> Have you ever wondered why a process you’ve never heard of before suddenly wants to connect to some server on the Internet? The Research Assistant helps you to find the answer. It only takes one click on the research button to anonymously request additional information for the current connection from the Research Assistant Database.
I'm so glad they built this feature.
The hardest part about using Little Snitch is trying to figure out whether processes that look like system or daemons are making legitimate connections.
Frankly, I don't think Little Snitch is usable because of this. And no, a lookup tool is not good enough. For a paid program, I would expect them to maintain a list of the "required/acceptable" connections and "unnecessary" connections for popular programs, and automate the process of approval for each app.
Perfect example: Spotify is impossible to manually whitelist without spending well over an hour accepting or denying each of the exhaustingly large number of domains it touches. I bet that nearly every user simply gives up and whitelists the entire application, which defeats the purpose of paying for and installing an app like Little Snitch in the first place.
Little Snitch should be doing that work up front for its users. One person on their end spends a day or two figuring it out for an app, and saves tens of thousands of user hours having to individually perform that task. No anti-virus out there alerts a user to every filesystem read and write - they maintain databases of known threats. The same should be true for this kind of software.
Yes, it would require constant maintenance on their part. If they needed to up the price to make such a strategy viable, so be it. As it stands, I uninstalled out of frustration after using the demo for 6 hours. The alerts and interruptions never stop.
Oh this is so exactly my experience as well. I love the concept and the fine grain control that's possible, but it's so damn frustrating to use. So many obscure processes on OSX want outbound access that I gave up trying to research each; on the other hand, if I deny everything I'm worried that something subtle is going to fail and I'll end up spending half a day figuring out why.
> one person [does the work] and saves [us] tens of thousands of user hours having to individually perform that task
If Little Snitch is listening, please do this. I would be willing to pay more.
They do stop, and while I do agree it's annoying at first, your decisions about what to block and when, are different from my decisions about what to block and when. It's not about "threats" per-say but about privacy, operational security and choice.
I would totally accept some presets for apple services.
One preset that I would love is "maximum privacy while user initiated outbound still works". So my browser would work because I initiated it, but everything OSX or apps do in the background are blocked. Automatic updates are blocked? Good! Network time sync is blocked? Fine by me. Only what I initiate gets through. Can you do that as a preset please?
There is simply too much trial and error caused by initially denying a connection, only to discover that it's a mandatory connection to allow the app to function properly. A ridiculous amount of time is spent changing an initial deny to an accept.
>> your decisions about what to block and when, are different from my decisions about what to block and when
It really would not be hard to offer sensible default presets per application. "Spotify is attempting to make its first connection. Would you like to a) block all connections, b) allow all connections, c) allow all connections required for standard operation only, or d) ask me for each connection (manual management)". Nobody is going to fine-tune every phone-home or analytics call; people who want them blocked will block them all, and people who don't mind won't block any of them.
The only reason it's a tough job is that applications can change frequently. Every time any app (ex: Spotify) releases a new version, it needs to be reviewed again to see if the "firewall database" needs updating. It would be useless to have a database of known connections if updates aren't disseminated to users within 1-2 days of a new release.
That is a valid point. But they could at least do a research and give all users useful info in pop-up window. Wouldn't it be easier to decide if one could read a message? Ex: "Process XXXZZZ666 - This process does this and that. Risk of blocking is this, risk of non blocking it that."
Why are OSX applications in general so bad at telling website users which platforms they support? Like always, I have to keep digging around in the website, just to find out that it only runs on OSX...
Does anyone know a similar utility for Ubuntu/Linux systems? Paid or free, doesn't matter.
Not to be biased, but personal 9 years of experience tell me that if a program has a landing page "oh yeah, and for linux and mac too", it looks shit on mac.
That was an exaggeration, but many times programs that look identical (aside from window frames) across platforms don't show the window frames for every platform. Electron apps (for as unpopular as they may be) are pretty platform agnostic. If they show it on windows and just have a linux/mac download button its not a big deal.
skype.com probably fits the bill of looks shit, but it shows android and windows 10 screenshots only.
obsproject.com shows a lot of screenshots that look pretty windows 10-ish... but it also announces "Latest Releases <platform logos>" right at the top of the page.
sublimetext.com shows windows only screenshots. And then mentions platforms at the bottom of the page.
https://slack.com/is shows only mac screenshots. I imagine this reflects more on the developers than the actual product. Im pretty sure its available on other platforms.
And my point was less about quality of programs, but availability. showing the window frame of a single OS does not mean that only that OS is available, sometimes that's just the only OS the marketing team uses.
The same can be said about Windows programs very often. And about your second question: ufw goes in that direction but is not exactly the same as Little Snitch.
I don't run anything like this on my Linux box (just standard iptables), but I was looking for something like this for Windows a while back. The only thing I've really found is Windows 10 Firewall Control:
It's nowhere near as nice as Little Snitch, plus it doesn't block the socket call and then allow it after you acknowledge it. The call will fail and the app has to retry the connection.
I dont click download links until I understand what the product is. It's disappointing to spend time learning about a product and THEN finding out I can't use it. It should be front and center, or have a logo big enough that a quick full length page scroll will show at an instant the platforms available without having to read.
I almost wonder if shortsighted optimization of the sales funnel encourages not putting the platform up front since that would drive people away (who wouldn't buy the app anyways, but that's not always apparent).
Either way it didn't cost the website owner much to lead on some people not in their target audience.
Ah, the price of Running Ubuntu/OSX/Windows....it always bites you in the ass.
This is like the B2B SaaS marketspace - it's almost taken for granted that your app integrates with Salesforce. People are surprised if it isn't.
However, anyone who runs, Microsoft CRM, SugarCRM, Netsuite, etc. - are all used to hearing "Sorry, we don't integrate with X". I'd say ubuntu falls into a similar category....
It definitely goes both ways :) If anything I'd argue it's much more common for Windows apps to not specify Windows-only, because Windows has been the largest install-base for so long.
And yeah. Annoys the heck out of me too, in both situations.
This is a prime example on how to make a landing page for a product. I understand what you are selling and why I would want it. The product looks great and I think I'll try it out after work.
It's pretty good, but I feel like the screenshots don't really convey the app's value very well. Maps wants to connect to maps.apple.com? Of course it should. Itunes wants to itunes.apple.com? Well, yeah.
I'd much rather see a screenshot of some app trying to connect to a sketchy or surprising domain. I think that would really drive home the app's purpose and make it look less like nuisance that's going to bug me every time I launch Apple Maps.
Does anyone use this for reasons other than blocking license validation checks on pirated software? Because that's the only reason I can think of for getting this.
But then I found others, like monitoring my banking websites reaching out to odd domains and ports. Or virus detection (some virii uninstall if they detect Little Snitch). The more I used it, the more I liked it. So I unblocked the Little Snitch license checks and bought a legit copy.
You'd be surprised how many apps try and make requests to ad servers e.g. doubleclick. It's also a pretty good network monitor if you want a coarse profile of which apps are using network badnwidth (and how much).
Yes. I use this to control what information my Mac sends back to Apple.
My workflow for the first system on a network is to install the OS offline, then install Little Snitch from a thumb drive from a trusted system.
I set it to Silent, Deny All mode and turn off all rules except for the rules that allow software to make (not receive) connections to the local network. Then, and only then, I connect the network cable and try to pull an IP address. If you're using dhcp then this will fail. To deal with that, I create a profile that applies only when connected to my home network and then add an allow rule to let dhcpd/discoveryd (IIRC) to pull IP addresses.
I then try to open up Safari and browse to, say, Google. This will typically fail for two reasons: outgoing DNS queries are not allowed outside of the network and Safari doesn't have rights to connect outside the local network. If my DNS servers are outside of my local network I add a rule to allow the DNS lookup process to connect to only the DNS servers I have defined. I then give Safari allow rules for ports 80 and 443. Both of these rules are added to the home network only profile.
From there, I'll try to access the App Store and sort out what rules are needed for that, adding them and then adding them to my home network only profile. At this point, I'll take a firewall rules backup. Now, if I need to reinstall, I can load this rules backup and be able to browse the Internet, pull system updates, and then evaluate other software that needs network requests.
Software that tries to connect is logged, and each connection is logged. For software that is too "chatty", trying to talk to the network when it shouldn't, I'll add deny rules so they don't spam the failed connections log. Other software will have case-by-case exceptions made for it as necessary.
Generally, all of my allow rules will stay in my home network only profile, but there are a few that I'll always allow out. These are often SSH connections as they should be secure no matter where I'm at.
The only change I would make is to add an additional call-to-action button at the bottom. I got to the bottom and didn't know what to do next and had to scroll back to the top to find the trial/buy buttons.
Excellent product, but needs some kind of rule sharing feature. There are so many network requests from different components that it can be overwhelming knowing what to allow.
Definitely agree. I like the idea of it, but when I installed it for the first time and rebooted, it fired off so many confirmation requests for various cryptic services I had no idea what they were, I removed it just as soon as I'd managed to click through them all.
Little Snitch is noisy AF for the first day or so, but that's also kind of the point, right? You're running it because you want to know which apps are doing what. Those first sessions are enlightening. Wow, my laptop talks to all the things! That drops very quickly, though, as you tell it "yes, allow Slack to connect to" and "no, don't let Safari talk to sketchy.ru:8765".
I still get the occasional popup, but now they're limited almost exclusively to newly installed apps that I'm running for the first time. That's still an eye-opener: no, I don't see a need for a calculator to connect to Google Analytics. Deny!
Except for gamed, of course. There's no rhyme nor reason to which hosts and ports it wants to talk to. If you ever want to hack a Mac running Little Snitch, call your process "gamed" and the own will allow it through (if they haven't already set "allow connections to any host and port because alert fatigue lol").
It definitely takes some time, effort, and research to get past this initial phase. In the future, I hope they explore more automation / semi-automation around system processes.
I used to use a competitor, https://www.oneperiodic.com/products/handsoff/. As far as memory serves, it had some kind of rule sharing, but I didn't like it at all (why would I trust rules made by someone else?)
One possible way to do this well would be displaying information about how many people blocked/allowed. Then maybe following the crowd if it is converged enough, e.g. ≥1k votes with ≥95% same decision. But, this might be technically and socially challenging (people who care about this level of privacy may not want to share their rules; you need to make sure that no malware developer can game the system; people need to trust in that).
Therein lies a dilemma: knowing what does what on macOS.
I just sit around watching log stream output and wonder why that JPEG is being 'processed' by Safari. But that's another story.
I tried an earlier version of this and was a bit disappointed by the (apparent?) lack of information regarding these connections from applications, since there's so much going on on OS X and it's hard to tell what's legitimate and what isn't. It would be great if we could record traffic on a per-application/process basis and display it comfortably, or even have some built-in heuristics to identify common tasks like "Firefox update check" or "iCloud authentication".
It's very similar to the venerable "Spybot S&D" on Windows (the "TeaTimer" functionality, now apparently called "Live Protection": https://www.safer-networking.org).
Besides the other replys that suggested Research Assistant: Little Snitch is actually able to write pcaps per application so you can then analyze with Wireshark. Killer feature, imo.
Usually a google search resolves these questions. However, it is a big problem for when I have a non-technical person using a machine with this tool installed.
I have heard, "I never know what to do when I see these popups." Unfortunately, I don't think the research assistant will help them either.
That depends on your POV. Is iTunes phoning home legitimate traffic? Maybe for some/most, but I certainly block those attempts, to me iTunes is just a nuisance app, like GarageBand and a few others. LS does an excellent job at selecting the vital connections as valid and then let you decide if you want to tell Apple & Microsoft & Friends more or if you actually preferred the OS would not.
I noticed no one mentioned https://www.tripmode.ch/ I used to use Little Snitch before but it was to complex for what I wanted to do, allow disallow internet access to certain apps, tripmode does the trick in the simplest way I've even seen.
Please steal this idea and make a product; I'll be your first paying customer:
Data Loss Protection (DLP) for retail consumers.
DLP (see http://whatis.techtarget.com/definition/data-loss-prevention... for a definition) goes beyond what Little Snitch does and does packet inspection to ensure that credit card numbers (for example) are never sent out from your network / box. Ideally, you can add regular expressions to define other PII that shouldn't be allowed to be sent out (your name, address, etc;).
DLP products exist for corporate use, but I don't know of any lightweight + inexpensive one for personal use.
WireShark, Fiddler or Charles can incorporate this functionality, if I am not wrong. Not sure how one would MITM SSL with WireShark, though.
This requires splicing SSL connections, which requires installing custom 3rd party root CA certificate, which in turn requires complete and unwavering trust in your filtering software vendor.
The only way to make this sort of idea work reliably is a managed learning approach that creates a whitelist of known-good network traffic patterns, and then only permits those.
A prescriptive signature-based black list, as you point out, is easily fooled with simple obscurity.
Rather, controlling what information software can get it's hands on (focusing on the input rather than output) seems to the only way out? This is what app permissions on phones and applet sandboxing, chroot jails & containers, etc; try to do.
An additional twist that seems daunting (but interesting) is to mark sensitive data at EVERY step in it's processing, with support from the OS and hardware, and never let out tainted data out without explicit permission. See Perl's tainted variables for the gist of the inspiration.
So if a = "User's name", which is protected data, and you do b = a, then b is tainted, too, and write(socket_fd, *b) would pop-up an alert.
All old hat, I bet, to security researchers. I'm just thinking out aloud.
Yes, I worked on a product with a DLP feature we touted yet it would fail to identify credit cards if you put extra characters between sets of numbers.
It sounds good, and because compliance is about by making good-sounding things mandatory (weekly password rotation, yay! /s) it got mandated in a lot of places.
And it did catch mistakes, like accountants sending the wrong files or to external addresses. Which I guess is justification for it right there.
But it's billed as a stronger (ie hacker) protection, for which it's useless, so I never liked it.
I think the world would be safer with an email plugin that helped you by suggesting that you should not send a document to a given address, based on rules and observations. It'd only be a suggestion so nobody would expect miracles, but it'd stop all the unintentional mistakes our system stopped, for a fraction of the price.
Try it for yourself - can you exfiltrate anything you like by zipping it up and appending it to a JPEG? I think you'll find you can! (7zip just ignores the image part so you don't have to do anything funky at the other end.)
Not related in any way, Little Flocker[0] is a similar program but for file access. It's a little rough around the edges but has been improving steadily.
Spotlight isn't putting that file there; that's where the Finder stores the directory-specific preferences (window size/position, list vs icon display etc). If you don't use the Finder (which I mostly don't) then you'll never see these files.
I have this at the bottom of my .zshrc just for this reason:
# remove any .DS_Store files
# (run in a subshell to suppress background job number info being printed)
( ag --hidden -u -l -g '\.DS_Store$' |xargs -n 1 rm -f & ) > /dev/null 2>&1
i used littleflocker for a few months and, while it worked really well, it slowed my machine down sooo much. perhaps the newer releases perform better.
Someone probably stumbled upon it and found it useful? Little Snitch has been an OS X staple for a while now, especially for those who were involved in the pirated apps scene.
I’ve been using this happily for a long time. For those taken back by the endless prompts on the first run: that’s only for the start. Select “forever” for connections you trust and you’ll soon have much less prompts.
On a side note: the developers also have Micro Snitch, an app that warns when the camera or the microphone on your mac is in use.
They're nice-looking, but don't have anything that even remotely resembles rules. All it can do is deny or allow all traffic, on per-application basis. If you want your email client to talk to only your email server but not anywhere else (as a security precaution) you'll have to use built-in Windows firewall facilities to set up such a rule.
Rule management is coming in v2.0 - or so they say - but it's not yet here.
---
Outpost Firewall used to be a powerful interactive firewall for Windows, but it's dead those days.
unfortunately nothing comparable to little snitch that I could find.
In windows I use the built in windows firewall with WFC[1] to configure it but as much as it gives you a notification when an app tries to connect to somewhere, due to how it works it unfortunately blocks the request first and gives you the notification later, so you always have to retry/restart the offending app unlike little snitch where the app remains waiting while you decide if you want to let it connect or not.
This said I would not use windows without it, these days most applications seem to want to phone home all the time for some reason.
The issue with Tinywall is it won't alert you when it's blocking apps.
Since a lot of Windows apps are a conglomeration of EXEs just whitelisting the main app is often not enough.
Comodo is WAY more bloated than Tinywall but I use it because I can set it to alert me to everything that tries to access the internet, and choose to block it or not.
Yes - anything that doesn't need to be accessing the internet. Plus Google things that phone home. It's fun to watch them get frustrated and light up red in the activity monitor as they desperately try to send back metrics.
If you use Google as your DNS server, sometimes various Google services will just send the same requests over port 53 to 8.8.8.8 or 8.8.4.4 instead of the normal IP.
I have blocked everything Adobe Lightroom and its little cloud friends try to do, except on install to validate key. And a bunch of other apps / Apple services. If it wasn't for Little Snitch I wouldn't feel at ease running Mac instead of Linux. For me MacOS is a decent compromise between privacy and convenience because of Little Snitch. (Except that I implicitly add to the problem by accepting Mac in my life, leading by example and all that. Still struggling with that. But I tell myself I have bigger fish to fry.)
I have used Little Snitch for quite a while, then switched to Hands Off because I liked its interface a bit better and the ability to set a rule that would clear at reboot was a win. I regularly block outgoing connections; tracking attempts by Google, Apple & Microsoft (no PowerPoint, you don't need to check in to Skype at each launch...), limiting a lot of apps to loopback connections rather than full outgoing connectivity, etc.
Another benefit is that once I get over the initial rule configuration hump (and it is a real PITA for the first week or two) what I end up seeing are the anomalies and so I can pay closer attention to what has changed or where something is trying to connect that I might want to think about.
Yeah, it was there but well hidden and an additional click with the mouse vs. being able to do it easily via keyboard. Small things like this really added up to push me to Hands Off, but I may give Little Snitch a look again if the price for upgrading from 2.0 is not unreasonable...
People do it for pirated copies of Adobe software because of how much it phones home. Do a quick google search and you'll find many sn/crack/warez (do people still use that word?) instructions talk about editing hosts files or installing Little Snitch.
I do it even though I have legal copies of Microsoft Office and Adobe software. It is incredible how often these apps send around data even while I am not using them and have no live.com account.
How did you get around not having live.com for MS Office? I've got the retail box of 2016 for Mac (not the 365 one) and it still required me to make one :(
At every launch, it connects to login.live.com and live.com.akadns.net.
The Photos app makes requests to some concerning endpoints that I wish they could add a way to disable those features, like "FaceRecognition" or the like. Which it is implied that the iPhone photos app probably does it too.
Not sure what data it uploads but there is no info surrounding this.
Yes. Applications only get access to the resources needed to do what I want them to. Sorry, nobody gets telemetry.
It is a bit of a pain the first couple times you run a new app, but settles down fairly quickly. OS X upgrades are far worse - Apple seems to build a dozen new weird little things that want to connect to god knows what every release, and the right answer there is, for instance, `sudo defaults write /System/Library/LaunchAgents/com.apple.gamed Disabled -bool true`
Aside from blocking unwanted telemetry, I have multiple profiles that I switch between depending on the network I'm connected to. If I'm tethered to my phone, I restrict almost all traffic unless it's something I'm using so I can conserve data. The profile assigned to my home network is a lot more open.
Little Snitch is at once both great and horrifying. If you watch the day to day stuff that happens on MacOS, you'll see that Apple's reputation for security and user privacy is a pretty low bar. Aside from the constantly pinging Apple defaults, so many third party apps are just all the time phoning home to corporate servers when they're not even in use. Chrome can really just look for updates when I open it, not check in with Google about god knows what every thirty minutes.
Serious question: Can I use only profiles (e.g. no connection until VPN is connected) and the rest of the time Little Snitch should behave like it's not installed? I'm not a big fan of watching every connection... have done this in the distant past with Zone Alarm and Windows and it was more bothering than anything else. I also doubt it increases my personal security a lot.... especially when I think about my normal Android phone which is sitting beside my PC.
Yes, I used to use it and had it set up like this. You create one profile which basically allows only the VPN negotiation daemon to access the network, and then another profile where there is no alerting or blocking.
Your Mac will be very unhappy when on the first profile though - seemingly everything will constantly attempt to call out because it can see an active connection.
I ended up removing Little Snitch because I felt that it was causing instability. I could never pinpoint the issue, but things seemed much more flaky when it was running. YMMV, and I was using it a major release ago so things might be better now.
I think this is not possible by design (every app can go online). Adguard (which is an adblocker, runs without root) is installing a local VPN where you can add rules but I think (but not sure) you cannot distinguish between which program makes this request. So with this local VPN approach you can block certain domains/IPs with rules system wide.
Little Snitch is a fantastic way for people to shoot themselves in the foot.
Most people using it have no clue what they are doing, block random things, and prevent software from working as expected. Not only this can make things less secure by breaking features such as automatic updates, it also makes developer's life miserable by having to provide support to people running their software in a half broken environment.
Oh Really! what about those malicious developers who want to snoop in and steal our data or bloatware or ad serving compaines who just want to intrude in our system. or what about adobe who runs a fucking system level service to update a simple reader which i want to control when and how to update. One should be in absolute control how the network and data is consumed that to clearly and transparantly
Bad network connectivity blocks random things too; it seems reasonable to expect any supported application to cope.
I absolutely use Little Snitch to block automatic updates of some apps that try to download updates over port 80---I don't trust them to have gotten the authentication right. I'd rather manage those through Homebrew & Caskroom.
I have and use Little Snitch. It is an important part of my professional toolkit.
But I have run into quite a number of non-programmer, non-sysadmin users who have tried to protect themselves with Little Snitch only to break their computers.
I don't buy this argument. The canonical usecase is to block a program from accessing the internet at all. It blocks updates, sure, but you still end up more secure if there's no network in or out at all. Local applications should be able to deal with running offline.
"Are you using a third-party firewall, such as Little Snitch? If so, please click allow all connections for our app so it can communicate with the server properly."
Or be very explicit in the verbiage:
"We are unable to contact our update server. If you use a network blocking tool, please allow access to 'update.example.com'. We guarantee that no personal data is collected.
A proper config could easily fix that. Either whitelist certain devices for unrestricted access. Or blacklist devices to have to obey the config parameters. And then parameters for which ports and destinations things should be allowed access to on a per device level...
Which is literally describing a firewall/iptables once you drop the "established" incoming rule and block outgoing.
Basically, "I want a router iptables configurator with notifications"
Does Little Snitch catch process injections (ie: I am currently running in EvilMalware, I open up Chrome, create a new page, write my code into it and create a new thread in it), or is it vulnerable to the same problems of Windows firewall applications before LeakTest and the like. The good Windows firewalls now are able to catch this kind of thing.
I think I understand what you're saying (not very technical) but I have used LS for years. I know that I have blocked microsoft word from specific network abilities and tried to open word files that phone home and LS catches those.
Objective Development (the developers) are a nice company, also providing V-USB - a bitbanging USB implementation for AVR microcontrollers without USB support. https://www.obdev.at/products/vusb/index.html
4-5 years ago when I last used a mac for work, there was a program that had an unlimited evaluation period and was just setup to nag on launch (like winzip). using little snitch just blocked the nag (literally the license did was remove the nag, so it didnt affect functionality). In the end, I wound up not using the program anyway - I really was just trying to evaluate it without the nag. For some reason sublime text comes to mind? I think I wound up just going back to vim
Installing little snitch, I got overwhelmed by how much stuff was trying to make calls in and out. It really does serve its purpose, but you also have to have an idea of what you should be letting out, you can easily break things and if you just "allow all" it somewhat ruins the point of having it.
You could just buy the whole security suite of your firewall program which comes with a firewall probably. For example ESET Cybersecurity comes with a firewall.
Has anyone figured out how to stop Google's autoupdate process (ksfetch) from tripping LS nonstop? It spawns multiple new temporary processes when checking for updates, and LS requires a path to a specific process file to block it. This has made LS unusable for me since uninstalling all Google products isn't an option for me.
Little Snitch is great. You need to have a strong understanding of networking and the apps that you use, to use it successfully. It is great at opening your eyes to what apps are trying to connect where, and by catching a cap you can investigate what they are sending.
Long time LS user and love it - yes the constant notifications will tax your Qi but once you've set up the bulk of your rules it'll give you a lot of peace of mind. Also grab Lingon X if you're serious about control.
As I said, "You can easily verify that it behaves correctly with common network tools".
Track its behavior from an exit node of your network and see whether it matches your rules.
Not really much difference than manually checking some tens of thousands of lines of an open source application, or trusting that the binary you got from the repo corresponds to the source (and of course even hashes can be tampered).
Plus, even if it chose "to not show a specific application making requests" you'd still be blocking all others apps, and thus way better off than not having it installed.
Funnily enough, I vaguely recall that the crack for an older version involved setting a rule where the app would block its own traffic to their own license server. I'm not sure that validating a license counts as data collection, but still pretty funny IMO.
The app costs $35. I presume this is a workable business for the developer, and therefore little economic incentive for data collection or other backdoor/nefarious tactics.
I'm much less trusting of free software like most ad-blockers where I have to wonder how they're really making their money.
It depends what you mean by "free". Of course all software should be handled with varying degrees of skepticism, but open source software can be directly verified (though this also requires building from source), and you don't have to just hope that the author was honest.
I'm currently using LS, but one of the problems I have is that it doesn't support wildcard domain rules. This means ephemeral hosts quickly build up a large number of rules which soon become redundant.
Yes it does. You click the domain in the popup an change it to the part of the domain you need. Then you view your invalid rules and it will show you which rules are no longer needed.
This proprietary application has been under development for almost a decade. While it has had it's share of vulnerabilities as would any application it's age, they've also had that long to develop a reputation in the MacOS ecosystem. I'm no expert on LittleSnitch or Objective Development, the company behind it, but I can't remember any time they've been caught doing shady or unethical things in the time I've been using it (since about 1.x days). The last disclosed vulnerability that comes to mind (CVE-2016-8661), while being a nasty privilege escalation, was responsibly disclosed and quickly dealt with.
There's an easy way to break it. Connect to random ports/IPs, so that the machine becomes unusable due to the amount of Little Snitch popups showing up. Until the user gives up and disables it.
There are times where you don’t want to get interrupted by any network related notifications. With Silent Mode you can quickly choose to silence all connection warnings for a while. You can then later review the Silent Mode Log to define permanent rules for connection attempts that occurred during that time."
> Have you ever wondered why a process you’ve never heard of before suddenly wants to connect to some server on the Internet? The Research Assistant helps you to find the answer. It only takes one click on the research button to anonymously request additional information for the current connection from the Research Assistant Database.
I'm so glad they built this feature.
The hardest part about using Little Snitch is trying to figure out whether processes that look like system or daemons are making legitimate connections.