Last time Little Snitch was discussed here on Hacker News[1], I mentioned this:
One preset that I would love is "maximum privacy while user initiated outbound still works". So my browser would work because I initiated it, but everything OSX or apps do in the background are blocked. Automatic updates are blocked? Good! Network time sync is blocked? Fine by me. Only what I initiate gets through. Can you do that as a preset please?
Did they do that?
Seriously, I love the idea of a reverse firewall, but I don't want more work to do. I don't want to analyze connections, look at visualizations, read logs, react to alerts, set up filters, and configure rules.
I just want a high security, maximum privacy system.
My problem with Little Snitch is that it throws too much information at me, or it's better to say that I care too much for the information that it provides (and it provides a lot of information). What I would like to see is exactly what you said, a preset that would disable everything besides browser and what I initiate.
Edit: Ok so I installed Beta, and it asks you on initial setup page if you want to enable or disable all iCloud and macOS services (respectively, they are completely separated options). That's cool!
I don't know how Little Snitch does it as I've never used it, but one of my favorite UX/UI implementations for something like this is how GlassWire does it. When something connects to the outside, it subtly notifies you about it, you see everything in an easy to read list, and you can also easily take action like instantly-block something. There is no myriad of popups and alerts and a whole multi-step process to disable something, which is how most such solutions do it.
For something that would "disable everything by default" I would simply like to get a GlassWire-like +1 notification on the icon, and then I should be able to see a list of "last blocked" so I can troubleshoot myself later if something went wrong.
Its nothing new though. Layer-7 firewalls ("personal firewalls") have existed for desktop OSes for a while. I ran them in end of 90s on Windows 9x. Software such as ZoneAlarm, and there were others as well (IIRC LavaSoft had one, but not sure). Nowadays, Windows has one build-in.
> One preset that I would love is "maximum privacy while user initiated outbound still works". So my browser would work because I initiated it, but everything OSX or apps do in the background are blocked.
I don't know how you imagine this would work. If I load up a GitHub PR in my browser and then swap to my editor, will the page update when I get a review comment 30 minutes later? If I launch a program and it immediately phones home, is that blocked?
> If I launch a program and it immediately phones home, is that blocked?
Yes.
> I don't know how you imagine this would work.
That's why I'd like Little Snitch to figure it out. There will be judgment calls, edge cases, and decisions. If there's anyone capable of doing it, it's the developers of Little Snitch.
I don't see a theoretical reason why we can't have "maximum privacy while user initiated outbound still works" -- for some reasonable definition of those words.
I don't know if you can do it as a preset in V4, but in V3 I have custom profiles for "Locked Down" Nothing, "Expensive Network" Basically a tiny handful of services - NTP, DNS, and web browsing, "Secure" - Allow things like Photo Syncing, and some other MacOs services, and "Wide Open" - allow pretty much anything that looks reasonably kosher.
It's not trivial unless you have a lot of network, sysadmin, and OS X background. You have to think about a lot of issues of what to permit, what to deny. Then you still get alerts and have to research the things that want access.
I'm reluctant to deny unfamiliar system apps in case I break something and later have to spend a half a day tracking down mysterious behavior.
The developers of Little Snitch have this knowledge. They could create presets for common situations.
The only preset I want is "maximum privacy while user initiated outbound still works". I'd be satisfied even with cookbook step-by-step instructions for such a preset.
Think about it this way - your computer works fine offline without internet connectivity, so denying access to system utilities isn't going to do any real damage.
Using little snitch to "Deny All except Safari Outbound" is exactly the same as working offline, except that your web browser now works. No Networks/Sysadmin/OS X experience required. By and large, the largest and most annoying culprits on my systems are the OS X system utilities doing background updates, syncing photos, etc.... Ironically, they are the ones I most want to shut down when I'm not on home WiFi.
Plus, if you have 15-30 minutes one afternoon, it's a great way to get insight into what your system is doing, and gain some (small) amount of comfort that you know what's going in/out of your system. Well, that is, everything that isn't bypassing the kernel in the first place.... :-(
LS4 has had a few private betas up until now, but it's in public beta at this point and some of the new stuff they've been working on is pretty interesting. Their main landing page has been updated for LS4 [1] and has a nice general summary of new features with screenshots, but trying to submit that link just goes back to the HN discussion on LS3 five months back [2]. The What's New is more detailed. I'm particularly curious how their improved Research Assistant 2.0 will turn out. They're making an effort to open it up and turn LS4 into a bit more of a platform, allowing 3rd party devs to make specific descriptive information available:
>Third party developers can now bundle their apps with an Internet Access Policy file containing descriptions of all network connections that are possibly triggered by their app. Little Snitch will then display that information to users, helping them in their decision how to handle a particular connection. A description of the policy file format will be provided soon.
Research Assistant is a useful feature and at first blush this seems to have the potential to make it even better, assuming LS has enough market penetration to actually get more then a handful of devs to provide a description. The spirit of transparency is a good one too. One thing I wonder about though is how well they're prepared to deal with lying, because this seems like it could possibly open up a potential risk for social engineering. Can the developer of an application making a connection a power user would consider worth blocking actually be trusted provide their own description? If they do lie (directly or by omission) or even simply obfuscate about what it's doing, is Obdev up to policing that?
Having used it since version one though I'm excited about a lot of the new changes. I hope OpenSnitch and similar projects are inspired and vice versa.
Is there a comunity-curated list of rules I can import to LS?
My LS experience: Most of the time, I was not qualified to make a reasonable call when deciding whether or not to block certain connections.
I can always side with a conservative approach (block), but I quickly broke miscellaneous services.
A community promoting a healthy debate for each rule inclusion, based on criteria (or different levels?), pulling in those more familiar with diverse services, may enable us all to use LS more effectively.
Agreed. Hopefully the developer will get in touch with the Better Touch Tool developer. He's built a few widgets for the Touch Bar, and like you say, this would be a great full time option.
I'd recommend Radio Silence[1] as a great alternative to little snitch (for specific use cases). The link below helps with understanding the differences between the two.
I wish Radio Silence had a snitch-like option, so I could run it in "noisy" mode for a day and block anything that I deem necessary, and then go silent after that.
I've used Little Snitch a few times and have ended up just "always allowing" things because there's just so many network connections things say they need.
I started using it again a few months ago, and this time I banned myself from "allow all" except for things that I trust/reallly need... It's painful, but also just incredible how many superfluous and obviously-metric-gathering-disguised-as-a-feature apps do. They are relentless.
Apple itself is the worst, with Google being a close second (google update is VERY serious about keeping your shit up to date by checking every 30 minutes... don't want to miss out on something!). I'd love to see some real-time visualization they must be doing with the constant geo/metric data they are collecting: it would be fascinating!
But I'm not getting paid to provide them with that data, so thanks lil' snitch!
May I provide a view from someone who is aggregating app-specific data from thousands of users a day?
I create software that people enjoy using. Unfortunately, the market isn't very big. Fortunately, they use it every day.
For my existing users to continue getting updates/upgrades, I need to be able to afford to spend time on the product. I cannot spend enough time on the product if it does not make enough revenue. This means (among other things) making sure I lose as few people as possible through the funnel. This is the only reason I aggregate the data: for example, if I can see that 95% of users who complete task X go on to purchase, then I can try to ensure that more users complete task X without it being.
This provides more funding, updates and upgrades. It allows me to keep prices reasonably low (so you are, in fact, getting paid for it).
You may say: instead of charging $40, charge $80 and don't track me!
The commensurate amount of features needed to double pricing, or whatever the case may be, may not be supported by the market. After some point, there are diminishing returns: software does get "done" eventually and only a radical re-imagining can reinvigorate the customer base. But quite often, you will lose a substantial portion of the customer base because they like the old way of doing things.
This is primarily why I allow tracking by websites I use on a daily basis.
Or you might say: Just pick something that makes more money!
I'm currently working on a business model that does this as a business model. Who knows if it'll work :)
Yeah, Little Snitch shows just how much telemetry Apple macOS collects by itself. It's a bit annoying how noone ever touches on that - people keep Microsoft to significantly higher standard :(
>I've used Little Snitch a few times and have ended up just "always allowing" things because there's just so many network connections things say they need.
If you mean "always allowing" all connections from specific software (Chrome, Apple updaters, you torrent client, Adobe updaters, etc.) then yes. That's how it's supposed to be used, obviously you wont enable them on a endpoint by endpoint basis.
This leaves ALL the other software, which you don't trust, and you get to know immediately of any of its accesses to the network.
I’d wait to see how High Sierra will be supported before buying this or any other. Some stuff seems to be deprecated (possibly hard-deprecated), which may block Little Snitch in High Sierra.
> The single license permits either a single user to use the software on multiple computers or multiple users to use the software on a single computer. However, it does not allow multiple users to ever use the software on multiple computers, regardless of whether such use is concurrent. [0]
on windows I use WFC[1], which leverages the built-in firewall. Due to this though unlike LittleSnitch by the time you get a notification the connection has already been denied to the program, which can be an issue.
They didn't request anything though. The just asked themselves (on a slide or some internal document) if they could inject (a library) into Little Snitch.
Would you mind providing some background to that story? It seems obdev is based in Vienna, Austria. What request was there? And why would they need to battle it (rather than toss it into a paper bin)? It doesn't seem like there would be any legal channel for the NSA to compel them to do anything.
One preset that I would love is "maximum privacy while user initiated outbound still works". So my browser would work because I initiated it, but everything OSX or apps do in the background are blocked. Automatic updates are blocked? Good! Network time sync is blocked? Fine by me. Only what I initiate gets through. Can you do that as a preset please?
Did they do that?
Seriously, I love the idea of a reverse firewall, but I don't want more work to do. I don't want to analyze connections, look at visualizations, read logs, react to alerts, set up filters, and configure rules.
I just want a high security, maximum privacy system.
[1] https://news.ycombinator.com/item?id=13443858