NetSurf version 3.6-3.1, Spying ?

Everything about X, Gnome, KDE, ... and everything running on it

NetSurf version 3.6-3.1, Spying ?

Postby Chris » 2018-11-09 14:30

I installed the NetSurf version 3.6-3.1 with apt-get in Debian v 9.5.
The program is setup to open with a blank page and when I start the program, the monitoring program iftop show Netsurf automatically connects to one of Amazon's servers.

Is that OK?
Chris
 
Posts: 7
Joined: 2017-07-07 18:05

Re: NetSurf version 3.6-3.1, Spying ?

Postby bw123 » 2018-11-09 14:41

I couldn't say that it's okay if it bugs you. I doubt that it's spying though...Is it possibly a resource for online documentation? Or maybe for ca-certificates? These things ave to be hosted somewhere, would any other server be okay or is it just amazon that concerns you for some reason?
User avatar
bw123
 
Posts: 3578
Joined: 2011-05-09 06:02
Location: TN_USA

Re: NetSurf version 3.6-3.1, Spying ?

Postby Chris » 2018-11-09 15:19

WebSurf documentation is located at http://www.netsurf-browser.org, so that's not why.
Maybe CA certificates, but when the program opens with a blank page, it shouldn't look for certificates.
The addresses as it connects to are 79,125,105,113 and 46.51.179.90, both of which belong to Amazon and it worries me, since I absolutely do not trust any commercial company related to the Internet.
Chris
 
Posts: 7
Joined: 2017-07-07 18:05

Re: NetSurf version 3.6-3.1, Spying ?

Postby GarryRicketson » 2018-11-09 15:39

If you don't want it accessing certain IP's, why don't you use your IP tables and just don't allow out going connection to those IP's ?
This can be applied to anything, not just the amazon IP's.
I am not expert enough to tell you exactly how, but I am sure with some search foo, you can get that information, or some one else will be able to give more details. On my main OS I don't use IP tables, I do use Netsurf occasionally but have never noticed on that.

Is that OK?

Many people do not have any problem with it, but as you say:
since I absolutely do not trust any commercial company related to the Internet.

Then maybe it is not OK with you,...I suppose you will want to block anything to or from google as well, ?
User avatar
GarryRicketson
 
Posts: 5192
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: NetSurf version 3.6-3.1, Spying ?

Postby Segfault » 2018-11-09 16:06

The source code is available, you could grep it for those IP addresses. If not found then the party who provided the binary package is to blame.
Segfault
 
Posts: 812
Joined: 2005-09-24 12:24

Re: NetSurf version 3.6-3.1, Spying ?

Postby bw123 » 2018-11-09 16:20

Chris wrote:WebSurf documentation is located at http://www.netsurf-browser.org, so that's not why.
Maybe CA certificates, but when the program opens with a blank page, it shouldn't look for certificates.
The addresses as it connects to are 79,125,105,113 and 46.51.179.90, both of which belong to Amazon and it worries me, since I absolutely do not trust any commercial company related to the Internet.

I don't like automatic connections to anything either, but for me it's more about bandwidth. I guess there are privacy and security issues too. I don't want to update or download anything, or go "online" for documentation or other things. It's a sad thing that programs (even browsers) take for granted that everybody is always connected, and don't mind a few (hundred?) bytes now and then.

I don't think it's realistic to try and avoid any commercial company related to the internet. Commerce is what keeps people motivated a lot of times. Piggybacking on large commercial entities who donate serverspace or bandwidth seem pretty common in opensource, but I guess it does have implications.

Maybe it's a netsurf issue, or maybe some other pkg it uses? I think you should find out before you assume it's netsurf. Even if it's that program, I don;t think you should assume it is for spying. I did a quick look at the link you posted and the project seems well documented, with many support options like irc, mailing list, direct email etc...
User avatar
bw123
 
Posts: 3578
Joined: 2011-05-09 06:02
Location: TN_USA

Re: NetSurf version 3.6-3.1, Spying ?

Postby Chris » 2018-11-09 16:31

Yes, IP tables is an option, but should not be needed in this case when I'm using Debian, where the programs should be clean.
I don't use Google direct, Facebook, Twitter or other like that, and have never done so. :-)
Chris
 
Posts: 7
Joined: 2017-07-07 18:05

Re: NetSurf version 3.6-3.1, Spying ?

Postby GarryRicketson » 2018-11-09 16:41

Ok, well, how long have you been using Netsurf on Debian, ? You might want to update your Netsurf version, if possible. But as I mentioned , I never have seen anything like this my self, on older versions .
Turned out I did not have netsurf installed on this system yet, so I installed it,
but the version is newer, 3.8 , Aug.29, 2018. No amazon Ip 's show any where, checking with 'netstat'. How ever, a quick look at the manual:
Code: Select all
man netsurf

--cookie_file
cookie file

--cookie_jar
cookie jar

The OP might want to take a look at the manual, and how they have things configured, they could have picked up some cookies from the cookie monster, and that is causing a connection to amazon IP's. Hard to say with the lack of details. Besides , not really being a Debian problem necessarily, but a specific browser issue, if it was me I would ask about this on a Netsurf support site
https://www.netsurf-browser.org/contact/
I do not use netsurf that much, so don't know more about it...all though I am impressed at how fast it is, and it has really improved a lot, since the last time I used it.
I notice in the contact page, there is a mail address for security questions, or problems, if the OP really thinks it is "spying" on them , then it would be a security issue, I do not think that is the case though, so I would suggest the OP research this more, check all their cookie caches, etc, before claiming that Netsurf is spying on them. That is sort of like FUD in my opinion.
On any browser, when a lot of cookies accumulate in the cache, strange things can and do start happening.
User avatar
GarryRicketson
 
Posts: 5192
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: NetSurf version 3.6-3.1, Spying ?

Postby bw123 » 2018-11-09 16:43

Chris wrote:Yes, IP tables is an option, but should not be needed in this case when I'm using Debian, where the programs should be clean.
I don't use Google direct, Facebook, Twitter or other like that, and have never done so. :-)


We passed the point where programs are clean a long time ago. Normally, when a browser loads a resource it goes to sleep, what eles is there to do? These browsers now keep running, doing nobody knows what, even when they are just sitting there. It drives me crazy. Why the heck would a browser be doing anything at all before or after loading a page?

It's an interesting topic, hope you figure it out.
User avatar
bw123
 
Posts: 3578
Joined: 2011-05-09 06:02
Location: TN_USA

Re: NetSurf version 3.6-3.1, Spying ?

Postby stevepusser » 2018-11-09 17:50

Interesting...I just built Netsurf 3.8 for MX Linux on vanilla Stretch and Jessie pbuilder platforms: http://mxrepo.com/mx/testrepo/pool/test/n/netsurf/

It doesn't appear that it's being maintained in Debian, though.
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: Flightgear 2018.2.2, 4.19.5 kernel, wine-staging 4.0~rc1, Pale Moon 28.2.2, Mesa 18.2.6, Midori 7.0
User avatar
stevepusser
 
Posts: 10276
Joined: 2009-10-06 05:53

Re: NetSurf version 3.6-3.1, Spying ?

Postby Chris » 2018-11-09 18:22

GarryRicketson - I installed the Web surf about 2 weeks ago and it is still the latest to get via Debian.
Cookie caches are cleaned when I look in iftop.

I forgot to mention a few days ago, I wrote an email to Debian maintainer Vincent Sanders, but unfortunately without any response.
Chris
 
Posts: 7
Joined: 2017-07-07 18:05

Re: NetSurf version 3.6-3.1, Spying ?

Postby debiman » 2018-11-10 10:38

i just grepped the source code:
Code: Select all
grep -rw amazon
netsurf/test/nsurl.c:     "http://The%20Old%20Organ%20Trail%20http://www.amazon.com/gp/product/B007B57MCQ/ref=as_li_tf_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B007B57MCQ&linkCode=as2&tag=brimck0f-20",
netsurf/resources/SearchEngines:Amazon|www.amazon.com|http://www.amazon.com/s/ref=nb_ss_gw?field-keywords=%s|http://www.amazon.com/favicon.ico|
netsurf/!NetSurf/Resources/SearchEngines:Amazon|www.amazon.com|http://www.amazon.com/s/ref=nb_ss_gw?field-keywords=%s|http://www.amazon.com/favicon.ico|
netsurf/!NetSurf/Resources/AdBlock,f79:*[src*="rcm-images.amazon.com"],
netsurf/!NetSurf/Resources/AdBlock,f79:*[src*="rcm.amazon.com"],
libnspsl/public_suffix_list.dat:// Amazon CloudFront : https://aws.amazon.com/cloudfront/
libnspsl/public_suffix_list.dat:// Submitted by Donavan Miller <donavanm@amazon.com>
libnspsl/public_suffix_list.dat:// Amazon Elastic Compute Cloud: https://aws.amazon.com/ec2/
libnspsl/public_suffix_list.dat:// Submitted by Philip Allchin <pallchin@amazon.com>
libnspsl/public_suffix_list.dat:// Amazon Elastic Beanstalk : https://aws.amazon.com/elasticbeanstalk/
libnspsl/public_suffix_list.dat:// Submitted by Adam Stein <astein@amazon.com>
libnspsl/public_suffix_list.dat:// Amazon Elastic Load Balancing : https://aws.amazon.com/elasticloadbalancing/
libnspsl/public_suffix_list.dat:// Submitted by Scott Vidmar <svidmar@amazon.com>
libnspsl/public_suffix_list.dat:// Amazon S3 : https://aws.amazon.com/s3/
libnspsl/public_suffix_list.dat:// Submitted by Luke Wells <lawells@amazon.com>
it could be search engines checking for updates for themselves.
try disabling amazon search engine?
and then there's that libnspsl/public_suffix_list.dat - no idea what that does, but maybe you should find out?
User avatar
debiman
 
Posts: 3064
Joined: 2013-03-12 07:18

Re: NetSurf version 3.6-3.1, Spying ?

Postby stevepusser » 2018-11-10 18:22

Seems to me like quite a leap in logic from that code to accusing Netsurf of spying on you...
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: Flightgear 2018.2.2, 4.19.5 kernel, wine-staging 4.0~rc1, Pale Moon 28.2.2, Mesa 18.2.6, Midori 7.0
User avatar
stevepusser
 
Posts: 10276
Joined: 2009-10-06 05:53


Return to Desktop & Multimedia

Who is online

Users browsing this forum: No registered users and 4 guests

fashionable