Ubuntu 20.04 Firefox 90.0.2 (64-bit) Firefox fresh install without even a default page.
tcpdumping the network connection with Firefox in troubleshooting mode with everything disabled I see lots of connections to bc.googleusercontent.com. This only happens in Firefox, not chrome or other browsers. Watching the network traffic when going to any page I see lots of connections to bc.googleusercontent.com.
I know this is google clouds service - but why? Any page I go to the tcpdump shows connections to bc.googleusercontent.com and as I said, even before loading a page whence just opening the browser. Here is a snippet of the network data:
33:42.093364 IP desktop-pc.57790 > xxx.xxx.xxx.xx.bc.googleusercontent.com.https: Flags [P.], seq 471329027:471329073, ack 2729502542, win 501, options [nop,nop,TS val 1305694051 ecr 3857902929], length 46
11:33:42.107201 IP xxx.xxx.xxx.xx.bc.googleusercontent.com.https > desktop-pc.57790: Flags [P.], seq 1:47, ack 46, win 269, options [nop,nop,TS val 3857961260 ecr 1305694051], length 46
11:33:42.107250 IP desktop-pc.57790 > xxx.xxx.xxx.xx.bc.googleusercontent.com.https: Flags [.], ack 47, win 501, options [nop,nop,TS val 1305694065 ecr 3857961260], length 0
11:33:52.560740 IP desktop-pc.57790 > xxx.xxx.xxx.xx.bc.googleusercontent.com.https: Flags [P.], seq 46:92, ack 47, win 501, options [nop,nop,TS val 1305704519 ecr 3857961260], length 46
11:33:52.561589 IP desktop-pc.57790 > xxx.xxx.xxx.xx.bc.googleusercontent.com.https: Flags [P.], seq 92:123, ack 47, win 501, options [nop,nop,TS val 1305704519 ecr 3857961260], length 31
11:33:52.561604 IP desktop-pc.57790 > xxx.xxx.xxx.xx.bc.googleusercontent.com.https: Flags [F.], seq 123, ack 47, win 501, options [nop,nop,TS val 1305704519 ecr 3857961260], length 0
11:33:52.610772 IP desktop-pc.57790 > xxx.xxx.xxx.xx.bc.googleusercontent.com.https: Flags [F.], seq 123, ack 47, win 501, options [nop,nop,TS val 1305704569 ecr 3857961260], length 0
11:33:52.627368 IP xxx.xxx.xxx.xx.bc.googleusercontent.com.https > desktop-pc.57790: Flags [.], ack 123, win 269, options [nop,nop,TS val 3857971780 ecr 1305704519], length 0
11:33:52.627377 IP xxx.xxx.xxx.xx.bc.googleusercontent.com.https > desktop-pc.57790: Flags [F.], seq 47, ack 123, win 269, options [nop,nop,TS val 3857971780 ecr 1305704519], length 0
11:33:52.627382 IP desktop-pc.57790 > xxx.xxx.xxx.xx.bc.googleusercontent.com.https: Flags [.], ack 48, win 501, options [nop,nop,TS val 1305704585 ecr 3857971780], length 0
11:33:52.627383 IP xxx.xxx.xxx.xx.bc.googleusercontent.com.https > desktop-pc.57790: Flags [.], ack 124, win 269, options [nop,nop,TS val 3857971780 ecr 1305704569], length 0
11:34:03.842933 IP desktop-pc.51722 > xvx.xxv.xvx.xx.bc.googleusercontent.com.http: Flags [S], seq 996339558, win 64240, options [mss 1460,sackOK,TS val 955624625 ecr 0,nop,wscale 7], length 0
11:34:03.858960 IP xvx.xxv.xvx.xx.bc.googleusercontent.com.http > desktop-pc.51722: Flags [S.], seq 925690353, ack 996339559, win 65535, options [mss 1430,sackOK,TS val 2064824943 ecr 955624625,nop,wscale 8], length 0
11:34:03.858998 IP desktop-pc.51722 > xvx.xxv.xvx.xx.bc.googleusercontent.com.http: Flags [.], ack 1, win 502, options [nop,nop,TS val 955624641 ecr 2064824943], length 0
11:34:03.859153 IP desktop-pc.51722 > xvx.xxv.xvx.xx.bc.googleusercontent.com.http: Flags [P.], seq 1:292, ack 1, win 502, options [nop,nop,TS val 955624641 ecr 2064824943], length 291: HTTP: GET /canonical.html HTTP/1.1
11:34:03.875183 IP xvx.xxv.xvx.xx.bc.googleusercontent.com.http > desktop-pc.51722: Flags [.], ack 292, win 261, options [nop,nop,TS val 2064824959 ecr 955624641], length 0
11:34:03.875990 IP xvx.xxv.xvx.xx.bc.googleusercontent.com.http > desktop-pc.51722: Flags [P.], seq 1:303, ack 292, win 261, options [nop,nop,TS val 2064824960 ecr 955624641], length 302: HTTP: HTTP/1.1 200 OK
Seems to be the safe browsing stuff.
https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work?as=u&utm_source=inproduct
https://www.sitepronews.com/2014/10/01/googles-safe-browsing-service-killing-privacy/