Google Hi-Jacking Computers?

[Jackson45acp]

Hello everyone.

I have a concern that I would like to run past the forum.

I am a fairly new user to Ubuntu and I am currently running 10.04 LTS (Lucid Lynx) and I have Firestarter installed.

I notice that sometimes when I open the Firestarter GUI and select STATUS>ACTIVE CONNECTIONS I see where there is a connection to my computer, sometimes even when Firefox hasn't even been launched. It shows a numerical i.p address. When I then right click LOOKUP HOSTNAMES, instead of getting a domain name, it gives me something like Yx-in-f95.1e100.net as connecting on port 80 and more from Google on HTTPS port 443.

I then try to block connections for the numerical 1.p. address under the Outbound Traffic Policy, but each time I block one, another one pops up a few seconds later in it's place. I searched about a dozen of the numerical i.p. addresses under ARIN Whois and they all point directly to Google.

What is bizarre is that this occasionally occurs when the browser isn't even open, but when I launch Firefox and it opens to my home page, (which is an European-based, rugby team website that has NOTHING to do with Google as far as I know of anyway) the Firestarter "Active connections list grows to sometimes about 4 or 5 connections, one being the home page website and the rest to Google. Each numerical i.p. address from Google's domain always switches to something like the Yx-in-f95.1e100.net. NEVER does it say Google.com.

In light of the recent issues with Google's privacy abuse investigation, I am wondering if this is something anyone else is experiencing, and if this is something I should be concerned about. I assume that Google is tracking my online activity with this, but how is it occurring and how do I stop it. I do not want to provide Google jack on my personal surfing habits. Even when I go to Ubuntuforums.org, after a page loads, all I have are about 5 or 6 active connections to i.p. addresses registered to Google. WTF? Even when I leave the sign in page to Ubuntu forums up and the Canonical connection drops from inactivity, Google's connections stay on A LOT longer.

Any help would be greatly appreciated. I apologize if this is posted in the wrong area of the forum, but would really like some help, and I didn't know exactly where to put this post. Also, if anyone knows of a reputable program I can get from the repository or elsewhere that will do a scan on my Ubuntu computer for viruses and malware I would appreciate a pount in the right direction.

And before anyone goes there, I KNOW Linux-based systems are hard to infect and take control of, but it is NOT impossible and the threats are growing against our beloved Ubuntu every day.

Thanks all,

Jax

[kerry_s]

google services on the Web site? like adsense or that counter thing.
could it be dns caching?
pipelining?
your ISP could be using google vm's to improve service?

any which way i'm sure google is not out to get you, unless your doing something your not suppose to.

[Jackson45acp]

Thanks for the reply.

No, I am not doing ANYTHING illegal, on line or otherwise. Far too old for the accompanying consequences.

I have no idea why or how it's happening. I can tell you this much further, that it doesn't matter which site I visit on the web, even something like CNN, I get an active connection to an i.p. belonging to Google.

Well, I should say, every site I have tried, EXCEPT for the U.S. Department of Justice.

Just find it interesting in light of the recent news about Google ramping up their data mining operations and not giving people an option to "opt out".

Doesn't this ring a bell for anyone else? I guess I will have to file a complaint with www.ic3.gov and let them investigate this. After all, it is what I pay my taxes for.

Thanks again,

Jax

[CharlesA]

1) Don't use firestarter
2) See what process the connection belongs to with:

Code:

sudo netstat -nlp

[Dangertux]

Do the websites you're visiting happen to have a google +1 button on them?

Because that will load from google's API hence the connection

So will google analytics, which is used on pretty much everything.

[Jackson45acp]

1) Don't use firestarter
2) See what process the connection belongs to with:

Code:

sudo netstat -nlp

Charles: Thanks for the reply. I ran the sudo command on the home page, and found nothing associated with the connection as far as I can tell. I am still somewhat of a noob, but I do sudo properly and I hope this doesn't sound stupid, but I see nothing in the results that directs me to Google or the specific i.p. address. Is there something else I should be looking for?

Sorry.... I see where you didn't ask for this. LOL!

Jax

[Jackson45acp]

1) Don't use firestarter
2) See what process the connection belongs to with:

Code:

sudo netstat -nlp

By the way, can you tell me why I shouldn't use Firestarter? can you recommend something else? I like it because I can kill alot of connections by adding them to my outgoing traffic policy and it speeds up my page loading BIG TIME. It just seems that Google owns MILLIONS of i.p. addresses and each time I block one, another one pops up from them and I simply do not see how to block a range of i.p. addresses.

Thanks again for your help.

Jax

[Jackson45acp]

Do the websites you're visiting happen to have a google +1 button on them?

Because that will load from google's API hence the connection

So will google analytics, which is used on pretty much everything.

No google+1 or google analytics tab. (I am familiar with what you are talking about on both accounts, also, btw.

Thanks for the reply,

Jax

[Dangertux]

I can almost guarantee there are scripts calling the google API on CNN and probably most of the other sites you visit.

[CharlesA]

Charles: Thanks for the reply. I ran the sudo command on the home page, and found nothing associated with the connection as far as I can tell. I am still somewhat of a noob, but I do sudo properly and I hope this doesn't sound stupid, but I see nothing in the results that directs me to Google or the specific i.p. address. Is there something else I should be looking for?

Sorry.... I see where you didn't ask for this. LOL!

Jax

Yeah, you just needed sudo to show which process a connection belongs to. If it's not there you should be ok.

By the way, can you tell me why I shouldn't use Firestarter? can you recommend something else? I like it because I can kill alot of connections by adding them to my outgoing traffic policy and it speeds up my page loading BIG TIME. It just seems that Google owns MILLIONS of i.p. addresses and each time I block one, another one pops up from them and I simply do not see how to block a range of i.p. addresses.

Thanks again for your help.

Jax

Firestarter is no longer underdevelopment and isn't really meant to be used as a traffic monitor, so to speak, it is meant to be run, have rules enabled and closed.

One alternative is ufw (which is installed by default), or gufw (GUI version of ufw)

https://help.ubuntu.com/community/UFW

I can almost guarantee there are scripts calling the google API on CNN and probably most of the other sites you visit.

Webmasters use it for tracking traffic, if I remember right.