Hey all. If you’re like me and care about your privacy, you are definitely familiar with how large web companies use tracking technologies to understand how you, the end user, interact with their product. Unsurprisingly, Roblox is one of these huge web companies. They have developed their own tracking solution in-house, and extensions like AdBlock, Adblock Plus, uBlock and Ghostery don’t seem to detect it. The tracking technology that is used is a beacon* located at:
http://ecsv2.roblox.com/www/e.png, and you’ve probably seen it while using Fiddler2 or Firefox/Chrome’s web developer tools. There is no public evidence that indicates that this beacon honors the “DNT” (Do Not Track) header sent by most browsers; additionally, there’s no website option or prompt to opt out either. Tsk tsk!
*Most of the time, a tracking beacon URL returns a tiny, transparent 1x1 image that carries no significance. Tracking is implemented for emails in this way, which is why your email client asks you before displaying images.
Below is a screenshot of tracking requests being made in Chrome to the beacon. This was a simple visit to the URL roblox.com/home. Here, you can see 3 “page heartbeat” events which let them know I still have such a tab open on the website. I’ve highlighted the DNT request header, too:
Using Fiddler 2, I’ve noticed that both Roblox’s website and Roblox Studio send requests to this beacon.
Step 1: Open your “hosts” file
On Windows 10, it’s at C:\Windows\System32\drivers\etc. The location varies between versions of Windows. You and the program you use will need administrator privileges in order to edit this file; simply run Notepad, Sublime Text or another text editor as an administrator to do this. The file does not have an extension like .txt, so beware.
What is the “hosts” file? This file translates domain names to IP addresses (usually the role of a DNS server). In this file you can specify IP addresses manually. You’ll notice there’s a bunch of # comment lines explaining the whole shebang.
Step 2: Add contents to the bottom and save:
# Roblox Tracking 0.0.0.0 ecsv2.roblox.com 0.0.0.0 data.roblox.com 0.0.0.0 roblox.sp.backtrace.io
What does this do? It means that requests to the tracking beacon subdomain (ecsv2) of Roblox’s website will instead be directed to the 0.0.0.0 IP address - which goes nowhere. At the moment, no other feature of Roblox’s website uses this subdomain so it’s safe to do this. This prevents your behavior data from being collected using this tracking beacon.
Step 3: What else can I do?
You could also use a firewall, parental controls, or other means of blocking requests to that domain; this approach tends to take extra steps though. Remember this isn’t the only step you should take in protecting your privacy on the web: I recommend extensions like Ghostery that block trackers like this all over the web. Go grab it, too!
If you have any other privacy tips, please share them below. Thanks!
August 26th, 2018 – Added
roblox.sp.backtrace.ioto opt-out, and changed redirect IP from
0.0.0.0Mad props to @shayner32 and @gskw for pointing these out. Also, placed image link on its own line so it displays in-browser and added more details about the