search

zen-browser / desktop

🌀 Experience tranquillity while browsing the web without people tracking you!
https://zen-browser.app
Mozilla Public License 2.0
19.01k stars 458 forks source link

Zen Browser making different connections on start #533

Closed coldvisionz closed 3 months ago

coldvisionz commented 3 months ago

What happened?

I was debugging some of my connections and discovered that Zen Browser is making some connections on start. Jut trying to figure their purpose.

What's the point of the first two connections ? I have browser auto-updates disabled, same for add-ons. Sometimes it's making even more connections like on Screenshot 2

Untitled

Reproducible?

Version

1.0.0-a.28

Severity impact

Medium

What platform are you seeing the problem on?

Linux, Windows

Relevant log output

No response

NOCanoa commented 3 months ago

the 76.. IP is vercel the google one would assume because off the search bar can u set the new page and home page to blank and tell me what conections it does?

coldvisionz commented 3 months ago

the 76.. IP is vercel the google one would assume because off the search bar can u set the new page and home page to blank and tell me what conections it does?

I use startpage as my search engine, it uses google queries, maybe, but I don't think it makes connections in the background. also, I monitored librewolf connections and found similar connections that are related to their tracking protection and filter updating stuff, and also updating the google safe browsing database. I did some monitoring in wireshark and found that librewolf and mozilla firefox by default send dns requests to push.services.mozilla.com, which redirects to the CNAME autopush.prod.mozaws.net, If you do a reverse look-up for its IP address, you'll get the domain **.**.**.**.bc.googleusercontent.com (different IP values, different servers). Mozilla's push services are run on Google servers because they are the largest investors of Mozilla. closer to the point, maybe it's just push notifications

so, i was playing around with about:config push notifications values, didn't touch any user.js prefs deleted google search from search engines disabled cloudflare doh in browser for clear results

additional:

and still:

zen.exe,4184,TCP,Established,kubernetes.docker.internal,51495,kubernetes.docker.internal,51496,24.08.2024 2:38:31,zen.exe,,,,
zen.exe,4184,TCP,Established,kubernetes.docker.internal,51496,kubernetes.docker.internal,51495,24.08.2024 2:38:31,zen.exe,,,,
zen.exe,13928,TCP,Established,kubernetes.docker.internal,51497,kubernetes.docker.internal,51498,24.08.2024 2:38:31,zen.exe,,,,
zen.exe,13928,TCP,Established,kubernetes.docker.internal,51498,kubernetes.docker.internal,51497,24.08.2024 2:38:31,zen.exe,,,,
zen.exe,4184,TCP,Established,host.docker.internal,51502,fra15s17-in-f4.1e100.net,https,24.08.2024 2:38:32,zen.exe,,,,
zen.exe,4184,TCP,Established,host.docker.internal,51504,209.100.149.34.bc.googleusercontent.com,https,24.08.2024 2:38:32,zen.exe,,,,
zen.exe,4184,TCP,Established,host.docker.internal,51505,191.144.160.34.bc.googleusercontent.com,https,24.08.2024 2:38:32,zen.exe,,,,
zen.exe,4184,TCP,Established,host.docker.internal,51506,76.76.21.98,https,24.08.2024 2:38:32,zen.exe,,,,
zen.exe,4184,UDP,,omen,49741,*,,24.08.2024 2:38:32,zen.exe,,,,
zen.exe,4184,UDP,,omen,55248,*,,24.08.2024 2:38:32,zen.exe,,,,
zen.exe,4184,UDP,,omen,58996,*,,24.08.2024 2:38:32,zen.exe,,,,

image

gunir commented 3 months ago

I'm pretty sure this is the update checker.

albu-ali commented 3 months ago

@coldvisionz first I like the way you deal with that connections like how with IR

And I noticed it too, the team answer me in this issue #236

Give me your opinion about what they said!

coldvisionz commented 3 months ago

@coldvisionz first I like the way you deal with that connections like how with IR

And I noticed it too, the team answer me in this issue #236

Give me your opinion about what they said!

thank you fren. now it makes sense i just don't like Microsoft & Google connections even if i barely use windows.

albu-ali commented 3 months ago

thank you fren. now it makes sense i just don't like Microsoft & Google connections even if i barely use windows.

Interesting, I think you have already block or you'll block these connections. It's better to block use DNS filtering using NextDNS or Sinkhole.

Me: I like to use NextDNS because many reasons, it's recommended by Michael Bazzell if you know who this guy.

coldvisionz commented 3 months ago

thank you fren. now it makes sense i just don't like Microsoft & Google connections even if i barely use windows.

Interesting, I think you have already block or you'll block these connections. It's better to block use DNS filtering using NextDNS or Sinkhole.

Me: I like to use NextDNS because many reasons, it's recommended by Michael Bazzell if you know who this guy.

Michael Bazzell's book is absolutely amazing tho, i've read it before. I don't think that im gonna block any browser connections for favicon and other stuff, but i always nuke any outgoing connection to microsoft domains or any telemetry.

but talking about the project i really like how it balances privacy tweaks and design and also open sourced.

NOCanoa commented 3 months ago

Btw can I close?

coldvisionz commented 3 months ago

Btw can I close?

yes sure! figured this out i love the project tho

albu-ali commented 3 months ago

Michael Bazzell's book is absolutely amazing tho, i've read it before. I don't think that im gonna block any browser connections for favicon and other stuff, but i always nuke any outgoing connection to microsoft domains or any telemetry.

fren, you really make good job by follow principle of "never trust, always verify." and check the connections! but it's even better to follow the Principle of Least Privilege (PoLP). however you doing great

Michael Bazzell's book is absolutely amazing tho, i've read it before.

fren I see that we have a lot of in common here!!!

but talking about the project i really like how it balances privacy tweaks and design and also open sourced.

I think all the user like that too

coldvisionz commented 3 months ago

Michael Bazzell's book is absolutely amazing tho, i've read it before. I don't think that im gonna block any browser connections for favicon and other stuff, but i always nuke any outgoing connection to microsoft domains or any telemetry.

fren, you really make good job by follow principle of "never trust, always verify." and check the connections! but it's even better to follow the Principle of Least Privilege (PoLP). however you doing great

Michael Bazzell's book is absolutely amazing tho, i've read it before.

fren I see that we have a lot of in common here!!!

but talking about the project i really like how it balances privacy tweaks and design and also open sourced.

I think all the user like that too

thank you! it was a pleasure for me to have a conversation