search

ungoogled-software / ungoogled-chromium-macos

macOS packaging for ungoogled-chromium
BSD 3-Clause "New" or "Revised" License
261 stars 71 forks source link

Incoming UDP connection from google-analytics.com #75

Closed kramred closed 3 years ago

kramred commented 3 years ago

So, this happened to me today: Search on duckduckgo.com for "google ui guidelines" https://duckduckgo.com/?q=google+ui+guidelines&ia=web

Open first 3 hits in tabs: https://developers.google.com/assistant/interactivecanvas/design https://developers.google.com/photos/library/guides/ux-guidelines https://developers.google.com/mobile-data-plan/ui_guidelines

Get an incoming connection warning from little snitch: from 142.250.184.14 on UDP port 58040

UDP_google_analytics

I could not reproduce this afterwards.

I'm leaving this here as a note that there may be more (google) connection types hidden in the code that are not yet disabled by a patch.

Eloston commented 3 years ago

It's not really clear what your exact setup is, or how your traffic analyzer works. From what I can see, you opened Google-owned webpages, so I'm not surprised there is some analytics traffic happening.

You can try opening DevTools to the Network tab before visiting those webpages to see if the webpage is establishing connections.

kramred commented 3 years ago

Little snitch is an application-based firewall for macOS.

My setup includes uBlock origin and uMatrix with rather strict blocking defaults and the console shows the connection attempts to google-analytics.com with ERR_FAILED (as they should be blocked by uBlock origin) – see below.

That's why I was surprised to see a UDP connection attempt from 142.250.184.14, which was probably falsely assigned to google-analytics.com by little snitch and may just be one of the google servers' outgoing IPs that I was connecting to.

This UDP message would probably have been processed in the context of the tab/window with the google page opened – and not by the chromium browser itself (e.g. as a potential way to bypass connection limitations by extensions)

Anyway, as I cannot find a way to reproduce it and it's probably not related to ungoogled-chromium I'll close this issue now.

uBlock console

Eloston commented 3 years ago

The UDP traffic may also be Quic traffic. It won't be easy to tell unless you have a tool that can inspect and identify packet payloads. I know Wireshark is able to identify Quic traffic.