General :
K-Meleon Web Browser Forum
Why after I'm connecting to some HTTPS site using K-meleon 75, it also sends lot of data to a rtc4-nyc.b6.io host and keeps connection with lba2-nyc.b6.io?
Also, I'm receiving lot of incoming ICMP traffic (it looks like some data incapsulated to ICMP) from that rtc4-nyc.b6.io, even after K-meleon was closed hours ago.
Probably there is much more such crap which I currently didn't exposed yet.
I thought at least such small browsers like K-meleon are free from all that tracking, spying and other shit, but seems I was wrong ^^ The only one I surely know that it is free, is old and outdated Opera 12.
Edited 1 time(s). Last edit at 12/13/2016 03:11PM by SomeAnotherOne.
Without giving more details, as which is that site, if not private and you can share it... in a simple search looks like you have Android devices in your home connecting through WiFi and what it look like traffic comming to you, may be a HUB, instead a Switch, sending back information to you PC. Or you are using tethering with your smartphone and what looks like connections from your PC, actually are connections for your android.
But, as said, without further details, can't be said anything useful but pure wild guesses.
Well your versions about "android" and "wifi" are wrong, as I'm not using android devices and wifi spot is completely disabled on my router.
However I nicely checked today behaviour with other sites accessed using HTTPS, and those "wild guesses" generally were not confirmed ^^
As now it is clear that suspicious traffic definitely comes from WAN, but not because K-Meleon does that. It looks like only that particular site does something unclear (as it sends lot of ICMP packets from rtc4-nyc.b6.io, every packet is probably encrypted/incapsulates other protocol, as it has very different size).
So I was wrong with that, suspicioning K-Meleon.
Thank for your answer.
Anyway there is still one small related question I'm interested in -- for what K-Meleon tries to connect to a random port on localhost? (it does it on every startup).
Edited 1 time(s). Last edit at 12/14/2016 05:26PM by SomeAnotherOne.
Since the beginnings of time, that has happened to every Gecko (Mozilla engine) based browser.
Try Firefox or try Seamonkey and you'll see.
Why it does? The engine talks to itself.
http://kb.mozillazine.org/Connections_established_on_startup_%28Firefox%29
Well, thanks one more time for that link. I suspected that it is some of bad stuff from mozilla engine (it's not even a half so cool and nicely coded as old Opera engine ^^). Should just kill it with fire ... wall
If you search further, you'll find it is some kind of way to find out network is working by NSPR i/o functions.
It is harmless, but you can block it with the firewall, if you wish. I have done it myself, and it works exactly the same way.
But I'll add something else. There are quite a few programs out there that use the same methods for checking network availability. From my point of view, it is a dumb behavior, but also guaranties expected functionality for a network depending program. Some may refuse to work correctly if they don't detect the network.
General discussion about K-Meleon
Full of troyans or something else?
Posted by:
SomeAnotherOne
Date: December 13, 2016 03:09PM
Why after I'm connecting to some HTTPS site using K-meleon 75, it also sends lot of data to a rtc4-nyc.b6.io host and keeps connection with lba2-nyc.b6.io?
Also, I'm receiving lot of incoming ICMP traffic (it looks like some data incapsulated to ICMP) from that rtc4-nyc.b6.io, even after K-meleon was closed hours ago.
Probably there is much more such crap which I currently didn't exposed yet.
I thought at least such small browsers like K-meleon are free from all that tracking, spying and other shit, but seems I was wrong ^^ The only one I surely know that it is free, is old and outdated Opera 12.
Edited 1 time(s). Last edit at 12/13/2016 03:11PM by SomeAnotherOne.
Re: Full of troyans or something else?
Posted by:
JohnHell
Date: December 13, 2016 05:00PM
Quote
SomeAnotherOne
Why after I'm connecting to some HTTPS site using K-meleon 75, it also sends lot of data to a rtc4-nyc.b6.io host and keeps connection with lba2-nyc.b6.io?
Also, I'm receiving lot of incoming ICMP traffic (it looks like some data incapsulated to ICMP) from that rtc4-nyc.b6.io, even after K-meleon was closed hours ago.
Probably there is much more such crap which I currently didn't exposed yet.
I thought at least such small browsers like K-meleon are free from all that tracking, spying and other shit, but seems I was wrong ^^ The only one I surely know that it is free, is old and outdated Opera 12.
Without giving more details, as which is that site, if not private and you can share it... in a simple search looks like you have Android devices in your home connecting through WiFi and what it look like traffic comming to you, may be a HUB, instead a Switch, sending back information to you PC. Or you are using tethering with your smartphone and what looks like connections from your PC, actually are connections for your android.
But, as said, without further details, can't be said anything useful but pure wild guesses.
Re: Full of troyans or something else?
Posted by:
SomeAnotherOne
Date: December 14, 2016 05:22PM
Quote
JohnHell
Without giving more details, as which is that site, if not private and you can share it... in a simple search looks like you have Android devices in your home connecting through WiFi and what it look like traffic comming to you, may be a HUB, instead a Switch, sending back information to you PC. Or you are using tethering with your smartphone and what looks like connections from your PC, actually are connections for your android.
But, as said, without further details, can't be said anything useful but pure wild guesses.
Well your versions about "android" and "wifi" are wrong, as I'm not using android devices and wifi spot is completely disabled on my router.
However I nicely checked today behaviour with other sites accessed using HTTPS, and those "wild guesses" generally were not confirmed ^^
As now it is clear that suspicious traffic definitely comes from WAN, but not because K-Meleon does that. It looks like only that particular site does something unclear (as it sends lot of ICMP packets from rtc4-nyc.b6.io, every packet is probably encrypted/incapsulates other protocol, as it has very different size).
So I was wrong with that, suspicioning K-Meleon.
Thank for your answer.
Anyway there is still one small related question I'm interested in -- for what K-Meleon tries to connect to a random port on localhost? (it does it on every startup).
Edited 1 time(s). Last edit at 12/14/2016 05:26PM by SomeAnotherOne.
Re: Full of troyans or something else?
Posted by:
JohnHell
Date: December 14, 2016 06:30PM
Quote
SomeAnotherOne
Anyway there is still one small related question I'm interested in -- for what K-Meleon tries to connect to a random port on localhost? (it does it on every startup).
Since the beginnings of time, that has happened to every Gecko (Mozilla engine) based browser.
Try Firefox or try Seamonkey and you'll see.
Why it does? The engine talks to itself.
http://kb.mozillazine.org/Connections_established_on_startup_%28Firefox%29
Re: Full of troyans or something else?
Posted by:
SomeAnotherOne
Date: December 16, 2016 01:55AM
Quote
JohnHell
Quote
SomeAnotherOne
Anyway there is still one small related question I'm interested in -- for what K-Meleon tries to connect to a random port on localhost? (it does it on every startup).
Why it does? The engine talks to itself.
http://kb.mozillazine.org/Connections_established_on_startup_%28Firefox%29
Well, thanks one more time for that link. I suspected that it is some of bad stuff from mozilla engine (it's not even a half so cool and nicely coded as old Opera engine ^^). Should just kill it with fire ... wall
Re: Full of troyans or something else?
Posted by:
JohnHell
Date: December 16, 2016 02:11AM
If you search further, you'll find it is some kind of way to find out network is working by NSPR i/o functions.
It is harmless, but you can block it with the firewall, if you wish. I have done it myself, and it works exactly the same way.
But I'll add something else. There are quite a few programs out there that use the same methods for checking network availability. From my point of view, it is a dumb behavior, but also guaranties expected functionality for a network depending program. Some may refuse to work correctly if they don't detect the network.
English