Linux - DesktopThis forum is for the discussion of all Linux Software used in a desktop context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,008
Original Poster
Rep:
Quote:
Originally Posted by teckk
There was a thread in favorite browser about firefox connecting to AWS, Cloudfront, Google etc. whether you like it or not. It is part of Firefox. You can turn some of that off but not all of it as I recall.
Let me see...Oh that was in 2017, how time flies. https://www.linuxquestions.org/quest...569/page7.html
let me see.. nope
after starting
FF 78.1-esr starting with blank page:
netstat -pantul
firefox auto connections:
tcp 0 0 x.x.x.x:35970 143.204.131.92:443 ESTABLISHED 24700/firefox
whois 143.204.131.92
Organization: Amazon Technologies Inc. (AT-88-Z)
FF 68.11-esr starting with blank page
netstat -pantul no firefox auto connections are made.
is it so difficult to understand that closing all auto connections in FF 68 was possible (what you describe is updating search engine that is easy to disable) while in FF 78esr is not?
FF 68 after customization does not make any auto connections.
Sorry but if updating search engine is your example then is waste of time.
from your reference link a bit further down
let me see.. nope
after starting
FF 78.1-esr starting with blank page:
netstat -pantul
firefox auto connections:
tcp 0 0 x.x.x.x:35970 143.204.131.92:443 ESTABLISHED 24700/firefox
whois 143.204.131.92
Organization: Amazon Technologies Inc. (AT-88-Z)
FF 68.11-esr starting with blank page
netstat -pantul no firefox auto connections are made.
is it so difficult to understand that closing all auto connections in FF 68 was possible (what you describe is updating search engine that is easy to disable) while in FF 78esr is not?
FF 68 after customization does not make any auto connections.
Sorry but if updating search engine is your example then is waste of time.
from your reference link a bit further down
I don't think anyone here is disagreeing with you. I will point this out, however:
Code:
dig -x 143.204.131.92
92.131.204.143.in-addr.arpa. 82633 IN PTR server-143-204-131-92.sfo5.r.cloudfront.net.
...so while that IP address is owned by Amazon, it apparently is used by cloudfront.net. Perhaps cloudfront is hosted on AWS?
Why a cloudfront connection on a blank browser screen? I don't know. I have one too, to IP 13.33.67.113, but I'm on LQ, which uses cloudfront, so that's not surprising. It's not convenient for me to check only one browser window with a blank page right now. I will when I get a chance.
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,008
Original Poster
Rep:
Quote:
Originally Posted by scasey
I don't think anyone here is disagreeing with you. I will point this out, however:
Code:
dig -x 143.204.131.92
92.131.204.143.in-addr.arpa. 82633 IN PTR server-143-204-131-92.sfo5.r.cloudfront.net.
...so while that IP address is owned by Amazon, it apparently is used by cloudfront.net. Perhaps cloudfront is hosted on AWS?
Why a cloudfront connection on a blank browser screen? I don't know. I have one too, to IP 13.33.67.113, but I'm on LQ, which uses cloudfront, so that's not surprising. It's not convenient for me to check only one browser window with a blank page right now. I will when I get a chance.
thank you for responding,
In my first post I listed cloudfront.net (which is not the same as Cloudflare which I also pointed out to avoid confusion)
I am interested how to stop auto connections to amazon. I am not interested with trivial to fix auto connections (as in the case of search engine updates, auto updates, add-on updates and so on. Simply things that I was able to fix long time ago). I also explained that custom user.js available on the internet do nothing.
Clearly, I don't know how to approach this issue so that is why I asked for the solution.
If you know how to solve it, I would appreciate if you share the info.
browser.selfsupport.enabled is set to false
browser.selfsupport.url "" (empty)
app.normandy.xxx is disabled
Another thing that crossed my mind; maybe you've got something new in /features/ directory.
Some of those extensions depend on cloud servers to function.
There was a thread in favorite browser about firefox connecting to AWS, Cloudfront, Google etc. whether you like it or not. It is part of Firefox. You can turn some of that off but not all of it as I recall.
I'm pretty sure ALL of it can be disabled. I have read the ghacks user.js thread on a German security forum.
As I see it, in 2020, Firefox is an opt-out browser - by default it behaves almost as bad as any, erm, bad software - but it is very, very configurable with 'about:config' and 'user.js' settings.
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,008
Original Poster
Rep:
Quote:
Originally Posted by ondoho
I'm pretty sure ALL of it can be disabled. I have read the ghacks user.js thread on a German security forum.
As I see it, in 2020, Firefox is an opt-out browser - by default it behaves almost as bad as any, erm, bad software - but it is very, very configurable with 'about:config' and 'user.js' settings.
firefox 79 autoconnecting to cloudfront
tcp 0 0 x.x.x.x:36438 143.204.131.41:443 ESTABLISHED 4122/firefox
most weak ciphers enabled (I did better with my own cipher settings)
0xc00a TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CBC, SHA-1
0xc014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA CBC, SHA-1
0x009c TLS_RSA_WITH_AES_128_GCM_SHA256 NO PFS
0x009d TLS_RSA_WITH_AES_256_GCM_SHA384 NO PFS
0x002f TLS_RSA_WITH_AES_128_CBC_SHA NO PFS, CBC, SHA-1
0x0035 TLS_RSA_WITH_AES_256_CBC_SHA NO PFS, CBC, SHA-1
most weak ciphers enabled (I did better with my own cipher settings):
0xc00a TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CBC, SHA-1
0xc014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA CBC, SHA-1
0x009c TLS_RSA_WITH_AES_128_GCM_SHA256 NO PFS
0x009d TLS_RSA_WITH_AES_256_GCM_SHA384 NO PFS
0x002f TLS_RSA_WITH_AES_128_CBC_SHA NO PFS, CBC, SHA-1
0x0035 TLS_RSA_WITH_AES_256_CBC_SHA NO PFS, CBC, SHA-1
firefox 79 auto connecting to cloudfront:
tcp 0 0 x.x.x.x:36438 143.204.131.41:443 ESTABLISHED 4122/firefox
this is worst than my configuration
My point is that in spite of your beliefs, at this point there is no way to correct issues that I mentioned in my first post when using Firefox 79. Firefox 68 after modifications works well and until now I have not read anything new.
So unless you can prove otherwise, currently Firefox 79 is a waste and no user.js can fix it. I can prove it, on the other hand you are not able to prove otherwise.
So please with all due respect, don't waste my time.
If you know how to improve it, please provide the solution, or stop just give some general information, (well known for so many years by the way).
So unless you can prove otherwise, currently Firefox 79 is a waste and no user.js can fix it. I can prove it, on the other hand you are not able to prove otherwise.
So please with all due respect, don't waste my time.
I'm not sure whether your hand-picked code snippet counts as proof, but at best all you "proved" is that your FF still connects to 143.204.131.41 - whether you installed the user.js correctly, read through it and understood it, or have some other options that are still interfering, we do not know.
I'm not saying I'm 100% right and you're 100% wrong, but you don't seem to have the patience to actually go through everything in detail, post full code output etc.
And no, that's not my job.
You postulated that there's no way to stop FF 79 from making certain connections, and seem strangely opposed to anything that questions this initial premise, although you want precisely that.
BTW, in your initial post there were 4 servers, now it's only 1 - progress? On the right track?
I'm not sure whether your hand-picked code snippet counts as proof, but at best all you "proved" is that your FF still connects to 143.204.131.41 - whether you installed the user.js correctly, read through it and understood it, or have some other options that are still interfering, we do not know.
I'm not saying I'm 100% right and you're 100% wrong, but you don't seem to have the patience to actually go through everything in detail, post full code output etc.
And no, that's not my job.
You postulated that there's no way to stop FF 79 from making certain connections, and seem strangely opposed to anything that questions this initial premise, although you want precisely that.
BTW, in your initial post there were 4 servers, now it's only 1 - progress? On the right track?
I listed only one server just as example,
yes, I know where user.js file goes:
~/.mozilla/firefox/my_profile_name/
Quote:
post full code output etc.
And no, that's not my job.
not sure what are you talking about. What code?
Quote:
You postulated that there's no way to stop FF 79 from making certain connections, and seem strangely opposed to anything that questions this initial premise, although you want precisely that.
??
Quote:
And no, that's not my job.
I am sorry, but you are unnecessary taking my time. Of course this is not your job,
but you are not helping, I doubt that you know the answer, so just let's stop here.
I don't have patience because these (your suggestions) are really obvious things which I am trying to convey but it seems that you are not receptive.
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,008
Original Poster
Rep:
Quote:
Originally Posted by ondoho
As you are mine.
Pleae, just stop posting, there's nothing constructive forthcoming anyhow.
Don't be ridiculous.
I started this topic so it is up to me to decide when to close it. Based on your posts, you can't provide anything new/constructive. Your "help" is not welcome.
Can you provide solution?
From your posts it is clear that you can't so please stop posting here.
Another thing that crossed my mind; maybe you've got something new in /features/ directory.
Some of those extensions depend on cloud servers to function.
Thank you for responding,
All these services are disabled.
Firefox profile that I am testing does not have any addons installed.
Thank you for responding,
All these services are disabled.
Firefox profile that I am testing does not have any addons installed.
Should have been more specific, they are not extension in the profile but "features" in browser/features/ directory of the package, as they are compiled with firefox by default.
In case a new "feature" was added with new version, it would probably be enabled by default, and while you may have blocked the old features it's possible there's something else there.
Don't be ridiculous.
I started this topic so it is up to me to decide when to close it.
No, it isn't.
And it also isnt up to you to tell others to stop posting to it.
Also I think you're getting pretty close to insults now.
BTW, if you're so sure you're right about those amazon servers then instead of complaining about it, you should do something about it.
Like opening an issue against the ghacks and/or pyllyukko user.js. I'm sure they would be happy to look into & do sth about it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.