” and the other part of me is like, “ok so, we basically copied discord…”.

1 Like

True true. You bring up a good point. What about UGC creators? Other developers in a group that aren’t the owner, etc.
Great points

2 Likes

This would be for all users, not just developers.

If I make an account named Yaboi437378 right now and leave my display name as my Username, I should be marked as verified instantly. There should be no prequalifications to get verified status, only having the same display name as your username.

After all, if you own the Username nobody else can have the same one. You are who you say you are.

3 Likes

True. This sounds like a pretty easy solution to the potential problem

3 Likes

I guess, but impersonation will still be an issue. Most children won’t know to look for the check mark and will fall for the scams easily. ROBLOX would literally have to put a warning on games owned by people with the same name as a verified user that “this user is not verified and may not be who they say they are…” Tbh solving the problem would to literally just prioritize Username on the website and DisplayName in-game. Much better compromise to make that mostly solves impersonation along with lack of user’s ability to “express themselves” however they feel.

Impersonation will ALWAYS be an issue. Even with the current system it is. I’ve seen people replace an ‘L’ with an ‘I’ and get away with it. Same with ‘0’ and ‘O’.

2 Likes

Right, but only so many people can create variations of DreamCraft before none of them look like the real name any more. Allowing users to literally make their names identical will make me have to doubt every single game that I join and have to go to the owner’s profile to make sure it’s the real person. Very bad UX.

1 Like

There already is a system to prevent impersonation in display names. The filter for the display names does not allow any username that:

  • is inappropriate for Roblox (swear words, etc.)
  • is or is similar to the username of a Roblox staff member
  • is or is somewhat similar to the username of any user that is in the Roblox Video Stars program (Their YouTube/Twitch usernames are allowed if it is different from their Roblox username and star creators previous usernames seem to be allowed for example: “StarCode_RealKreek” is not allowed but “RealKreek” is allowed)
  • is or is similar to the username of a well known Roblox developer that would be a big target for impersonation such as MiniToon or asimo3089. (you could make an account with a name such as “asimo3089Fan” or something like that but just “asimo3089” would only be allowed by asimo3089)
  • is trying to impersonate Roblox staff (Examples: “RobloxStaff”, “RobloxEmployee”, etc. just like the regular username filter)

Obviously this filter is not perfect and can be bypassed (I am not going to share these bypasses publicly so that they don’t get abused)

I tested this using the /users/{userId}/display-names/validate endpoint in the Users API.

If I tried setting my display name to “builderman”, it would give me this error:

19 Likes

That’s great news! Thank you for sharing

1 Like

You can bypass almost anything on the site by using a different font, encoding or character sequence. Strings are interpreted as normal strings and are compared to based on a pre-determined value. These values do not account for different font, encoding or sequence. In addition, you can use this same tactic to evade the filter. The people who created the inputs forgot to sanitize it correctly lol.

What makes this worse is that it works on the actual PATCH request that pushes literal changes to the display name when invoked as you can see here I was able to set my Display Name to “Roblox” by using a different encoding process.

The only reason I’m saying this is because Roblox should take this into account if this feature or any feature like this comes into play. The approval system is automatic and if all it takes is finding some random site and messing around with the encoding, you can get away with a lot of stuff that you shouldn’t be able to. Hiding bypasses do not fix the root issue or issues that make this persistent and annoying to watch in-game.

b4 anyone gets mad. I made a report.

9 Likes

Here we go!

More

:slight_smile:

1 Like