this post was submitted on 14 Apr 2024
51 points (96.4% liked)

LibreWolf

3174 readers
1 users here now

Welcome to the official community for LibreWolf.

LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM. If you have any question please visit our FAQ first: https://librewolf.net/docs/faq/

To learn more or to download the browser visit the website: https://librewolf.net/

If you want to contribute head over to our Codeberg: https://codeberg.org/librewolf

founded 3 years ago
MODERATORS
 

I was monitoring my network traffic when I noticed that Librewolf was constantly connected to the IP 34.107.243.93.

A quick search made me find this post https://support.mozilla.org/en-US/questions/1364193 on the Mozilla Support Forum, according to which Firefox is constantly connected to the IP 34.107.221.82 to check for an internet connection, so I assumed that this connection had a similar purpose.

The problem I have with that is, that dig -x 34.107.243.93 returns 93.243.107.34.bc.googleusercontent.com. As I didn't like the idea of my computer being connected to a google service whenever I use Librewolf, I tried deactivating the connection or at least changing the IP, but I couldn't find a feature for this in neither the settings nor the about:config.

I tried blocking the IP with UFW, but the the connection still exists even after restarting the browser or rebooting. I have three questions:

A: Am I correct in the assumption that this connection exists to check for an internet connection or is something else going on here?

B: Is there a way to deactivate this "feature" or at least change the IP to that of a more privacy respecting party?

C: How can the connection persist after I blocked it in my firewall? I haven't tried blocking it in my router yet, but I find this really creepy.

I've enjoyed using Librewolf for almost 3 years now but this is really bugging me.

I'm thanking you in advance any replies and advice.

EDIT: Accidentally wrote "browser" instead of router in question C.

you are viewing a single comment's thread
view the rest of the comments
[–] BrikoX 42 points 7 months ago (2 children)

I think it's related to the push notifications.

You can check by disabling them.

  • Type in about:config in the address bar, press Enter
  • Search for the preference dom.push.enabled and double-click it to set it to false.

https://librewolf.net/docs/faq/#does-librewolf-make-any-outgoing-connections

[–] [email protected] 16 points 7 months ago (2 children)

That seems to have solved it, thank you.

I completely forgot about the Librewolf FAQ.

I still don't understand how it got through the firewall though.

[–] [email protected] 1 points 7 months ago

I still don’t understand how it got through the firewall though.

In the past I have followed howtos on the Internet about blocking a single IP address with iptables or for that matter ufw, and failed :(

[–] [email protected] 1 points 7 months ago (1 children)

I would also like to know how it got through the firewall. LibreWolf is not running as root, is it?

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago) (1 children)

No, of course not.

I'd never run any service as root unless it's absolutey necessary.

I'm actually still baffled by this because I have no idea how this could happen.

A friend of mine suggested that Librewolf may have edited my ufw rules, but unless my understanding of how file permisions in Linux work is fundamentally flawed (without me ever running into problems because of it) that shouldn't be possible. Especially because ufw status still shows the IP as denied.

I'm thinking about filing a bug report to ufw about this.

[–] [email protected] 2 points 7 months ago (1 children)

My career has primarily been in IT support so I had to ask haha 😅 Baffling is the word, for sure. If you do figure it out and you remember to update here I'd be appreciative! I think, after xz, we should all be on high alert to investigate minor-seeming-but-still-very-weird behaviours like this.

[–] [email protected] 2 points 7 months ago

I very much doubt that this is even anywhere close to the level of xz. If, big IF, this is some kind of backdoor, then whoever made it didn't put nearly as much effort into hiding it as they did with xz and it would've probably been found already.

[–] [email protected] 1 points 7 months ago (2 children)

Does it ping Google if there are no sites with notifications?

[–] [email protected] 5 points 7 months ago (2 children)

Seems that way, as I have not given any website permission to send me notifications.

It seems to be a Mozilla server though, which is just hosted by Google. In my book that doesn't make it much better though.

[–] [email protected] 3 points 7 months ago (1 children)
[–] [email protected] 1 points 7 months ago (1 children)

Then why was netstat showing an active conection to this server at all times?

[–] [email protected] 2 points 7 months ago

I'm bad at using blockquotes when the comment ends in the thing I'm replying to.

In my book that doesn’t make it much better though.

[–] [email protected] 3 points 7 months ago

By the same token some people seek to "de-Google" and then install a custom ROM on Google Pixel hardware, it's like, my guy, any backdoor you are seeking to remove in the software most likely is already a vector in the hardware.

Thanks for being so alert, there is no reason LW needs to talk to any website on the net without being asked to, least of all Google.

[–] BrikoX 3 points 7 months ago

No idea, sorry.