System Process network connection

[Mayayana]

I've just noticed something I've never seen before.
I posted a question in a network/web group, but it
seems to be inactive so I thought I'd try here:

I've noticed in TCPView (sysinternals) that my firewall
and HOSTS file are being bypassed by connections
going through "System Process", typically ports approx.
1550-1700. The connections seem to be made by
Pale Moon (Firefox) but are not even seen by the
firewall. (Online Armor)

Sample:
[System Process]:0 TCP c2:1667 edge-star-shv-09-lga1.facebook.com:http
TIME_WAIT

Can anyone explain this?

 

[Paul]

I've just noticed something I've never seen before.
I posted a question in a network/web group, but it
seems to be inactive so I thought I'd try here:

I've noticed in TCPView (sysinternals) that my firewall
and HOSTS file are being bypassed by connections
going through "System Process", typically ports approx.
1550-1700. The connections seem to be made by
Pale Moon (Firefox) but are not even seen by the
firewall. (Online Armor)

Sample:
[System Process]:0 TCP c2:1667 edge-star-shv-09-lga1.facebook.com:http
TIME_WAIT

Can anyone explain this?

http://forum.sysinternals.com/system-process0-in-tcpview_topic18712.html

"This is a normal report for the TIME_WAIT state: "The TIME_WAIT
state is a state that all the TCP connections enter into when the
connection has been closed.". It's stopped being displayed against
its original process, which might well have exited, and shows against PID 0."

Is the originating process still running ? Or has it exited, with
some connection info in the TCP tables now being inherited by process 0 ?

Paul

 

[Mayayana]

| http://forum.sysinternals.com/system-process0-in-tcpview_topic18712.html
|
| "This is a normal report for the TIME_WAIT state: "The TIME_WAIT
| state is a state that all the TCP connections enter into when the
| connection has been closed.". It's stopped being displayed against
| its original process, which might well have exited, and shows against
PID 0."
|
| Is the originating process still running ? Or has it exited, with
| some connection info in the TCP tables now being inherited by process 0 ?
|

Ah... Thanks. I'd never seen that before, but looking
at the Acrylic DNS debug log I see that what they say
seems to be true. Pale Moon didn't bypass the HOSTS
file. It was stopped from going to specific domains, such
as Akamai. It just looked like it was connected because
the "system process" connection listed that URL.

 

[Mayayana]

That all brings up another interesting detail:
I've tried to block Akamai because they host a
great deal of content and I've read that they're
now getting into the datamining business. But in
many cases, it seems, there's no URL to
an Akamai server in webpages. If I go to BBC News,
for instance, Pale Moon ends up with numerous
Akamai connections. The browser goes to bbc.co.uk,
but that server somehow forwards the request to
an Akamai server on their side. So there's apparently
no way to stop back-end server tracking.

 

[Paul]

That all brings up another interesting detail:
I've tried to block Akamai because they host a
great deal of content and I've read that they're
now getting into the datamining business. But in
many cases, it seems, there's no URL to
an Akamai server in webpages. If I go to BBC News,
for instance, Pale Moon ends up with numerous
Akamai connections. The browser goes to bbc.co.uk,
but that server somehow forwards the request to
an Akamai server on their side. So there's apparently
no way to stop back-end server tracking.

Pale Moon is based on Firefox source.

Firefox in turn, made a change to their design, to honor
Internet Explorer security settings. It wasn't always that
way, but it changed along the way.

There may be an Internet Explorer security setting that prevents
off-site redirections.

Paul

 

[Mayayana]

--
-
| Mayayana wrote:
| > That all brings up another interesting detail:
| > I've tried to block Akamai because they host a
| > great deal of content and I've read that they're
| > now getting into the datamining business. But in
| > many cases, it seems, there's no URL to
| > an Akamai server in webpages. If I go to BBC News,
| > for instance, Pale Moon ends up with numerous
| > Akamai connections. The browser goes to bbc.co.uk,
| > but that server somehow forwards the request to
| > an Akamai server on their side. So there's apparently
| > no way to stop back-end server tracking.
| >
|
| Pale Moon is based on Firefox source.
|
| Firefox in turn, made a change to their design, to honor
| Internet Explorer security settings. It wasn't always that
| way, but it changed along the way.
|
| There may be an Internet Explorer security setting that prevents
| off-site redirections.
|
It turns out there's a setting to control redirects.
Unfortunately, a lot of things seem to break if it's
set to zero. Redirects are apparently common.

 

[Mayayana]

| Yet another sign of the times, I'm afraid. :-( And I think it's just
| going to get worse, and with increasing numbers of ads and adverts. It's
| kinda like TV, where you get about equal portions of ads and content these
| days.
|

Yes. I've been thinking of covering the bottom
inches of my TV screen, as they've gradually been
taken over by ads, previews and station identification.
On the bright side, there's not much on TV that I
want to see.

But not being able to avoid Akamai is a different
problem. It's like being forced to have cable TV. (Which
thankfully I don't have.) In both cases, their business
is basically to rent wires, but increasingly they're
spying on the throughput to sell personal information.
If Akamai delivers a large percentage of pages they
become the ultimate tracker. Tracking from the likes
of Google and Facebook can mostly be prevented, but
tracking by Akamai only needs an IP address.

Maybe we'll need to all use proxy services in order
to stop the madness.... until we discover the proxy
is selling IPs to Akamai in order to prevent having
*their* IP blocked, and our history ends up in the
hands of everyone from NSA to Proctor & Gamble,
anyway.

 

[Mayayana]

| But what exactly are they (or any of them for that matter) tracking?
Just
| the sites we visit? I think you're saying they have access to our real
| personal information, but I'm not sure how - or what - they can get.
|

They're tracking enough to be worth selling. There are
repeated articles about that. There was one just the other
day about phone metadata:

http://webpolicy.org/2014/03/12/metaphone-the-sensitivity-of-telephone-metadata/

That article's interesting in that it shows a number
of examples of types of information that could be
potentially problematic if exposed.

There have also been articles and studies about how
"anonymized" data can be easily de-anonymized. A well
known example is here:

http://www.nytimes.com/2006/08/09/technology/09aol.html?_r=0

(Note you'll have to allow the NYT to set a cookie
and track you if you want to read the article.)

Last week there was a 60 Minutes piece about selling dossiers
of individuals. They're not talking about targetted ads
using "anonymous" data. They're talking about knowing
as much as possible about each individual, and selling
that information to anyone who will pay for it. A number
of large companies with names like Axciom are in the
business of doing just that.

Much of the tracking can be done via normal browser
usage using web bugs, cookies, etc. You don't have to be
logged into Google or Facebook. There are numerous
3rd-party connections on most commercial websites. If
Google/Doubleclick has an ad on each site you visit, for
instance, they can track you everywhere you go. Akamai
can do the same thing by tracking IP addresses, even if
you disable cookies, script and 3rd-party ads.

The whole point of computers is to organize, manage
and work with data easily. There's no such thing as
anonymized data. There's just a growing body of collected
facts being organized by companies and governments to
know as much as possible about peoples' activities.
Comcast actually applied for a patent some time ago
for a mechanism to watch people watching TV, via their
cable box, in order to better target ads.

It goes on and on.... The information is out there for
anyone concerned, but I think most people hold your
view that it's not worth getting worked up about.

 

[Mayayana]

Speak of the devil...

I just came across another interesting one. An interview
with a woman who's written a book about increasing
spying.

http://www.alternet.org/civil-liber...compiled-and-resold?paging=off&current_page=1

One thing I hadn't really been aware of myself is
that a lot of sites are actually set up with a datamining
business model, with themes to draw people in to share
information -- parents support, sharing medical experiences
(the first example in the linked article), etc.