99
20
I see my PC has TCP connections open to 1e100.net. Then I checked the whois record and find it is registered to Google. Weird.
A quick search seems to indicate that 1e100.net is pretty popular - about the same reach as adobe.com or bbc.co.uk according to Alexa - but what the hell is it? I run Chrome so assume it might have something to do with that, but why is there so little information about it?
Lunatik
Posted 2009-11-27T08:46:25.203
Reputation: 4 973
77
It's Google Safebrowsing feature in Chrome.
That feature checking sites and tell you if that site is "Attack Site"
sinni800: @MicTech, Google has all it's search servers under the 1e100 domain. I know this is kind of late but w/e. It does not ONLY relate to google safe browsing.
MicTech
Posted 2009-11-27T08:46:25.203
Reputation: 9 888
15
Google Safe Browsing Policy: http://www.google.com/intl/en_us/privacy_browsing.html
"When you visit a site that we think could be a phishing or malware site, your browser will send Google a hashed, partial copy of the site’s URL so that we can send more information to your browser. Google cannot determine the real URL from this information."
1
@CamiloMartin you're wrong, Google can't know all the sites you visit. It says the hash is only sent "when you visit a site that we think could be a phishing..." Firefox uses the same service without compromising privacy. The entire set of hashes is kept locally and updated every 30 minutes. When there's a match (of a hash 32 bits long), it has to request more specific details. https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work https://www.reddit.com/r/privacy/comments/2w3bz7/firefox_how_firefoxs_safebrowsing_feature_sends/conc5m3
– sourcejedi – 2016-02-09T15:19:58.2471If we assume the specific requests are keyed only on the 32-bit hash... that's 1 in 4 billion. So you're right in that Google shouldn't find it hard to de-anonymize the specific request with high confidence. OTOH, they have about that many webpages indexed for the term "food" alone. So they don't know all sites visited, and they would have to make a specific effort, which is the opposite of your claim. It's going be a pretty weird content-defined random sample, so not the highest grade of data to work from. Also the EU would crucify them for doing this and lying in the T&Cs. – sourcejedi – 2016-02-09T15:29:38.650
@sourcejedi Google has a sizeable portion of almost everyone's browsing history just from AdSense and G+ social buttons. Google also has the search history and which links you clicked. From the common domain names you visit, it is reasonably possible to overcome the numerous collisions a 32-bit hash would have, and, I didn't see the EU crucifying anyone over PRISM. Some people are above the law, and it wouldn't be some Merkel puppet that would hassle them. That said, it would be a huge annoyance to do all steps required for true privacy. Half-assed effort is it, for me. – Camilo Martin – 2016-02-09T21:01:48.740
3Half-assed is fine. I use a tracker<cough>ad</cough>-blocker like probably everyone else on this site, yay us. 1) You don't seem to be acknowledging that the 32-bit hash is only sent if the hash is found on a local set of suspicious hashes. 2) The EU already hassled basically every website about cookies, forcing them to add a weird info popup that no-one's happy with, including google websites. 3) If the site already uses AdSense or G+ social, there's zero point spending the cycles to correlate and log these requests, which again, would be incredibly sparse. – sourcejedi – 2016-02-09T22:29:26.627
@CamiloMartin Safebrowsing in Firefox is a useful security feature and it would be great if non-technical users didn't get the impression that turning it off will do anything practical to improve their privacy. Or that everyone's as bad as each other, when the equivalent information is not published about Microsoft SmartScreen and the assumption seems to be that it still sends every single unique url. http://www.carbonwind.net/blog/post/IE8-SmartScreen-Filter-and-TMG-Beta-3-URL-Filtering%28using-Microsoft-Reputation-Service-Beta%29-Whate28099s-inside-SSL%28e2809cquery-traffice2809d%29.aspx
– sourcejedi – 2016-02-09T22:44:54.2907@MicTech, Google has all it's search servers under the 1e100 domain. I know this is kind of late but w/e. It does not ONLY relate to google safe browsing. – sinni800 – 2011-08-19T09:06:10.370
6@AlanB That policy makes sense only when you don't think about it. If it couldn't "determine the real URL from this information", then how the heck could it tell if it's a phishing/malware site? Besides, "partial copy of the site's URL" could mean anything, and I bet it at least contains the full domain name. Bottom line: Google can know all the sites you visit unless they really don't wanted to (which frankly doesn't seem the case). – Camilo Martin – 2012-01-31T09:08:30.313
4Why do the connections stay open (in System Process) long after I closed Chrome? – Michel de Ruiter – 2012-07-25T21:46:33.930
Why the lack of documentation that this domain is used for this purpose though? – Lunatik – 2009-11-27T09:38:29.967
3@MicheldeRuiter Because Google loves you and just wants you to be happy. Like a benevolent big brother watching your every move and giving you the creepily specific targeted advertising you subconsciously know you need. – root – 2013-07-31T19:59:13.257
59... and tells Google what you're browsing. – Moayad Mardini – 2009-11-29T14:12:15.430
14
Here is the truth. Google tracks you, me and everybody!
Lots of Google services use 1e100.net but that doesn't mean 1e100 is just for the services you want to have. For example Google safebrowsing feature(or I should say snitch) is being used no matter what you choose. Even if you disable any option on chrome to prevent safebrowsing, you will still have lots of connections to 1e100.net.
I have been trying to block all connections to 1e100.net but no luck! If you are using Google Chrome or any other Chrome based browser (Comodo Dragon, Yandex Browser and so on), your browser WILL send the URL you are visiting to Google. Even if you tell Chrome not to do that!
You can confirm that with these steps:
Here is the screenshot from Comodo Killswitch after I did those steps:
Not only that, GoogleUpdate.exe will run and send some more information EVEN IF chrome is closed and GoogleUpdate service is DISABLED!
I used Comodo Firewall the block 1e100.net and guess what, Chrome still find a way to open connection and send data to 1e100.net! It even pass through firewall. I don't know how but it does! then I found that Chrome uses IP addresses to access 1e100.net services, not domain name! That's a clever way to get through firewalls. Since there is huge number of IP addresses belonging to 1e100.net, it becames impossible to block it by IP addresses. On the other way, so other services also use 1e100.net which makes blocking 1e100.net resulting in also blocking some google services (maps, gmail, etc).
Google started with the motto "Don't be evil" but I say, "Don't be evil, says the devil".
I recommend to use Firefox as browser (of course you will still need to disable safebrowing in Firefox) and stop using Google products. I know it is a painful experience to do it but it had to be done!
Ramazan Polat
Posted 2009-11-27T08:46:25.203
Reputation: 930
4Lol @ "Here is the truth." If a person doesn't know that Google [very efficiently] tracks them, then they live under a rock. It's how their advertising engine knows how to target you. – aggregate1166877 – 2015-07-22T14:37:03.510
1@aggregate1166877 except it didn't know how to target me, which is why I have a firewall on my cellphone in the first place. A Chinese phone operator for a Czech guy? C'mon... – John Dvorak – 2015-11-11T10:46:07.990
2@JanDvorak, google can spy on you even if you use a firewall. Google uses cookies to track people, which is allowed by firewall because it's considered an HTTP traffic. – Ramazan Polat – 2015-12-04T15:54:24.300
1The worst of 1e100.net connections is that they're wide open, no SSL. At least last time I've monitored them. Saw a lot of traffic for Google Drive stuff, probably backups of WhatsApp and such. For the life of me I can't understand why, of all companies, google does not use secure links for that. – Julius – 2018-09-18T10:52:54.807
12
From Google Help:
1e100.net is a Google-owned domain name used to identify the servers in our network.
Following standard industry practice, we make sure each IP address has a corresponding hostname. In October 2009, we started using a single domain name to identify our servers across all Google products, rather than use different product domains such as youtube.com, blogger.com, and google.com. We did this for two reasons: first, to keep things simpler, and second, to proactively improve security by protecting against potential threats such as cross-site scripting attacks.
Most typical Internet users will never see 1e100.net, but we picked a Googley name for it just in case (1e100 is scientific notation for 1 googol).
BioGeek
Posted 2009-11-27T08:46:25.203
Reputation: 492
1Correct. You could also add that the connections stay open probably due to HTTP persistent connections. – Benjamin Goodacre – 2016-03-07T12:28:37.870
3Note: Pinging Google yields this domain in replies. – Nathan Osman – 2011-01-30T03:14:13.077
4http://support.google.com/bin/answer.py?hl=en&answer=174717 – Derek 朕會功夫 – 2013-03-23T07:26:48.053
491e100 means 1 E 100. 1 * 10 ^ 100. The number, which is named Googol, where Google gets the name from. – brandstaetter – 2009-11-27T09:02:37.823
2http://en.wikipedia.org/wiki/Googol for further reading – brandstaetter – 2009-11-27T09:03:36.760
1@brandstaetter Yes, I got the googol reference when I saw the whois record. Neat :) – Lunatik – 2009-11-27T09:19:27.930