I have installed Ubuntu 18.04 LTS for testing on a crash dummy in anticipation of upgrading my 16.04 LTS machines. So far everything is working quite well and I do like some of the changes and improvements.
One thing I noticed though is that Ubuntu seems to be "calling home" to Google web sites on a frequent, periodic basis. Wondering what that's all about. This issue was brought up on here previously regarding a similar situation in Ubuntu 17.10 but the answer and reasons for this snooping were extremely vague.
I block all outside traffic to/from my local subnet (192.168.0.0/24) and force all Internet traffic to go through my VPN. All of this works well.
Every five minutes I see five packets as follows:
[ +4.160090] [UFW BLOCK] IN= OUT=wlx00026f5a322b SRC=192.168.0.11 DST=104.198.143.177 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=10309 DF PROTO=TCP SPT=44246 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
[ +8.192209] [UFW BLOCK] IN= OUT=wlx00026f5a322b SRC=192.168.0.11 DST=104.198.143.177 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=10310 DF PROTO=TCP SPT=44246 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
The destination IP isn't always the same but a whois verifies that they are all owned by Google.
Updates, NTP and so on seem to be working correctly and are (I assume) properly going through my VPN. In testing this I have all apps shut down so it seems like it's something in Ubuntu itself that is causing these attempted connections. There is nothing Google-related turned on that I can see. Chrome isn't even installed.
jones@Office-Ubuntu:~$ ps -ef | grep chrome
jones 19610 1930 0 10:24 pts/0 00:00:00 grep --color=auto chrome
jones@Office-Ubuntu:~$
If I didn't have the firewall enabled I'd never even know this was going on. If I go to the web site IP it does render a (blank) page which makes me think that the purpose for these connection attempts is data collection. Since this is Google, I am naturally suspicious/paranoid that something creepy is going on.
A related question/answer on this site indicates that this might be some sort of a "keep-alive" function. If so, it is obviously not needed since I am blocking the connections in UFW and everything continues to work perfectly. I see no way to turn this off as described in the related question. And as an aside, if this is indeed some sort of a "keep-alive" "feature" there are probably better ways to implement that capability without exposing the Ubuntu community to Google's data collection warehouse. And when/why did Ubuntu start thinking it would be a good idea to collaborate with Google to collect user information surreptitiously?
My question differs from the previously asked "identical" question inasmuch as the answer there implied (apparently incorrectly) that these connections are necessary and benefit Ubuntu users (but doesn't really explain why). The primary question I am asking is this: How do I "opt-out" of this unwanted intrusion into my privacy since connecting to a Google web site every five minutes is clearly not needed to keep anything useful in Ubuntu functioning?
