Tips and Tricks

The Answer why Chome communicates behind your back without user consent

First of all, it’s not only Chrome which has some background connections but I decided to mention Chrome in this article because some people constantly telling me that Google is trying to observe the Browser or even worse some people say ‘it’s spying’ in order to steal your data.

Chrome dns
Chrome’s own net-internals tools can reveal what’s going on – a simple visit on reveals what DNS requests are made.

If the Browser is spying why integrate developer tools in order to reveal what’s going on?

Some people still argue that there is a backdoor or ‘spying’ integrated within the Browser, this is nothing but FUD the source code is there and if you don’t like the original version just switch to Chromium and compile it yourself in order to verify the created build or to debug it to see what’s really going to happen at any time.

All Browsers these days coming with developer tools integrated in order to debug websites to find possible problems, security flaws and more. These tools also can be used in order to reveal wherever Chrome is connecting to other domains or not.


There a bunch of tools which Chrome has to offer, one of this are ‘net-internals’ which can give you access to ‘hidden’ features, like DNS queries, Events, used Bandwith and more. chrome://net-internals/#dns is one example in order to see if and to witch domain DNS queries where send. You can quickly see what’s going on ‘behind the scenes’. If you’re don’t trust the internal methods you could also use a web-proxy debugger like Fiddler to verify if what you see is legitimate or not.

You also can see and get the output directly via tcpdump, I give you an example in case you like to check it under Linux (ensure your network interface is changed accordingly):

tcpdump -i eth1 -l > /tmp/tcpdump.log & tail -f /tmp/tcpdump.log

Connections even after you disabled everything

In case you disabled all features like the listed ones:

  • chrome://settings/content/cookies
  • chrome://settings/content/location
  • chrome://settings/content/camera
  • chrome://settings/content/microphone
  • chrome://settings/content/notifications
  • chrome://settings/content/javascript
  • chrome://settings/content/flash
  • chrome://settings/content/backgroundSync
  • chrome://settings/content/automaticDownloads
  • chrome://settings/content/unsandboxedPlugins
  • chrome://settings/content/midiDevices
  • chrome://settings/content/protectedContent
  • Removed all external languages (which usually updates it languages ofer and to get translation suggestions)
  • SafeBrowsing
  • Ads feature
  • chrome://about ….
  • chrome://settings/clearBrowserData (clear the Browser Cache, History etc)
  • Restart the Browser after you changed/cleared everything to start the tests

Or in other words, you tried to turn off everything in order to verify it’s not coming from a ‘feature’ like DoNotTrack but still see connections to eg. – why is that? Well, the answer is following.

The Answer – it’s a feature!

Chrome or Firefox etc. attempting to check whether you are behind a proxy or gateway that requires you to enter a password like what you see a lot in hotels or Captive portal. Chrome in our case tries to send DNS lookup requests to random names, this is the reason the DNS or tcpdump utilities showing for example googleapis. If they all resolve to the same address, it is very likely that the router of the hotel redirects you to a page where you have to accept terms of service, or login, or pay for internet. In this case, Chrome can ask you to login once instead of trashing all your tabs.

Listening connections are no threat even if (like in this case) NetBios is activated on the OS it shouldn’t be a security risk since every modern router integrates a ‘NetBios filter’ in order to prevent any ‘damage’ or performance problems.

Final Words

The majority of users aren’t network experts and cannot possibly care as they simply don’t understand the implications of all this. For some people, this might look like spying but’s definitely not, there is also no privacy boost in case you would disable it. Exactly such false assumptions creating useless projects like Ungoogled Chromium which doesn’t offer any privacy-related improvements, in fact, such forks are possible more vulnerable since there behind the official builds or they remove features which break things or adding hole into the Browser rather than it really helps.

Chrome, same like Firefox give you enough options in order to take control over the connections, some other ‘advance’ connections explicitly don’t have an option in the menu in order to prevent people to do more ‘harm’ to their Browsers.

I partially would suggest that this might gets improved in order to unlock some ‘hidden’ prefs for advanced users, but I see this critical since there are possible no benefit at all. If your router is well configured or you’re not a hotel wifi you never see such request anyway.