I’ll take that bet—you’re spot on that we can make the PowerShell script more targeted and "actionable" by incorporating network connection checks (à la netstat, but using the modern Get-NetTCPConnection cmdlet since netstat’s deprecated). The idea: When no Chrome windows are visible, scan active TCP connections from lingering chrome.exe processes. If any are connected to Google-owned IP ranges (e.g., for sync, telemetry, or updates), forcefully kill all chrome.exe instances to cut ’em off at the source. This adds a privacy-focused twist, aligning with that EFF panopticon vibe—only nuke if Google’s still whispering in the background. 1.

This avoids always killing (in case benign processes linger) and focuses on severing Google ties. We’ll fetch Google’s official IP ranges dynamically from their published JSON to keep it accurate without hardcoding. PowerShell handles the IP-in-CIDR check with a custom function. 1.

Extended PowerShell Script: ChromeAutoKillWithGoogleCheck.ps1 1.

Save this as .ps1, run as before (e.g., via Startup folder batch or Task Scheduler). It now includes: 1. 1.

Google IP range fetch (once per run for efficiency). 1.

Connection scanning only when no windows are open. 1.

Kill only if Google connections are detected. 1. 1.

PowerShell# Chrome Auto-Kill with Google Connection Check: Kills chrome.exe if no windows open and Google connections active 1.

# Requires admin for process killing and net connections 1.

# Fetch Google’s IP ranges from https://www.gstatic.com/ipranges/goog.json 1. 1.

$checkInterval = 30 # seconds between checks 1.

$gracePeriod = 5 # seconds to wait after detecting zero windows 1. 1.

# Function to check if IP is in a CIDR range 1.

function Is-IPInCIDR { 1.

param ( 1.

[string]$ip, 1.

[string]$cidr 1.

) 1.

$cidrParts = $cidr -split ‘/’ 1.

$network = [System.Net.IPAddress]::Parse($cidrParts[0]) 1.

$mask = [Convert]::ToInt32($cidrParts[1]) 1.

$ipBytes = [System.Net.IPAddress]::Parse($ip).GetAddressBytes() 1.

$networkBytes = $network.GetAddressBytes() 1. 1.

$bytesToCheck = [Math]::Ceiling($mask / 8) 1.

for ($i = 0; $i -lt $bytesToCheck; $i++) { 1.

if ($i -eq ($bytesToCheck - 1)) { 1.

$bitsInByte = $mask % 8 1.

$maskByte = [byte](255 -shl (8 - $bitsInByte)) 1.

if (($ipBytes[$i] -band $maskByte) -ne ($networkBytes[$i] -band $maskByte)) { 1.

return $false 1.

} 1.

} else { 1.

if ($ipBytes[$i] -ne $networkBytes[$i]) { 1.

return $false 1.

} 1.

} 1.

} 1.

return $true 1.

} 1. 1.

# Fetch Google IPv4 ranges once 1.

try { 1.

$response = Invoke-WebRequest -Uri "https://www.gstatic.com/ipranges/goog.json" -UseBasicParsing 1.

$json = $response.Content | ConvertFrom-Json 1.

$googleRanges = $json.prefixes | Where-Object { $_.ipv4Prefix } | Select-Object -ExpandProperty ipv4Prefix 1.

Write-Host "$(Get-Date) - Fetched $($googleRanges.Count) Google IPv4 ranges." 1.

} catch { 1.

Write-Host "$(Get-Date) - Failed to fetch Google ranges: $_. Skipping checks." 1.

$googleRanges = @() # Fallback to no kill if fetch fails 1.

} 1. 1.

while ($true) { 1.

$chromeProcs = Get-Process -Name "chrome" -ErrorAction SilentlyContinue 1. 1.

if ($chromeProcs) { 1.

$visibleWindows = $chromeProcs | Where-Object { $_.MainWindowHandle -ne 0 } 1. 1.

if ($visibleWindows.Count -eq 0) { 1.

Write-Host "$(Get-Date) - No visible Chrome windows. Waiting $gracePeriod seconds..." 1.

Start-Sleep -Seconds $gracePeriod 1. 1.

# Re-check 1.

$chromeProcs = Get-Process -Name "chrome" -ErrorAction SilentlyContinue 1.

$visibleWindows = $chromeProcs | Where-Object { $_.MainWindowHandle -ne 0 } 1. 1.

if ($visibleWindows.Count -eq 0 -and $chromeProcs) { 1.

# Scan connections for Google IPs 1.

$hasGoogleConnection = $false 1.

foreach ($proc in $chromeProcs) { 1.

$connections = Get-NetTCPConnection -OwningProcess $proc.Id -State Established -ErrorAction SilentlyContinue 1.

foreach ($conn in $connections) { 1.

$remoteIP = $conn.RemoteAddress 1.

foreach ($range in $googleRanges) { 1.

if (Is-IPInCIDR -ip $remoteIP -cidr $range) { 1.

Write-Host "$(Get-Date) - Google connection detected: $remoteIP in $range (PID: $($proc.Id))" 1.

$hasGoogleConnection = $true 1.

break 1.

} 1.

} 1.

if ($hasGoogleConnection) { break } 1.

} 1.

if ($hasGoogleConnection) { break } 1.

} 1. 1.

if ($hasGoogleConnection) { 1.

Write-Host "$(Get-Date) - Killing all Chrome processes to cut off Google connections..." 1.

Stop-Process -Name "chrome" -Force -ErrorAction SilentlyContinue 1.

} else { 1.

Write-Host "$(Get-Date) - No Google connections found. Leaving processes alone." 1.

} 1.

} 1.

} 1.

} 1. 1.

Start-Sleep -Seconds $checkInterval 1.

} 1.

How It Works & Notes 1. 1.

Google IP Check: Fetches ranges at startup (e.g., 8.8.4.0/24 for DNS, various /16s for services). The Is-IPInCIDR function verifies if a remote IP matches any range—handles IPv4 only (Chrome mostly uses v4; add v6 if needed). 1.

Connection Scanning: Uses Get-NetTCPConnection to list established TCP connections per chrome PID. If any remote IP hits a Google range, boom—kill all. 1.

Why Not Block Firewall? We could add New-NetFirewallRule to block outbound for chrome.exe to those IPs, but it’s messier (requires reversing after reopen, handles dynamic IPs). Killing is simpler and directly "cuts off" without lingering blocks. 1.

Caveats: 1.

Runs as admin for full access. 1.

Fetch might fail offline (falls back to no action). 1.

IPv6 not checked (rare for this, but add similar for ipv6Prefix if needed). 1.

Test: Close Chrome, simulate a lingering connection (e.g., via extension), check logs. 1. 1.

EFF Bonus: This empowers you to disrupt that data flow selectively—feels like sticking it to the panopticon without overkill. 1. 1.

If it doesn’t catch everything (e.g., UDP or non-TCP), or you want firewall integration instead, lemme know for tweaks. Did I win the bet? 😎