This particular line in the developer's response[1] leads me to believe they don't - or at least don't properly - validate third party dependency changes, which is even more worrying if I'm honest:
> I will look into why Sentry.io is being contacted so often! This is strange as unless they changed their SDK/framework, is only supposed to happen on a crash report.
That's a poor characterisation, I'm not convinced any developer can say with 100% certainty they've never missed anything in the release notes of their dependencies or had any unexpected behaviour in changes that made it to production. Mistakes happen.
I agree with sibling: I think you're giving it an uncharitable interpretation. There is an open issue and they are investigating to improve the situation.
You’d think, if they wanted telemetry so badly they are prepared to deal with the fallout, they’d be on top of the information collected by that telemetry.
Crash dumps can contain highly sensitive info. I have blocked Crashlytics[0] and Sentry with my pi-hole so nothing gets sent. I'm starting to believe these tools are abused and not even used to improve services. They're basically a MITM so people can violate other's privacy.
You can block the root, but usually the domain contains random (unique) strings as a subdomain, so you need to wildcard block it, which pi-hole supports.
Thanks. Bummer, I figured they probably didn't use the root domain but some amalgamation of letters/number/sub-domains. I have a pi-hole at home which has been working great for 3+ years now, but I mostly run objective-see stuff on my work machine.
You can block Lulu with Lulu. I think by now we should all have learnt to block internet access for every app, and only enable it if it really needs it - that's exactly what an application firewall like Lulu is for.
Potentially relevant that the Sentry client is configured in debug mode there. Not sure what the actual impact of that is but maybe it causes additional network traffic to Sentry (outside of crash reports)?
you can actually use lulu itself to block sentry for all of their tools (this is what i do). i found that the only other connections they'll make is for updates--both software and rulesets (if you have that configured).
lulu is not nearly as polished as hands off! (may it rest in peace) or little snitch, but it gets the job done. i also have some rules in pf (via murus gui) to block things like google and facebook on a system-wide level.
It's troublesome that an app designed for blocking telemetry (among other things) is sending telemetry without consent. :(
Software that exfiltrates your usage, crashes, or other data from your own machine without advance, opt-in, informed consent is unethical and disrespectful.
I sent a message to slack the other day recommending Shortcat (https://shortcat.app/). I edited the message to mention that I use LuLu and it's worth noting that Shortcat is closed source and does send info out to sentry.
Now I have to edit that same message and mention that LuLu also phones home to sentry. Can't blame people for wanting stack traces but wow it's a tricky subject in terms of privacy.
I've been using Shortcat for years, and I thought it was long since abandoned. I was even more surprised to see a new version was released last month. I seriously stopped checking on this project years ago, and just kept a backup .dmg.
I am sad to read about sending out info to Sentry, but I guess that is something I am going to have to think about some more.
I wish LuLu had some kind of logging though, and asynchronous rule adding (i.e. no need to take decision when connection happens and block by default, and then review this list when I have time), otherwise it at some point you just start accepting connections for all processes without thinking, just to not be distracted too often.
I’ve been using KnockKnock, RansomWhere?, BlockBlock, and OverSight for many years. They are great pieces of software that are simple to use and do what’s advertised. The biggest issue I’ve had is memory consumption issues with OverSight.
Some of the best documentation I've ever seen. Click on the "Learn More" for any of the apps (I suggest ransomwhere). Other software developers should take note that this is how it should be done.
Last i tried LuLu it worked similar to Littlesnitch, though nowhere near as "polished". The basic functionality is more or less the same though, with Littlesnitch offering to automatically unblock known "trusted" services like Apples own services.
> And is it even useful anymore with macOS being increasingly locked down
It's an application firewall, so even if MacOS is locked down, any app can still roam freely (within it's jail). Suppose some app has access to your contacts, that means it can still upload every contact to a server, and an application firewall can help you detect/block that.
Blocking the Apple services that every mac incessantly phones home to (with unique identifiers tied to hardware) is the main use case of Little Snitch for me personally.
Even if you don't use iCloud, the App Store, iMessage, FaceTime, or any of it - macs still send tons of realtime usage data to Apple even if you don't want them to.
LuLu you can build yourself. Both protect you from 3rd party apps, not Apple, as Apple can do whathever the ** it wants to your computer through updates.
I'm using LuLu since few months and find it absolutely helpful.
When I first installed it, it required quite some efforts to consciously filter/allow traffic from/to for the apps. By the time, all regular apps were properly configured for the rules and now I see notifications for block/allow only when there is uncertain traffic going out.
Very cool! Does anyone know of such OSS tools collection for Windows? Desperately looking for some good solution for a server I run for a small office.
Not open source comment was for Nirsoft, not about Objective-See (and I just checked, source code link is present on home page as well as individual articles)
I know it's a rhetorical question. An answer could possibly be:
1. when our "browsing, and information self-exposure" tools are better (automatic note taking parrot robot that sits on your shoulder and remembers everything you've seen so you don't have to) and
2. when our Internet's base concepts are more equitable to content creators/intellectual property owners.
More:
For number one, obviously it's handy if you're interested in a website to be reminded of that website latest and greatest successes.
Number two, with the Lamina1 news recently it's got me thinking again about the inequitable economy of providing useful advances and information for free, or in this case tools, and then not being respected by the world in a way which the pressures of reality direct you to collapse or shut down your fantastic enterprise .. again in this case of creating macos anti-malware tools.
(Social comment: I see identifying a UX problem is one step in responding to someone's work, and the ramification of talking about your frustration is another. There's at least one more you can do, call to action: how would you, Message Poster with the beef against that UX, have offered to solve, or make better, these problems responsibly if you were the owner of the website?)
Not OP, but have similar behavior. Maybe I'm overthinking things, but I think you're blowing the gripe out of proportion.
Showing me a newsletter signup before I've read the content implies that I'm interested in getting more of what I expect the content will be about, not what it actually is. Asking me to sign up for more interesting sounding titles before I've even had a chance to decide if I enjoy the content within implies that you, the content author, don't actually care if I enjoyed the content. What you're most interested in is pushing more clickbait titles in my face.
Put a newsletter sign up button near the end of the content, or in a side bar next to the content- anywhere that makes it seem like I'll get more of the content I am enjoying.
Personally I'm not comfortable with this due to the level of access they require and thought it worth to mention.