googerteller/README.md

# googerteller

Audible feedback on just how much your browsing feeds into Google.

By bert@hubertnet.nl / https://berthub.eu/

Makes a little bit of noise any time your computer sends a packet to a
Google service, which excludes Google Cloud users.

Demo video [in this tweet](https://twitter.com/bert_hu_bert/status/1561466204602220544)

## How to compile

You need a C++ compiler like `gcc-c++` and CMake for compiling the binary.

You also need to install `libpcaudio` (`libpcaudio-dev` on Debian/Ubuntu, `pcaudiolib-devel` on Fedora/Red Hat).

Then run:

```
cmake .
make
```

## How to run
Google is so large its IPv4 and IPv6 footprint can't be handled by tcpdump,
or at least not efficiently. Therefore we need to define an ip(6)tables
`ipset`. This will first exclude Google Cloud, and then include all the
other Google IP addresses.

Install iptables 'ipset', and run (as root) the `ipset-setup.sh` script, or
execute:

```
ipset create google-services hash:net
for a in $(cat goog-cloud-prefixes.txt)
do 
echo $a
	ipset add google-services $a nomatch
done 
for a in $(cat goog-prefixes.txt)
do 
	ipset add google-services $a
done

ipset create google-services6 hash:net family inet6
for a in $(cat goog-cloud-prefixes6.txt)
do 
	ipset add google-services6 $a nomatch
done 

for a in $(cat goog-prefixes6.txt)
do 
	ipset add google-services6 $a
done
iptables -I OUTPUT -m set --match-set google-services dst -j NFLOG --nflog-group 20 
ip6tables -I OUTPUT -m set --match-set google-services6 dst -j NFLOG --nflog-group 20 
```

Then start as:
```
sudo tcpdump -i nflog:20 -ln | ./teller
```
And cry.

## Data source
The list of Google services IP addresses can be found on [this Google
support page](https://support.google.com/a/answer/10026322?hl=en).

Note that this splits out Google services and Google cloud user IP
addresses. However, it appears the Google services set includes the cloud IP
addresses, so you must check both sets before determining something is in
fact a Google service and not a Google customer.
Initial commit 2022-08-21 21:41:01 +02:00			`# googerteller`
README.md: minor improvements Slightly improved the description and build instructions, added required library package name on RPM-based distributions like Fedora/Red Hat. 2022-08-22 18:38:34 +02:00
			`Audible feedback on just how much your browsing feeds into Google.`
initial 2022-08-21 22:48:40 +02:00
add contact details 2022-08-22 00:07:55 +02:00			`By bert@hubertnet.nl / https://berthub.eu/`

spruce up README a bit 2022-08-23 07:32:25 +02:00			`Makes a little bit of noise any time your computer sends a packet to a`
			`Google service, which excludes Google Cloud users.`

add tweet 2022-08-22 22:07:07 +02:00			`Demo video [in this tweet](https://twitter.com/bert_hu_bert/status/1561466204602220544)`

initial 2022-08-21 22:48:40 +02:00			`## How to compile`
README.md: minor improvements Slightly improved the description and build instructions, added required library package name on RPM-based distributions like Fedora/Red Hat. 2022-08-22 18:38:34 +02:00
			You need a C++ compiler like `gcc-c++` and CMake for compiling the binary.

			You also need to install `libpcaudio` (`libpcaudio-dev` on Debian/Ubuntu, `pcaudiolib-devel` on Fedora/Red Hat).

			`Then run:`
initial 2022-08-21 22:48:40 +02:00
			```
			`cmake .`
			`make`
			```

README.md: minor improvements Slightly improved the description and build instructions, added required library package name on RPM-based distributions like Fedora/Red Hat. 2022-08-22 18:38:34 +02:00			`## How to run`
and docs for better setup 2022-08-23 10:25:40 +02:00			`Google is so large its IPv4 and IPv6 footprint can't be handled by tcpdump,`
			`or at least not efficiently. Therefore we need to define an ip(6)tables`
			`ipset`. This will first exclude Google Cloud, and then include all the
			`other Google IP addresses.`

			Install iptables 'ipset', and run (as root) the `ipset-setup.sh` script, or
			`execute:`
initial 2022-08-21 22:48:40 +02:00
			```
and docs for better setup 2022-08-23 10:25:40 +02:00			`ipset create google-services hash:net`
			`for a in $(cat goog-cloud-prefixes.txt)`
			`do`
			`echo $a`
			`ipset add google-services $a nomatch`
			`done`
			`for a in $(cat goog-prefixes.txt)`
			`do`
			`ipset add google-services $a`
			`done`

			`ipset create google-services6 hash:net family inet6`
			`for a in $(cat goog-cloud-prefixes6.txt)`
			`do`
			`ipset add google-services6 $a nomatch`
			`done`

			`for a in $(cat goog-prefixes6.txt)`
			`do`
			`ipset add google-services6 $a`
			`done`
			`iptables -I OUTPUT -m set --match-set google-services dst -j NFLOG --nflog-group 20`
			`ip6tables -I OUTPUT -m set --match-set google-services6 dst -j NFLOG --nflog-group 20`
initial 2022-08-21 22:48:40 +02:00			```

and docs for better setup 2022-08-23 10:25:40 +02:00			`Then start as:`
Fix issue #4 2022-08-22 13:23:14 +02:00			```
and docs for better setup 2022-08-23 10:25:40 +02:00			`sudo tcpdump -i nflog:20 -ln \| ./teller`
Fix issue #4 2022-08-22 13:23:14 +02:00			```
and docs for better setup 2022-08-23 10:25:40 +02:00			`And cry.`
Fix issue #4 2022-08-22 13:23:14 +02:00
improve suggested commandline, document IP address source 2022-08-21 23:01:50 +02:00			`## Data source`
			`The list of Google services IP addresses can be found on [this Google`
			`support page](https://support.google.com/a/answer/10026322?hl=en).`

			`Note that this splits out Google services and Google cloud user IP`
and docs for better setup 2022-08-23 10:25:40 +02:00			`addresses. However, it appears the Google services set includes the cloud IP`
			`addresses, so you must check both sets before determining something is in`
			`fact a Google service and not a Google customer.`