Google Domains

[celenityy]

Which domain(s) should be blocked?

auditrecording-pa.googleapis.com
clienttracing-pa.googleapis.com
datasaver.googleapis.com
feedback-pa.googleapis.com
growth-pa.googleapis.com
gvt2-cn.com
gvt3.com
locationhistory-pa.googleapis.com
locationhistoryaggregates-pa.googleapis.com

Why should these domain(s) be blocked?

auditrecording-pa.googleapis.com - It looks like this is already blocked on Ultimate, but I think it might be worth blocking this on some of the less aggressive lists as well. This appears to be related to Google's Cloud Audit Logging API: https://cloud.google.com/logging/docs/audit, so it's just more telemetry. I was also able to find more info on it proving this further here on Page 34 & Page 36. We can see: POST https://auditrecording−pa.googleapis.com/google.internal.api.auditrecording.v1.AuditRecordingMobileService/CreateAuditRecord POST body: <binary payload> & POST https://auditrecording−pa.googleapis.com/google.internal.api. auditrecording.v1.AuditRecordingMobileService/CreateAuditRecord Headers x−goog−spatula: CjYKFmNvbS5nb29n...Fwu6/s+CCz+wBKgA= POST body decoded as protobuf: <...> <device details> <...>.

clienttracing-pa.googleapis.com - I've noticed Stock Android devices phone home to this, difficult to find info on, but it seems to be related to Google's Cloud Trace API, so just more telemetry.

datasaver.googleapis.com - This is related to Chromium's "Data Saver" feature, I think we should really consider blocking this one, at least on the more aggressive lists. You can see here for more info, but this is extremely concerning from a privacy & security standpoint... Google is not only sent the websites you visit, but literally MITMs them.

feedback-pa.googleapis.com - I've noticed Google apps on iOS and Android frequently call this domain, I wasn't able to find any official references or documentation on it, but it appears to be used for telemetry based off this Czech forum post - annotation=anonymous_feedback_submit_apicka_apkey=AIzaSejQEszExuVHsgk8YElDTlbbrhzeRISc --anenation=anonymous_feedback_submit_url=https://feedback-pa.googleapis.com/v1/feedback/products/1633926/web:anonymous_submit

growth-pa.googleapis.com - I saw this domain was requested before in #44 & #2411, and it seems like it wasn't blocked due to the lack of information. However, I was able to find info on it, and it appears this domain is directly related to & used for promotions in Google's apps & services. See here from Chromium's source code, & here on Page 9:

-const char kDesktopIOSPromotionQueryPhoneNumber[] =
- "https://growth-pa.googleapis.com/v1/get_verified_phone_numbers";
-
-const char kDesktopIOSPromotionSendSMS[] =
- "https://growth-pa.googleapis.com/v1/send_sms";
-

The Google Docs and Messaging apps (or a process on its behalf) connect to growth-pa.googleapis.com/google.internal.identity.growth.v1.GrowthApiService/GetPromos, sending device details but no unique identifiers

gvt2-cn.com - Chinese variant of gvt2.com, which we already block, used for telemetry.

gvt3.com - Similar to gvt2.com, according to Google, this is used for "Google Play connectivity monitoring and diagnostics".

locationhistory-pa.googleapis.com - This is extremely difficult to find information on, but it appears to be related to Google's location history. I think it'd probably make sense to block this on the more aggressive tests. This might need more investigation though, unclear.

locationhistoryaggregates-pa.googleapis.com - Same as above.

[hagezi]

Thank you @Retold3202, great work as always. We'll take a closer look.

@xRuffKez

[celenityy]

I recently dug up an old Stock Android phone I've had lying around, so I've been doing some experimenting & testing with it, and I found a couple more domains & more info.

feedback-pa.clients6.google.com - Another domain for feedback-pa.googleapis.com

footprints-pa.googleapis.com - Another domain that was requested in #2411, but lacked info around it. After a lot of investigating and testing on my device, this appears to be responsible for Google's Web & Activity History tracking. I was able to confirm this through the Google Maps app. If you try to start a route, and have your Google account's web & activity history disabled, there will be a prompt asking you to enable it. If you select Get started on the prompt while this domain is blocked, it will do nothing. However, when the domain is unblocked and you select Get started, it'll give you a pop-up and go through the process of enabling it. So, I think this is a fair conclusion to reach based on this behavior & context clues of its naming. It looks like we already have this domain blocked on some of the lists, but I figured I'd still give info on it regardless since there's literally none anywhere that I can find.

timeline.google.com - This appears to be another domain related to Google's Location History/"Timeline" tracking, might be worth blocking at least on the more aggressive lists.

There were a few other interesting domains I found as well that caught my eye, but I need to find more info on them, will probably further investigate tomorrow & report back with my findings. :)

[hagezi]

Thanks for the details @Retold3202 - great. I have added feedback-pa.clients6.google.com.

I will not completely block Google Maps Timeline through timeline.google.com, the data collection is blocked in Ultimate by blocking userlocation.googleapis.com.

[hagezi]

@Retold3202 Can you confirm that geller-pa.googleapis.com needs to be unblocked for the Google Assistant to work? It is currently unblocked.

There is also device-provisioning.googleapis.com, which also appears frequently in the logs. I once blocked it as a test and found that the push notifications could no longer be configured in the F1TV iOS app as a result.

[celenityy]

@Retold3202 Can you confirm that geller-pa.googleapis.com needs to be unblocked for the Google Assistant to work? It is currently unblocked.

I tried blocking geller-pa.googleapis.com, and I did notice Assistant trying to connect there & being blocked, but it looks like Assistant is still functioning fine for me, I'm able to have a conversation with it & it seems to be able to still retrieve data from the internet. It looks like the main domain responsible for Assistant is assistant-s3-pa.googleapis.com, so I think as long as we don't touch that, we should be fine.

There is also device-provisioning.googleapis.com, which also appears frequently in the logs. I once blocked it as a test and found that the push notifications could no longer be configured in the F1TV iOS app as a result.

I noticed this one as well. After some digging, it looks like it's part of Firebase Cloud Messaging according to Google's docs here, so that would make sense with it breaking push notifications for you there. We should probably just leave it alone.

[hagezi]

Many thanks @Retold3202, geller-pa.googleapis.com added to aggressive lists.

[celenityy]

Always glad to help @hagezi :)

I'm currently investigating these domains, but they're very difficult to find info on and I'm struggling to get them to reproduce, so I'll go ahead and post them here in case you or anyone else who stumbles upon this has any info on them:

searchpromo-pa.googleapis.com - I caught the "Google" app connecting to this, but I've only seen it connect one time, and sadly I already had it blocked when it did. So far I haven't been able to get it to connect to this again, and I've tried researching it and also haven't been able to find info on it, but it seems certainly related to some form of promotion, just wish I could get it to replicate. I can at least confirm that the Google app appears to function perfectly without issue with it blocked.

searchlabspartnerservice-pa.googleapis.com - This appears to be related to Google's "Search Labs" experiments, I've noticed the "Google" app connecting to this, probably worth blocking at least on the aggressive lists IMO.

labs.google - Same as above.

labs.google.com - Same as above, another domain used for the "Search Labs" experiments.

voilatile-pa.googleapis.com - This is probably the strangest domain I've found so far. It appears to be connected to from Google Play Services... but that's about all I know about it. I can't find any documentation or references to this online at all. I haven't seen any issues with it blocked, but since I don't have any idea what it does, it's tough to say whether it's actually safe or not to block. This'll definitely need more investigation.

xgapromomanager-pa.googleapis.com - Same story as searchpromo-pa.googleapis.com, I saw this connected to the same time that domain was by the "Google" app, but I also had it blocked. Highly likely also related to some form of promotion, the Google app seems to function perfectly with it blocked, but I just wish I could also get it to reproduce. This is another domain with no documentation.

Some of these Google domains have been extremely difficult to find info on, they lack documentation, I've even dug through Google's developer resources. I'll keep experimenting around & investigating.

[celenityy]

A couple more discoveries:

glsfrontend-pa.googleapis.com - This domain is used for Google's "Local Services Ads". I can confirm as the app directly connects here.

localservices.googleapis.com - Another domain used for Google's "Local Service Ads", Source: Page 5 of here & here.

scone-pa.clients6.google.com - Another domain with no documentation, but I'm 100% certain this is related to Google advertising/tracking. In the "Google" app, whenever a sponsored result comes up, if I hit the 3 dots to access the "My Ad Center" pop-up, every single time without fail, this domain is also called. I haven't noticed any breakage with this blocked, and I've observed various Google apps connecting to it.

scone-pa.googleapis.com - Same as above.

[AleIlMagno]

@Retold3202 I had personally blocked voilatile-pa.googleapis.com in the past but I then whitelisted it because, if I remember right, after some days Google Play Store showed "Device not certified" under Play Protect Certification

[AleIlMagno]

Regarding locationhistory-pa.googleapis.com, this seems really sketchy, my device tries to call it two times a day even if I have location history (Timeline) disabled

[AleIlMagno]

I would also consider blocking:

content-autofill.googleapis.com
lamssettings-pa.googleapis.com
infinitedata-pa.googleapis.com
quake-pa.googleapis.com
chromesyncentities-pa.googleapis.com
nearbysharing-pa.googleapis.com
remoteprovisioning.googleapis.com

I have these blocked for months and I didn't notice any problem, but I also don't use most of google services, so some investigation is needed.

[celenityy]

I had personally blocked voilatile-pa.googleapis.com in the past but I then whitelisted it because, if I remember right, after some days Google Play Store showed "Device not certified" under Play Protect Certification

I've had it blocked on my device for around a week now, and I just took a look, and it appears to still show as "Certified". So it might've just been a coincidence, or maybe it's something different in my case. Some of these Google domains are probably the hardest I've ever tried researching/finding info on, a lot of them are fairly sketchy IMO and there's near no info anywhere on a lot of them unfortunately.

content-autofill.googleapis.com

I'm fairly certain this is related to the "Autofill with Google" feature on Android. Personally I could care less about it and I block it on my personal list, but I doubt Hagezi will want to block this for the masses since this could be a legitimate feature people are using.

lamssettings-pa.googleapis.com

This appears to be related to geolocation (ex. Page 3 here). As to what its purpose is... your guess is as good as mine. 🤷‍♀️ I've had it blocked and haven't noticed any issues, looks like you have as well, but certainly needs more investigation.

infinitedata-pa.googleapis.com

This is definitely a sketchy one, I've ran into it myself and spent a lot of time researching it. After some more research, according to Page 53 here, this appears to be another form of telemetry & was caught here sending the list of installed apps to Google. I haven't encountered any issues with this blocked, & you said you haven't either, so I think we should probably consider blocking this on the lists.

quake-pa.googleapis.com

Another domain with absolutely no info on it anywhere. Definitely needs investigation.

chromesyncentities-pa.googleapis.com

This is probably related to Google Chrome Sync. This is another case where I doubt Hagezi will block it for the masses since it could be a legitimate feature that people are using. I'll probably add it to my personal blocklist though because I could care less about it.

nearbysharing-pa.googleapis.com

This is definitely another sketchy one. It appears to be required for Google's "Quick Share" feature to work (ex. here), but this does also appear to be used for advertising & tracking. I think we should block it on the more aggressive lists.

remoteprovisioning.googleapis.com

This shouldn't be blocked, it's part of Android's Remote Provisioning Attestation feature, which is useful from a security perspective & for checking device integrity.

[celenityy]

Also looks like I was 100% correct about footprints-pa.googleapis.com, this is definitely used for Google's Web & Activity History tracking. See Page 18 & 42 here.

POST https://footprints−pa.googleapis.com/footprints.oneplatform. FootprintsService/GetActivityControlsSettings

[celenityy]

As an aside, I think we should also consider blocking:

admob.googleapis.com - Google AdMob API.

adsensehost.googleapis.com - Google Adsense "Host" API.

audit.googleapis.com - Google Cloud Audit Logging.

analyticsadmin.googleapis.com - Google "Analytics Admin" API.

analyticsdata.googleapis.com - Google "Analytics Data" API.

analyticshub.googleapis.com - Google "Analytics Hub" API.

analyticsreporting.googleapis.com - Google "Analytics Reporting" API.

appenginereporting.googleapis.com - Google "App Engine Reporting Service".

chromeuxreport.googleapis.com - Google "Chrome UX Report" API.

cloudaudit.googleapis.com - Same as audit.googleapis.com, also used for Cloud Audit Logging.

cloudlatencytest.googleapis.com - Google "Cloud Network Performance Monitoring" API.

cloudprofiler.googleapis.com - Google Cloud Profiler Observability & Monitoring.

cloudtrace.googleapis.com - Google's "Cloud Trace" API.

content-partnersbadge-pa.googleapis.com - Google "Partner Badge Program" - Just more marketing & tracking.

dfareporting.googleapis.com - Google Doubleclick "Campaign Manager 360" API.

doubleclickbidmanager.googleapis.com - Google Doubleclick "Bid Manager" API.

doubleclicksearch.googleapis.com - Google Doubleclick "Search Ads 360" API.

federatedcompute-pa.googleapis.com - Part of Google's "Private Compute Services" - "Enables privacy-preserving aggregate machine learning and analytics across many devices, without any raw data leaving the device.

firebasepredictions.googleapis.com - Google Firebase "Predictions", just more creepy ad/tracking... See here.

firewallinsights.googleapis.com - Google "Firewall Insights".

gapromomanager-pa.googleapis.com - Not extremely clear, but appears to be another domain related to promotions in the "Google" app on Android, similar to xgapromomanager-pa.googleapis.com.

logging.googleapis.com - Google "Cloud Logging" API.

marketingplatformadmin.googleapis.com - Google "Marketing Platform Admin" API.

meshtelemetry.googleapis.com - Google "Mesh Telemetry & Monitoring" API.

mobilenetworkscoring-pa.googleapis.com - This appears to be reporting sensitive network data back to Google in order to determine the "network quality". See Page 18 & 42 here.

monitoring.googleapis.com - Google's "Cloud Monitoring" API.

pagespeedmobilizer.com - Google's "Page Speed Insights" API.

pagespeedonline.googleapis.com - Same as above.

partners-json.googleapis.com - Google "Partners API" - "Lets advertisers search certified companies and create contact leads with them, and also audits the usage of clients".

recommendationengine.googleapis.com - Google "Recommendations AI" & here - "Take advantage of Google's expertise in recommendations, powered by state-of-the-art machine learning models. Provide effective and real-time personalization with the recommendations capability (formerly Recommendations AI) of Vertex AI Search."

recommender.googleapis.com - Google "Recommender" & here. - "Recommender is a service on Google Cloud that provides usage recommendations and insights for Cloud products and services".

stackdriver.googleapis.com - Google's "Stackdriver" API - "Used by Google Cloud’s operations suite to collect signals across Google Cloud internal and external apps, platforms, and services".

surveys.googleapis.com - Google "Surveys" API.

tagmanager.googleapis.com - Google Tag Manager API.

timeseriesinsights.googleapis.com - Google "Time Series Insights" Monitoring API.

wirelessdevicestats.googleapis.com - Appears to be telemetry & data collection from Google Home.

[hagezi]

In 4268492 I have made a few adjustments based on the comments. Thanks @AleIlMagno and @Retold3202.
@AleIlMagno, if you want the "full program", then I recommend using Ultimate.

[Punisher-Username1]

Allowing these 2 domains in NextDNS helps my Google Maps & Taxi, Cab, Ride Hailing apps work.

• auditrecording-pa.googleapis.com
• voilatile-pa.googleapis.com

Those 2 domains were not blocked in the previous Ultimate filter according to my NextDNS logs.

[hagezi]

@Punisher-Username1:
#2900 (comment)
#2900 (comment)
#2900 (comment)

[github-actions]

This issue has been fixed in release 2025.014.74415

[ExtRIELICi]

I just found this in the logs: s-v6exp1-ds.metric.gstatic.com. It was requested only once and never again.

According to ChatGPT Search:

The metric subdomain is associated with Google’s data collection and analytics services. Requests to domains like metric.gstatic.com are often made by browsers to gather metrics or perform network experiments, such as testing IPv6 connectivity.

[celenityy]

@ExtRIELICi

ChatGPT is incorrect. metric.gstatic.com is used for DNS over TLS connectivity checks on Android. You can see it in AOSP's source code here. I'm not aware of it being used for tracking/analytics.

[ExtRIELICi]

Oh okay, we should leave it as is then, sorry

@ExtRIELICi

ChatGPT is incorrect. metric.gstatic.com is used for DNS over TLS connectivity checks on Android. You can see it in AOSP's source code here. I'm not aware of it being used for tracking/analytics.

[hagezi]

ref: Blocking semanticlocation-pa.googleapis.com possibly breaks Google Maps: #4945

[dandv]

Any information about peoplestackwebexperiments-pa.clients6.google.com?

I've been blocking it from Spotify for a few days, apparently with no loss of functionality. Saw it accessed by various Google services (not just photos) in the browser.

[hagezi]

https://www.perplexity.ai/search/peoplestackwebexperiments-pa-c-ws2ZbdPGS62SH1mdQ_UKrg#1

[dandv]

@hagezi I get "This thread does not exist" when I follow that link.

When I searched for the domain name, Perplexity regurgitated what we already know:

peoplestackwebexperiments-pa.clients6.google.com is a subdomain of Google that is related to Google Photos Face Grouping[1](https://www.reddit.com/r/privacy/comments/13kx5wn/what_is/)[7](https://github.com/llacb47/mischosts/issues/19). DNS resolution of peoplestackwebexperiments-pa.clients6.google.com points to 142.250.99.95, which is located in Mountain View, California[3](https://domain.glass/peoplestackwebexperiments-pa.clients6.google.com).

Although it is related to Google Photos, some users have reported seeing calls to this subdomain even when they don't use Google Photos[1](https://www.reddit.com/r/privacy/comments/13kx5wn/what_is/).

According to domain.glass, peoplestackwebexperiments-pa.clients6.google.com scored 867 on 2020-11-01, based on global DNS query popularity[3](https://domain.glass/peoplestackwebexperiments-pa.clients6.google.com).

[hagezi]

Your device is likely calling peoplestackwebexperiments-pa.clients6.google.com as part of Google's services, specifically related to Google Photos Face Grouping. This feature uses facial recognition to organize photos, even if you do not actively use Google Photos. The subdomain may be accessed by background processes linked to Google Play Services or other pre-installed Google apps that rely on shared infrastructure for functionality like syncing, telemetry, or AI-based features 1 2 7.

If you have disabled most Google apps or do not use Google Photos, these calls could still occur due to residual dependencies in the operating system or apps that interact with Google's services. Blocking this domain may not disrupt your device's core functions but could affect specific features tied to Google's ecosystem 2 5.

[celenityy]

peoplestackwebexperiments-pa.clients6.google.com specifically appears to be related to some kind of A/B testing/experimentation (likely related to Google Photos/Face Groups as mentioned above). In my testing, I noticed this specifically called from drive.google.com:

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

That surprises me to hear it’s being called by Spotify, I’m not sure why third party services would be using it. Regardless, I would be in favor of blocking peoplestackwebexperiments-pa.clients6.google.com under the assumption it doesn’t cause breakage. I don’t use Google Drive/Photos/etc. personally, so I can’t really comment there.

[Seohare]

myphonenumbers-pa.googleapis.com
phonedeviceverification-pa.googleapis.com
performanceparameters.googleapis.com
searchlabspartnerservice-pa.googleapis.com
semanticlocation-pa.googleapis.com

Can you check the domain above as well?

[xRuffKez]

No blocking!
myphonenumbers-pa.googleapis.com
Likely handles phone number verification or management for Google services.

No blocking!
phonedeviceverification-pa.googleapis.com
Probably used for verifying phone devices linked to Google accounts.

performanceparameters.googleapis.com
Might collect or manage performance metrics for Google apps or services.

searchlabspartnerservice-pa.googleapis.com
Could be related to experimental or partner-based search features.

semanticlocation-pa.googleapis.com
Likely deals with location-based services using semantic analysis (e.g., identifying meaningful locations).

[celenityy]

I noticed searchlabspartnerservice-pa.googleapis.com called from the Google app on Android, it appears to be related to 'Search Labs/Experiments', which looks like more A/B testing/experimentation. The fact this functionality is unavailable in Europe due to local regulations speaks volumes... I think this is definitely worth blocking.

semanticlocation-pa.googleapis.com was blocked previously, but was found to break Google Maps on Android, so it was removed.

It looks like myphonenumbers-pa.googleapis.com is called by Google Play Services on Android. My impression from skimming AOSP's source code is that myphonenumbers-pa.googleapis.com is being used to send the user's phone numbers (detected via their SIM card(s)) to Google. I don't see why this would be necessary/what legitimate functionality it provides, so I think it might be worth blocking - maybe just on Ultimate for now though to see if anyone reports any issues. I'll also add this to my BadBlock lists.

phonedeviceverification-pa.googleapis.com is odd - it appears to be called by Google Play Services on Android (I've specifically found: phonedeviceverification-pa.googleapis.com/google.internal.communications.phonedeviceverification.v1.PhoneDeviceVerification/GetConsent), but that's about all I can find on it. I also discovered phonedeviceverification-pa-prod.sandbox.googleapis.com, which appears to be similar and also used for this same mystery functionality. This will need more research and testing, I'll probably block both of these on my network and report back if I hear any complaints/issues/etc...

performanceparameters.googleapis.com appears to be used for collecting performance insights in games, so I think it should be blocked. For reference, I've had this blocked on BadBlock for several months and haven't received any issues.

[hagezi]

Thanks @celenityy, I will add

searchlabspartnerservice-pa.googleapis.com
myphonenumbers-pa.googleapis.com
performanceparameters.googleapis.com

to the Ultimate.

@Seohare semanticlocation-pa.googleapis.com has been unblocked: #2900 (comment)

[Seohare]

infinitedata-pa.googleapis.com

If this domain is also identified as a tracker, please include it in the list

[dandv]

Your device is likely calling peoplestackwebexperiments-pa.clients6.google.com as part of Google's services

My device is a laptop running Fedora, and I don't use any Google applications outside of a browser. I do develop code that make API calls to Firebase and Google Auth, but that's it.

That surprises me to hear it’s being called by Spotify

This might be an issue with the firewall I'm using - mis-identifying the application.

[dandv]

That surprises me to hear it’s being called by Spotify, I’m not sure why third party services would be using it.

@celenityy: Spotify uses the Chromium Embedded Framework, so it might be Chromium phoning home.