“Roblox has made it almost impossible to rape people anymore,” a gamer complained in a YouTube video posted in September. He apologized for not posting a rape script video in over a year, all due to the company adding more security into their games.
If any of you guys know how to make the rape script work on filtered enabled games, make sure to let me know.
Well, somebody clearly did figure it out, as a whole lot of people unfamiliar with gaming rape culture found out earlier this month, when a 7-year-old girl’s avatar was gang-raped on a playground by two male avatars in the hugely popular, typically family-friendly game.
Roblox is a multiplayer online gaming platform in which users can create their own personal avatar, embark on their own adventures and interact with each other in virtual reality.
The girl’s mother, Amber Petersen, described in a 28 June Facebook post how she had seen her daughter’s character get attacked while she was playing Roblox on an iPad. Petersen shielded her daughter from seeing most of the attack, and she captured screenshots that she also posted.
At the time, Roblox traced the virtual violence to one “bad actor” and permanently banned them from the platform. As it was, at the time of the assault, Roblox already employed moderators who review images, video and audio before they’re uploaded to Roblox’s site, as well as automatic filters. After Petersen reported her daughter’s experience, the company put in yet more safeguards to keep it from happening again. It issued this statement:
Roblox’s mission is to inspire imagination and it is our responsibility to provide a safe and civil platform for play. As safety is our top priority – we have robust systems in place to protect our platform and users. This includes automated technology to track and monitor all communication between our players as well as a large team of moderators who work around the clock to review all the content uploaded into a game and investigate any inappropriate activity. We provide parental controls to empower parents to create the most appropriate experience for their child, and we provide individual users with protective tools, such as the ability to block another player.
The incident involved one bad actor that was able to subvert our protective systems and exploit one instance of a game running on a single server. We have zero tolerance for this behavior and we took immediate action to identify how this individual created the offending action and put safeguards in place to prevent it from happening again. In addition, the offender was identified and permanently banned from the platform. Our work on safety is never-ending and we are committed to ensuring that one individual does not get in the way of the millions of children who come to Roblox to play, create, and imagine.
Now, the company is blaming a hacker/hackers who attacked one of its servers and thereby managed to inject code that enabled the assault.
Tech Crunch reports that Roblox, which is experiencing vigorous growth (it recently said it expects to pay out double the sum it paid to content creators a year ago), was in the process of moving some older, user-generated games to a newer, more secure system when the attack took place. There were multiple games that could have been exploited in a similar way.
Following the incident, Roblox’s developers have removed the other vulnerable games and asked their creators to move them to a newer, safer system. Tech Crunch reports that most have done so, and those who haven’t won’t see their games back online until they do. None of the games now online are vulnerable to the exploit used by whatever hacker crawled out of Dante’s Seventh Circle of Hell to attack a 7-year-old’s avatar.
Petersen has lauded the company’s fast and thorough action. In her initial Facebook post, reeling with shock, disgust and guilt, Petersen had urged other parents to delete the app. But two weeks later, in a follow-up post on 11 July, Petersen said she’d edited that initial post: she now emphatically believes that the incident was not Roblox’s fault:
This was the fault of a HACKER, not the company. Shortly after I reported the abuse and wrote my Facebook post, Roblox quickly responded and determined that the offending avatars were hacked by an outside user. Immediately, the offender was permanently banned from the platform, the game was suspended, and Roblox engineers worked overtime through the weekend to tighten their platform to ensure this event would not happen again. Afterward, I revised my original post. Rather than calling for people to delete the app, I encouraged parents to double-check security settings on all their devices and make sure they are aware of what their children are playing.
Petersen is now urging parents to visit Roblox’s parent’s guide at https://corp.roblox.com/parents/.
Although she no longer thinks parents should delete Roblox, she still thinks that it’s vital for parents to closely supervise children’s activity, on any device, as “no form of technology is entirely safe from hackers,” she says.
And, these such hackers don’t restrain themselves to sexual violence or aggressiveness. On the Go Ask Mom Facebook page, one mother wrote, in response to the Roblox rape story, that she’s keeping her son off Roblox after learning about a game he was playing:
My son has not been allowed to play this since I walked into him playing and the mission was to kill yourself. Like he had to go around his character’s house and drink bleach or find a knife.
There’s just no way to protect kids from every single type of troubling content on games and social media. Rather than freak out and stuff them away in a Faraday cage, experts recommend that parents can take certain precautions, foremost of which is to keep an eye on what their children are encountering online.
Larry Magid, CEO of Connect Safely, a nonprofit dedicated to educating technology users about safety, privacy and security, told WRAL that Petersen was doing pretty much everything right.
Namely, she …
- …was sitting right next to her daughter, ready to step in to interrupt when things took a turn for the objectionable.
- …had the privacy settings set so her daughter would only experience age-appropriate play. It’s not clear how those settings were reset: it might have happened when the app was deleted to save space and then reinstalled, for example. Regardless, it points to the importance of regularly rechecking privacy settings.
Magid and other experts offered additional steps that can help:
- Select “curated content” only in the security settings: that will restrict the content to age-appropriate games. Check out Roblox’s site for more information on its curated content.
- Let Roblox – or any game maker, for that matter – know immediately when unacceptable content appears.
Those are helpful tips. But for better or worse, gamers, and game hackers, are a creative bunch. That means that the list of threats keeps morphing, and the hackers are ever ready to pounce on any means possible to insert their idea of “fun” into a game. Just run a search on “Roblox rape” on YouTube to see what I mean.
Maybe it was just one bad actor responsible in this case. But even if it was, there are clearly plenty of people who think of that act as a win and who would happily do the same.
That rape script video upload I mentioned? It was a six-part series.
Keep an eye on the kids – it’s a world of nasty out there.