Out of the Box Iceraven makes continuous attempts to connect to *bc.googleusercontent.com

[optimumpr]

Could developers please explain why Iceraven is attempting to connect to *bc.googleusercontent.com on first start?

Also, I read an explanation regarding various detected trackers, that those are 'substitutes' taken from Fennec F-droid. However, When Fennec F-droid is checked for trackers, there are none shown. Iceraven is flagged for having the following trackers:

Admob Adust Sentry Mozilla telemetry

[seniordevel]

I closely monitored Iceraven connections a while ago. But I cannot confirm this behavior.

However, some other servers are contacted periodically, amoung them... Detectportal.firefox.com Shavar.services.mozilla.com Versioncheck.addons.mozills.org Safebrowsing.googleapis.com

Well, Mozillas detectportal can be considered as telemetry in my opinion.

But please note that Iceraven contacts bookmarked sites at startup. Possibly some of the built-in favorites are routed via tracker pages. That is just my first assumption. I am not affiliated with the Iceraven project in any way.

Maybe you want to remove all built-in links at Iceravens homepage - and test again.

[optimumpr]

With shortcuts removed - the same behavior.

[seniordevel]

I just re-checked my Iceraven's traffic of a whole day, but still can find attempts to contact *.bc. googleusercontent. com.

Developers can define single-time connections: Those attempts will begin at a certain event (e. g. addon installation), then continue --until being successful-- and finally never occuring again.

Possibly, and for that reason, I cannot see those attempts anymore. When I installed Iceraven, my Firewall was set to "allow".

Personally I'm not too worried about it. I'm rather worried about continious tracking.

[optimumpr]

I use Afwall, which is set to block any new app by default and log any denial. So, with Iceraven fresh install, it is prevented from connecting to the Internet, and any attempt to connect would show up in a detailed log, which is in my screenshots. I have reproduced that at least 4 times, and it happens on first launch after installation.

Googleusercontent is used for storing static data and by various bots. So, this needs an explanation, especially that no other browser whether chromium or firefox based makes that connection.

[seniordevel]

which is set to block any new app by default and log any denial

This is the correct setting for a firewall. As stated before, my firewall (Rethink) unfortunately was in "allow mode". This might explains the lack of logging googleusercontent, as it might happens once only.

Your googleusercontent IP points to a multicast service (mcast. net). This means, the data is transmitted to mcast.net, and mcast.net distributes your data to multiple other recipients - which certainly makes things even worse. Thus I understand your doubts.

So, this needs an explanation, especially that no other browser whether chromium or firefox based makes that connection.

As you know, I am not involved in Iceraven development, not even reviewed Iceravens source code (I would know much more). So sorry, but I see myself unable to provide satisfying answers to you.

[akliuxingyuan]

Can't reproduce, and it's not controlled by Iceraven https://support.mozilla.org/mk/questions/1352614

When Fennec F-droid is checked for trackers, there are none shown. Iceraven is flagged for having the following trackers: Admob Adust Sentry Mozilla telemetry

should be wrong or outdated, can you share the check method? since Iceraven almost have same patch

[optimumpr]

The method is described in my prior posts. Again, the described connection only happens on first launch, i.e., you must uninstall Iceraven or wipe its settings. For trackers, use one of tracking control apps All of them show listed trackers.

I'd like to here from Iceraven developers, as both things (connection and trackers) only happen in Iceraven (none in F-Droid's Fennec).

[seniordevel]

Today I searched whole Iceravencode for your posted domains and IP's, e. g. "googleuser", "239.237" and "54.152".

Nothing found.

You should know that a browser can be hijacked by other applications to contact an internet destination - and to transmit information. It's common practice on windows systems! On windows other apps can launch and close a browser in hidden mode. That is why I alwas define a blocked browser as standard browser. However I don't know if it is possible with Android.

[seniordevel]

@optimumpr

Do not trust all of those anti-tracking apps. I know --from first hand-- you cannot trust. For example, a friend of mine sold his addon a long time ago.... for a good price, a very good price!

He sold his addon to a company. The company is/was a tracking-company, also well known. The name of the addon was/is Ghostery. An anti-tracking addon, provided and developed by a tracking company! Lot's of people still trust in it! Unbeliebable, but sad truth.

Thus I tend to trust in firewall apps only, since those apps report real IP's, but do no rating.

You missed reporting all your "suspicious" IP's or domains! This information still is missing, but would be very important. It is important to prove that your reported targets are what you believe.

googleusercontent that's just a cloud service, as there are hundreds of this kind. Those servers can host anything, yes even trackers. But this means nothing.

[optimumpr]

I understand your general point about trackers, but that does not explain why no other firefox based android browser, including the F-droid's version, do NOT make those connections on the same device. Nor are they flagged as having the already mentioned trackers.

Also, I am not sure what you mean when you say I missed reporting all suspicious IPs or domains. There are 2 IPs on my screenshots with one resolved (shown in gray pop-up).

As I have said, I was able to reproduce the same behavior at least 4 times. To reproduce the unexplained connections, one must uninstall iceraven, block traffic and turn logs in Afwall and then reinstall iceraven, which on first launch will connect to the mentioned sites. Or use wireshark.

[seniordevel]

Also, I am not sure what you mean when you say I missed reporting all suspicious IPs or domains.

You are right, I should clarify my doubts.

You posted 7 IP's, some were used multiple times, but I do not need the resolved addresses.

54.165.39.203 resolves to Amazon Technologies 1 54.145.6.104 same as above 54.152.110.245 same as above 108.139.29.19 is Amazon. com 108.139.29.55 same as above 34.117.237.239 Google LLC 239.237.117.34 Mcast-net

I tried to find the relation to your listed tracker services, as there are... Admob Adjust Sentry Mozilla Telemetry

I found, that at least an IP of Mozillas Telemetry is missing (since those are well known). Therefore I tried to ask for the correct/complete IP log.

[optimumpr]

log_dump.log

Here is the complete log.;

[sollyucko]

Here's what PCAPdroid tells me Iceraven connected to, after I installed version 2.9.1, launched it, and pressed "start browsing":

IPProto,SrcIP,SrcPort,DstIp,DstPort,UID,App,Proto,Status,Info,BytesSent,BytesRcvd,PktsSent,PktsRcvd,FirstSeen,LastSeen
17,10.215.173.1,48015,10.215.173.2,53,10421,Iceraven,DNS,Closed,assets.mozilla.net,64,149,1,1,1695439737996,1695439738060
17,10.215.173.1,54590,10.215.173.2,53,10421,Iceraven,DNS,Closed,firefox-android-home-recommendations.getpocket.com,96,160,1,1,1695439738001,1695439738051
17,10.215.173.1,48538,10.215.173.2,53,10421,Iceraven,DNS,Closed,spocs.getpocket.com,65,193,1,1,1695439738010,1695439738028
6,10.215.173.1,32846,18.215.75.185,443,10421,Iceraven,HTTPS,Closed,spocs.getpocket.com,1664,6921,16,16,1695439738034,1695439752886
6,10.215.173.1,59028,18.165.98.63,443,10421,Iceraven,HTTPS,Error,firefox-android-home-recommendations.getpocket.com,1682,19446,20,19,1695439738056,1695439752600
6,10.215.173.1,34808,34.117.64.196,443,10421,Iceraven,HTTPS,Closed,assets.mozilla.net,5468,168540,69,99,1695439738065,1695439752887
17,10.215.173.1,44105,10.215.173.2,53,10421,Iceraven,DNS,Closed,firefox.settings.services.mozilla.com,83,161,1,1,1695439738258,1695439738273
6,10.215.173.1,38446,34.149.100.209,443,10421,Iceraven,HTTPS,Error,firefox.settings.services.mozilla.com,2008,7422,22,22,1695439738276,1695439752591
17,10.215.173.1,25998,10.215.173.2,53,10421,Iceraven,DNS,Closed,content-signature-2.cdn.mozilla.net,81,235,1,1,1695439738593,1695439738627
6,10.215.173.1,55324,34.160.144.191,443,10421,Iceraven,HTTPS,Closed,content-signature-2.cdn.mozilla.net,1579,11283,17,15,1695439738631,1695439752887
17,10.215.173.1,14391,10.215.173.2,53,10421,Iceraven,DNS,Closed,shavar.services.mozilla.com,73,157,1,1,1695439745603,1695439745625
6,10.215.173.1,45586,34.214.148.106,443,10421,Iceraven,HTTPS,Error,shavar.services.mozilla.com,2142,5919,13,12,1695439745652,1695439746105
17,10.215.173.1,48629,10.215.173.2,53,10421,Iceraven,DNS,Closed,www.google.com,60,156,1,1,1695439745668,1695439745688
17,10.215.173.1,46860,10.215.173.2,53,10421,Iceraven,DNS,Closed,www.wikipedia.org,63,108,1,1,1695439745679,1695439745691
6,10.215.173.1,40918,142.250.31.103,443,10421,Iceraven,HTTPS,Error,www.google.com,1534,8882,16,15,1695439745703,1695439746075
6,10.215.173.1,37538,208.80.153.224,443,10421,Iceraven,HTTPS,Error,www.wikipedia.org,1402,8423,14,12,1695439745713,1695439752583
17,10.215.173.1,16034,10.215.173.2,53,10421,Iceraven,DNS,Closed,img-getpocket.cdn.mozilla.net,75,186,1,1,1695439745842,1695439745890
6,10.215.173.1,53286,34.120.237.76,443,10421,Iceraven,TCP,Closed,img-getpocket.cdn.mozilla.net,100,88,2,2,1695439745897,1695439746223
6,10.215.173.1,53288,34.120.237.76,443,10421,Iceraven,HTTPS,Error,img-getpocket.cdn.mozilla.net,948,5104,10,9,1695439745907,1695439746055
6,10.215.173.1,53304,34.120.237.76,443,10421,Iceraven,HTTPS,Closed,img-getpocket.cdn.mozilla.net,3610,101508,31,40,1695439745911,1695439752644
6,10.215.173.1,53318,34.120.237.76,443,10421,Iceraven,HTTPS,Closed,img-getpocket.cdn.mozilla.net,948,5182,10,10,1695439745921,1695439746077
6,10.215.173.1,53320,34.120.237.76,443,10421,Iceraven,HTTPS,Error,img-getpocket.cdn.mozilla.net,948,5064,10,8,1695439745928,1695439746084
6,10.215.173.1,53324,34.120.237.76,443,10421,Iceraven,HTTPS,Closed,img-getpocket.cdn.mozilla.net,1028,5262,12,12,1695439745936,1695439746092
17,10.215.173.1,48763,142.250.31.103,443,10421,Iceraven,QUIC,Closed,www.google.com,1948,9484,8,10,1695439745947,1695439752582
17,10.215.173.1,20399,10.215.173.2,53,10421,Iceraven,DNS,Closed,tracking-protection.cdn.mozilla.net,81,143,1,1,1695439746115,1695439746142
6,10.215.173.1,54422,34.120.158.37,443,10421,Iceraven,HTTPS,Error,tracking-protection.cdn.mozilla.net,1735,8955,15,10,1695439746146,1695439746240
6,10.215.173.1,54438,34.120.158.37,443,10421,Iceraven,HTTPS,Error,tracking-protection.cdn.mozilla.net,2431,62724,29,24,1695439746250,1695439746341
6,10.215.173.1,54452,34.120.158.37,443,10421,Iceraven,TLS,Closed,tracking-protection.cdn.mozilla.net,100,88,2,2,1695439746346,1695439746661
6,10.215.173.1,54456,34.120.158.37,443,10421,Iceraven,HTTPS,Closed,tracking-protection.cdn.mozilla.net,1993,4050,18,16,1695439746599,1695439746883
6,10.215.173.1,54468,34.120.158.37,443,10421,Iceraven,HTTPS,Closed,tracking-protection.cdn.mozilla.net,2195,13226,23,23,1695439746648,1695439746727
6,10.215.173.1,54482,34.120.158.37,443,10421,Iceraven,HTTPS,Closed,tracking-protection.cdn.mozilla.net,2154,17458,22,17,1695439746723,1695439746779
6,10.215.173.1,54492,34.120.158.37,443,10421,Iceraven,HTTPS,Error,tracking-protection.cdn.mozilla.net,4637,365208,84,79,1695439746783,1695439746907
6,10.215.173.1,54504,34.120.158.37,443,10421,Iceraven,HTTPS,Error,tracking-protection.cdn.mozilla.net,8997,1514934,193,232,1695439746912,1695439747236
6,10.215.173.1,54518,34.120.158.37,443,10421,Iceraven,HTTPS,Error,tracking-protection.cdn.mozilla.net,1803,5221,13,8,1695439747265,1695439747308
6,10.215.173.1,54520,34.120.158.37,443,10421,Iceraven,HTTPS,Error,tracking-protection.cdn.mozilla.net,1961,4109,17,15,1695439747322,1695439747377
6,10.215.173.1,54522,34.120.158.37,443,10421,Iceraven,HTTPS,Error,tracking-protection.cdn.mozilla.net,1929,2140,16,12,1695439747383,1695439747427
6,10.215.173.1,54524,34.120.158.37,443,10421,Iceraven,HTTPS,Error,tracking-protection.cdn.mozilla.net,1969,1929,17,14,1695439747440,1695439747482
6,10.215.173.1,54526,34.120.158.37,443,10421,Iceraven,HTTPS,Closed,tracking-protection.cdn.mozilla.net,1968,2118,17,17,1695439747485,1695439747751
6,10.215.173.1,54532,34.120.158.37,443,10421,Iceraven,HTTPS,Error,tracking-protection.cdn.mozilla.net,2116,8949,21,17,1695439747535,1695439747569
6,10.215.173.1,54546,34.120.158.37,443,10421,Iceraven,TLS,Closed,tracking-protection.cdn.mozilla.net,100,88,2,2,1695439747573,1695439747889
6,10.215.173.1,42456,34.120.158.37,443,10421,Iceraven,HTTPS,Error,tracking-protection.cdn.mozilla.net,2118,10919,21,18,1695439747827,1695439747867
6,10.215.173.1,35296,34.149.100.209,443,10421,Iceraven,HTTPS,Closed,firefox.settings.services.mozilla.com,12889,1649929,257,496,1695439767817,1695439846246
6,10.215.173.1,55890,34.160.144.191,443,10421,Iceraven,HTTPS,Closed,content-signature-2.cdn.mozilla.net,1582,11373,18,17,1695439768210,1695439846245
6,10.215.173.1,36214,18.215.75.185,443,10421,Iceraven,HTTPS,Closed,spocs.getpocket.com,1702,1287,13,11,1695439768313,1695439828164
17,10.215.173.1,15643,10.215.173.2,53,10421,Iceraven,DNS,Closed,firefox-settings-attachments.cdn.mozilla.net,90,177,1,1,1695439768354,1695439768388
6,10.215.173.1,33016,34.117.121.53,443,10421,Iceraven,HTTPS,Closed,firefox-settings-attachments.cdn.mozilla.net,300917,4499039,2408,2781,1695439768392,1695439846246
17,10.215.173.1,46888,10.215.173.2,53,10421,Iceraven,DNS,Closed,safebrowsing.googleapis.com,73,89,1,1,1695439805918,1695439805960
6,10.215.173.1,47626,142.251.163.95,443,10421,Iceraven,HTTPS,Error,safebrowsing.googleapis.com,37418,9978424,901,1541,1695439805965,1695439807241
17,10.215.173.1,42663,142.251.163.95,443,10421,Iceraven,QUIC,Closed,safebrowsing.googleapis.com,1925,7245,7,8,1695439806099,1695439806199
17,10.215.173.1,15168,10.215.173.2,53,10421,Iceraven,DNS,Closed,spocs.getpocket.com,65,193,1,1,1695439828511,1695439828537
17,10.215.173.1,30268,10.215.173.2,53,10421,Iceraven,DNS,Closed,spocs.getpocket.com,65,193,1,1,1695439828518,1695439828536
6,10.215.173.1,56098,18.215.75.185,443,10421,Iceraven,HTTPS,Closed,spocs.getpocket.com,1500,6721,14,11,1695439828521,1695439846246

And this unknown connection:

App: Unknown (-1)
Protocol: TLS (TCP)
SNI: content-signature-2.cdn.mozilla.net
Source: 10.215.173.1:55886
Destination: 34.160.144.191:443
Status: Closed
Traffic: 88 B received — 100 B sent
Packets: 2 received — 2 sent
Payload: 0 B
Duration: < 1 s
First seen: 09/22/23 23:29:28.043
Last seen: 09/22/23 23:29:28.060

Let me know if you'd like more details about any of this.

[marcdw1289]

A long time ago I had a ROM setup that blocked all google domains. Iceraven was using Firefox Sync at the time. It was weeks before I realized nothing was syncing. I turned off the blocking and then the syncing worked. A network check showed googleusercontent being used. After re-enabling the blocker the sync no longer worked. I figured that Mozilla used Google servers for their backend, just as amazonaws is used by others.

I no longer use Sync so googleusercontent has never shown up again. See if that's the case for you.

But at the same time I have Mull on an older ROM with sync on but that uses sync.services.mozilla.com so I could be completely wrong. The original ''findings' was like two years ago. 😬

Search the web for "firefox googleusercontent" and you will find folks have discussed it some.