Question firefox connection to German ISP?

[simmerskool]

so running firefox in fedora 41 linux vm (VMware) & with a little digging, I noticed a persistent connection to 93.243.107.34 = Deutsche Telekom AG -- I do not use their services (that I am aware of) I have 4 add-on extensions, I closed them all reboot etc, and firefox makes this connection here. I close firefox and this connection closes. Is this related to firefox security feature or should I let my imagination run wild?

 

[Bot]

It's possible that the connection is related to Firefox's telemetry or updates, which may use various servers globally. However, to be sure, you could try disabling Firefox's telemetry and automatic updates to see if the connection persists. If it does, it might be worth investigating further.

 

[simmerskool]

It's possible that the connection is related to Firefox's telemetry or updates, which may use various servers globally. However, to be sure, you could try disabling Firefox's telemetry and automatic updates to see if the connection persists. If it does, it might be worth investigating further.

can you be more specific what to disable -- I have also consulted your cousin chatGPT 4o. I did discover about:network & about:logging flags.

 

[Bot]

can you be more specific what to disable -- I have also consulted your cousin chatGPT 4o. I did discover about:network & about:logging flags.

Sure, you can disable telemetry by navigating to Preferences > Privacy & Security > Firefox Data Collection and Use, then uncheck the boxes. For updates, go to Preferences > General > Firefox Updates, then choose "Check for updates but let you choose to install them". The about:networking and about:logging flags can provide useful insights into your network activity.

 

[simmerskool]

Sure, you can disable telemetry by navigating to Preferences > Privacy & Security > Firefox Data Collection and Use, then uncheck the boxes. For updates, go to Preferences > General > Firefox Updates, then choose "Check for updates but let you choose to install them". The about:networking and about:logging flags can provide useful insights into your network activity.

thanks but yes I did that yesterday, and this German telco connection persists!

 

[Bot]

thanks but yes I did that yesterday, and this German telco connection persists!

If the connection persists after disabling telemetry and updates, it might be related to another Firefox feature or service. You could try using a network monitoring tool to identify the specific service. If you're still concerned, consider reaching out to Firefox support or Deutsche Telekom to inquire about the connection.

 

[simmerskool]

If the connection persists after disabling telemetry and updates, it might be related to another Firefox feature or service. You could try using a network monitoring tool to identify the specific service. If you're still concerned, consider reaching out to Firefox support or Deutsche Telekom to inquire about the connection.

yes I am headed to wireshark when I some time to isolate this connection. I am more curious than concern at least for now.

 

[Bot]

yes I am headed to wireshark when I some time to isolate this connection. I am more curious than concern at least for now.

That's a great approach. Wireshark will give you a detailed view of your network traffic and should help you identify the source of this connection. Remember to share your findings here. We're curious too!

 

[lokamoka820]

I think it is related to the setting "DNS over HTTPS" I use the default setting which connects you to secure DNS regions to protect your privacy, I noticed that too recently as I started using GlassWire to monitor my network connections, and here is a screenshot showing the location that Firefox and MS Edge connect to while I watched videos on both browsers "no VPN used":



I guess Telegram uses secure connections too, so it is not something suspicious about Firefox, it is a privacy feature, I remember that AVG Internet Security uses the same approach too.

 

[simmerskool]

I think it is related to the setting "DNS over HTTPS" I use the default setting which connects you to secure DNS regions to protect your privacy, I noticed that too recently as I started using GlassWire to monitor my network connections, and here is a screenshot showing the location that Firefox and MS Edge connect to while I watched videos on both browsers "no VPN used":

View attachment 286184

I guess Telegram uses secure connections too, so it is not something suspicious about Firefox, it is a privacy feature, I remember that AVG Internet Security uses the same approach too.

when not using vpn, I do have DoH set Max in firefox with Cloudflare in US, so it is not obvious DoH needs or would need a connection to German ISP. I haven't had a chance yet to use wireshark with that connection. I expect I will sometime this weekend. But sort of counterintuitive that a "privacy feature" makes a connection to another country IMO. Eg here this connection is persistent even when firefox has no websites open, extensions off, obvious telemetry off. I did see something that might suggest this connection might be related to VMware, but need to collect more info.

 

[lokamoka820]

when not using vpn, I do have DoH set Max in firefox with Cloudflare in US, so it is not obvious DoH needs or would need a connection to German ISP. I haven't had a chance yet to use wireshark with that connection. I expect I will sometime this weekend. But sort of counterintuitive that a "privacy feature" makes a connection to another country IMO. Eg here this connection is persistent even when firefox has no websites open, extensions off, obvious telemetry off. I did see something that might suggest this connection might be related to VMware, but need to collect more info.

I want to know too, today GlassWire showed that Firefox used 5 GB and here is the used hosts:



So please keep updating this thread with any info you get, I started to feel this is odd now.

 

[simmerskool]

I want to know too, today GlassWire showed that Firefox used 5 GB and here is the used hosts:

View attachment 286200

So please keep updating this thread with any info you get, I started to feel this is odd now.

Duh, we are in the matrix -- this is a simulation -- I saw the video on YT. (ps maybe on sunday I see if wireshark works for me -- I am rusty)

 

[simmerskool]

ok more and perhaps conflicting info about my fedora firefox connection to 93.243.107.34 when I looked it up on 07 Nov it resolved to Deutsche Telekom AG > Internet Service Provider.
today on a different linux VM shell cmd reports as firefox-b 3601 TCP fedora:52710->93.243.107.34.bc.googleusercontent.com:https (ESTABLISHED). my first thought was firefox uses Google's Safe Browsing service. But is it? fwiw -- chatgpt 4o says: The googleusercontent.com domain is often associated with Google-hosted resources, such as cached content, files, scripts, and assets. Websites or services that leverage Google’s infrastructure (e.g., Google Cloud or certain web apps) may route traffic through this domain.
If a website you're visiting uses services like Google Fonts, hosted libraries (e.g., jQuery from Google's CDN), or other Google cloud resources, Firefox may establish connections to these domains. While this doesn’t inherently mean a violation of privacy, some users see it as a concern because it involves connections to Google’s servers, which could be logged by Google.
So is it curious that a week ago, who_is lookup resolved to German Telco, on more than one lookup service & today a different type search says it's googleusercontent.com?
anyone have more informed info about this

EDIT update search for https://googleusercontent.com/ and it comes back "404. That’s an error. The requested URL / was not found on this server. That’s all we know."

 

[simmerskool]

overnight update re fedora silverblue firefox connection to 93.243.107.34 -- in firefox I disabled block dangerous & deceptive content and this connection is no longer seen. so does firefox need this google related setting if running extensions ublock & privacy badger (in a flatpak bubblewrap container in VMware linux guest OS...??)