From Newsgroup: comp.os.linux.misc


Completely blank firefox - no sites loaded

netstat -an | grep tcp | grep 443

tcp 0 0 192.168.0.7:51446 34.107.243.93:443
ESTABLISHED
tcp 0 0 192.168.0.7:55090 199.232.57.91:443
ESTABLISHED
tcp 0 0 192.168.0.7:51442 34.120.208.123:443
ESTABLISHED
tcp 0 0 192.168.0.7:48282 142.250.129.95:443
TIME_WAIT

All google apart from Fastly inc.

Later on more google connections show up.

netstat -an | grep tcp | grep 443
tcp 0 0 192.168.0.7:59228 142.250.117.95:443
ESTABLISHED
tcp 0 0 192.168.0.7:39762 142.251.29.138:443
ESTABLISHED
tcp 0 0 192.168.0.7:51446 34.107.243.93:443
ESTABLISHED
tcp 0 0 192.168.0.7:39770 142.250.140.95:443
ESTABLISHED
tcp 0 0 192.168.0.7:45788 142.250.117.105:443
ESTABLISHED
tcp 0 0 192.168.0.7:51442 34.120.208.123:443
TIME_WAIT
--
"And if the blind lead the blind, both shall fall into the ditch".

Gospel of St. Mathew 15:14

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.os.linux.misc

On Sat, 1 Nov 2025 19:47:12 +0000, The Natural Philosopher wrote:

netstat -an | grep tcp | grep 443

You’ve got “-a”, which means include all local ports, followed by “-n”,
which means only show connected ports. Plus all the chucking away of
output you didn’t even want in the first place.

Try this:

ss -nt 'dport = 443 || sport = 443'

or even

ss -t state connected 'dport = 443 || sport = 443'
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.os.linux.misc

On Sat, 1 Nov 2025 20:35:51 -0000 (UTC), I wrote:

You’ve got “-a”, which means include all local ports, followed by “-n”,
which means only show connected ports. Plus all the chucking away of
output you didn’t even want in the first place.

Oops, sorry, forgot that “-n” actually means “display numeric port numbers, not service names”.

The rest of it still works, though.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.os.linux.misc

The Natural Philosopher <[email protected]d> wrote:

Completely blank firefox - no sites loaded

netstat -an | grep tcp | grep 443

tcp 0 0 192.168.0.7:51446 34.107.243.93:443
ESTABLISHED

I get (Firefox 140.4.0esr):
tcp 0 0 192.168.1.100:51410 151.101.81.91:443 ESTABLISHED
tcp 0 0 192.168.1.100:59912 34.160.144.191:443 ESTABLISHED
tcp 0 0 192.168.1.100:51390 151.101.81.91:443 ESTABLISHED

The "about:networking" page lists
"content-signature-2.cdn.mozilla.net" which resolves to
34.160.144.191. Also "firefox.settings.services.mozilla.com" and "firefox-settings-attachments.cdn.mozilla.net" which are
151.101.81.91:

$ dig content-signature-2.cdn.mozilla.net

; <<>> DiG 9.18.25 <<>> content-signature-2.cdn.mozilla.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10399
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;content-signature-2.cdn.mozilla.net. IN A

;; ANSWER SECTION:
content-signature-2.cdn.mozilla.net. 483 IN CNAME content-signature-chains.prod.autograph.services.mozaws.net.
content-signature-chains.prod.autograph.services.mozaws.net. 186 IN A 34.160.144.191

$ dig firefox.settings.services.mozilla.com

; <<>> DiG 9.18.25 <<>> firefox.settings.services.mozilla.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46401
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;firefox.settings.services.mozilla.com. IN A

;; ANSWER SECTION:
firefox.settings.services.mozilla.com. 28 IN CNAME mozilla.map.fastly.net. mozilla.map.fastly.net. 31 IN A 151.101.81.91

$ dig firefox-settings-attachments.cdn.mozilla.net

; <<>> DiG 9.18.25 <<>> firefox-settings-attachments.cdn.mozilla.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7059
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;firefox-settings-attachments.cdn.mozilla.net. IN A

;; ANSWER SECTION:
firefox-settings-attachments.cdn.mozilla.net. 42 IN CNAME mozilla.map.fastly.net.
mozilla.map.fastly.net. 54 IN A 151.101.81.91


So Mozilla's using Google and Fastly as hosts for services Firefox
is connecting to automatically. However in the past I've tried to
block these mystery services from connecting, so thanks for the
tip. Also a connection to a government website that I haven't even
visited for weeks! I really which I could ditch FF and just use
Dillo.
--
__ __
#_ < |\| |< _#
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.os.linux.misc

The Natural Philosopher <[email protected]d> writes:

Completely blank firefox - no sites loaded

netstat -an | grep tcp | grep 443

tcp 0 0 192.168.0.7:51446 34.107.243.93:443
ESTABLISHED
tcp 0 0 192.168.0.7:55090 199.232.57.91:443
ESTABLISHED
tcp 0 0 192.168.0.7:51442 34.120.208.123:443
ESTABLISHED
tcp 0 0 192.168.0.7:48282 142.250.129.95:443
TIME_WAIT

https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections
--
https://www.greenend.org.uk/rjk/
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.os.linux.misc

Richard Kettlewell <[email protected]d> wrote:

The Natural Philosopher <[email protected]d> writes:

Completely blank firefox - no sites loaded

netstat -an | grep tcp | grep 443

tcp 0 0 192.168.0.7:51446 34.107.243.93:443
ESTABLISHED
tcp 0 0 192.168.0.7:55090 199.232.57.91:443
ESTABLISHED
tcp 0 0 192.168.0.7:51442 34.120.208.123:443
ESTABLISHED
tcp 0 0 192.168.0.7:48282 142.250.129.95:443
TIME_WAIT

https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections

So this claims to explain the
"firefox.settings.services.mozilla.com" connection I get:

"Login breach information
Firefox Monitor warns you if your online accounts were involved in
a known data breach. For more information, see Firefox Password
Manager - Alerts for breached websites.
To get the latest login breach information and more, Firefox
connects to firefox.settings.services.mozilla.com"

And it links to this page which describes disabling it:

"Turn off website breach alerts
Disabling the feature also prevents Firefox from checking to see if
you've reused these potentially vulnerable passwords on any of your
other saved logins.
1. In the Menu bar at the top of the screen, click Firefox and
select Settings (select Preferences on older macOS versions).Click
the menu button and select Settings.
2. Select the Privacy & Security panel on the left and scroll down
to the Logins and PasswordsPasswords section.
3. Deselect the checkbox for Show alerts about passwords for
breached websites."

But the "Show alerts about passwords for breached web sites"
checkbox was already unselected. Yet the connection was still
made at start-up!
--
__ __
#_ < |\| |< _#
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.os.linux.misc

The Natural Philosopher wrote:

Completely blank firefox - no sites loaded

netstat -an | grep tcp | grep 443

in a command window with admin rights, try netstat -nob

in most cases it shows the process name, so you can tell if it's
something other than firefox, downside is that it's multiple row
output, so grepping for :443 doesn't play nice.

if you have too many connections to see the wood for the trees, and need filtering, switch to powershell with get-netTCPconnection


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.os.linux.misc

[email protected]d (Computer Nerd Kev) writes:

"Login breach information
Firefox Monitor warns you if your online accounts were involved in
a known data breach. For more information, see Firefox Password
Manager - Alerts for breached websites.
To get the latest login breach information and more, Firefox

^^^^^^^^

connects to firefox.settings.services.mozilla.com"

[...]

But the "Show alerts about passwords for breached web sites" checkbox
was already unselected. Yet the connection was still made at
start-up!

Presumably it’s the ‘and more’ in the description.
--
https://www.greenend.org.uk/rjk/
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.os.linux.misc

On 01/11/2025 22:04, Computer Nerd Kev wrote:

So Mozilla's using Google and Fastly as hosts for services Firefox
is connecting to automatically. However in the past I've tried to
block these mystery services from connecting, so thanks for the
tip. Also a connection to a government website that I haven't even
visited for weeks! I really which I could ditch FF and just use
Dillo.

Yes. I looked further and these sites are supposed to be for downloading
lists of 'bad sites' etc.

I noticed a grotty network performance when using a pirate website to
watch Scotland make fools of the USA in the Rugby match and wondered why.

The pirate site was crawling with blocked adware.

Having closed that down there was still a lot of stuff hitting the net
even with no bowser windows open
--
"Nature does not give up the winter because people dislike the cold."

― Confucius

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.os.linux.misc

Richard Kettlewell <[email protected]d> wrote:

[email protected]d (Computer Nerd Kev) writes:

"Login breach information
Firefox Monitor warns you if your online accounts were involved in
a known data breach. For more information, see Firefox Password
Manager - Alerts for breached websites.
To get the latest login breach information and more, Firefox

^^^^^^^^

connects to firefox.settings.services.mozilla.com"

[...]

But the "Show alerts about passwords for breached web sites" checkbox
was already unselected. Yet the connection was still made at
start-up!

Presumably it's the 'and more' in the description.

In that case they're not being very helpful on a page specifically
about "How to stop Firefox from making automatic connections".

"How do I stop Firefox making this automatic connection?"
"You can disable one of the features which uses the data retrieved
over that connection like this..."

If that's really what they're saying then they're as bad as
politicians.

Now those hostnames are blocked in my /etc/hosts, along with most
on this list:
https://support.mozilla.org/en-US/kb/domains-allow-firefox

Another solution is apparantly to edit the URLs in "omni.ja". Since
they've stopped storing all these URLs in the about:config settings
where they were more easily edited in the past: https://wiki.archlinux.org/title/Firefox/Privacy#Editing_the_contents_of_omni.ja

By the way, if Mozilla agree they need a page describing the long
and complicated process (that doesn't work) of stopping Firefox
from phoning home in countless different ways, why don't they just
have a single setting in the browser to universally disable all
such automatic connections? Overall it doesn't seem like they're
acting in good faith with this.
--
__ __
#_ < |\| |< _#
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.os.linux.misc

[email protected]d (Computer Nerd Kev) writes:

In that case they're not being very helpful on a page specifically
about "How to stop Firefox from making automatic connections".

"How do I stop Firefox making this automatic connection?"
"You can disable one of the features which uses the data retrieved
over that connection like this..."

If that's really what they're saying then they're as bad as
politicians.

Now those hostnames are blocked in my /etc/hosts, along with most
on this list:
https://support.mozilla.org/en-US/kb/domains-allow-firefox

Another solution is apparantly to edit the URLs in "omni.ja". Since
they've stopped storing all these URLs in the about:config settings
where they were more easily edited in the past: https://wiki.archlinux.org/title/Firefox/Privacy#Editing_the_contents_of_omni.ja

By the way, if Mozilla agree they need a page describing the long
and complicated process (that doesn't work) of stopping Firefox
from phoning home in countless different ways, why don't they just
have a single setting in the browser to universally disable all
such automatic connections? Overall it doesn't seem like they're
acting in good faith with this.

Mistakes happen, no need to assume bad faith. You can submit a bug
report...
--
https://www.greenend.org.uk/rjk/
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.os.linux.misc

Richard Kettlewell <[email protected]d> wrote:

[email protected]d (Computer Nerd Kev) writes:

By the way, if Mozilla agree they need a page describing the long
and complicated process (that doesn't work) of stopping Firefox
from phoning home in countless different ways, why don't they just
have a single setting in the browser to universally disable all
such automatic connections? Overall it doesn't seem like they're
acting in good faith with this.

Mistakes happen, no need to assume bad faith. You can submit a bug
report...

Every time I've looked at doing that for a Firefox issue I've run
into it turns out someone has already submitted the same bug and
the developers just don't want to fix the problem (marked "INVALID"
or "WONTFIX" or open and ignored for decades). Any other software
from developers like that I wouldn't touch, but with many websites
not just requiring Javascript but now actively blocking Dillo as a
"bot", there's just no good option. So the whole thing really gets
me annoyed.

In this case it was already reported five years ago and they marked
it as WONTFIX after linking to the same article you did: https://bugzilla.mozilla.org/show_bug.cgi?id=1617392

Also a similar bug for the background Firefox process ("agent") on
Windows, closed as INVALID:
"I suspect the URL you're seeing hit is on the remote settings
server (https://firefox.settings.services.mozilla.com) ...
We don't have a way to disable that request except to disable the
entire agent"
https://bugzilla.mozilla.org/show_bug.cgi?id=1689212#c8

Anyway I wouldn't want to try reporting that bug even if it hadn't
been covered already. Every time I look at these things on
Bugzilla it's abundantly clear that I'm just not a member of their
target userbase. It gets me angry just looking at other people's
bug reports, I couldn't stand interacting politely with that crowd
myself.
--
__ __
#_ < |\| |< _#
--- Synchronet 3.21a-Linux NewsLink 1.2