Why does my Firefox app connect to Facebook's sites very often according to TrackerControl?
4
votes
0
answers
311
views
I noticed for a while using the app TrackerControl that Firefox connects to Facebook sites very often while I surf the web, for example a simple search on Google, or a search on Startpage.com which sites don't have anything in their pages linked to facebook sites.
I have set TC to block trackers in Firefox by default.
### Trying to find out when this occurs
I thinked that this happens in general until now. In fact before writing this question I did some tests and I noticed **one probable behaviour causing** connections every time, that is if I search a string through a Firefox's search engine in search bar. This happens both with predefined engine (google) and with custom one (startpage). This tests was done when I've just opened Firefox in private browsing so that there wasn't other working tabs (and there was no loaded facebook tabs opened in normal browsing tabs).
Here is TrackerControl after a Startpage search (from bar) where Facebook domains result blocked 5 seconds ago:
Here after a Google search (from bar) where Facebook's domains result also blocked 5 seconds ago:
*Note:* probably (as I remember) instagram's domains are there because I visited it once and it wasn't blocked yet. The relevants domains here maybe are:
*scontent-fco2-1.xx.fbcdn.net* ,
*scontent.xx.fbcdn.net* and
*static.xx.fbcdn.net*
The domains contacted are probably all that appear in the screen under Facebook (see 2nd update).
But I noticed just sometimes that connections happen also if I only interact with firefox's bar and digit something. Than if I just use a page like this and I don't touch search bar, connections to facebook seems to not occurs since TC indicates that some minutes passed after the last connection. But now after about 30 minutes another connection was made even if I didn't touch search bar.
### Who is the actor
This behaviour is strange because it seems that probably is acted by Firefox itself. I've never heard or read that Firefox communicates with Facebook and there is no reason, but only with Google for scanning URLs and downloads. Also after searching in google there are no results.
I don't have strange extensions. Moreover I have the ext. *μBlock* and *Noscript* that should block Facebook together because I explicitly set the first to block Meta's websites in general and the second to block other non website's scripts by default. So those connections in TC should have never occured, except I think if they are made by Firefox, at which level every extension can't operate. Read 1st update.
The problem occured for months, but I postponed this question until now. This means that I noticed this also with older versions of Firefox before the present since more or less one year ago or more.
**Note**: TrackerControl app says explicitly that it doesn't support blocking trackers in browsers yet, but I read I could use it anyway.
### My complete "configuration":
- Firefox from Play Store, version *114.2.0* (for successive versions see bottom)
- Extensions: *uBlock Origin*, *NoScript*, *Decentraleyes*, *Google search fixer*, and other non relevant here but installed noramally from Firefox
- I have search suggestions disabled so no contacts should there be while texting in bar. Moreover I have studies disabled and just "technical data and usage" enabled.
- TrackerControl app installed from F-Droid, version *2023.01.31-fdroid*
- Android version 8.0.0 (I don't think is relevant)
- I forgot to say that I have from the beginning Avast Antivirus Installed, that should protect.
I'm not an expert of TrackerControl. I hope that someone knows what is the reason because is not a good thing.
Does Firefox do this in its code (I don't think) or is just an error of TrackerControl (It's not, see Update 2) or a malware? It's too invasive. Has someone experienced this or can reproduce this?
Thanks in advance.
### Versions:
I've checked if connections to facebook continue in newer versions and I noticed that them happened after every search in these ones: 115.2.1, 116.0.0(this not sure if typed correct), 116.2.0, 116.3.0, 117.0.0, 117.1.0, 118.1.2, 119.1.1, 120.1.0 (current)
Just in version 118.1.1 I noticed very rare connections also after days, but they occurred.
Generally it continues with every successive updates.
---
### Updates:
- As asked in comments, disabling all extensions and restarting Firefox (also rebooting Android) doesn't eliminate the problem, connection persists after a search on the bar.
- I tried app NoRoot Firewall in place of TC (both are VPN based); it gived connections to facebook (and also to instagram) in log right after a search. But Firefox connections was all allowed in rules of NoRoot Firewall. After I re-enabled TC (disabled NoRoot F.), which blocked facebook, those connections was more sporadic or absent for some time. But after one day of use (always with TC block activated) the problem returned as before, so the browser tries to connect at least after every search in bar.
- I want to note that those facebook's domains which I look to often, are under "Essential" section. There are also other fb domains under "Social networks" which is tried to connect to after a search.
- **Important**: All this happens on that Firefox I have installed; in fact if I install a new one all this things don't happen. *So it is a malware that changed something in Firefox that persists with updates? Is it possible? Or maybe in the past I have installed accidentally an extension or taken a malware during surfing, that changes Firefox persistently?* If this is the case Firefox didn't protects itself or Google/Android OS or Avast didn't protect the phone from malware inserting in an application (which should be write protected). In fact I never rooted my phone, but the support ended since some years from the first post so something utilized a vulnerability to write where it should can't do? I have seen that the Knox bit (I own a Samsung) has not been changed from default value, so the malware has never rooted the phone (if this bit works).
- For the persistent changes I thinked there was some
Here after a Google search (from bar) where Facebook's domains result also blocked 5 seconds ago:
*Note:* probably (as I remember) instagram's domains are there because I visited it once and it wasn't blocked yet. The relevants domains here maybe are:
*scontent-fco2-1.xx.fbcdn.net* ,
*scontent.xx.fbcdn.net* and
*static.xx.fbcdn.net*
The domains contacted are probably all that appear in the screen under Facebook (see 2nd update).
But I noticed just sometimes that connections happen also if I only interact with firefox's bar and digit something. Than if I just use a page like this and I don't touch search bar, connections to facebook seems to not occurs since TC indicates that some minutes passed after the last connection. But now after about 30 minutes another connection was made even if I didn't touch search bar.
### Who is the actor
This behaviour is strange because it seems that probably is acted by Firefox itself. I've never heard or read that Firefox communicates with Facebook and there is no reason, but only with Google for scanning URLs and downloads. Also after searching in google there are no results.
I don't have strange extensions. Moreover I have the ext. *μBlock* and *Noscript* that should block Facebook together because I explicitly set the first to block Meta's websites in general and the second to block other non website's scripts by default. So those connections in TC should have never occured, except I think if they are made by Firefox, at which level every extension can't operate. Read 1st update.
The problem occured for months, but I postponed this question until now. This means that I noticed this also with older versions of Firefox before the present since more or less one year ago or more.
**Note**: TrackerControl app says explicitly that it doesn't support blocking trackers in browsers yet, but I read I could use it anyway.
### My complete "configuration":
- Firefox from Play Store, version *114.2.0* (for successive versions see bottom)
- Extensions: *uBlock Origin*, *NoScript*, *Decentraleyes*, *Google search fixer*, and other non relevant here but installed noramally from Firefox
- I have search suggestions disabled so no contacts should there be while texting in bar. Moreover I have studies disabled and just "technical data and usage" enabled.
- TrackerControl app installed from F-Droid, version *2023.01.31-fdroid*
- Android version 8.0.0 (I don't think is relevant)
- I forgot to say that I have from the beginning Avast Antivirus Installed, that should protect.
I'm not an expert of TrackerControl. I hope that someone knows what is the reason because is not a good thing.
Does Firefox do this in its code (I don't think) or is just an error of TrackerControl (It's not, see Update 2) or a malware? It's too invasive. Has someone experienced this or can reproduce this?
Thanks in advance.
### Versions:
I've checked if connections to facebook continue in newer versions and I noticed that them happened after every search in these ones: 115.2.1, 116.0.0(this not sure if typed correct), 116.2.0, 116.3.0, 117.0.0, 117.1.0, 118.1.2, 119.1.1, 120.1.0 (current)
Just in version 118.1.1 I noticed very rare connections also after days, but they occurred.
Generally it continues with every successive updates.
---
### Updates:
- As asked in comments, disabling all extensions and restarting Firefox (also rebooting Android) doesn't eliminate the problem, connection persists after a search on the bar.
- I tried app NoRoot Firewall in place of TC (both are VPN based); it gived connections to facebook (and also to instagram) in log right after a search. But Firefox connections was all allowed in rules of NoRoot Firewall. After I re-enabled TC (disabled NoRoot F.), which blocked facebook, those connections was more sporadic or absent for some time. But after one day of use (always with TC block activated) the problem returned as before, so the browser tries to connect at least after every search in bar.
- I want to note that those facebook's domains which I look to often, are under "Essential" section. There are also other fb domains under "Social networks" which is tried to connect to after a search.
- **Important**: All this happens on that Firefox I have installed; in fact if I install a new one all this things don't happen. *So it is a malware that changed something in Firefox that persists with updates? Is it possible? Or maybe in the past I have installed accidentally an extension or taken a malware during surfing, that changes Firefox persistently?* If this is the case Firefox didn't protects itself or Google/Android OS or Avast didn't protect the phone from malware inserting in an application (which should be write protected). In fact I never rooted my phone, but the support ended since some years from the first post so something utilized a vulnerability to write where it should can't do? I have seen that the Knox bit (I own a Samsung) has not been changed from default value, so the malware has never rooted the phone (if this bit works).
- For the persistent changes I thinked there was some about:config entries modified. So (I figured out how to do and) I searched in all entries some links related to fb but I didn't find anything. So I think is some strange malware from fb more deep in the application.
Asked by bonzo
(41 rep)
Jul 6, 2023, 05:55 PM
Last activity: May 12, 2025, 02:32 PM
Last activity: May 12, 2025, 02:32 PM