Hey all. If you’re like me and care about your privacy, you are definitely familiar with how large web companies use tracking technologies to understand how you, the end user, interact with their product. Unsurprisingly, Roblox is one of these huge web companies. They have developed their own tracking solution in-house, and extensions like AdBlock, Adblock Plus, uBlock and Ghostery don’t seem to detect it. The tracking technology that is used is a beacon located at: http://ecsv2.roblox.com/www/e.png, and you’ve probably seen it while using Fiddler2 or Firefox/Chrome’s web developer tools. There is no public evidence that indicates that this beacon honors the “DNT” (Do Not Track) header sent by most browsers; additionally, there’s no website option or prompt to opt out either. Tsk tsk!
Below is a screenshot of tracking requests being made in Chrome to the beacon. This was a simple visit to the URL roblox.com/home. Here, you can see 3 “page heartbeat” events which let them know I still have such a tab open on the website. I’ve highlighted the DNT request header, too:
Using Fiddler 2, I’ve noticed that both Roblox’s website and Roblox Studio send requests to this beacon.
Step 1: Open your “hosts” file
On Windows 10, it’s at C:\Windows\System32\drivers\etc. The location varies between versions of Windows. You and the program you use will need administrator privileges in order to edit this file; simply run Notepad, Sublime Text or another text editor as an administrator to do this. The file does not have an extension like .txt, so beware.
What is the “hosts” file? This file translates domain names to IP addresses (usually the role of a DNS server). In this file you can specify IP addresses manually. You’ll notice there’s a bunch of # comment lines explaining the whole shebang.
Step 2: Add contents to the bottom and save:
# Roblox Tracking 127.0.0.1 ecsv2.roblox.com
What does this do? It means that requests to the tracking beacon subdomain (ecsv2) of Roblox’s website will instead be directed to 127.0.0.1, which is your computer and not Roblox’s event collector. At the moment, no other feature of Roblox’s website uses this subdomain so it’s safe to do this. This prevents your behavior data from being collected using this tracking beacon.
Step 3: What else can I do?
You could also use a firewall, parental controls, or other means of blocking requests to that domain; this approach tends to take extra steps though. Remember this isn’t the only step you should take in protecting your privacy on the web: I recommend extensions like Ghostery that block trackers like this all over the web. Go grab it, too!