Hacker News new | comments | show | ask | jobs | submit login
Micro Snitch – Know when someone spies on you (obdev.at)
249 points by octosphere 62 days ago | hide | past | web | favorite | 113 comments



If you stop for a minute to think about it, it's a very sad state of affairs that you need to buy a closed-source app for the most secure consumer operating system, and pay constant attention to its status, in hope to avoid (or detect) spying.

I'm personally re-thinking my approach to security and anonymity online, esp. in light of recent news re: Facebook (Cambridge Analytica, account breach), Google (Chrome 69, increased spying), etc.

I've bought a new laptop, and for the first time in 12 years it's not a Mac - it's Thinkpad X1 Carbon 6 (similar/better specs vs Macbook Pro at half the price) with OpenBSD, which takes 10 min to install, works flawlessly with Thinkpad's hardware (minus bluetooth and finger scanner) and have a security model I can trust.


>similar/better specs vs Macbook Pro at half the price

I hear people say that and I always get excited. Then I just went to Lenovo’s site and I configured one and for a small margin on error they are the same. Why do people say this when it doesn’t seem true? Is there a “50% Off all Thinkpads” website I don’t know about?


I configured ThinkPad using Employee Perks website at work (many places have something like this), and got a 27% discount from the list price, which is only 2% higher discount vs. the promotion they have been running recently (thinkx25 discount code).

I configured a machine with i7-8550U cpu (8th gen, 1.80Ghz, 8MB cache, up to 4Ghz Turbo boost), 14" WQHD (2560x1440) IPS anti-glare panel @ 300 nits, 16gb LPDDR3 2133mhz, 720p HD camera, integrated UHD graphics 620, and 256 GB PCIe-nvme hard drive for $1,396.47 before tax. I'm comparing it to a 15" macbook pro at $2,400 before tax (and it has DDR4 - so hungrier - memory).


You can argue it's not a fair comparison, 15" Macbook Pros have a 6-core CPUs and a standalone GPU, and a 13-inch Macbook Pro with 8th-gen Intel core i5 and 16GB (which can be configured at $1,999 before tax) is a better one - either way Thinkpad is a better deal, and it's a very light laptop (only ~2 lbs).


Yea it’s ddr4 with a dedicated graphics card, probably has a better screen. You saved some money by downgrading. Go spec an actual MacBook Pro, I promise you it’s at least $2000.


Because they didn't actually look at MacBooks, they're just guessing the price and specs.

Also for some reason people who say this never mention that they're happy with a 1080p screen.


I just "refreshed" my work MBP to a Lenovo and Linux.

I'm happy with a 1080p screen.

I don't need a trackpad that's half the size of the laptop. I don't need keys that only mostly work. I don't need a strip of whizbang capable of playing Doom.

I need function keys, that work, and give me tactile feedback.

People like different things.


If playing Doom at 1085x30 is wrong, then dammit I don't want to be right.


The ultimate evolution of cranking up Quake FOV settings right there....


> Also for some reason people who say this never mention that they're happy with a 1080p screen.

Sorry what?

Let's look at my work laptop from the year before last. It's a macbook pro with a retina screen from 2013. The CPU is a 2.4GHz dual-core i5 processor. (I'm specifically looking at the ME864LL/A).

Currently they're selling for 500£, second hand.

A quick look on thinkwiki.org shows the equivalent is an X201 or X230.

A quick gander on Ebay shows an X230 with better specs: This one has an i7 with a 3.6GHz processor, an SSD already fitted, and 8GB of ram (2x more than the macbook in question). It comes in pristine condition with the charger and dock included.

It costs $310.00, plus $20 shipping (There are others in good nick with roughly equivalent specs (~2.9Ghz) for $40 cheaper)

The default screen is kind of crap, but for an extra $80 - $130 and a spare hour you can upgrade it. This specific redditor[0][1] bought a 2k screen (2560x1440 IPS) mod kit from China and it worked

So that makes it, what, $400?

It's $100 cheaper, for a better laptop with an equal or better screen.

[0]: https://www.reddit.com/r/thinkpad/comments/8c009g/thinkpad_x...

[1]: https://forum.51nb.com/forum.php?mod=viewthread&tid=1831613&... (you might need google translate)


Today you learned that used Macs hold their value well! This works out well for you when buying new because if you spend a couple hundred bucks extra, you can anticipate getting it back when you sell it.


I'd rather save more money, by not spending that amount of money on such a machine in the first place. Also, I'm not sure how "halving in price" is "holding it's value well". Investing 1,000 to 4,000£, or more, in something that in a few years will be worth 500£, does not sound like a good deal to me.

Besides, that only works if you, as a mac owner, treat your machine well. From looking at second-hand macbooks, it's very difficult to find one where the screen isn't bent, or badly damaged, or where the battery (which is not easily user-servicable) actually holds a charge.

Personally I'm not even sure how you accidentally bend a laptop screen in the first place. All the thinkpads I've bought have been not only in fantastic condition, but almost every problem that presents itself (If any does, of course) is fixable for less than the price of a new machine.

I also believe I forgot to mention, that the older thinkpads have not only screen upgrades, but people in China producing motherboard upgrades? I could upgrade my $60 X200 to a recent-generation i7, with USB3 / USBC ports, fast graphics, etc. for even less than I could have bought that other Thinkpad with the same specifications, for.

Oh, and for the final dose of laptop superiority: Almost all thinkpads since before the X200 have keyboard drains. If I spill my drink on my laptop, my laptop still works.


For sure, I'd rather keep the money. But it makes comparisons a bit less straightforward, if you saved $200 on a laptop but could have gotten $300 more back on a Mac at the end, was it really cheaper?

I haven't kept track of Thinkpads (had a brief foray into Surface Pro land, then went back to an iPad + Mac for Apple's better stylus when they finally supported one), but I've been told the drains aren't a standard thing anymore? Some models have it, but Thinkpad doesn't list them in the specs so it's hard to even tell which.

For instance, the T480 does, but I think the T480s (slim) does not. And the T480's webpage doesn't mention it: https://www.lenovo.com/us/en/laptops/thinkpad/thinkpad-t-ser...


Ebay prices are very different than buying new.


FWIW, I will be getting a highDPI (25x16) screen for my Thinkpad, and I think it's a worthy upgrade at ~$100. But Lenovo does give you a choice in case you would rather use 1080p.


> Because they didn't actually look at MacBooks, they're just guessing the price and specs.

Yeah, that's the reason. <eye roll>


It's because sometimes, such as when Apple takes a year to update a line, that you can find an ultrabook that costs half of what Apple is offering for similar specs (or in some cases, same price, much worse specs).

Take a look at the MacRumors buyers guide release date graph for the pro-line https://buyersguide.macrumors.com/#Mac

It's not as severe as it used to be now that returns are diminishing on new generations of components, but even three/four years ago, it could be startling.


They have sales and the components are upgradable.

I got a monster of a machine 2 years ago for < $1100, by buying during a 35% off sale and getting the SSD aftermarket.


Yeah, it is a bit of a rube's game to opt for top-of-the-line replaceable parts from an OEM. Hard disks, RAM, sometimes graphics cards, you can do a lot better going for the cheapest possible option and popping in better stuff yourself. Besides, if you optimize for this scenario, you filter out soldered in crap, and get a chassis that has the potential to be a ship of Theseus down the line.


My advice, get last year's Thinkpad for new or refurbished on ebay. Mine was actually two generations back when I bought it used (it had seen very light use) and it was incredibly cheap. Without webcam but with modem :D


The XPS line is significantly cheaper than the MBP, at least in the UK.


That's a questionable approach you took, since Lenovo has been caught in the past shipping laptops with spyware. I actually bought the same Thinkpad a few months ago (beautiful machine btw), but I had to return it as I couldn't get myself to trust a computer manufactured by a dishonest company, in an authoritarian country. It felt just so uncomfortable.

At the end of the day, I still trust Apple the most, since they have a huge reputation they need to maintain, although I recognize it's not an optimal solution, as they might very well have weaknesses in their supply chain, or become dishonest at the request of some higher authority.

On a related note, it appears we don't live in the era of personal computers anymore, but rather personal interfaces. Most people are comfortable getting a mobile interface they control, while the computation and storage of their data is performed by somebody else.


> since Lenovo has been caught in the past shipping laptops with spyware

Are you referring to [1]? Since I will be installing OpenBSD on this machine, I won't be affected by it. I do have to trust their BIOS, though, and unfortunately there is no easy way around it on modern hardware, unless you want to limit yourself to something supported by e.g. coreboot.

> manufactured by a dishonest company, in an authoritarian country

Macbooks are manufactured in the same country, but yes, I do understand your sentiment re: "dishonest" company - very few Chinese manufacturers can be fully trusted, as e.g. Chinese government has a lot of coercion power.

[1] https://forums.lenovo.com/t5/ThinkPad-S-Series-ThinkPad-Yoga...


Yep, I was referring to that. You are correct, you won't be affected, since you run a different OS. I personally just couldn't stomach that a manufacturer would engage in such sneaky practices.

So, maybe you're fine for now (I envy you slightly for enjoying such a well designed piece of non-Apple hardware) but will you trust the X7, X8, etc? Especially with the escalating US-China trade war.


I do believe there is an increasing demand for privacy, so hopefully in 4-5 years, if I need to upgrade my machine, I would still have a reasonable choice.


>since Lenovo has been caught in the past shipping laptops with spyware

those were IdeaPads not ThinkPads.

> I couldn't get myself to trust a computer manufactured by a dishonest company, in an authoritarian country.

... you'd be naked and bereft a lot of other comforts if you were to get rid of everything made in China.


I stupidly chose a high end thinkpad at my job a few years ago and I am a counting the days until I can renew and get a Mac.

The hardware is shit. I've had to send it to service 3 times in the nearly 3 years I've been working with it. I just put in a new up arrow key last week because the last one broke. In it's current state only one USB port is functional.

Granted I'm a consultant and do heavily traveling but it has never happened to any of my colleagues Macs. Once it was in service for week because the wifi card was disconnected. Don't even get me started about running linux on it, not a nice experience.

Getting home and using my mac is such an upgrade, OS and hardware wise. Only thing I really miss is the red track button in the middle of the keyboard, that is a phenomenal feature!


Interesting; I have basically the exact opposite experience. I had a T460P (running Linux) that I loved as my work computer, and then my company got acquired and I had to choose between a gigantic brick of a Dell or a Macbook, so I decided to try a mac for a while. I absolutely hate it: the keyboard needs to be blown out with compressed air all the damn time, plugging in external monitors is a total crapshoot, the touch bar thing just sucks, having only USB-C ports is a pain, and every fuse filesystem is insanely slow.


The 2015 macbooks and earlier were great. The switch to USB-C/removal of thunderbolt AND hdmi has made using the newer macs a real pain. The older macs had much better keyboards (and better placement of the touchpad). The only nice thing about the touchbars is that they have a fingerprint reader.


Actually they replaced Thunderbolt 2 with Thunderbolt 3, and it's better.


Do you actually have any equipment that comes with Thunderbolt3/USB-C cables? My office currently buys new hires at least one dongle plus an hdmi cord because our monitors don't come with a USB-C cable (if yours do, please let me know what you're purchasing). Wireless mice and keyboards that use the USBs need dongles. If you go into a random conference room (at work, at clients etc), many places will have hdmi cords which you used to just be able to plug in. Instead of having a laptop that "just works" it's now a pain to ensure that new hires have all the equipment they need.


I'm probably a bad example because my setup is hilariously kludged together.

I use two circa 2007 30" Cinema Displays, so from the laptop it goes Thunderbolt 3 > Thunderbolt 3 Hub > Thunderbolt 3 to dual DisplayPort > 2x DisplayPort to Mini DisplayPort > 2x Mini DisplayPort to Dual-Link DVI > Displays.

The upside is that my MacBook is connected to all that with a single cable that includes power. For peripherals I use bluetooth. When I travel I just carry that Apple HDMI/USB/power breakout dongle and it covers every situation I've found myself in so far.


The fingerprint reader doesn't work most of the time. Either it doesn't appear at all, or it's completely unresponsive.


Yes, it doesn't work most of the time. Thats still higher than Lenovo fingerprint readers which never work.


Sorry to hear about your troubles. When I was a consultant (and used Thinkpads heavily at work) they worked pretty reliably with a lot of abuse, although I agree that Windows is something that (for me personally) is hard to tolerate as an OS.

What's interesting about OpenBSD/Thinkpad combo is that hardware support is miles better vs. Linux on the same hardware (WiFi, snooze, etc.), from what I can tell, as many of the OpenBSD developers use them as personal machines.


> Only thing I really miss is the red track button in the middle of the keyboard, that is a phenomenal feature!

Oh, are you referring to the TrackPoint™-style pointer?

https://xkcd.com/243/


Which model was it? I have heard different model lines have vastly different quality levels. I think the T and X lines are widely considered the best. I would not consider anything outside those two lines for professional use.

My T430s has been great. It sees a lot of use too.


I'm a fan of the X1 Carbon line; my current home laptop is a 3rd-gen that I grabbed on eBay for cheap a while back. Might leapfrog to the next model when it's released, but the "Alexa for PC" integration is kinda sketching me out.

I know it's just factory-installed bloatware at this point, but I'm concerned that before long Amazon's going to be paying off OEMs for physically integrated spy hardware, and while I love my ThinkPad systems, Lenovo's willingness to include Alexa makes me nervous.


Interesting - since I'm not on Windows, I didn't know about Alexa integration.

On the other hand, Lenovo seems to use hardware components with good support by open-source drivers. Hopefully one day they (or someone else) will support something like coreboot, which will create a more open system (minus microcode in the CPU).


How does the trackpad feel? The only thing I haven't found anyone else do better than Apple is the Mac's trackpads. They're absolutely smooth and a pleasure to work with.

I installed Unbuntu on a Lenovo and the trackpad felt horrible in comparison, even after tinkering endlessly with the settings.


Half the allure of a Thinkpad is the trackpoint though.


I don't understand trackpoint. I've tried flat & adaptive pressure profiles and a mix of different sensitivities.

I always overshoot what I'm trying to click on a tiny bit. With a macbook touchpad, that just doesn't happen at all.

Also, it feels like the force and dexterity to use a trackpoint puts a bit too much pressure on my finger.

I've tried using a trackpoint for a while. I desperately regret switching my corp laptop from a macbook to thinkpad several months ago. Linux is nice, but now I have to deal with this really shitty trackpad for over another year until my refresh.


I like the trackpoint because of the nostalgia factor, but in terms of dexterity, speed, and accuracy, there's no way it can compare to a trackpad.


The track point to me feels very unnatural.

Do you switch fingers to give yourself a break?


Dell XPS trackpads are better than MBP, and plus if you get the developer edition you still get Linux.


I'm on a fresh Debian install and using a VPN. At some point I need to lock down my home router and flash the BIOS on some of my more promiscuous computers.

What I would REALLY like though is a quality Linux operating system for the phone like Ubuntu Touch. I just don't feel comfortable on Android.


I'm really hoping the Librem 5 is successful - supposed to start shipping in 2019: https://puri.sm/shop/librem-5/


"the most secure consumer operating system" ?


Well, that’s certainly up to debate - but please note the “consumer” qualifier there. I do believe that for an average non-experienced consumer, it offers better security over Windows (fewer viruses, App Store launched earlier, etc.)

I should have added “desktop” there as well, otherwise I would say iOS is the most secure consumer operating system these days.


>If you stop for a minute to think about it, it's a very sad state of affairs that you need to buy a closed-source app for the most secure consumer operating system, and pay constant attention to its status, in hope to avoid (or detect) spying.

Emphasis added, because of course you don't need to, and most people don't. Apple themselves have been working at it and Mojave contains a bunch of new restrictions and brings more visibility to what software wants what. It's much more feasible now for users to simply prevent most (or all) standard software from accessing the camera or mic entirely. Someone could be very cautious about what they install and stick to more heavily controlled and sandboxed major name stuff from the MAS (even though I personally think the MAS is a huge disappointment and waste of potential still). Running software in a VM is another option for power users. And for that matter if you don't actually use the camera much/ever (likely true for many on HN) you could simply physically block it with an opaque black sticker, or even drill it out and stick some black epoxy in there or similar.

Ultimately this is just another possible layer and UX. If anything it is probably of most value to power users who want to run software from anywhere and in turn would like to have additional tools to handle some of the vetting and watching that Apple might do for general users with light needs. That's like Little Snitch too, I find it absolutely invaluable, but I also have the basic systems and networking knowledge for it to mean something to me. For end users I help it's of no direct use because it all might as well be in another language, they don't have the knowledge or metaknowledge, it's only any good in terms of providing an administrator willing to take an active hand in things occasionally another way to help lock systems down.

I do hope for Apple to continue their trend of privacy focus, for example they could make camera access more nuanced (like only if it has user focus). But I have more faith in their ability to make that functional for general end user contexts then in many server secure focused OS. To your point:

>(works flawlessly with Thinkpad's hardware (minus bluetooth and -finger scanner-) and...

But biometrics are incredibly value for general mobile usage security. Shoulder surfing these days should probably be considered the rule not the exception given the growing ubiquity of networked cameras everywhere and the data storage capacity and ML to handle their data. It's much easier to passively mass vacuum PINs or passwords then good biometrics right now where you can't ensure any physical security. OpenBSD does support HSMs which would help, though it's another thing to keep on hand as well. And of course there is the time factor of a good password vs biometric entry which discourages many people from using good passwords.


> Emphasis added, because of course you don't need to, and most people don't. Apple themselves have been working at it and Mojave contains a bunch of new restrictions and brings more visibility to what software wants what.

That's a good point. It is interesting, still, that someone took time to build an app like that - maybe its perception vs. reality, but I have seen a lot of coverage on how various spyware can use your cam without you knowing. Good that Apple is improving the security of the default system.

> And for that matter if you don't actually use the camera much/ever (likely true for many on HN) you could simply physically block it with an opaque black sticker, or even drill it out and stick some black epoxy in there or similar.

For what it worth, Thinkpad's new laptop (and the one I bought) have a built-in webcam cover, called ThinkShutter.

> But biometrics are incredibly value for general mobile usage security.

Agree - and I'm researching use of YubiKey (or something similar with proven security model) as a 2nd factor w/ OpenBSD, as I think it has a better security model vs. closed-source fingerprint scanner.


> It is interesting, still, that someone took time to build an app like that

Countless people still insist that Facebook is literally recording their conversations. I'm not sure it's possible to overestimate people's paranoia, or how stupid it makes them act.


FYI, it doesn't serve exactly the same purpose, but macOS Mojave requires a permission prompt for software to access the camera and mic.

Of course, if a program has access to it (including Apple's own permission-exempt software) an unauthorized app may be able to use the authorized one as a route around the sandbox:

https://objective-see.com/blog/blog_0x2F.html

But Mojave also added an "APP_1 wants to control APP_2" permission prompt, so I don't think that workaround is typically possible. When the malware tries to use Quicktime to run a video/audio capture, the AppleScript should trigger a "Badware.app wants to control Quicktime" permission prompt.

https://apple.stackexchange.com/questions/335848/mojave-disa...


This is the sort of thing that should absolutely be baked in at the lowest reasonable level.

Browser-level requests for camera/mic permission are obviously nice, and it's even better to see OSX offer the request to catch more cases and prevent workarounds. Requests for control transfers are also an obvious improvement; at a certain point the easiest way to curtail sandbox escapes without restricting normal functionality is to just talk to the user.

Honestly, a same-circuit "camera on" light is my preferred solution to this whole question, and I'd be happy to see the mic get a separate light or be tied into the camera circuit.


Honestly, a same-circuit "camera on" light is my preferred solution to this whole question, and I'd be happy to see the mic get a separate light or be tied into the camera circuit.

The problem is that this doesn't help if you have a desktop machine, but you are not literally sitting behind it to notice the light. Software could still eavesdrop on conversations during that time.

The nice thing about Micro Snitch is that it also keeps a log.

Ideally, we would of course have all these levels of protection: a light, a physical switch to disconnect the camera and mic, sandboxing with camera/mic permissions, and logs like those provided by Micro Snitch.


> This is the sort of thing that should absolutely be baked in at the lowest reasonable level.

It's baked into the kernel, if that's what you're asking.


Yes - my reaction is that Micro Snitch is great in the absence of a kernel feature, but this sort of thing is best handled at the kernel and hardware levels.


I've seen that prompt twice since I updated and one time I could figure out why it was happening, the other time I couldn't. I'm not sure what to tell my friends who ask me about Mac stuff to do when they see that prompt.


Or just install Oversight, it's free, does the same thing. And if you want you can support the author on Patreon.

https://objective-see.com/products/oversight.html


I like that Micro Snitch's ears light up when the mic's in use, or his eyes light up when the camera's on, without the notification. As someone who uses audio/video capture apps a lot, it's a useful way to know at a glance whether certain apps are running properly.


why are these all for MacOS? are windows and linux not targeted by similar malware?


Of course, other operating systems are vulnerable as well. The problem is more that for a long time the security model of Linux was that an attacker is interested in getting root access. This hasn't been true anymore since DDoS attacks, crypto mining, etc. became a thing. And in recent years, attacks have moved towards phishing, crypto lockers, etc. Though Linux for a long time still had the model that an application has the same rights as a user. As a result, virtually every app is able to use an audio device if the user has the right permissions and/or eavesdrop on other applications and limited possibilities for access control:

https://www.freedesktop.org/wiki/Software/PulseAudio/Documen...

Similarly, X11 applications can snoop on keystrokes, mouse events, and other applications, etc.

Luckily, there has been a strong push to change things. E.g. Pipewire is going to provide access control for sound devices and cameras, Wayland provides more GUI isolation between applications, and Flatpak/Bubblewrap are introducing application sandboxing at a larger scale.


> X11 applications can snoop on keystrokes, mouse events, and other applications, etc

Not just "X11 applications" but any process that can open your X unix domain socket (usually at somewhere like /tmp/.X11-unix/X0) or, god help you, connect to tcp://localhost:$((6000 + $DISPLAY_NUMBER)).


Perhaps it's because Mac hardware is fairly homogeneous, so it's relatively easy to write software that targets every model.

Who knows how many cameras and audio input devices exist for generic PCs. Probably most of them use standard APIs you could interrogate, but I bet not all of them.


Have you ever tried getting audio capture to work on Linux? Now imagine trying to automate that workflow across devices as part of a spyware package.

People would install it on purpose just to get their damn pulseaudio config sorted out.


Is this open source? Is the code on github or something?


Not that I know, right now the only project that has been open sourced is Lulu, a firewall (https://github.com/objective-see?tab=repositories).


I came to say this. I've been using Oversight for a while and it's simple, free, and great.


How do you know when Micro Snitch spies on you? I couldn't find the source code anywhere.


>How do you know when Micro Snitch spies on you? I couldn't find the source code anywhere.

Source code isn't really necessary. Nor sufficient for that matter even if it was there, you'd need verifiable builds and an assurance of no self updating capability too, basically for certain minimal products you need some level of trust. As far as extra verifying though you'd probably start the same way you would minimally blackbox anything: stick it on a virgin test box and monitor all I/O in a controlled setting (VM could work too, though if you're super paranoid you might take into account that can be detected and runtime behavior modified). I guess you could start disassembling it and poking around its memory and such too if you wanted.

But seriously, it's a Mac product, so source access everywhere should kind of obviously be off your list already. How do you know when Apple spies on you? You won't find the source code. And the answer is you blackbox it and mostly you trust that it'd get noticed at some point and Apple would get the crap sued out of them and be investigated by governments worldwide etc etc. Objective Development is a very long standing dev and has put out a far more critical long standing security product that has been used by a lot of sec people for a very long time. Sure they could be compromised in the same way any dev could, but on the lowest critical factor level they're unlikely to be the biggest risk in most users' threat model.


It's worth noting there is one way to verify camera activity without needing to offer source code or elaborate test setups: embed a "camera-on" LED on the power circuit. As long as somebody does a teardown to prove it and you're pretty sure no one has compromised your specific machine's hardware, it ought to be safe.

I don't meant to detract from the "trusting trust" question, there are lots of issues which really are best handled by just pushing the problem problem outside the average user's threat model. Even source-code verification isn't actually terribly robust on the user level: are you sure you got a clean install? Are you sure nothing has modified it? And so at a certain point "just trust Apple" is entirely reasonable.

But I do think we sometimes rely on webs of trust, elaborate app signing schemes, and other software or legal solutions when we could be getting by with a simple hardware answer. (And the entire IoT domain looks a lot like undoing solved hardware problems...)


Your healthy paranoia reminds me of a classic talk on the matter, Ken Thompson's 1984 Turing Award speech "Reflections on Trusting Trust."

https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p7...


The “Trusting Trust” argument comes up a lot as the final counter in this line of reasoning. It’s not and work continues.

Do check out David Wheeler’s 2009 thesis on Double Diverse Compiling for instance: https://dwheeler.com/trusting-trust/


> Source code isn't really necessary. Nor sufficient for that matter even if it was there, you'd need verifiable builds

Actually it is sufficient. On macOS one can install homebrew and add the build from source option. Most Linux distributions provide similar facilities.

Of course on can go Hardcore and use Gentoo, but yeah, in that case verified builds + OSS are the more efficient option unless on has access to a cluster.


I have used Gentoo on my desktop for a long time, but it still requires a lot of trust. How many Gentoo users recompile the whole toolchain, which itself is no guarantee?

Most just unpack the stage3, follow the handbook, and be on their merry way. Hell, I'm super paranoid and I haven't bootstraped on every install.


I was about to say, this would be the greatest social hack to get paranoid people to uncover their cameras only to use this very application to spy on them.


I got MicroSnitch as part of a bundle with LittleSnitch, without really knowing what it was at the time. When I figured it out, I had the same thought as you.

It's definitely not something I'd ever trust completely, not only could it be spying on you, but I also don't really trust my hardware. However, I must say, it's still very nice to have. It at least narrows the possible spying vectors, and it's nice to know immediately what apps are listening; the best example being Android Studio emulator: always listening.


Wouldn’t LittleSnitch be ideal in this situation to assist in checking if MicroSnitch is phoning home?


LittleSnitch does tell you when LittleSnitch and MicroSwitch phone home (auto-update checks only as far as I've seen), but they're the same developers so theoretically if one could fake one, one could fake both: they could be tightly coupled.

So you have to implicitly trust the ObDev guys, and you have to implicitly trust the hardware, but beyond those two assumptions they function great for any other threat models.

Would still be nice if they were both open source but hey: I use the open source vscode and it phones home uncontrollably all the time, so source code only benefits us so much.


Agreed. I replied in a sibling[0], which I think is relevant here. It seems I should definitely queue looking into what testing has been publicly done, etc. and collate that.

>Would still be nice if they were both open source but hey: I use the open source vscode and it phones home uncontrollably all the time, so source code only benefits us so much

Yup; definitely true.

[0]: https://news.ycombinator.com/item?id=18201533


Who knows if LittleSnitch is not a "social hack" by itself ?


Interesting thought. I would assume some audits have been done via blackbox testing of some sort (e.g. hardware monitor, routing all traffic through a proxy and logging it, etc.) by some infosec group/Co, but I also haven’t researched that.


I think there was a talk on breaking LittleSnitch at either Defcon or B-sides a few years back. I couldn't get in though; it was full. Whatever it was is probably fixed by now anyway.



How do you know when MacOS spies on you? (or your microwave, for that matter)

At some level in the chain you put your trust in an authority.

Ideally the kind of authority who has more to lose than to gain from spying on their users.


I would really prefer all I/O devices, including touchscreens and antennas, have physical on/off switches. 1 for in and 1 for out where possible. Even if I have to open the device to flip them. I'd like to be able to turn a phone into receive-only device without worrying about what it's broadcasting. That's probably a lot more complicated than I'm imagining, but I'd like it if lines between what's a sender and what's a receiver were more clear, instead of everything being both.


A "recieve only" phone radio would only be capable of GPS and FM radio - both the data and voice technologies require bidirectional comms to set up the channel in the first place. (This is basically "airplane mode")


"airplane mode" if you can trust the software is respecting your soft toggle button :) But yeah, that's 2 other great uses for old phones, GPS and radio are pretty useful.


>turn a phone into receive-only device without worrying about what it's broadcasting

Then all the spy software has to do is receive a signal to begin recording, saves to a buffer, and waits for you to check twitter before uploading.


You should be able to block which apps have access to the network.

I know you can do it with Windows. On iOS, you can only block cellular network access with the exception of third party keyboards where by default network access is blocked. I wish I could block apps from having any network access. Can you block network access in a per process basis with Linux or the Mac?


Software won't help you. The premise is a phone where the spy agency has root and your only defense is "physical on/off switches" to control the I/O interfaces.


I'm with you in principle but at some point it becomes ridiculous. On a smartphone, you have at least half a dozen different input and output options, probably more. Where would you even fit physical switches for them all? And, for that matter, how do you trust even the physical switch?


Assuming this is a serious question...a continuity tester.


Is this the evolution of Little Snitch? They appear to be the same company, but the Little Snitch page is still active:

https://www.obdev.at/products/littlesnitch/index.html


No, it's an entirely separate new product they introduced back in 2015 [1], Little Snitch is still far and away their main and most important offering. Micro Snitch does fit in with their overall company focus of monitoring application background transmissions of your data, but it's a lot more minimal in focus (and in turn very cheap). I'm not sure why it's getting an HN post now, it hasn't recently received any significant upgrades beyond some basic Mojave compatibility/Dark Mode.

Actually Mojave introduced some significant new per-application protections and permission requirements for privacy related equipment, including camera and microphone [2], so I'm not sure it's as relevant now as it was at launch. I suppose that even if you grant something permission it could still be useful to have more active monitoring of usage as well, it might get compromised or look legit but then do things you don't expect.

----

1: https://blog.obdev.at/introducing-micro-snitch/

2: This can actually "break" old software in some cases, because it'll try to access something and fail but the OS permission dialog will be hidden by some other window or not show up properly. Sometimes you can work around this manually in the Privacy pane of the Security & Privacy preference panel, where it'll list software that recently tried to access a resource but couldn't and you can check it off to allow it in the future.


Nope, one is a firewall, the other one is a camera/microphone monitor.


How is this any more effective than the software-controlled lights on cameras today?

IIRC all the good webcam implants ignore softlights -- presumably they'd slip by whatever code is monitoring the camera here


The log is a big feature


I have used Little Snitch for years. It is invaluable.

Micro Snitch seems to be less useful.

Honest question for users of micro snitch:

How many times since installing micro snitch have you been alerted that you are being spied on?


Can somebody recommend something analog for Windows?


Sure, unplug your microphone and webcam.


I use these covers for the webcam: https://www.ebay.com/itm/Stock-3pcs-Webcam-Cover-Web-Camera-... . I don't have an answer for the microphone yet.


This has a similar goal (but a completely different approach) to a startup I'm currently in the process of launching - https://www.tamarin.us - it uses decoy websites/bait credentials to deceive intruders.

Happy to give any HN users a 6 month trial if they ask. My email is in my profile.


Visiting LinkedIn website and Android tells me LinkedIn want access to my microphone ... nothing in the web page about mic usage, just visiting the homepage ... scary.

Good that Android catches this now though.


I'd wager that there's some small feature you don't know about which uses audio input and it's requesting permissions too early rather than it being something malicious.

I wouldn't grant it either way though.


I switched to Firefox on Android recently and found that a lot of web sites with a login form, for some reasons, prompts for microphone on Firefox. This applies for major banks web sites like Wells Fargo as well. I suspect there's a common JS library being used by many sites for login forms that ask for microphone access early.


I've heard they integrated voice messaging, so could be that, but I'd want to explain myself on a website before asking for mic access.


Why are there still companies that don't make mobile friendly sites? Do they even bother checking their analytics?


How do I know the software is working correctly and hasn't been suppressed or spoofed by other agents.


this one is free, has similar functionality (no association with the developer): https://objective-see.com/products/oversight.html


a hardware switch that would disable all inputs/sensors (except maybe the touch screen) on your "phone" would be nice.


Push notifications would be nice.


And how do I know if this app itself is or is not spying on me?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: