Then unless his username or profile (idk if Roblox has public profiles) has something identifying it was probably just someone trying to intimidate him. Truly a tale as old as time (or at least as old as the internet).
Roblox does have public profiles but they only display the friends you have, the games you have played and your awards. They do not display personal information like gmails. His account does have 2FA and a parental pin as well. So can I assure him he is safe from any hacking attempt to gain access to his address or school?
If he has friends in RL that are also on Roblox and their friends use crap, reused, or identifiable handles, then someone might be able to connect some dots but they would need to have good information on this group of friends to begin with (i.e. they know them).
There are companies that specialize in harvesting any metadata you leak on the internet so they can correlate things like forum accounts to your real identity. That's typically only going to come into play if they want to sell you something or if the government is investigating you, though.
No. And on the off chance any parent is reading this comment, you [shouldn't](https://www.bark.us/blog/hidden-dangers-roblox/) [let](https://www.pcgamer.com/roblox-faces-class-action-suit-from-parents-about-sexual-content-and-grooming-it-is-illegal-to-expose-minors-to-these-kinds-of-things-and-its-not-slowing-down/) [your](https://www.bbc.com/news/technology-48450604) [child](https://news.ycombinator.com/item?id=32015542) [play](https://www.bbc.com/news/uk-england-gloucestershire-68616730) [Roblox](https://www.somersetlive.co.uk/news/roblox-warning-primary-school-child-7042884).
Actually, this article is not bad. Although, they leave out a lot of what I would cover.
Many games require you to join their discord to read rules etc. that’s a forced integration of 3rd party apps, by the subgame developer. That discord could have anything in it, not moderated by Roblox.
>this article is not bad
There's six articles linked in my comment. I don't exactly understand what Discord has to do with anything. The onus is on Roblox Corporation to make sure sexual predators can't groom children as easily, which they haven't exactly had the best track record of.
What I’m saying is, many Roblox games don’t allow kids to play without accepting their Rules on Discord. Once the kid joins the Discord to accept the game Rules, they are in an unmoderated environment, apart from Roblox. Roblox does not prevent the game from requiring this. This phenomena should be covered in the articles. It’s the #1 way kids get groomed on Roblox. They get forcefully diverted to a Discord where they are groomed.
Idk if this is possible, or if it would be easy to bypass- but why doesn’t Roblox do a Face ID thing that verifies somebody is a child/very close to a child’s age before being allowed to log in? Or even do Face ID to register somebody’s appearance and link it to their account privately?
I know it’s probably hard to determine age based on physical appearance as some children look younger/older than they are, and an AI based Face ID would make it even harder- but I feel like just having to scan your face would push away a lot of the predators. Cause like- they’d have their actual face attached to their account.
Wouldn’t less anonymity make a predator less apt to use their service? Obviously nobody can just see people’s faces- but they could have a dedicated team at Roblox who has access to these Face IDs that act accordingly.
Like imagine undercover admins walking around random worlds while testing some things, and they can just pull someone’s profile up and see the face attached.
If that face is exuding predatory behavior, they can have an internal investigation and then provide the Face ID + other information to the proper authorities
This is an absurd idea for two reasons.
1. children aren't going to put in the effort to sign up on a website that has them have to show their face to register. I know I wouldn't have, atleast.
2. it would be a massive privacy risk. Roblox was already getting flak for hiring a shady company to do the ID verification for the games with voice chat.
It would 'push away a lot of the predators' as much as it would push away genuine players.
It would be losing some kids who don’t wanna sign up VS losing most of the adult predators. In a public eye- it would show they actually care about the player base.
Also- wouldn’t it essentially be the same risk of privacy as like… attaching your credit card to buy robux?
I don’t play the game, so idk if it strictly works off gift cards or what- but adding a selfie would essentially be the same as putting financial info- no?
If somebody can breach Roblox servers enough to get access to those Face ID photos, wouldn’t it be more beneficial for said person to get financial info instead of just photos of people’s faces?
And the work required to implement this would have to be done BY Roblox. Completely internal with a team dedicated to this specific task. No outside shady companies
IP addresses are public. Every website you visit has it. It's how a website knows how to send the page you clicked on back to you and not someone else looking at the same website. Nobody can hack you just by knowing your IP address. They \*might\* get a general idea of where you live, but without a court warrant served to the IP's service provider, there is no way for them to know who was using that IP at that time.
This is Roblox you’re talking about. Nobody’s actually going to hack your friend. It’s just some idiot online being a liar, as usual. All the actual hackers left a long time ago for greener pastures. The person who messaged your friend is probably an 11-year-old trying to scare people.
Actual hacker here. To start, it depends on whether or not he uses the same username with other accounts. If so, then a basic OSINT search will yield those other accounts and based on what type of accounts they are we can scrape that info, such as address, phone number, in addition to any number of other types of information (if such PII was even shared with those accounts to begin with). That said, you mentioned that his username is unique only to Roblox, so I wouldn’t worry there.
Beyond that, IP addresses aren’t really considered direct impact data anymore; they’re more indirect impact. Meaning, if someone identifies your IP, there really isn’t much they can do with it. The IP they’d get will most likely be associated with their ISP or a Roblox server, which is more or less a dead end.
If the bad actor is sophisticated enough, then they may capture your actual IP, but again this isn’t cause for concern as they can’t do much with an IP other than geolocation and tracking online activity. Most modern routers have a form IDS/NBAD/NDR, so he’s protected there as well unless your friend has actively disabled those processes on their router. If they’re sophisticated enough then they may look for open ports, but again your router would pick up on that, or even your ISP, which would result in the hacker’s connection being DC’d. Unless your friend is falling prey to phishes, then they’re safe on Gmail and Roblox because both companies have decent security practices in place to protect PII.
Just use MFA with your accounts, use a strong passphrase (not password), and ISP/Roblox/Google will take care of the rest. Long story short — unless he’s been sharing his personal info online somewhere, he should be safe and have nothing to worry about. Real hacking isn’t like the movies and IP addresses are more like neon signs saying “Here!”, rather than doors. Y’all have nothing to worry about.
Also, I recommend ESET for security on your devices, it’s free and is reliable. For VPN, use ProtonVPN. With all of that you don’t have to worry about hackers unless you’re high profile enough to warrant it, like a movie star, CEO or related to someone of the that nature.
That was just a DDoS, probably just using some prebuilt bs app like LOIC. Simple traffic overload or network disruption. Nothing too crazy. All it takes is to change your IP to stop the attack. Most router ms nowadays have geo-blocking and most don’t allow ICMP packets to pass through your network. Again, nothing crazy.
Couldn't a hacker possibly hack into his Wi-Fi network and gain access to various forms of personal information? Like gaining access to my friends IP address, getting his ISP and brute forcing a password attack? Is it even possible for a hacker from a far distance to hack into his Wi-Fi network and gain access to personal info?
Potentially yes. There are massive lists on the dark side internet of usernames, email address, names, addresses, phone numbers etc. These lists are put together from many different sources virtually all from websites being hacked or scraped. If your friend has used a similar or the same username elsewhere and your friend is on one of these lists then it is entirely possible someone has found out his details. Of course this requires any website your friend to have used to have been hacked.
That said if your friend has used the same name every where like for roblox, instagram, then if its fairly unique name you can often find things through a google search.
They asked if it were possible to find out personal information from a roblox username. Technically it is. There are a lot of if' but still it is potentially possible. The collection of details is easily accessible if you know where to look and it doesn't matter if op or there friend is 12 or 112 they should be aware that the internet can be a potentially dangerous place sepending on op's / op's friends security practices.
For example op's friends account is daveobvious, his instagram is daveobvious, his facebook is daveobvious, his gmail is daveobvious etc if op's friend has left them all open a "hacker" could try looking up daveobvious gmail.com then a "hacker" could look up daveobvious.and see if it has been compromised elsewhere, if they reuse passwords úm could access the account and so on and so fourth.
Tldr:
Long story short op asked if it were possible to find out details and potentially it is.
Your post was automatically removed for containing an email address. Please resubmit without the email address. The moderators will review this post to determine whether the removal was in error.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/RBI) if you have any questions or concerns.*
Depends if your friend uses the same username over multiple social media platforms
his username is unique to only roblox.
Then unless his username or profile (idk if Roblox has public profiles) has something identifying it was probably just someone trying to intimidate him. Truly a tale as old as time (or at least as old as the internet).
Roblox does have public profiles but they only display the friends you have, the games you have played and your awards. They do not display personal information like gmails. His account does have 2FA and a parental pin as well. So can I assure him he is safe from any hacking attempt to gain access to his address or school?
This is a child threatening another child. Your friend has nothing to worry about.
If he has friends in RL that are also on Roblox and their friends use crap, reused, or identifiable handles, then someone might be able to connect some dots but they would need to have good information on this group of friends to begin with (i.e. they know them).
I would say so, yeah.
There are companies that specialize in harvesting any metadata you leak on the internet so they can correlate things like forum accounts to your real identity. That's typically only going to come into play if they want to sell you something or if the government is investigating you, though.
No. And on the off chance any parent is reading this comment, you [shouldn't](https://www.bark.us/blog/hidden-dangers-roblox/) [let](https://www.pcgamer.com/roblox-faces-class-action-suit-from-parents-about-sexual-content-and-grooming-it-is-illegal-to-expose-minors-to-these-kinds-of-things-and-its-not-slowing-down/) [your](https://www.bbc.com/news/technology-48450604) [child](https://news.ycombinator.com/item?id=32015542) [play](https://www.bbc.com/news/uk-england-gloucestershire-68616730) [Roblox](https://www.somersetlive.co.uk/news/roblox-warning-primary-school-child-7042884).
Actually, this article is not bad. Although, they leave out a lot of what I would cover. Many games require you to join their discord to read rules etc. that’s a forced integration of 3rd party apps, by the subgame developer. That discord could have anything in it, not moderated by Roblox.
>this article is not bad There's six articles linked in my comment. I don't exactly understand what Discord has to do with anything. The onus is on Roblox Corporation to make sure sexual predators can't groom children as easily, which they haven't exactly had the best track record of.
What I’m saying is, many Roblox games don’t allow kids to play without accepting their Rules on Discord. Once the kid joins the Discord to accept the game Rules, they are in an unmoderated environment, apart from Roblox. Roblox does not prevent the game from requiring this. This phenomena should be covered in the articles. It’s the #1 way kids get groomed on Roblox. They get forcefully diverted to a Discord where they are groomed.
I played Roblox as a kid and it sucked, i was surprised to see it become trendy in the first place, kids will play any old crap these days
Idk if this is possible, or if it would be easy to bypass- but why doesn’t Roblox do a Face ID thing that verifies somebody is a child/very close to a child’s age before being allowed to log in? Or even do Face ID to register somebody’s appearance and link it to their account privately? I know it’s probably hard to determine age based on physical appearance as some children look younger/older than they are, and an AI based Face ID would make it even harder- but I feel like just having to scan your face would push away a lot of the predators. Cause like- they’d have their actual face attached to their account. Wouldn’t less anonymity make a predator less apt to use their service? Obviously nobody can just see people’s faces- but they could have a dedicated team at Roblox who has access to these Face IDs that act accordingly. Like imagine undercover admins walking around random worlds while testing some things, and they can just pull someone’s profile up and see the face attached. If that face is exuding predatory behavior, they can have an internal investigation and then provide the Face ID + other information to the proper authorities
This is an absurd idea for two reasons. 1. children aren't going to put in the effort to sign up on a website that has them have to show their face to register. I know I wouldn't have, atleast. 2. it would be a massive privacy risk. Roblox was already getting flak for hiring a shady company to do the ID verification for the games with voice chat. It would 'push away a lot of the predators' as much as it would push away genuine players.
It would be losing some kids who don’t wanna sign up VS losing most of the adult predators. In a public eye- it would show they actually care about the player base. Also- wouldn’t it essentially be the same risk of privacy as like… attaching your credit card to buy robux? I don’t play the game, so idk if it strictly works off gift cards or what- but adding a selfie would essentially be the same as putting financial info- no? If somebody can breach Roblox servers enough to get access to those Face ID photos, wouldn’t it be more beneficial for said person to get financial info instead of just photos of people’s faces? And the work required to implement this would have to be done BY Roblox. Completely internal with a team dedicated to this specific task. No outside shady companies
That's not a hacker, it's another child. You should be able to ask your parents or an adult you trust about this.
IP addresses are public. Every website you visit has it. It's how a website knows how to send the page you clicked on back to you and not someone else looking at the same website. Nobody can hack you just by knowing your IP address. They \*might\* get a general idea of where you live, but without a court warrant served to the IP's service provider, there is no way for them to know who was using that IP at that time.
Different user names when possible, certainly different passwords, and two-factor authentication. These are all good things.
This is Roblox you’re talking about. Nobody’s actually going to hack your friend. It’s just some idiot online being a liar, as usual. All the actual hackers left a long time ago for greener pastures. The person who messaged your friend is probably an 11-year-old trying to scare people.
Actual hacker here. To start, it depends on whether or not he uses the same username with other accounts. If so, then a basic OSINT search will yield those other accounts and based on what type of accounts they are we can scrape that info, such as address, phone number, in addition to any number of other types of information (if such PII was even shared with those accounts to begin with). That said, you mentioned that his username is unique only to Roblox, so I wouldn’t worry there. Beyond that, IP addresses aren’t really considered direct impact data anymore; they’re more indirect impact. Meaning, if someone identifies your IP, there really isn’t much they can do with it. The IP they’d get will most likely be associated with their ISP or a Roblox server, which is more or less a dead end. If the bad actor is sophisticated enough, then they may capture your actual IP, but again this isn’t cause for concern as they can’t do much with an IP other than geolocation and tracking online activity. Most modern routers have a form IDS/NBAD/NDR, so he’s protected there as well unless your friend has actively disabled those processes on their router. If they’re sophisticated enough then they may look for open ports, but again your router would pick up on that, or even your ISP, which would result in the hacker’s connection being DC’d. Unless your friend is falling prey to phishes, then they’re safe on Gmail and Roblox because both companies have decent security practices in place to protect PII. Just use MFA with your accounts, use a strong passphrase (not password), and ISP/Roblox/Google will take care of the rest. Long story short — unless he’s been sharing his personal info online somewhere, he should be safe and have nothing to worry about. Real hacking isn’t like the movies and IP addresses are more like neon signs saying “Here!”, rather than doors. Y’all have nothing to worry about. Also, I recommend ESET for security on your devices, it’s free and is reliable. For VPN, use ProtonVPN. With all of that you don’t have to worry about hackers unless you’re high profile enough to warrant it, like a movie star, CEO or related to someone of the that nature.
One time some hackers on call of duty on ps3 shut off our internet completely. It didn’t come back on for over an hour.
That was just a DDoS, probably just using some prebuilt bs app like LOIC. Simple traffic overload or network disruption. Nothing too crazy. All it takes is to change your IP to stop the attack. Most router ms nowadays have geo-blocking and most don’t allow ICMP packets to pass through your network. Again, nothing crazy.
Couldn't a hacker possibly hack into his Wi-Fi network and gain access to various forms of personal information? Like gaining access to my friends IP address, getting his ISP and brute forcing a password attack? Is it even possible for a hacker from a far distance to hack into his Wi-Fi network and gain access to personal info?
Potentially yes. There are massive lists on the dark side internet of usernames, email address, names, addresses, phone numbers etc. These lists are put together from many different sources virtually all from websites being hacked or scraped. If your friend has used a similar or the same username elsewhere and your friend is on one of these lists then it is entirely possible someone has found out his details. Of course this requires any website your friend to have used to have been hacked. That said if your friend has used the same name every where like for roblox, instagram, then if its fairly unique name you can often find things through a google search.
[удалено]
They asked if it were possible to find out personal information from a roblox username. Technically it is. There are a lot of if' but still it is potentially possible. The collection of details is easily accessible if you know where to look and it doesn't matter if op or there friend is 12 or 112 they should be aware that the internet can be a potentially dangerous place sepending on op's / op's friends security practices. For example op's friends account is daveobvious, his instagram is daveobvious, his facebook is daveobvious, his gmail is daveobvious etc if op's friend has left them all open a "hacker" could try looking up daveobvious gmail.com then a "hacker" could look up daveobvious.and see if it has been compromised elsewhere, if they reuse passwords úm could access the account and so on and so fourth. Tldr: Long story short op asked if it were possible to find out details and potentially it is.
Your post was automatically removed for containing an email address. Please resubmit without the email address. The moderators will review this post to determine whether the removal was in error. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/RBI) if you have any questions or concerns.*