What is 1e100.net and why do I have TCP ports open to it?

google-chrome security domain

265,570

Solution 1

It's Google Safebrowsing feature in Chrome.

That feature checking sites and tell you if that site is "Attack Site"

sinni800: @MicTech, Google has all it's search servers under the 1e100 domain. I know this is kind of late but w/e. It does not ONLY relate to google safe browsing.

Solution 2

From Google Help:

1e100.net is a Google-owned domain name used to identify the servers in our network.

Following standard industry practice, we make sure each IP address has a corresponding hostname. In October 2009, we started using a single domain name to identify our servers across all Google products, rather than use different product domains such as youtube.com, blogger.com, and google.com. We did this for two reasons: first, to keep things simpler, and second, to proactively improve security by protecting against potential threats such as cross-site scripting attacks.

Most typical Internet users will never see 1e100.net, but we picked a Googley name for it just in case (1e100 is scientific notation for 1 googol).

Solution 3

Here is the truth. Google tracks you, me and everybody!

Lots of Google services use 1e100.net but that doesn't mean 1e100 is just for the services you want to have. For example Google safebrowsing feature(or I should say snitch) is being used no matter what you choose. Even if you disable any option on chrome to prevent safebrowsing, you will still have lots of connections to 1e100.net.

I have been trying to block all connections to 1e100.net but no luck! If you are using Google Chrome or any other Chrome based browser (Comodo Dragon, Yandex Browser and so on), your browser WILL send the URL you are visiting to Google. Even if you tell Chrome not to do that!

You can confirm that with these steps:

Download and install Comodo Dragon(to test any Chrome based browser do that, of course Google Chrome also does that).
Uncheck all checkboxes under the Privacy section in the Setting tab.
Change default search engine for omnibox(you can use duckduckgo or something else).
Type an URL into address bar and chrome immediately inform 1e100.net about the URL you are about to visit!

Here is the screenshot from Comodo Killswitch after I did those steps: enter image description here

Not only that, GoogleUpdate.exe will run and send some more information EVEN IF chrome is closed and GoogleUpdate service is DISABLED!

I used Comodo Firewall the block 1e100.net and guess what, ~~Chrome still find a way to open connection and send data to 1e100.net! It even pass through firewall. I don't know how but it does!~~ then I found that Chrome uses IP addresses to access 1e100.net services, not domain name! That's a clever way to get through firewalls. Since there is huge number of IP addresses belonging to 1e100.net, it becames impossible to block it by IP addresses. On the other way, so other services also use 1e100.net which makes blocking 1e100.net resulting in also blocking some google services (maps, gmail, etc).

Google started with the motto "Don't be evil" but I say, "Don't be evil, says the devil".

I recommend to use Firefox as browser (of course you will still need to disable safebrowing in Firefox) and stop using Google products. I know it is a painful experience to do it but it had to be done!

265,570

Lunatik

Ex-mucker-abouter.

Updated on September 17, 2022

Comments

Lunatik over 1 year

I see my PC has TCP connections open to 1e100.net. Then I checked the whois record and find it is registered to Google. Weird.

A quick search seems to indicate that 1e100.net is pretty popular - about the same reach as adobe.com or bbc.co.uk according to Alexa - but what the hell is it? I run Chrome so assume it might have something to do with that, but why is there so little information about it?
- brandstaetter over 14 years
  
  1e100 means 1 E 100. 1 * 10 ^ 100. The number, which is named Googol, where Google gets the name from.
- brandstaetter over 14 years
  
  en.wikipedia.org/wiki/Googol for further reading
- Lunatik over 14 years
  
  @brandstaetter Yes, I got the googol reference when I saw the whois record. Neat :)
- Nathan Osman over 13 years
  
  Note: Pinging Google yields this domain in replies.
- Derek 朕會功夫 about 11 years
  
  support.google.com/bin/answer.py?hl=en&answer=174717
Lunatik over 14 years

Why the lack of documentation that this domain is used for this purpose though?
Moayad Mardini over 14 years

... and tells Google what you're browsing.
Alan B about 14 years

Google Safe Browsing Policy: google.com/intl/en_us/privacy_browsing.html "When you visit a site that we think could be a phishing or malware site, your browser will send Google a hashed, partial copy of the site’s URL so that we can send more information to your browser. Google cannot determine the real URL from this information."
sinni800 over 12 years

@MicTech, Google has all it's search servers under the 1e100 domain. I know this is kind of late but w/e. It does not ONLY relate to google safe browsing.
Camilo Martin over 12 years

@AlanB That policy makes sense only when you don't think about it. If it couldn't "determine the real URL from this information", then how the heck could it tell if it's a phishing/malware site? Besides, "partial copy of the site's URL" could mean anything, and I bet it at least contains the full domain name. Bottom line: Google can know all the sites you visit unless they really don't wanted to (which frankly doesn't seem the case).
Michel de Ruiter almost 12 years

Why do the connections stay open (in System Process) long after I closed Chrome?
Xenon about 11 years

Google now has a support article: What is 1e100.net?
root almost 11 years

@MicheldeRuiter Because Google loves you and just wants you to be happy. Like a benevolent big brother watching your every move and giving you the creepily specific targeted advertising you subconsciously know you need.
aggregate1166877 almost 9 years

Lol @ "Here is the truth." If a person doesn't know that Google [very efficiently] tracks them, then they live under a rock. It's how their advertising engine knows how to target you.
John Dvorak over 8 years

@aggregate1166877 except it didn't know how to target me, which is why I have a firewall on my cellphone in the first place. A Chinese phone operator for a Czech guy? C'mon...
ramazan polat over 8 years

@JanDvorak, google can spy on you even if you use a firewall. Google uses cookies to track people, which is allowed by firewall because it's considered an HTTP traffic.
mu1988 about 8 years

@CamiloMartin you're wrong, Google can't know all the sites you visit. It says the hash is only sent "when you visit a site that we think could be a phishing..." Firefox uses the same service without compromising privacy. The entire set of hashes is kept locally and updated every 30 minutes. When there's a match (of a hash 32 bits long), it has to request more specific details. support.mozilla.org/en-US/kb/… reddit.com/r/privacy/comments/2w3bz7/…
mu1988 about 8 years

If we assume the specific requests are keyed only on the 32-bit hash... that's 1 in 4 billion. So you're right in that Google shouldn't find it hard to de-anonymize the specific request with high confidence. OTOH, they have about that many webpages indexed for the term "food" alone. So they don't know all sites visited, and they would have to make a specific effort, which is the opposite of your claim. It's going be a pretty weird content-defined random sample, so not the highest grade of data to work from. Also the EU would crucify them for doing this and lying in the T&Cs.
Camilo Martin about 8 years

@sourcejedi Google has a sizeable portion of almost everyone's browsing history just from AdSense and G+ social buttons. Google also has the search history and which links you clicked. From the common domain names you visit, it is reasonably possible to overcome the numerous collisions a 32-bit hash would have, and, I didn't see the EU crucifying anyone over PRISM. Some people are above the law, and it wouldn't be some Merkel puppet that would hassle them. That said, it would be a huge annoyance to do all steps required for true privacy. Half-assed effort is it, for me.
mu1988 about 8 years

Half-assed is fine. I use a tracker<cough>ad</cough>-blocker like probably everyone else on this site, yay us. 1) You don't seem to be acknowledging that the 32-bit hash is only sent if the hash is found on a local set of suspicious hashes. 2) The EU already hassled basically every website about cookies, forcing them to add a weird info popup that no-one's happy with, including google websites. 3) If the site already uses AdSense or G+ social, there's zero point spending the cycles to correlate and log these requests, which again, would be incredibly sparse.
mu1988 about 8 years

@CamiloMartin Safebrowsing in Firefox is a useful security feature and it would be great if non-technical users didn't get the impression that turning it off will do anything practical to improve their privacy. Or that everyone's as bad as each other, when the equivalent information is not published about Microsoft SmartScreen and the assumption seems to be that it still sends every single unique url. carbonwind.net/blog/post/…
Benjamin Goodacre about 8 years

Correct. You could also add that the connections stay open probably due to HTTP persistent connections.
Julius over 5 years

The worst of 1e100.net connections is that they're wide open, no SSL. At least last time I've monitored them. Saw a lot of traffic for Google Drive stuff, probably backups of WhatsApp and such. For the life of me I can't understand why, of all companies, google does not use secure links for that.