Users can see translations for private experiences

Users can see translations for private experiences

This allows them to leak text strings found in the game if auto translation is enabled for them

In our case, we have an in-game changelog which is being exposed before the update

The experience they are pulling it from is our developer experience which is not published to the public

My request is to not expose translations for private experiences

8 Likes

interestingly ive had this issue in the exact opposite, i always have to click view original as the auto “translated” text is whatever the text was previously

example:
its currently Christmas, a games description was updated from [Halloween event] to [Christmas event]
i view this game and the description reads [Halloween event], if i choose see original i can now see the intended and up to date [Christmas event] description.

2 Likes

I’ve disabled everything in terms of translation on the dev place.

Assuming this has no impact on the prod place.

1 Like

I don’t think you should mark this as a solution - private experiences shouldn’t have their translation data disclosed publicly. Still a bug, or maybe a missing feature.

btw, look at this source - Roblox
It’s still have translation strings

2 Likes

I think that the developers should remove the downloading of this type of assets (at least for people who haven’t access to this place).

1 Like

You’re right this should get fixed, but if this doesn’t get fixed just add the changelog 1-2 hours before the update to the game.

2 Likes

The problem is that when you testing it, it automatically adds all the GUI text to the table (Not only change log)

2 Likes

Hello! Thanks for alerting us about this issue you are having with your development experience.

If the main issue is the translated changelog then my suggestion would be to keep the changelog string out of the experience until shortly before release.

Asset privacy has recently entered beta for some asset types as announced in this post here:

We are planning to cover translation assets seamlessly with this feature once it is released to the general userbase. Once this happens, the problem should go away without needing any action from developers.

3 Likes

The issue is they can see ANY string on ANY private experience. - not limited to the changelog. We have to work throughout the week for our weekly update. We have to make UI and add strings to the game as we work. They leak anything and everything.

This was resolved for us by fully disabling translations on the DEV place. I haven’t seen any impact from doing so.

They understand the issue. While they phrased it specifically towards the release notes point, it can be interpreted more broadly as being careful with what strings you put in for now (or using your workaround).

The way people are getting access to translations on private experiences is because Roblox automatically creates a “secret” asset containing these strings and keeps it up to date with translations.

This asset can currently be downloaded by anyone (regardless of your experience permissions), which is how it was exposed.

With the asset privacy update, they will restrict who can download those kinds of assets to ensure your translations are properly secured. They’re doing great work here (especially with the recent asset ID changes), it just takes time to roll these things out properly.