KeepassXC Browser plugin
For years I have been using KeepassXC and in some places even as browser plugin. Its auto typing sequence is very flexibile. But a drop down selection at the input fields for username/ password is much easier to handle. But this comes at a price.
As I raked through open connections I found suspicious IPs
with lasting connections and very low traffic. Looking them
up their origin is KeepassXC Browser addon. A simple invocation
lsof -i tcp is sufficient.
- 188.8.131.52 - Google
- 184.108.40.206 - Amateur Radio Digital Communications
- 220.127.116.11 - Software Editing Corporation, SEC.com, registered in the 90s
The target port was always 443, regular TLS connection. Quote from page:
And also written there this can be disabled completely even as compiler switch. Such a switch is called USE variable on Gentoo. In this case I'd emerge with USE=-network. I removed the browser plugin completely. In addition I disabled any egress from KeepassXC. Connections gone.
- SEC.com – Software Editing Corporation
- KeepassXC FAQ – KeepassXC FAQ, Network access
- KeepassXC Docs – KeepassXC documentation