How to opt-out of Roblox tracking on Windows (ecsv2.roblox.com)

privacy
tracking
opt-out

#1

Hey all. If you’re like me and care about your privacy, you are definitely familiar with how large web companies use tracking technologies to understand how you, the end user, interact with their product. Unsurprisingly, Roblox is one of these huge web companies. They have developed their own tracking solution in-house, and extensions like AdBlock, Adblock Plus, uBlock and Ghostery don’t seem to detect it. The tracking technology that is used is a beacon* located at: http://ecsv2.roblox.com/www/e.png, and you’ve probably seen it while using Fiddler2 or Firefox/Chrome’s web developer tools. There is no public evidence that indicates that this beacon honors the “DNT” (Do Not Track) header sent by most browsers; additionally, there’s no website option or prompt to opt out either. Tsk tsk!

*Most of the time, a tracking beacon URL returns a tiny, transparent 1x1 image that carries no significance. Tracking is implemented for emails in this way, which is why your email client asks you before displaying images.

Below is a screenshot of tracking requests being made in Chrome to the beacon. This was a simple visit to the URL roblox.com/home. Here, you can see 3 “page heartbeat” events which let them know I still have such a tab open on the website. I’ve highlighted the DNT request header, too:

Using Fiddler 2, I’ve noticed that both Roblox’s website and Roblox Studio send requests to this beacon.

Put your pitchforks down, kids: remember that you agreed to Roblox’s Terms of Service and Privacy Policy (+ Cookie Policy), so it’s kosher for them to implement stuff like this. By-and-large it helps Roblox gather information on you to make the platform better, but you as an end user have the right to opt out of such tracking. This short tutorial will show you how to do that.

Step 1: Open your “hosts” file

On Windows 10, it’s at C:\Windows\System32\drivers\etc. The location varies between versions of Windows. You and the program you use will need administrator privileges in order to edit this file; simply run Notepad, Sublime Text or another text editor as an administrator to do this. The file does not have an extension like .txt, so beware.

What is the “hosts” file? This file translates domain names to IP addresses (usually the role of a DNS server). In this file you can specify IP addresses manually. You’ll notice there’s a bunch of # comment lines explaining the whole shebang.

Step 2: Add contents to the bottom and save:

# Roblox Tracking
0.0.0.0 ecsv2.roblox.com
0.0.0.0 data.roblox.com
0.0.0.0 roblox.sp.backtrace.io

What does this do? It means that requests to the tracking beacon subdomain (ecsv2) of Roblox’s website will instead be directed to the 0.0.0.0 IP address - which goes nowhere. At the moment, no other feature of Roblox’s website uses this subdomain so it’s safe to do this. This prevents your behavior data from being collected using this tracking beacon.

Step 3: What else can I do?

You could also use a firewall, parental controls, or other means of blocking requests to that domain; this approach tends to take extra steps though. Remember this isn’t the only step you should take in protecting your privacy on the web: I recommend extensions like Ghostery that block trackers like this all over the web. Go grab it, too!

If you have any other privacy tips, please share them below. Thanks!

  • August 26th, 2018 – Added data.roblox.com and roblox.sp.backtrace.io to opt-out, and changed redirect IP from 127.0.0.1 to 0.0.0.0 Mad props to @shayner32 and @gskw for pointing these out. Also, placed image link on its own line so it displays in-browser and added more details about the .png beacon.

#2

I mean, I trust Roblox corporation to use the interaction data they collect properly. Roblox is one of the few companies I actually trust, so I don’t mind having interaction tracking enabled for them.

That said, thank you for this! Those of us that prefer to have all tracking disabled will love this. :slight_smile:


#3

(meant to reply to the original post)

Although we have agreed for them to do this, it is interesting that it isn’t detected by the mainstream extensions listed, and there are no current provided ways to turn it off. I find this very useful information, and the fact that there are no evident ways to opt out of this tracking, or proof that it honors DNT headers, could be a reason for someone to follow this tutorial and manually opt out themselves.

Roblox has never been a company to give their users an array of options and opt outs related to your data, probably because these options don’t pertain to the primarily young audience that Roblox has, and this became increasingly apparent when they disabled the option to view your moderation history.

In relation to the collection of data and caring about your privacy, Roblox doesn’t follow the practice of allowing individuals to download their data as easily as companies like Google, Twitter, or Discord, and in order to do so, you have to email and provide proof of residency in the EU. The now popular practice is indeed out of convenience, because what company wants to process thousands of data download requests, but it also results in better end user experiences, as the rule no longer only applies to EU residents, but now everyone can download their data.


#4

to add on:

127.0.0.1 data.roblox.com
127.0.0.1 roblox.sp.backtrace.io

#5

I think it would be a good idea to use 0.0.0.0 instead of 127.0.0.1 to avoid potential conflicts with local applications that listen on port 80/443.


#6

Thanks! I’ll edit this into the OP.


#7

Sorry if this is a stupid question, but why does this matter? Like what is the potential harms? Is all their getting is knowing that I’m on the page?


#8

Definitely not a stupid question. Here’s a website that takes a stance against tracking: https://why-are-you-tracking.me

The gist is that tracking data is used to affect (read: manipulate) your choices as a consumer in a way that is subtle, not very well known, helps you very little, and can be generally considered unethical.


#9

For those using PiHole on their network, you can simply add those domains to the blacklist. This will block those domains at the DNS level over your whole network.

Personally, I’ve never cared about tracking. I’m not keeping these on my blacklist. But I get why some people don’t like it.

And if you don’t have PiHole, I would highly recommend it. It’s free and super easy to set up.


#10

#11

#12

Closed at the request of OP.