I think I’ve used LittleSnitch since my first ever Mac - does anyone else use it or whatever the equivalent is on your OS?
What does it do?
LittleSnitch is essentially an application firewall/network monitor - it allows you to control which software on your computer can connect to the internet, letting you allow or deny, either for forever, until quit, just once, or for a specified time.
I’ve found it an invaluable tool. You can just deny apps any connection ‘forever’, then when you want to upgrade or allow access you can simply delete the associated rule and it will ask you for permission next time it tries to connect to the internet.
You’d be surprised at how often some apps (like VS Code and the Google Chrome Updater) want to dial home!
Do you use LittleSnitch or the equivalent for your OS?
Yes
No
Considering it now!
0voters
Alternatives/similar that I’m aware of (thanks to Dimi, ODL and Dusty posting them on DT):
Back in my windows days I used to use ZoneAlarm, I am not sure if that software does even still exist or would be sane to use… Not every software form pre 2010 is still fine to use nowadays
Back when I did the switch, I of course searched for a replacement, just because I was used to use one, though didn’t found anything.
Today I do not consider it much worth anyway. I prefer FOSS over proprietary software, and do support this FOSS via telemetry data, update checking is usually patched out though by the packaging mechanism as on NixOS autoupdaters do usually not work.
Or it is simply software that requires to be online by definition. Like a web browser
As you yourself said, Apple made sure softwares like LittleSnitch will not see its own system services so what’s the point really.
I can see some value in trying to catch other programs sending stuff but even if they do and you need the program, what can you do? Not easy to switch away from some.
So yeah, not using any. Maybe I will on Linux, but on macOS and Windows I feel the battle has been lost.
I’ve not tried OpenSnitch but with LittleSnitch you can let it allow core macOS functionality as per their recommendations and then focus on your third party apps, which you can decide whenever they first try to connect to the web
You have a good memory! It rings a bell so I must have used it as well at some point! Looks like it is still around: https://www.zonealarm.com
Personally I think you can’t be too careful in today’s world. Even at the most basic, with an app pinging to log it’s been used will mean they have your IP address, so within just a few months of use they have data on your probable whereabouts. Or, if they are sending more data, how private could that be and how much of it would you have been willing to share otherwise?
A good example is what I recently found Apple to be doing - opting people into Help Apple Improve Search without the users consent. What does this mean exactly? Does it mean they have the name of every file and folder on those user’s machines? Does it include metadata or even excerpts of those files? I’m pretty sure there will be legal action taken against this for now, and while I think many people will worry a little less because it’s Apple, imagine if a third party App was doing it
It is well worth it imo, and it is the third security related thing I do when setting up a new Mac:
Switch on Firewall (which isn’t on by default!)
Turn on FileVault (encryption of your drive)
Install LittleSnitch.
They were basically forced to fix it: https://www.patreon.com/posts/46179028 but it was the fact they did it to begin with is what dented faith in them - now they have the unenviable task of reversing that damage (but no sympathy from many because they brought it on themselves).
So just to be clear, LittleSnitch can filter Apple’s activity, but most people just allow core Apple services through via LittleSnitch’s recommendation in initial configuration steps, as it’s mainly 3rd party apps that are of most concern.
I completely understand and relate to the need to take back control of our devices but I have taken the Buddhist approach of refusing to fight a battle I can’t win. Microsoft and Apple can push stuff at Ring 0 (so even below the kernel) if they wish. If they really want me to not see shady stuff they are doing with my machine then I am sure I will not see it.
Ditto for Google, Samsung, Huawei, Xiaomi etc. and their Android phones.
Hence I will fight the good fight on a platform where I have an actual fighting chance – Linux. For now I just don’t care, my energy and time are limited and I have much better things to do with them than worry about Apple knowing all my files. I am sure they already do.
As you say some of it is avoidable, and for me personally, it’s more about the third party apps - perhaps in part because Apple’s marketing and reputation centres around privacy, so if they do something to jeopardise that they will be hurting themselves significantly (so that should be a decent deterrent).
Well this is likely my personal flaw of being a bit perfectionist; if I can’t have 100% control then I just dissociate and feel it’s not worth fighting. As you point out, this is not necessarily true and I agree but it’s my character (apparently).
Or it’s just me wanting my efforts to truly count and make a difference. Not sure. I dialed back my efforts to do self-psychoanalysis for some months now.
Go with what makes you happy or what you are comfortable with Dimi
Personally, for me, LittleSnitch is a necessity and the only problem I have with it is… I want it everywhere! On my smart TV, on my phone, on my console, everywhere!
Perhaps a better LittleSnitch would be a SnitchRouter - i.e a hardware based system which all of your traffic is routed through and you control connections at that level. Pretty sure that could be very popular - router tech is very stagnated imo.
Taking in consideration the recent brew incident, privacy and security when it comes to macs is laughable, even volatile distributions such as ubuntu have better security measures when it comes to these kind of attacks.
At the same time, I don’t think it caught a lot of attention, as using external devices on phones was never that popular, but on ios you cannot connect “unauthorized” USB devices, there is a list of authorized devices being managed by apple, most likely because they are afraid of security issues when it comes to their half-baked drivers.
You can do a lot of what that does with some routers (I have an Asus which does similar) but blocking IPs/hostnames/ads is one thing, having LittleSnitch-like controls would be sweet imo …and is becoming more and more of a necessity as confidence in OS vendors is diminishing.
Nonetheless, running curl | sudo exec (and similar commands) is a idiotic practice that needs to die out, hence why this vector of attack is so simple.
I fully agree. As mentioned, I’ll go all the way fully paranoid when I get on Linux. They have enough software that does finer tuning of what program can do what.
