How to opt-out of Roblox tracking on Windows (ecsv2.roblox.com)

privacy
tracking
opt-out

#1

Hey all. If you’re like me and care about your privacy, you are definitely familiar with how large web companies use tracking technologies to understand how you, the end user, interact with their product. Unsurprisingly, Roblox is one of these huge web companies. They have developed their own tracking solution in-house, and extensions like AdBlock, Adblock Plus, uBlock and Ghostery don’t seem to detect it. The tracking technology that is used is a beacon located at: http://ecsv2.roblox.com/www/e.png, and you’ve probably seen it while using Fiddler2 or Firefox/Chrome’s web developer tools. There is no public evidence that indicates that this beacon honors the “DNT” (Do Not Track) header sent by most browsers; additionally, there’s no website option or prompt to opt out either. Tsk tsk!

Below is a screenshot of tracking requests being made in Chrome to the beacon. This was a simple visit to the URL roblox.com/home. Here, you can see 3 “page heartbeat” events which let them know I still have such a tab open on the website. I’ve highlighted the DNT request header, too:
https://i.imgur.com/Zm2jutU.png

Using Fiddler 2, I’ve noticed that both Roblox’s website and Roblox Studio send requests to this beacon.

Put your pitchforks down, kids: remember that you agreed to Roblox’s Terms of Service and Privacy Policy (+ Cookie Policy), so it’s kosher for them to implement stuff like this. By-and-large it helps Roblox gather information on you to make the platform better, but you as an end user have the right to opt out of such tracking. This short tutorial will show you how to do that.

Step 1: Open your “hosts” file

On Windows 10, it’s at C:\Windows\System32\drivers\etc. The location varies between versions of Windows. You and the program you use will need administrator privileges in order to edit this file; simply run Notepad, Sublime Text or another text editor as an administrator to do this. The file does not have an extension like .txt, so beware.

What is the “hosts” file? This file translates domain names to IP addresses (usually the role of a DNS server). In this file you can specify IP addresses manually. You’ll notice there’s a bunch of # comment lines explaining the whole shebang.

Step 2: Add contents to the bottom and save:

# Roblox Tracking
127.0.0.1 ecsv2.roblox.com

What does this do? It means that requests to the tracking beacon subdomain (ecsv2) of Roblox’s website will instead be directed to 127.0.0.1, which is your computer and not Roblox’s event collector. At the moment, no other feature of Roblox’s website uses this subdomain so it’s safe to do this. This prevents your behavior data from being collected using this tracking beacon.

Step 3: What else can I do?

You could also use a firewall, parental controls, or other means of blocking requests to that domain; this approach tends to take extra steps though. Remember this isn’t the only step you should take in protecting your privacy on the web: I recommend extensions like Ghostery that block trackers like this all over the web. Go grab it, too!

If you have any other privacy tips, please share them below. Thanks!


#2

I mean, I trust Roblox corporation to use the interaction data they collect properly. Roblox is one of the few companies I actually trust, so I don’t mind having interaction tracking enabled for them.

That said, thank you for this! Those of us that prefer to have all tracking disabled will love this. :slight_smile:


#3

(meant to reply to the original post)

Although we have agreed for them to do this, it is interesting that it isn’t detected by the mainstream extensions listed, and there are no current provided ways to turn it off. I find this very useful information, and the fact that there are no evident ways to opt out of this tracking, or proof that it honors DNT headers, could be a reason for someone to follow this tutorial and manually opt out themselves.

Roblox has never been a company to give their users an array of options and opt outs related to your data, probably because these options don’t pertain to the primarily young audience that Roblox has, and this became increasingly apparent when they disabled the option to view your moderation history.

In relation to the collection of data and caring about your privacy, Roblox doesn’t follow the practice of allowing individuals to download their data as easily as companies like Google, Twitter, or Discord, and in order to do so, you have to email and provide proof of residency in the EU. The now popular practice is indeed out of convenience, because what company wants to process thousands of data download requests, but it also results in better end user experiences, as the rule no longer only applies to EU residents, but now everyone can download their data.