Eaglercraft is a fully web-based Minecraft clone that can’t be easily blocked by web filtering solutions like GoGuardian and Securly.
Aside from the distraction of having students play Minecraft with one another during the school day, the Eaglercraft game has an internal web browser that can be used to gain unfiltered internet access on district-managed Chromebooks.
Multiple IT admins have contacted me asking for help in responding to this new, and very creative un-filtered game.
The Eaglercraft problem
Security risks aside, Eaglercraft features brilliant coding work that took years to develop. This full-featured Minecraft game can run as a 10 MB HTML file and doesn’t require an internet connection.
Eaglercraft was published as an open-source GitHub project which means anyone can copy and duplicate it, making it virtually impossible to block via traditional web filters.
Because Eaglercraft is such a small, portable file, students can easily email it to one another or share it via a USB drive; and because it can run locally and doesn’t require an internet connection, your web filter can’t see or block it.
Wow!
The Eaglercraft solution
Fortunately, there is a pretty simple solution to the Eaglercreaft problem that involves blocking Javascript on locally run files through the Google Admin Console.
Simply add “file:///*” to block Javascript from running on local files.
Path: Devices > Chrome > Settings > User & Browsers > Content > JavaScript
Note: that is NOT a typo…you need “///” for this policy to work correctly.
With this setting in place, Eaglercraft will open, but can’t proceed past the initial countdown screen.
Google Admin tips and resources
Eaglercraft is just the latest challenge for IT administrators. If you need to level up your use of the Google Admin console, add your name to the waitlist for the Google Admin Bootcamp and Chromebook Academy.
This is not going to work. Now, students will start self-hosting the file, since the file:///* wildcard only blocks local files, not other URLs. They can host it on any web server, such as an always-on home computer with port forwarding and DDNS (in the likely event that their home Internet does not support static IP). If it gets blocked, they can simply change the domain name and/or ask the ISP to change the IP address. There is no easy way to prevent that without creating a whitelist of sites, which would be troubling for students doing actual research. You could hypothetically program an extension to deploy on the Chromebooks that logs all web requests and sends them in to a command-and-control server which then has a program which automatically downloads the JS file and checks if it is the same or equivalent to the Eaglercraft JS (using an algorithm similar to a code plagiarism checker), and if it’s equivalent, block that web address, but for that, students could just obfuscate the JS to make the comparison harder. Also, the logging may violate privacy protection laws. However, I’m more on the students’ side with this issue, and I think if students are smart enough to host a website on their home Internet and/or exploit vulnerabilities in the school computers by themselves, the school should embrace it and offer some programming classes or extracurricular activities such as a STEM club or CS club to explore their interests, hone their skills and become the IT admins or programmers of the future.
You are correct, students are very determined and if they try that hard then you should just let them have their fun. There is no way around students finding a new bypass so just teach them to only play when told.
BRO WHATS YOUR PROBLEM MAN! for starters, eaglercraft DOES NOT HAVE AN INTERNAL BROWSER. 2nd of all, eaglercraft is just minecraft, and teachers let us play minecraft education anyways and minecraft education is way better! like bro i bet you haven’t even played the game
this wouldn’t work, my school tried something similar with stopping all sites and instead just used a whitelist and me and a couple other student just decided to ddos the go guardian server using around 400 tabs, over 3 Chromebooks and wifi switched them till go guardian got corrupted trying to reinstall itself. 🙂 fun times. they gave up and turned off go guardian for the rest of the year for me and that group. also, even if you stop files using the :/// block, you can bypass it using Canva and other school approved sites that are allowed to open links and run files that other sites are not. usually these sites are using edge to do so. also there’s a funny flash based app that just hard uninstalls go guardian.
Thanks for sharing…
Just letting yall know goguardian weak we can get around it really easily
why would you do this? let students have their fun. what have they ever done to you
IT admins are required to filter and monitor school owned devices.
Welp, good luck with that. There is something called “having over 25 sites” for Eaglercraft.
Sounds good. 👍
it keep’s saying Your file couldn’t be accessed
I agree with Felix on having schools start doing stuff like that. I primarily bypass it because I am bored at lunch or after finishing an activity.
Bro this bad spelling is why you need to put it away and pay attention in class.
🤣
If you’d ask me, I say let them have their fun as long as it isn’t distracting their or others’ learning.
Basic Eaglercraft does not have an internal browser, I believe what you are referring to is the “Add Server” button in multiplayer. Now keep in mind there are many versions of Eaglercraft that all have different features but most of those versions do not have one. Eaglercraft does not include every feature as Minecraft mainly because it was made off of Minecraft 1.8.8, Minecraft is currently at 1.27.70 so most current features are not included. Now while Eaglercraft does not need internet, you will only be able to play single player without internet, meaning that most of the things you can do are behind a “wifi wall” or requiring internet. Have a good day, John!
Our school uses lightspeed
it’s impossible, blocks unknown sites
They blocked files, and are fighting hard
They’ve resorted to punishment
You can’t stop us we will always find and make loop holes this means WAR and right now US students are winning the war you teacher may have won the battle but the war has just BEGAN all students reading today we RISE agianst the tyrannical education system and FIGHT for what we hold dear to our heart this is not only a motivational speech this is a promise for those who have succumb to they tyranny of the school system we will fight for what is rightfully ours. HUUURAAAH!
You are against being educated?
If you already have a file installed for eaglercraft, before you log into your account turn off your wifi so any sites like “Goguardian” can not activate. Now you can play offline without having to worry about stupid school monitoring systems.
Thanks for letting us know!