Can I safely block some of the browser's automatic connections?

silverblue02 · October 25, 2022, 7:38pm

The default browser makes several automatic connections on startup and I would like to use Netguard to block some of them to prevent that these sites/services get my ip address every time I open the browser.

I’m talking about the following:

ip address 40.114.177.156, said to have DuckDuckGo’s main site as the final URL (according to Webbkoll)
cdn-185-199-108-153.github.com (the numbers in this address are slightly different sometimes, but always contain github.com)

Can I safely block these connections or do they serve any important purpose?

I’m especially concerned about the connections to Github because it is owned by Microsoft. But maybe it is somehow necessary because Bromite (which was forked for /e/) uses Github for various things (e.g. to host its source code).

Can someone help me please?

obacht · October 25, 2022, 8:06pm

Maybe naive (?)… but why not simply block these ips and test/observe the browser behaviour.
If anything does not work as expected you may permit these ips again.

SkewedZeppelin · October 26, 2022, 1:33am

The Bromite adblock filters are pulled from bromite.github.io via this patch which is included in the /e/OS fork afaict: bromite/Bromite-AdBlockUpdaterService.patch at 692764d0733a5a3d62e383cd4b8d378d611cdf24 · bromite/bromite · GitHub

Reminder that /e/OS Browser/WebView is from March and has 233 known security issues: https://divestos.org/misc/ch-dates.txt

silverblue02 · October 26, 2022, 9:01pm

There seems to be no difference, but I’d like to know for sure.

I disabled Adblock, but starting the browser still results in a connection to Github’s CDN

Thanks for mentioning, I wasn’t aware of that. Sounds really bad. Why is it not updated? It’s the default browser after all.

SkewedZeppelin · October 26, 2022, 10:28pm

@silverblue02
I think the adblocker is always enabled, as part of the website preferences system. Hence the downloads still.

Curious why you would disable it? If you don’t want the Github connection perhaps set the filter URL to an invalid path like https://0.0.0.0/filters.dat

Why is it not updated?

Isn’t that the question? But again, it is not just the Browser, the WebView component is loaded directly into many apps that want to display web content.

silverblue02 · October 27, 2022, 8:26pm

But the option to disable the ad blocker would be misleading then.

Anyway, if the browser and the webview are that outdated and vulnerable they are no longer an option for me. I think I’ll go for Bromite then.

To be honest, I am disappointed that /e/ hasn’t updated its browser and webview for such a long time