Recently, I took up a campaign to secure and speed up my home network. I installed PiHole DNS Sinkhole on a small spare laptop to block as many ads and trackers as I could. With logging enabled, the PiHole setup provided me with a lot of information about a large number of ads and trackers which were running on the home network devices.
One particularly interesting find was to see the quantum of Facebook analytics running on Jio GigaFiber’s Set-Top Box
For the uninitiated, Jio (or Reliance Jio) is primarily an Indian telecommunications company which provides mobile internet and broadband internet in India. In the past few years it has taken over a large market of mobile and broadband internet due to it’s cheap rates. It is quite literally the biggest telecom operator in India.
We know that whenever you request a web resource first and foremost, a Domain Name Server (DNS) resolves it’s domain name into an IP address. A DNS sinkhole is a DNS server which gives false results for specific domain names like those of ad services, well known trackers etc. PiHole blocks these domain names by using blocklists which one can add to and configure quite extensively.
This is what the PiHole dashboard looks like. The web interface shows all the stats one may need to analyze their network queries.
These are the overall stats I got after running PiHole for on my home network for almost 10 days.
36.5% of network queries were ads and trackers, hence were blocked.
graph.accountkit.comtracker topped the Blocked Domains list with more than 60,000 hits in 10 days!
192.168.29.128has queried 1,18,393 times in the past 10 days!
I ran an
nmap scan against the IP Address
192.168.29.128 to figure out what device it was. This is what I got;
❯ sudo nmap -sS -O 192.168.29.128 Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-21 19:33 IST Nmap scan report for 192.168.29.128 Host is up (0.0064s latency). Not shown: 998 closed ports PORT STATE SERVICE 2869/tcp open icslap 9080/tcp open glrpc MAC Address: 6C:E8:C6:82:D7:EC (Earda Technologies) Device type: phone Running: Google Android 5.X|7.X, Linux 3.X OS CPE: cpe:/o:google:android:5.1 cpe:/o:google:android:7.1.2 cpe:/o:linux:linux_kernel:3.4 OS details: Android 5.1, Android 7.1.2 (Linux 3.4) Network Distance: 1 hop
On a little digging, I figured out this device is nothing other than my Jio’s GigaFiber Set-Top-Box which everyone gets free with their Jio connection.
nslookup utility on this domain, one sees that this is a Facebook service;
❯ nslookup graph.accountkit.com Server: 220.127.116.11 Address: 18.104.22.168#53 Non-authoritative answer: graph.accountkit.com canonical name = star.c10r.facebook.com. Name: star.c10r.facebook.com Address: 22.214.171.124 Name: star.c10r.facebook.com Address: 2a03:2880:f05c:12:face:b00c:0:2
But what does it actually do?
This is part of the analytics service of Facebook’s Graph API. Sites and services often have other third-party trackers in them for analytics and data collection. Having these trackers helps ad companies create digital identities and footprints even if you don’t have a Facebook account. For example, Facebook creates “shadow profiles” of you even if you don’t have a Facebook, Instagram, or WhatsApp account.
By installing PiHole on my home network, I found that my Set-Top Box, or the apps installed on it, run Facebook Analytics which most probably collects usage and viewing data.
The Jio STB runs on Android and the streaming apps installed on it could also be the cause of this. Multiple Android devices in the home network use the streaming apps too, why then, does the STB query analytic services so aggressively?
I am curious as to why this is.
Seems that Facebook’s investment of $5.7 billion (Rs 43,574) crore into Jio Platforms last year must have a role, but as a citizen, I hope it is not at a cost.
Who can clarify? I am a student and open to being corrected.
I could try to proxy the STB traffic and try to see what kind of data is exchanged between these services to confirm or refute my suspicions. If I end up digging around this, expect a part two to this post then!