Connections to Google MCS when Google push messaging is turned off

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

brave attempts connections to google on port 5228

Brave is up to date Version 1.52.122 Chromium: 114.0.5735.110 (Official Build) (64-bit)

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

eg. brave.exe connects to:

• tcp://142.251.31.188 (eq-in-f188.1e100.net) on port 5228 - outbound connection
• tcp://173.194.69.188 (ef-in-f188.1e100.net) on port 5228 - outbound connection

[diracdeltas]

looks like upstream though this seems to mostly be android not desktop: https://webcache.googleusercontent.com/search?q=cache:0yxpa45d00IJ:https://www.reddit.com/r/chrome/comments/bl70f9/chrome_connecting_to_a_5228_port/&cd=20&hl=en&ct=clnk&gl=us, https://web.archive.org/web/20230316174606/https://www.reddit.com/r/chrome/comments/11t0xz8/stop_outbound_connections_to_port_5228_from_chrome/

cc @fmarier @pes10k

[fmarier]

@fusionneur What OS are you using?

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

windows 11

[fmarier]

It looks related to Google's Mobile Connection Server which is used for Google Cloud Messaging.

Do you have the Google push setting enabled in brave://settings/privacy by any chance:

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

i have it disabled, and on previous versions these connections were not attempted

[fmarier]

How often do you see these connections? Is there a pattern to them? Do they happen automatically if you start the browser without doing anything special?

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

happens rarely, about once a day. it happens also in idle state (no active browsing) i cannot reproduce it

[ShivanKaul]

@fusionneur thanks for reporting. Do you have any extensions enabled that might be causing this connection? We've tried repro'ing including by keeping the browser on for >24 hours and didn't have any luck.

[ShivanKaul]

I'm going to close this as non actionable -- @fusionneur if you're able to repro please let us know

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

yes still happens eg:

[fmarier]

@fusionneur Is 7547 in this screenshot the port on the Google backend side?

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

that is the local port. the remote port is 5228

got 2 more attempts couple of hours ago

Current version: Brave is up to date Version 1.56.20 Chromium: 115.0.5790.171 (Official Build) (64-bit)

[ShivanKaul]

@fusionneur did you confirm that you don't have any extensions that might be making these connections?

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

I have open source extensions: ublock, noscript, dark reader, privacy badger, cookie autodelete, clearURLs, https everywhere, localCDN, umatrix, violentMonkey, XDM Integration module, tab session manager, keepassxc-browser, tab auto reloader. I have most of these extensions in firefox as well (without the bolded italic ones), but there I don't see this connection . I cannot easily reproduce the connection attempt as it happens randomly and I highly doubt any of these extensions are attempting the connection

still happens on Brave Version 1.57.53 Chromium: 116.0.5845.114

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

still happening on 1.64.113

brave.exe, ‎02 ‎April ‎2024 ‏‎11:22:29, 74.125.143.188, ed-in-f188.1e100.net, 5228, tcp, Outbound [B] User rule\BLOCK brave google mtalk :5228 {TCP}

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

could be related to:

• hangouts extension --- i have it disabled
• Use Google services for push messaging --- i have it disabled
• Allow Google login for extensions --- i have it disabled

Might be a bug in the code related to these 3 components, where even if you disable them, the connections are still attempted Another option would be 'WebRTC IP handling policy', i have it set to 'reveal public interface only'

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

for a browser that claims to offer privacy, leaking IP to google (and oher data??) should be fixed with higher priority..