
What’s New in Little Snitch 4 - xoa
https://www.obdev.at/products/littlesnitch/whatsnew.html
======
computator
Last time Little Snitch was discussed here on Hacker News[1], I mentioned
this:

One preset that I would love is "maximum privacy while user initiated outbound
still works". So my browser would work because I initiated it, but everything
OSX or apps do in the background are blocked. Automatic updates are blocked?
Good! Network time sync is blocked? Fine by me. Only what I initiate gets
through. Can you do that as a preset please?

Did they do that?

Seriously, I love the idea of a reverse firewall, but I don't want more work
to do. I don't want to analyze connections, look at visualizations, read logs,
react to alerts, set up filters, and configure rules.

I just want a high security, maximum privacy system.

[1]
[https://news.ycombinator.com/item?id=13443858](https://news.ycombinator.com/item?id=13443858)

~~~
Philipp__
My problem with Little Snitch is that it throws too much information at me, or
it's better to say that I care too much for the information that it provides
(and it provides a lot of information). What I would like to see is exactly
what you said, a preset that would disable everything besides browser and what
I initiate.

Edit: Ok so I installed Beta, and it asks you on initial setup page if you
want to enable or disable all iCloud and macOS services (respectively, they
are completely separated options). That's cool!

~~~
mtgx
I don't know how Little Snitch does it as I've never used it, but one of my
favorite UX/UI implementations for something like this is how GlassWire does
it. When something connects to the outside, it subtly notifies you about it,
you see everything in an easy to read list, and you can also easily take
action like instantly-block something. There is no myriad of popups and alerts
and a whole multi-step process to disable something, which is how most such
solutions do it.

For something that would "disable everything by default" I would simply like
to get a GlassWire-like +1 notification on the icon, and then I should be able
to see a list of "last blocked" so I can troubleshoot myself later if
something went wrong.

~~~
Fnoord
That's what Little Snitch does as well.

Its nothing new though. Layer-7 firewalls ("personal firewalls") have existed
for desktop OSes for a while. I ran them in end of 90s on Windows 9x. Software
such as ZoneAlarm, and there were others as well (IIRC LavaSoft had one, but
not sure). Nowadays, Windows has one build-in.

------
xoa
LS4 has had a few private betas up until now, but it's in public beta at this
point and some of the new stuff they've been working on is pretty interesting.
Their main landing page has been updated for LS4 [1] and has a nice general
summary of new features with screenshots, but trying to submit that link just
goes back to the HN discussion on LS3 five months back [2]. The What's New is
more detailed. I'm particularly curious how their improved Research Assistant
2.0 will turn out. They're making an effort to open it up and turn LS4 into a
bit more of a platform, allowing 3rd party devs to make specific descriptive
information available:

> _Third party developers can now bundle their apps with an Internet Access
> Policy file containing descriptions of all network connections that are
> possibly triggered by their app. Little Snitch will then display that
> information to users, helping them in their decision how to handle a
> particular connection. A description of the policy file format will be
> provided soon._

Research Assistant is a useful feature and at first blush this seems to have
the potential to make it even better, assuming LS has enough market
penetration to actually get more then a handful of devs to provide a
description. The spirit of transparency is a good one too. One thing I wonder
about though is how well they're prepared to deal with lying, because this
seems like it could possibly open up a potential risk for social engineering.
Can the developer of an application making a connection a power user would
consider worth blocking actually be trusted provide their own description? If
they do lie (directly or by omission) or even simply obfuscate about what it's
doing, is Obdev up to policing that?

Having used it since version one though I'm excited about a lot of the new
changes. I hope OpenSnitch and similar projects are inspired and vice versa.

1:
[https://www.obdev.at/products/littlesnitch/index.html](https://www.obdev.at/products/littlesnitch/index.html)

2:
[https://news.ycombinator.com/item?id=13443858](https://news.ycombinator.com/item?id=13443858)

~~~
masklinn
Have you been using 4 beta or are you still on 3? If the former, what's your
take on the changes? And how stable is the beta?

------
xenodium
Is there a comunity-curated list of rules I can import to LS?

My LS experience: Most of the time, I was not qualified to make a reasonable
call when deciding whether or not to block certain connections.

I can always side with a conservative approach (block), but I quickly broke
miscellaneous services.

A community promoting a healthy debate for each rule inclusion, based on
criteria (or different levels?), pulling in those more familiar with diverse
services, may enable us all to use LS more effectively.

------
based2
A kernel network manager with monitoring and limiting capabilities for macOS:
[https://github.com/iadgov/netfil](https://github.com/iadgov/netfil)

A userland network manager with monitoring and limiting capabilities for macOS
[https://github.com/iadgov/netman](https://github.com/iadgov/netman)

[https://github.com/wokhansoft/WFN/](https://github.com/wokhansoft/WFN/) src:
[https://www.dpreview.com/forums/thread/3896749](https://www.dpreview.com/forums/thread/3896749)

------
benguild
This would be a great potential full-time Touch Bar app. If the network graphs
and stuff could be there, that would be nice.

~~~
universenz
Agreed. Hopefully the developer will get in touch with the Better Touch Tool
developer. He's built a few widgets for the Touch Bar, and like you say, this
would be a great full time option.

------
peternicky
I'd recommend Radio Silence[1] as a great alternative to little snitch (for
specific use cases). The link below helps with understanding the differences
between the two.

[1] [https://radiosilenceapp.com/radio-silence-vs-little-
snitch](https://radiosilenceapp.com/radio-silence-vs-little-snitch)

~~~
pavel_lishin
I wish Radio Silence had a snitch-like option, so I could run it in "noisy"
mode for a day and block anything that I deem necessary, and then go silent
after that.

------
mrspeaker
I've used Little Snitch a few times and have ended up just "always allowing"
things because there's just so many network connections things say they need.

I started using it again a few months ago, and this time I banned myself from
"allow all" except for things that I trust/reallly need... It's painful, but
also just incredible how many superfluous and obviously-metric-gathering-
disguised-as-a-feature apps do. They are relentless.

Apple itself is the worst, with Google being a close second (google update is
VERY serious about keeping your shit up to date by checking every 30
minutes... don't want to miss out on something!). I'd love to see some real-
time visualization they must be doing with the constant geo/metric data they
are collecting: it would be fascinating!

But I'm not getting paid to provide them with that data, so thanks lil'
snitch!

~~~
cheez
May I provide a view from someone who is aggregating app-specific data from
thousands of users a day?

I create software that people enjoy using. Unfortunately, the market isn't
very big. Fortunately, they use it every day.

For my existing users to continue getting updates/upgrades, I need to be able
to afford to spend time on the product. I cannot spend enough time on the
product if it does not make enough revenue. This means (among other things)
making sure I lose as few people as possible through the funnel. This is the
only reason I aggregate the data: for example, if I can see that 95% of users
who complete task X go on to purchase, then I can try to ensure that more
users complete task X without it being.

This provides more funding, updates and upgrades. It allows me to keep prices
reasonably low (so you are, in fact, getting paid for it).

You may say: instead of charging $40, charge $80 and don't track me!

The commensurate amount of features needed to double pricing, or whatever the
case may be, may not be supported by the market. After some point, there are
diminishing returns: software does get "done" eventually and only a radical
re-imagining can reinvigorate the customer base. But quite often, you will
lose a substantial portion of the customer base because they like the old way
of doing things.

This is primarily why I allow tracking by websites I use on a daily basis.

Or you might say: Just pick something that makes more money!

I'm currently working on a business model that does this as a business model.
Who knows if it'll work :)

------
ioquatix
I bought LS3 < 6 months ago. Is there a free upgrade process? I might just be
outside the window.

~~~
masklinn
You'll probably have to mail the devs. The normal upgrade is $25 (half price)
and I've seen no mention of further reduction but asking never hurts.

------
LeoNatan25
I’d wait to see how High Sierra will be supported before buying this or any
other. Some stuff seems to be deprecated (possibly hard-deprecated), which may
block Little Snitch in High Sierra.

~~~
danieldk
The Little Snitch beta works on High Sierra (I have both running on one of my
machines).

High Sierra does not load 3rd party kexts by default, but you can whitelist
the LS kext in the Security Preferences.

(The day I cannot use signed kexts anymore will probably my last day on
macOS.)

------
mmargerum
I have an iMac, MacBook Pro , and a mac 12"

If I buy the single license will I be able to run it on all of them? I already
got burned by sketch only running on one computer.

~~~
danielx
Seems like it.

> The single license permits either a single user to use the software on
> multiple computers or multiple users to use the software on a single
> computer. However, it does not allow multiple users to ever use the software
> on multiple computers, regardless of whether such use is concurrent. [0]

[0]:
[https://www.obdev.at/products/littlesnitch/order.html](https://www.obdev.at/products/littlesnitch/order.html)

------
YaraGreyjoy
Slightly off-topic but does anyone have any suggestions for Little Snitch like
application for Windows?

~~~
alexchantastic
I've been using GlassWire:
[https://www.glasswire.com/](https://www.glasswire.com/)

