This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was closed and archived. Please ask a new question if you need help.

Firefox spyware

  • 13 replies
  • 0 have this problem
  • 49 views
  • Last reply by mozel3

more options

When I launch Firefox (version 115.0.1), it establishes and maintains multiple connections to '*.googleusercontent.com' until I close Firefox. This is bull shit is totally unacceptable. I have been using Firefox since version 1.0.6 but I will dump Firefox for another web browser if this problem cannot be fixed.

How do I stop these connections being made?

When I launch Firefox (version 115.0.1), it establishes and maintains multiple connections to '*.googleusercontent.com' until I close Firefox. This is bull shit is totally unacceptable. I have been using Firefox since version 1.0.6 but I will dump Firefox for another web browser if this problem cannot be fixed. How do I stop these connections being made?
Attached screenshots

All Replies (14)

more options

I have turned off everything listed in the following link except for auto-update checking and the loopback connection, and now the problem is even worse.

https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections

Its so obvious that Google is paying Mozilla executives to sabotage the original goal of Firefox which was to be secure and private.

Modified by kolusion1

more options

I see two matches:

C:\WINDOWS\system32>netstat -f | find "googleusercontent"

TCP 192.168.1.78:61000 55.65.117.34.bc.googleusercontent.com:https  ESTABLISHED
TCP 192.168.1.78:62285 2.128.149.34.bc.googleusercontent.com:https  ESTABLISHED

(1) If I try to load 55.65.117.34.bc.googleusercontent.com I get a certificate error; click Advanced; click View Certificate. It's for:

Common Name: push.services.mozilla.com

I think that is one of the ones in your last screenshot. This is a channel for website background ("push") notifications. Probably one of the dom.push.whatever preferences controls whether this connection is opened. That's mentioned in the following thread I skimmed (I didn't experiment): https://groups.google.com/g/mozilla.support.firefox/c/VtJGAcm74fI

(2) If I try to load 2.128.149.34.bc.googleusercontent.com I get a certificate error; click Advanced; click View Certificate. It's for:

Common Name: *.prod.sumo.prod.webservices.mozgcp.net

This is a server used by this support site. Probably that wasn't on your list before coming here.

Both of these look like Mozilla services that were previously hosted on Amazon Web Services and presumably have been migrated to Google Cloud Services. Hopefully that will be useful in your further investigation.


A later run returned more, but I didn't do the certificate check on them:

C:\WINDOWS\system32>netstat -f | find "googleusercontent"

TCP 192.168.1.78:62328 2.128.149.34.bc.googleusercontent.com:https  ESTABLISHED
TCP 192.168.1.78:62351 55.65.117.34.bc.googleusercontent.com:https  ESTABLISHED
TCP 192.168.1.78:62419 123.208.120.34.bc.googleusercontent.com:https  TIME_WAIT
TCP 192.168.1.78:62491 2.128.149.34.bc.googleusercontent.com:https  TIME_WAIT
TCP 192.168.1.78:62499 209.100.149.34.bc.googleusercontent.com:https  TIME_WAIT
TCP 192.168.1.78:62500 102.115.120.34.bc.googleusercontent.com:https  TIME_WAIT
TCP 192.168.1.78:62576 139.220.110.34.bc.googleusercontent.com:https  ESTABLISHED
TCP 192.168.1.78:62597 239.237.117.34.bc.googleusercontent.com:https  ESTABLISHED
TCP 192.168.1.78:62616 123.208.120.34.bc.googleusercontent.com:https  ESTABLISHED
more options
more options

Before doing the netstat's in the screenshots, I closed Firefox and confirmed it was no longer running, and then I waited until the connections it had made dropped off netstat. I also tried disabling the extension I had installed.

I have just tried disabling 'push' by toggling the advanced preference 'dom.push.enabled' to false, but it made no difference. Firefox spyware is still making and maintaining connections to Google and Amazon CloudFront at all times.

According to statcounter, Firefox's marketshare continued to decline in May 2023 down to 2%, behind Microsoft Edge at 4%. Mmmm I wonder why?!

My problem with Firefox spyware remains. Firefox continues to phone Google and Amazon CloudFront despite following everything in the Mozilla article on how to turn off 'automatic connections'.

So, can this problem be fixed or has Mozilla truly sold out its users to Google and Amazon CloudFront?

Modified by kolusion1

more options

kolusion1 said

I have just tried disabling 'push' by toggling the advanced preference 'dom.push.enabled' to false, but it made no difference.

Did you try the one mentioned in the thread, dom.push.connection.enabled ?

So, can this problem be fixed or has Mozilla truly sold out its users to Google and Amazon CloudFront?

Why do you think Mozilla "sold out its users"? Do you think that the three major cloud services providers (Amazon, Google, and Microsoft) read all of the data of all of their customers? They would soon be out of business if that were to happen.

Nevertheless, it sounds like as long as Mozilla chooses to use one of the top public clouds to host services you won't be comfortable using it. If you discover a way for Mozilla to return to hosting those services in its own data centers, which was very expensive, maybe that could be an option again.

more options

I just tried changing the advanced parameter 'dom.push.connection.enabled' to false and it didn't make a difference, Mozilla spyware is still active and making and maintaining connections to Google and Amazon CloudFront.

Mozilla has sold out its users because it is making Firefox phone home to 'services' which the user doesn't even use. Why the hell would Firefox need to do this if I am not using their services? It does this as soon as I launch it for Christ's sake.

Absolutely Google and Microsoft, and no doubt Amazon CloudFront read all their customers data at some point. Don't be naive. Information is Google's business.

Mozilla pretty much are out of business. They were once the king of internet browsers, now they are a distance memory with a pathetic 2% marketshare. Its a tragic joke.

Please don't talk about Mozilla and expenses. Google is paying them HUNDREDS of millions of dollars every 3 years. Clearly, that payment comes with strings attached.

So, Firefox spyware is still active. Has anyone else got any other ideas?

more options

kolusion1 said

So, can this problem be fixed or has Mozilla truly sold out its users to Google and Amazon CloudFront?

Unlike with companies like Google, Amazon and Microsoft, Mozilla actually cares about users privacy. https://www.mozilla.org/privacy/firefox/

more options

Hahaha... yes... Mozilla cares about its users privacy. That's why it's flagship product, Firefox, makes multiple connections to Google and Amazon CloudFront on launch and maintains those connections until Firefox is closed, and it does not give its users anyway to stop it.

https://en.m.wikipedia.org/wiki/PRISM

https://en.m.wikipedia.org/wiki/XKeyscore

more options

You have to remember Google and Amazon are the providers off all this information that Firefox connects to without that the internet wouldn't work as it does or give users access to the internet. We all give up privacy when you go to the internet if you can go to site they can track you and if you block cookies you get blocked in return to not use their access or sites or software. That is how the internet works you give up a level of privacy to use it. Even your ISP knows whom you are and where your connected from. Without agreeing to your ISP "TOS" you wouldn't get internet access. Just think about this your "SmartPhone" anywhere you go your tracked calls or website usage. If you thought Firefox was bad look at your "SmartPhone" they track you 24/7 even when you sleep.

more options

The internet works just fine without Google and Amazon.

Actually, Firefox's domain isolation feature that I use prevents cross-site tracking with cookies.

Yes, my smartphone is worse than Firefox, but I don't have the option to change phones right now, but I can change web browsers.

Firefox's is write off. Over the weekend I'm going to find a better browser. I advise you to do the same. Mozilla sold you out and is now playing you. They don't care about your privacy. That's why their in bed with Google.

more options

A lot of data files used by Firefox are no longer built-in, but are retrieved from cloud (CDN) servers to improve flexibility and this makes it easy to fix issues without the need to update Firefox (you can even makes changes available to older versions). Previously these files were hosted on Amazon servers (AWS;mozaws.net), but a while ago these files have been transferred to Google Cloud servers (GCP/GCS;mozgcp.net). This is just rented space on cloud servers and only data is downloaded based on specific parameters like balrog servers for updating. Such cloud servers are much faster and can handle a large amount of requests as you get redirected automatically to a nearby server.

more options

kolusion1 said

Mozilla sold you out and is now playing you. They don't care about your privacy. That's why their in bed with Google.

Mozilla does not sell your data though. What other major web browser cares about your privacy then if not Mozilla Firefox, certainly not Chrome, Chromium, Opera, Edge.

Mozilla uses Google as the default search engine for many locales of Firefox yes however they tried to get away from Google in this case as Yahoo was the default search engine for many locales instead for a while. However Yahoo did not hold up their end of contract and Mozilla then parted ways only for a lawsuit to occur and as a result Yahoo was completely removed from Firefox since Firefox 57.0.

https://blog.mozilla.org/en/mozilla/mozilla-files-cross-complaint-against-yahoo-holdings-and-oath/ https://blog.mozilla.org/en/mozilla/promoting-choice-and-innovation-on-the-web/ https://blog.mozilla.org/en/products/firefox/firefox-features-google-as-default-search-provider-in-the-u-s-canada-hong-kong-and-taiwan/

Just because they may get payments from Google to be a default search engine in many locales does not mean Mozilla is in bed with them. You can use whatever search engine you want including options from https://mycroftproject.com/ as we have mentioned from the start.

Your paranoia is making you think Mozilla does not care about your privacy. You have yet to provide any proof yet others here have shown otherwise.

more options

So, code that can be executed on my computer is coming from Google? Lol wtf

'Easier' code fix is not a valid excuse. Firefox already has its own updte function and service.

Like I said in previous posts, Firefox's market share is down to 2%, behind Microsoft Edge and only just beating Samsung Browser. Mozilla has lost it.

After 19 years, I'm done. Spyware is not tolerated.

more options

Interesting approach. I found the IP 55.65.117.34 in a 'netstat -a' result last night on my Linux computer while I was doing a port scan. There were 2 instances of the following, which appeared whenever Firefox started:

'55.65.117.34.bc.g:https ESTABLISHED'

As you can see, it's not quite the same output as the windows version, but I'm guessing the 'g' is the equivalent of the 'googleusercontent.com' reference in your version, which I wasn't aware of until I saw this thread.

I did an IP look-up on numerous sites and got the same relevant results from each, and not a mention of Google in any of them. Until I can understand why this particular connection is being made, I will be using Brave browser.

IP Look-up results: IP Address: 55.65.117.34 ASN: 331 City: Fort Huachuca State/Region: Arizona Country: United States of America Postal Code: 85613 ISP: Headquarters USAISC (US Army Information Systems Center - Fort Huachuca, AZ, USA). DOD Network Information Center.

If anyone can explain why a connection to the US military is being established in the background, I'd be most grateful.