LittleSnitch for Linux

Posted by pluc 1 day ago

1291 points | 417 commentspage 8

LoganDark 1 day ago|

Yess, the return of the actually good landing page for the technically-minded. Now all they need to do is roll back the macOS one that looks and reads like it was designed by a marketing agency that knows nothing about computers (or even Little Snitch itself).

gethly 18 hours ago||

so a firewall for linux then?

piekvorst 18 hours ago||

Now I can spy on the software spying at me. Nice.

shevy-java 23 hours ago||

The ultimate turnaround would be if the little snitch is snitching on the user too.

sneak 1 day ago||

It’s not really necessary on Linux. Linux systems work without 40 invisible background services phoning home to the mothership to leak your hardware identifiers for FAA702 collection.

weikju 1 day ago||

Linux maybe, not so true of all the DEs and apps installed on it

waterTanuki 1 day ago||

Why would one use this over PiHole?

JoeBOFH 1 day ago||

This is different. This shows you what in your operating system is making connections out and to where.

roughly 1 day ago|||

I run both (LS on Mac, at least), they do different things - pi.hole is a great ad blocker which applies to all of the devices on your network. Little Snitch is doing something different - it tells you every call that every app you use is making, and allows you to approve or deny each one. So, you can block telemetry for apps, or you can block certain apps from contacting certain servers, or you can just use it to watch what apps on your system are calling out to where.

waterTanuki 1 day ago||

To clarify, I'm aware that pihole is not intended to run on a client OS, and doesn't monitor at a process level. I'm focused on the intended effect rather than the process itself (blocking malicious/ad servers). And I think I framed my initial question incorrectly as if LS and PiHole as subtitutes. It's perfectly fine and even preferrable to use both as layered protection. I'm just thinking however when it comes for bang-for-buck it seems like PiHole is the better value proposition if you could only set up one.

pi.hole is primarily billed as an ad blocker, but the fundamental way it works is by applying a curated set of DNS lists that are blocked (commonly telemetry and ad servers), and the admin dashboard which is just a web page (therefore works on all platforms, smartphones included) will do the same thing: it tells you every call that every app on every device on your network is making, and you can approve or deny it. You can curate your own list as well and block servers/connections you don't want on the network.

LS afaik operates in the same area where it's intended to be used for privacy. I guess I could see it being useful for people who don't have admin access to their router, but for people who do have such access I would think the benefits of network-wide DNS monitoring/blocking would outweight the costs of having to configure your router settings.

roughly 15 hours ago|||

Yeah, if you're just looking for ad blocking, you're right, pi.hole is the better bet.

Little Snitch is intended for per-process, per-connection blocking - for example, you may need, eg, an Instagram uploader app to contact Meta's servers, but an unrelated app should not be able to (and even in the case of the hypothetical IG uploader, you can get very fine grained about the controls - media.facebook.net, not telemetry.facebook.net). In that way, LS does have some advantages over pi.hole in that space - You'd need to set up every single item that you normally get for free from a blocklist, but it gives you much finer control over what's getting blocked and much better visibility into what connections your processes are trying to make.

Again, I don't think Little Snitch is the right answer if you're looking for ad blocking specifically, and if that's the extent of your privacy concerns, pi.hole's a better bet. Little Snitch is a per-application connection monitor and firewall - it _can_ block ads, but that's not its primary purpose.

LamaOfRuin 1 day ago||||

LS seems to not be claiming any security promise on Linux because it can't make any guarantees given eBPF limitations. But the entire purpose is different and there is very little overlap in my view. PiHole is entirely (I think?) just applying the blocklist made easy. LS allows you to build the blocklist in real time.

I would guess that to the extent the blocklists include things that are loaded by applications and not websites, they are almost entirely built by users of something like LittleSnitch or OpenSnitch. This is also entirely doable with wireshark logs, but I think that requires more infrastructure to build into usable lists.

mixmastamyk 1 day ago|||

Some telemetry uses hardcoded addresses when DNS doesn't work.

Some telemetry might not be recognized by pi-hole as it is new or has nothing to do with ads.

cortesoft 1 day ago|||

LittleSnitch isn't for ad blocking (only), it is for tracking/blocking/allowing ALL connections from various processes. PiHole only blocks DNS requests to known ad servers.

walrus01 1 day ago||

Completely different thing. A littlesnitch type thing is for all traffic. Pihole is a DNS query thing that prevents various ad content from being loaded. It's also trivially easy for a malicious application with network access to bypass any instance of pihole on your LAN by doing its own DNS over HTTPS lookups to its own set of server(s) by IP.

waterTanuki 1 day ago||

I mean, if you're at the point where your machine is compromised by a process with full network access little snitch won't help much either.

sampullman 1 day ago||

You might be surprised, there are plenty of low effort attacks out there that just install a crypto miner and phone home periodically without doing much to cover it up.

clomia 1 day ago||

good

VladVladikoff 1 day ago||

Really like Lulu as an alternative to LittleSnitch https://objective-see.org/products/lulu.html

ForgeSynapse 7 hours ago|

[dead]

More comments...