GreenMamba

Q: Unwanted network connections.

To start I am hoping this post will be put in Apple Support Communities > Mac OS & System Software > El Capitan...

 

I am currently using a 13" Macbook Pro late 2014 RETINA display SSD hard drive with an i5 intel. However I have been using mac's for the past 10 or so years and I love them. I am starting this discussion for the simple yet complex questions involved with network activity. What ever happened to booting up your mac/system and you "the user" is the person who makes all of these outside connections to the internet. I use Little Snitch, along with iStats. It seems kind of weird to need an app to watch all of your network connections. I was always under the impression only Windows (especially windows 10) was the OS that kept and sent all of your data back to Microsoft. Simply put for the lay mac user we don't even know what the majority of these daemons are trying to connect to the web for. A quick example is gamed. I have researched and looked up all of the Game Kit Frameworks which support this protocol, in total I believe there are 16. I have looked at each and decided I don't use any of them so why does this daemon need to connect to the outside world automatically? So I decided I would not allow it to connect to the web. Unfortunately i have recently read El Capitan has "System Integrity Protection" which prevents even root from modifying system files. So in short what does this mean? Again as a lay mac user (i am not a programmer or computer engineer) why must certain items run even if I don't use them? Geo-location is another example, probably better than gamed. I am under the assumption after researching a little bit, the com.apple.geod.xpc protocol basically is a location service. Well what if I don't want my location to be documented constantly while using my mac? Why can't i just turn it off. I believe it is mainly used for Maps. I started this thread with the intention of maybe getting an answer with a list of protocols/daemons/connections which need to be made and why. It seems like everyday I am googling to see what one of these Apple services are and why I need to be allowing it to connect to the web. Recently I had an unauthorized ovh.net server attached to my netstats and it was only receiving data from my laptop. I am not sure if i caught a virus on a website or something, but it spooked me enough to wipe my SSD and do a clean re-install. For me this process isn't very difficult because i keep all of my photos and data backed up on external hard drives and i just wanted to make sure that the server which was connecting to me was gone, and took whatever little code that allowed it to connect was gone with it. In short I would really appreciate some replies with Apple services which try to connect upon startup but you do not need. I am trying to run a system with as little bloat as possible. I do not want to use iCloud but it almost seems impossible because i own an iPhone, Macbook, and other Apple products which all want to communicate (even though i wish they were just single entities). If I can please get some help with things I can get rid of without disrupting the integrity of my UNIX-like OS aka OS X El Capitan I would be very happy. I would also like to see some replies to see if anyone feels the same way I do.


Thanks


MacBook Pro (Retina, 13-inch, Mid 2014), OS X El Capitan (10.11.3)

Posted on Feb 1, 2016 8:30 AM

Close

Q: Unwanted network connections.

  • All replies
  • Helpful answers

Previous Page 2 of 5 last Next
  • by OregonRebel,

    OregonRebel OregonRebel Feb 5, 2016 5:53 PM in response to GreenMamba
    Level 1 (37 points)
    Mac OS X
    Feb 5, 2016 5:53 PM in response to GreenMamba

    Jees, I finally help someone and can't get credit for it.

     

    Call it a freebie! 

  • by OregonRebel,

    OregonRebel OregonRebel Feb 5, 2016 6:47 PM in response to GreenMamba
    Level 1 (37 points)
    Mac OS X
    Feb 5, 2016 6:47 PM in response to GreenMamba

    Even iTunes is a problem - it doesn't just make 1 or 2 connections, there are LOTS.

     

    There's one connection showing in the LS Monitor right now that resolves to all these addresses:

    android-market.l.google.com, apis.google.com, clients.l.google.com, clients1.google.com, clients2.google.com, clients4.google.com, clients6.google.com, feedburner.google.com, feeds.feedburner.com, hangouts.google.com, market.android.com, plus.google.com, plus.l.google.com, s.youtube.com, storeassetd, tools.google.com, tools.l.google.com, translate.google.com, via, video-stats.l.google.com, www.googlecommerce.com, www.youtube-nocookie.com, www.youtube.com, www3.l.google.com, www4.l.google.com, youtube-ui.l.google.com

     

    IP Addresses: 173.194.33.128-173.194.33.137, 173.194.33.142, 173.194.33.160-173.194.33.169, 173.194.33.174, 216.58.193.78, 216.58.193.110, 216.58.193.174, 216.58.216.142, 216.58.216.174

     

     

    I only want the bare minimum of connections being made to Apple in order for my apps to work.

    I've blocked p24-buy.itunes.apple.com, mzstatic.com, phobos.apple.com, se2.itunes.apple.com, securemetrics.apple.com, xp.apple.com, yet iTunes still seems to function normally and download podcasts.

     

     

    I'll never buy in-app game add-ons or anything from the iTunes Store or MAS, yet storeassetd via com.apple.CommerceKit.TransactionService and storeinappd via com.apple.CommerceKit.TransactionService try to connect on reboot.

     

    I don't use IM (FaceTime), yet IMRemoteURLConnectionAgent.xpc continually tries to connect.

     

     

    ENOUGH'S ENOUGH, APPLE!

  • by GreenMamba,

    GreenMamba GreenMamba Feb 6, 2016 8:37 AM in response to OregonRebel
    Level 1 (13 points)
    Desktops
    Feb 6, 2016 8:37 AM in response to OregonRebel

    I had 0 apps running upon startup. Allowed my laptop to sit for a few mins did a netstat command in terminal and it showed 6 connections 3 of the 6's I.P's started with 17 so they were apple. One was an Amazonaws:https and the others i don't want to mention because i am still looking into why the **** they were, and why they were connected. Like you i want the bare minimum just like i said in my initial post. I also do not use any FaceTime, iMessages, or anything which makes my laptop a third party to my phone. Yet like you seems like I have to run IMremoteURELConnectionAgent.... WHY?

     

    If someone can please reply with a way to use your macbook pro with only the protocols you want running. Please tell me how, and not to just deny the outgoing connections with Little Snitch. Please!

  • by GreenMamba,

    GreenMamba GreenMamba Feb 6, 2016 8:38 AM in response to OregonRebel
    Level 1 (13 points)
    Desktops
    Feb 6, 2016 8:38 AM in response to OregonRebel

    Also OregonRebel, some of those I.P's might be extensions you have added to Safari.

  • by OregonRebel,

    OregonRebel OregonRebel Feb 6, 2016 3:21 PM in response to GreenMamba
    Level 1 (37 points)
    Mac OS X
    Feb 6, 2016 3:21 PM in response to GreenMamba

    It was iTunes that was trying to connect to that list of addresses, it wasn't Safari.

  • by GreenMamba,

    GreenMamba GreenMamba Feb 6, 2016 3:51 PM in response to OregonRebel
    Level 1 (13 points)
    Desktops
    Feb 6, 2016 3:51 PM in response to OregonRebel

    Wow.. I'm on your side I just don't think I've ever seen that many connections being made from my iTunes. A few of those go through Safari for me though that's why I said that. I hope someone can give us an answer on how to run the current OS X using the least amount of protocols & connections to the web "we aren't making."

  • by OregonRebel,

    OregonRebel OregonRebel Feb 6, 2016 4:55 PM in response to GreenMamba
    Level 1 (37 points)
    Mac OS X
    Feb 6, 2016 4:55 PM in response to GreenMamba

    I never noticed them either until I began closely inspecting the connections because I was posting in this discussion.

    I know some of them (such as feedburner.com) are for podcast downloads, but it just proves the point of this topic, which is to say that there are way too many connections that users don't know about. The average user has no idea all those connections are being made.

     

    I have never watched videos in iTunes, yet look at all the video-related connections:

    s.youtube.com

    video-stats.l.google.com

    www.youtube-nocookie.com

    www.youtube.com

    youtube-ui.l.google.com


    And I have no need for googlecommerce.com and certainly don't want iTunes contacting Google without my permission or a good reason for doing so. There are about 15 Google addresses in the list!


    I don't use IOS devices, so why is iTunes on my Mac computer trying to talk to android-market.l.google.com?

  • by Drew Reece,

    Drew Reece Drew Reece Feb 6, 2016 8:47 PM in response to GreenMamba
    Level 5 (7,485 points)
    Notebooks
    Feb 6, 2016 8:47 PM in response to GreenMamba

    GreenMamba wrote:

     

    Transparency is DEFINITELY the issue. I wish I could find a realtime updated list of protocols which are vital to OS X El Capitan's UNIX system integrity and why they NEED to be ran as soon as the system starts. For example Camelot, Maps.app also uses geo location to tag photos, videos and God only knows what else because I cannot find a complete list. But you are right, for the most part i think it is just to make the users experience more convenient. Unfortunately I am not one of those people. I want to know what is running and why.

    OS X has never documented all of the services that it calls out to on the web. It would be pointless because normal users would not be able to decipher what is required. Even the most advanced users will have a lot of work deciding which features they need, apps have never been designed to allow piecemeal access to specific services let alone specific IP's & domains, apps and features will fail in new & bizarre ways if you could 'pick & choose'.

     

    If you really want an OS that lets you have full control over networking install Kali Linux – it does not enable any networking by default. You need to enable interfaces & decide what you want to be allowed. Browsers & other apps will still try to use location based services if a site or app requests it (it's part of the HTML5 spec).

    http://kali.org/

     

    You appear to be considering disabling SIP – a feature that is built into OS X to add security (e.g. preventing one app reaching into another apps memory - like SIMBL). If you don't trust Apple how can you justify using their OS? They do document how they try to handle your privacy this is a good place to start.

    https://www.apple.com/privacy/

     

    It seems impractical to disable parts of an undocumented OS based on guesswork from Little Snitch at least with Kali you can go find the sources & read how it should work (or ask on the mailing lists). Use Charles to see inside some of the traffic if you must try to uncover the hidden secrets of http…

    http://www.charlesproxy.com/

    Apple's open source code can also be viewed but that doesn't include everything in the OS so you face an uphill struggle (maybe this OS is not suitable for you?).

    http://www.opensource.apple.com

     

    There is another way to prevent internet access and remove the need for hacking the OS to block the outbound traffic. Block it at the gateway.

    It requires some hardware, software, network configuration and lots of work (a pfSense firewall or Sophos UTM9 install could work). You will also need to install a certificate to allow the firewall to inspect inside https traffic (assuming you want it to access that too). That will probably break some online services, but many should still work, corporate firewalls try this all the time with varying degrees of success. The Mac can be kept close to a 'default' state if the network blocks the unwanted traffic.

    You can block whatever you choose (including ads, file sharing, streaming video, explicit content, known bad servers…) it can also be used with other devices on your network too. I suspect you will find yourself constantly trying to disable or weaken parts of it just to make the Macs & iOS devices work but it can improve security if done right.

  • by FishingAddict,

    FishingAddict FishingAddict Feb 6, 2016 9:50 PM in response to GreenMamba
    Level 4 (1,542 points)
    Mac OS X
    Feb 6, 2016 9:50 PM in response to GreenMamba

    What ever happened to booting up your mac/system and you "the user" is the person who makes all of these outside connections to the internet.

    Unfortunately, the majority of all current computer users do not seem to care about their privacy or security.  Instead they want "features" including connectivity, social, location, and sharing, to be easy and immediately available with no knowledge of how it works.  Apple has done their best at keeping such needs secure, but they need to cater to these users to continue to sell products.  You are an atypical user and therefore need to take steps to disable the services that you don't need.

     

    Unfortunately i have recently read El Capitan has "System Integrity Protection" which prevents even root from modifying system files. So in short what does this mean?

    The new SIP feature (also referred to as rootless) is an exceptional security feature that prevents modification of the core system files that should never, ever, be modified.  This ensures that not even a trojan can modify critical files, nor can a poorly developed application, nor a user.  If you are security conscious, then you should completely embrace the value of SIP as it's another layer of security in the Mac's already hardened OS.

     

    Again as a lay mac user (i am not a programmer or computer engineer) why must certain items run even if I don't use them? Geo-location is another example, probably better than gamed. I am under the assumption after researching a little bit, the com.apple.geod.xpc protocol basically is a location service. Well what if I don't want my location to be documented constantly while using my mac? Why can't i just turn it off.

    You can turn it off, along with nearly any other feature that you don't use.  Have you ever looked through ALL of the options in System Preferences?  In a few minutes I found these settings that you may want to consider:

     

    • System Preferences > Security & Privacy > Privacy > DISABLE "Location Services"
    • System Preferences > Security & Privacy > Privacy > DISABLE "Send diagnostics ..."
    • System Preferences > Spotlight > DISABLE "Allow Spotlight Suggestions in Spotlight and Lookup"
    • System Preferences > Spotlight > DISABLE "Bing Web Searches"
    • System Preferences > iCloud > "Sign Out"
    • System Preferences > Extensions > Go through every sidebar item and DISABLE each you don't want
    • System Preferences > App Store > DISABLE "Automatically check for updates"
    • System Preferences > Internet Accounts > Delete any account that you don't use
    • System Preferences > Users & Groups > Select your user > Login Items > Remove all that you don't want running
    • System Preferences > Users & Groups > Select your user > Login Items > Remove all that you don't want running

     

    I do not want to use iCloud but it almost seems impossible because i own an iPhone, Macbook, and other Apple products which all want to communicate (even though i wish they were just single entities).

    You absolutely do not need to use iCloud on any of your Mac OS or iOS devices!  Just log out of iCloud on all of them and you are done.  Lack of iCloud has no effect whatsoever on the function of your IOS device or Mac OS (you just can't use the syncing features).  In place of iCloud sync, you could go back to using iTunes to sync by cable to each device (like in the 2000's).

     

    If I can please get some help with things I can get rid of without disrupting the integrity of my UNIX-like OS aka OS X El Capitan I would be very happy

    If you really want a completely minimal UNIX-like OS that has minimal services enabled by default, no default cloud or social features, and no services phoning home at all, then you'll want to install Linux Mint Xfce instead of Mac OS.  Or, you can continue to use the polished and modern OS that is El Capitan and just set your router's firewall to "default deny" all ports phoning home and then enable only those that you want to get out.

  • by killhippie,

    killhippie killhippie Feb 7, 2016 1:47 AM in response to OregonRebel
    Level 3 (847 points)
    Mac App Store
    Feb 7, 2016 1:47 AM in response to OregonRebel

    I lost internet connection the other day, my iMac went mad when I rebooted it just to test an idea as it could not connect to the net to authenticate something, I had in console line after line of ImRemoteURLConnectionAgent until that service crashed. Now I know this is a system daemon of some kind and it keeps the Ethernet port alive even with wake for network access is off and Power nap is off as well when the iMac sleeps. I'm not sure if this a quirk of the pure SSD late 2015 5K iMacs or not, but I wish I knew what to do to turn this off.  OS X never used to phone home this much.

  • by OregonRebel,

    OregonRebel OregonRebel Feb 7, 2016 3:01 AM in response to GreenMamba
    Level 1 (37 points)
    Mac OS X
    Feb 7, 2016 3:01 AM in response to GreenMamba

    Check out this app - it's only $9 right now.

     

    The dev. says "Radio Silence respects your concentration. That is why it will never interrupt you with pop-up windows or alerts."

     

    A Lifehacker quote says "A lot of apps secretly check in with the mothership behind the scenes without asking your permission. If you'd prefer they didn't, Radio Silence can solve your problem hassle-free.”

     

     

    SILENCED!

     

    Radio Silence.png

     

     

     

    http://radiosilenceapp.com/

  • by OregonRebel,

    OregonRebel OregonRebel Feb 7, 2016 3:20 AM in response to killhippie
    Level 1 (37 points)
    Mac OS X
    Feb 7, 2016 3:20 AM in response to killhippie

    You can always kill the process in Activity Monitor after booting.

    I just checked and had two of them running, had to force quit to kill 'em.

     

    You can probably make a script to kill 'em after startup if you're into that.

    I didn't find a Terminal command to disable it.

     

    You may be able to move, lock or dispose of it if you know you'll never need it.

    It's in the System folder, so get an answer from someone more qualified before doing anything with it.

     

    It's located at /System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteUR LConnectionAgent.xpc.

  • by OregonRebel,

    OregonRebel OregonRebel Feb 7, 2016 6:31 AM in response to OregonRebel
    Level 1 (37 points)
    Mac OS X
    Feb 7, 2016 6:31 AM in response to OregonRebel

    OregonRebel wrote:

     

    You can always kill the process in Activity Monitor after booting.

     

    Maybe not - IMRemoteURLConnectionAgent keeps popping back up in Activity Monitor.

  • by Drew Reece,

    Drew Reece Drew Reece Feb 7, 2016 9:24 AM in response to OregonRebel
    Level 5 (7,485 points)
    Notebooks
    Feb 7, 2016 9:24 AM in response to OregonRebel

    OregonRebel wrote:

     

    OregonRebel wrote:

     

    You can always kill the process in Activity Monitor after booting.

     

    Maybe not - IMRemoteURLConnectionAgent keeps popping back up in Activity Monitor.

    Have you even looked to see if it is a background task that the OS want active all the time? Killing processes that the OS is managing will never work.

     

    In Terminal…

    launchctl list
    

    or since you don't use SIP check all the system jobs…

    sudo launchctl list | grep IMRemote
    

     

    There are right & wrong ways to achieve everything. Maybe you should learn about unloading processes correctly instead of 'failing to murder' things that scare you.

    https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man8/launchd.8.html

  • by OregonRebel,

    OregonRebel OregonRebel Feb 7, 2016 3:37 PM in response to Drew Reece
    Level 1 (37 points)
    Mac OS X
    Feb 7, 2016 3:37 PM in response to Drew Reece

    It seems you too missed the point of this discussion.

     

    I've used Terminal to change all sorts of things, but I'm not interested in reading any manuals for an in-depth training course.

     

    It's not that any specific process is running that we're concerned about, it's that many of them make unwanted connections. There's no need for dozens/hundreds of call-home attempts daily for processes we aren't using.

     

     

    THAT'S the point of this discussion - Unwanted network connections.

    Not unwanted processes running.

     

    BTW, there are kill and force quit functions in A.M. for a reason.

    Whether it be WindowServer, mds, iconservicesagent, coreservicesd or another process, sometimes they need to be "murdered."

    They may be runaway process or may be functioning as intended, but are just so annoying and unnecessary that they deserve to be executed.

Previous Page 2 of 5 last Next