Cant stop 2 of the mozilla's automatic hidden connections
I've already done all the things explained in "Disable FF automatic connections" page. I also disabled "Query for certificates" setting (OCSP thing)
But FF connects to some IP's when opened still. It connects to both shavar.prod.mozaws.net(also things like it, versioncheck.prod.mozaws.net) and search.r53-2.services.mozilla.com
Glasswire Screenshot: https://postimg.org/image/705do8onr
I even blocked it at hosts but... I guess it has many different IP's? And how would I get rid of these connections?
Note: I have another privacy question not related to FF, are we allowed to discuss it here?
All Replies (10)
hi, please press ctrl+shift+j and go to the networking tab of the browser console to see where those connections are going to exactly - that will make it easier for us to give advice here...
Here's browser console (I don't understand what to do with it): https://s21.postimg.org/ei8rnz1yf/1_browser_console.jpg
Here's Glasswire showing all 4 hidden connections made just by starting FF: https://s13.postimg.org/fktc3lc9j/2_Glasswire_FF.jpg I wrote their IP's on the screenshot.
Extra question: Peerblock blocks EI Du Pont de Nemours and co Inc adresses a lot. It also happened now when I tried to open this post. But those Dupont connections are random, they might appear on any link, not just by coming here. Screenshot: https://s15.postimg.org/tb3t29py3/3_Dupont_on_mozilla_page.jpg
Are those blocked Dupont connections (again, they appear anywhere on the internet sometimes) safe?
hi again, sorry that screenshot of the browser console doesn't really help - please disable and reenable the "net" section and disable the logging of all other sections (css, js,...) to get to the relevant information.
On that last point:
I don't know why your tool associates those addresses with DuPont. That entire range starting with 52.222 is Amazon's and I suspect customers may be assigned different addresses dynamically over time, so I don't think you can reliably know what site it was (or who operated it) retrospectively from the earlier history of use of the IP address.
NetRange: 52.192.0.0 - 52.223.255.255 Organization Name: Amazon Technologies Inc. https://whois.arin.net/rest/net/NET-52-192-0-0-1/pft?s=52.222.157.69
philipp said
hi again, sorry that screenshot of the browser console doesn't really help - please disable and reenable the "net" section and disable the logging of all other sections (css, js,...) to get to the relevant information.
I cleared cookies/cache etc. Started FF. Glasswire again shows a connection to shavar.prod.mozaws.net(52.43.240.174) 3 KB Down, 952 Bytes Up. Opened browser console and just did what you said; Net section has absolutely 0 information there.
you need to disable and reenable the net section once i think before entries show up there. shavar* is used to obtain the blocklists for tracking protection & safebrowsing i think: https://wiki.mozilla.org/Services/TrackingProtection
philipp said
shavar* is used to obtain the blocklists for tracking protection & safebrowsing i think: https://wiki.mozilla.org/Services/TrackingProtection
I had tracking protection off. And I had;
browser.safebrowsing.enabled browser.safebrowsing.downloads.remote.enabled browser.safebrowsing.malware.enabled
All of them disabled. So what do you think?
philipp said
you need to disable and reenable the net section
Hi Philip, it worked, Here's the screenshot: https://s22.postimg.org/5n5ou8d75/shavar_net.jpg
2 GET's there, but only one shavar connection in Glasswire, what to do?
hi, the first connection might be triggered by the https everywhere addon or the tor browser: https://github.com/EFForg/https-everywhere/issues/2719 - off hand i don't know how to prohibit that, so you might want to get in contact with their support...
in regards to the second connection - snippets are the little space beyond the search field where mozilla is running promotions. to prohibit any connections there you might want to try setting the preference browser.aboutHomeSnippets.updateUrl to a blank value or set an empty homepage for firefox.
philipp said
hi, the first connection might be triggered by the https everywhere addon or the tor browser: https://github.com/EFForg/https-everywhere/issues/2719 - off hand i don't know how to prohibit that, so you might want to get in contact with their support... in regards to the second connection - snippets are the little space beyond the search field where mozilla is running promotions. to prohibit any connections there you might want to try setting the preference browser.aboutHomeSnippets.updateUrl to a blank value or set an empty homepage for firefox.
I don't use tor browser, and the https everywhere topic doesnt say how to block it :( for second connection I already had browser.aboutHomeSnippets.updateUrl blank so any other ideas?