Roblox

Username While some words cannot be used to create a username, we were able to create usernames such as knobhead so there may be some inappropriate usernames registered but most of the "popular" swear words were blocked for a username.

Password There are no complexity settings for the password, it can be as simple as 1234pass which makes the account very insecure and easy to hack. It is imperative that multi factor authentication is used to further protect an account.

Multi Factor Authentication Multi Factor Authentication (MFA) also known as two factor authentication (2FA) can be enabled with the use of an authenticator app or a code sent to an email address or an SMS (text message) to a phone, This is highly recommended as there is no password complexity requirements and as such accounts are very insecure and easy to hack passwords can be created. You can also add a PIN which is required before any account settings can be changed. This should be enabled by default rather than as an option.

Chat is one area that is a large risk for online safety, this is where online predators can engage directly with your children. They can use the chat window to try and push the conversation to another medium that is not well regulated or filtered and thereby are able to exploit and groom children on these platforms. Discord has been a common platform that online groomers will use to further a conversation that has been started on an app or game such as Roblox.

This is from the Roblox website –

“All chat on Roblox is filtered to prevent inappropriate content and personally identifiable information from being visible on the site. Players have different safety settings and experiences based on their age.

Players age 12 and younger have their posts and chats filtered both for inappropriate content and to prevent personal information from being posted. Players age 13 and older have the ability to say more words and phrases than younger players. This filtering system covers all areas of communication on Roblox, public and private.

The account’s age group is displayed in the upper-right corner of the browser as either 13+ or <13. This is also displayed while in experiences. An account’s age group is not displayed to other players.

Account owners have the ability to limit or disable who can chat with them, both in-app or in-experience, who can send them messages, and who can follow them into experiences or invite them to private servers.”

Most swear words we tried were blocked a few got through such as “crap” but the main “popular” swear words were blocked. Also links to websites such as www.discord.com was blocked as well and if we entered just discord that was blocked as well.

Games such as Adopt Me, Bloxburg where the game is based largely around the chat facility, will increase the risk of your child talking to an online predator and with hundreds of millions of players then children need to understand how to play safely. There are settings within Roblox to disable the chat, set who can chat with a user and who can message a user.

Roblox does not access the microphone or camera of the device.

Roblox does not need access to location services.

Roblox does not allow you to live stream.

Roblox is 12+ in the iOS App Store, PEGI 7 in both the Windows store and Google Play store so this is more difficult to rate. In terms of PEGI 7 then we believe that this age rating is too low and a 12+ rating is more appropriate. The reason for this lies in the fact that Roblox is a platform that allows people to develop games  and it is very difficult for these games to be reviewed and approved by Roblox themselves. There are some 40 million games available on Roblox. The age rating for an App is normally set by the developer, well it is on the Apple platform, but be aware that the app has different age ratings on different platforms.

There is a way to set Roblox so that users can only play “approved” content and you can set this under a users settings. One issue with that is the user can just disable this, there should be a way a “parent user” can set these and for these not to change however there is a pin you can set so that you have to enter the pin to make settings changes however we feel that a “parent user” being able to moderate their children’s accounts is a better way of doing this.

There is also the fact that there are 40 million+ games on the platform and hundreds of millions of players so users are bound to come across things that make them feel uncomfortable. We wrote a blog on why some games that are rated as 12+ might be safer to play than some rated 7+ Roblox VS Fortnite – A Parents Perspective on why lower age rated games are not always safer for children… – iNet Guardian Blog

If you let your children play Roblox they should be very aware not to share private information online (make sure they know what private information is), they should never add people as friends that they do not know if the real world and also never send people pictures online. If you also monitor what games they play as the chat facility in games such as shooting games, or Obbys (obstacle courses) provide less time to chat in the game as it is fast moving. Games such as Bloxburg, Adopt me etc are not so fast moving and rely more on the chat facility thereby increasing the risk to your children that will be communicating with an online predator.

As per most apps and games there is pretty much no age verification other than entering a date of birth when you create your account. Obviously children should not enter their real date of birth but use a fake date of birth that they can remember, for instance if they were born on 1/4/2009 then use the same year but change the day and month such as 1/1/2009 or something similar. This is just in case there is a data breach as your child will then not have entered their real date of birth.

Roblox have had several security breaches. In 2020 an employee had been bribed to allow an external party access to back-end systems which had information on Roblox users.

In 2021 some internal documents were reportedly stolen through social engineering as reported in Roblox hacker posts stolen documents online | IT PRO.

These are the most recent security breaches of Roblox.

While it is not strictly possible to be anonymous in this game, at the end of the day all Roblox asks for is a username and date of birth so by its nature it is pretty anonymous and users cannot easily be traced to any verifiable information.

Roblox is a fantastic environment for children to play and they can even create their own games through Roblox Studio however due to the large number of users on the platform it is inevitable that there will be inappropriate content available on the platform or they may be things that happen which make them feel uncomfortable.  We as parents need to ensure that our children understand what to do if they encounter anything that they feel is inappropriate.

I would highly recommend that you play games with your children to understand what they enjoy about it and that also provides the opportunity to discuss how to stay safe online and what to do if they see or encounter anything that makes them feel uncomfortable.