Long story short, for various reasons I'm tired of google spying on my web surfing, so I've been monitoring my outbound connections from googlesyndication sites like, er, well, LQ.org and believe I have all their networks blocked now. Thus far my outbound traffic policy denys connections to:

64.233.160.0/19
66.102.0.0/20
72.14.192.0/18
216.239.32.0/19

And it's been working fine except I'm being spammed by firestarter's event notifications:

Time:Jan 3 06:01:30 Direction: Outbound In: Out:eth0 Port:80 Source:192.168.1.111 Destination:66.102.1.104 Length:44 TOS:0x00 Protocol:TCP Service:HTTP
Time:Jan 3 06:01:33 Direction: Outbound In: Out:eth0 Port:80 Source:192.168.1.111 Destination:66.102.1.99 Length:44 TOS:0x00 Protocol:TCP Service:HTTP
Time:Jan 3 06:01:36 Direction: Outbound In: Out:eth0 Port:80 Source:192.168.1.111 Destination:66.102.1.147 Length:44 TOS:0x00 Protocol:TCP Service:HTTP

The GUI gives me the option to disable events by source IP or by port, but the source is me in this case and I still want to be notified of other (non-google) HTTP events.

So I guess I have two questions:
1) Is there a way I can make sure my list of Google network ranges is complete? Or a way to query whois by net block owner rather than IP perhaps? Monitoring traffic all day to find them is becoming quite tedious.
2) Is there a way to ignore/eliminate events based on destination IP? I really like firestarter's little system tray applet (reminds me of BlackICE) but it's almost constantly in a flashing red state since I added google to my blacklist.

TIA for any hints, tips or tricks.

Why not just block all of the Google crap with a hosts file? Or just not accepting any cookies form Google?

# [Google Inc]
127.0.0.1 adwords.google.com #[Gmail ads]
127.0.0.1 pagead.googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com #[Google AdWords]
127.0.0.1 adservices.google.com
127.0.0.1 ssl.google-analytics.com
127.0.0.1 www.google-analytics.com #[Google Analytics]
127.0.0.1 imageads.googleadservices.com #[TrackingCookie.Googleadservices]
127.0.0.1 imageads1.googleadservices.com
127.0.0.1 imageads2.googleadservices.com
127.0.0.1 imageads3.googleadservices.com
127.0.0.1 imageads4.googleadservices.com
127.0.0.1 imageads5.googleadservices.com
127.0.0.1 imageads6.googleadservices.com
127.0.0.1 imageads7.googleadservices.com
127.0.0.1 imageads8.googleadservices.com
127.0.0.1 imageads9.googleadservices.com
127.0.0.1 www.googleadservices.com
127.0.0.1 show.googleadsenseagent.com
127.0.0.1 www.googlecaches.com

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

another good option is to use squid with some ACLs to block google domains... it's a little more powerful than using a hosts file cuz you can use regular expressions to catch addresses which you didn't know were in use (for example, the address "imageads32.googleadservices.com" wouldn't be blocked by the hosts file posted by craigevil)...... squid can also do reverse DNS lookups so that if an IP is used, it will reverse resolve it and then see if it matches any of your ACLs...

just my ...

Nice thing about using HOSTS file is browser doesn't hang momentarily waiting for a timeout. It's just too much maintenance for me. If I had a dedicated server for my gateway I'm sure squid would probably work well too. I'd just prefer to block all of google, that way I don;t have to worry about some new hole compromising my privacy.

Anyway, FWIW, after two days of monitoring my google blacklist is now:

64.233.160.0/19
66.102.0.0/20
66.249.64.0/19
72.14.192.0/18
209.85.128.0/17
216.239.32.0/19

Install a small local proxy
I use wwwoffle but there are others (privoxy)
It does some caching, offline browsing, filtering with regexp (hostname,..) and lots of other things.

Redirecting to 127.0.0.1 with host file can be a pain if you have a local webserver or a restrictive firewall.

I decided to use the hosts file too actually. Still blocking all google traffic with packet filters, my preferred method, but it was just too annoying when accessing sites like LQ.org. Redirecting to 127.0.0.1 in addition to the filter makes site usable again.

Oh, and I do block all cookies by default. Unfortunately that's not enough to keep them from tracking your web surfing (on affiliated sites anyway.)

Why so paranoid? Your IP keeps track of everything you do anyway. What is so bad about Google? As compared to say Yahoo, Lycos, Windows Live or any other web directory.

Maybe its time for a Aluminum Foil Deflector Beanie
http://zapatopi.net/afdb/

Perhaps its time to start running MindGuard.
http://zapatopi.net/mindguard/

Why so worried about people protecting their privacy?

Perhaps it's time to don your swastica and hail homeland security!

So you can't answer my questions?

Why so paranoid? Your ISP keeps track of everything you do anyway. What is so bad about Google? As compared to say Yahoo, Lycos, Windows Live or any other web directory.

There is no such thing as privacy online.

Without Anonymization, every computer in the internet communicates using a traceable Address. That means:

* the website visited,
* the internet service provider (ISP),
* and any eavesdropper on the internet connection

can determine which websites the user of a specific computer visits. But then again even with something like Tor+privoxy or JAP your ISP can still track you.

just use scroogle.org - i think that does pretty much what you want.
and if you're really paranoid, EFF provides something called Anonymizer_Software_EFF.exe - but, as you guessed, it only runs on windoze.

even paranoids have enemies. :-)

Personally I like using Google search engine from my browser. Debian gets money for the searches, oh no Google tracks your searches!! Guess what so does almost every other search engine out there. Unless your searching on how to make bombs or something else that would be illegal I don't see what the big deal is.

Tor + Privoxy, and/or anon-proxy hides most of the crap like your IP adress. Not accepting cookies or at the very least setting them to expire each session takes care of a lot of tracking.

I agree with the above comments.

But, nevertheless, if you are really concerned about privacy in and only in websurfing, my vote would go to onion routers, such as Tor[1].

[1] http://tor.eff.org/

Hey, I know this thread is a couple days old, but I had a few minutes and was reading.
I am in agreement, the isp knows everything you do. Some mentioned tor and others good suggestions as well. Here is one that wasn't mentioned. I really like it too
AnonOS
http://kaos.to/cms/
They have a live cd I use all the time and it is simply wonderful.
It uses tor out of the box and alot of other nice features.

Most ISP's don't track users to the extent Google does. At most they're interested in statistics like network utilization. It takes enormous amounts of storage to keep track of every website every user visits. Unless you're in the business of selling that kind of information (as Google is) there's no rational reason anyone would spend that kind of money.

Now, that's not to say the Gestapo, er FBI, doesn't have a Carnivor program running on your ISP's network, but that's another matter entirely.