I think I’ve used LittleSnitch since my first ever Mac - does anyone else with a Mac use it?
For those not aware of it, whenever an app tries to access the internet it asks you whether you’d like to grant it permission - which can be allow or deny, and either for forever, until quit, just once, or for a specified time.
Handy for all sorts of things, such the Google Chrome updater - which seems to ping for new versions every 5 seconds! You can just deny forever, then when you want to upgrade, simply delete the associated rule and it will ask you for permission next time it tries to connect to the internet.
I love it because I hate the idea of apps connecting to the internet without my knowledge!
For note, OpenSnitch is for linux.
Based on the seemingly infinitely powerful iptables of course, lol.
You can do the same kind of reporting and filtering with just iptables and logging thoguh, opensnitch just gives you a littlesnitch style interface and popups for it all.
I’ve used LittleSnitch to discover that my (all of) Mac(s) have an heartbeat connexion with Apple servers. So great. So I made the giant leap to full Linux config.
I think we need better laws to protect us from this too Maartz. We should also be able to inspect all of the data that operating system providers hold about us and be able to delete it ourselves.
I hope the EU leads on this, they are usually good at this sort of thing.
I burned out on Little Snitch. I lasted about 5 years, but I find the constant breakage and allowlisting to be really fatiguing when I just want to work.
For the security conscious, there is also Google Santa, but again, there is a lot of configuration to use it. I lost a year of my life to Arch Linux back in the day. No one saw me - I don’t really remember what happened - I just remember a lot of blinking when I first saw the sun again… I think about 6 months of that time was spent trying to center my desktop wallpaper image. Which is my way of saying that, if you went with macOS because you just want things to work without tinkering, these additional layers of security can really rob you of that feeling. What’s challenging for me as a non-security-professional is really quantifying risk. If you have no idea how vulnerable you are, it’s difficult to decide how much effort one should expend in this arena.
LittleSnitch is a lot easier now - it comes with recommended rules and even suggests how to act. After about a week of normal use, I don’t think I have had to configure anything other than new software now
I do like Apple’s latest security measures tho, such as having to give access to apps if they want to access things like your documents folders.
Thanks for the link to Santa, I wasn’t aware that it existed!
I’ve tossed on OpenSnitch on one of my desktops since I heard about it here, it basically just shows me the connections I already expected, nothing out of the ordinary, which is nice because I guess I can expect a popup when something new and weird appears, lol.
Yeah, it’s surprising tho how many apps want to connect to the internet - even things like text editors! Imagine working on an important document, it crashes and you didn’t realise it was set to automatically send a crash report
Having wasted an hour today trying to help my wife work around some Apple “security” measures so she could just get some work done, I have to say I hate the way Apple gets in the way like that. Life is so much better on Linux
What were the measures she encountered Greg? I find Apple are usually quite good at keeping things simple with good explanations and so would be interested to know which items she felt she needed help with…
I suspect this is a bit off-topic for this thread and I don’t want to bang on about Apple, so I’ll keep this brief. She was making a Zoom recording of a Google Slides presentation and that incorporated a Youtube video. She was using a Macbook Air I keep on hand because she had run into some issues on her desktop machine and wanted to just try another machine. And at each step she had to wrestle with demands to approve things. All of that was difficult because she had to keep typing a long unmemorable password and chase windows all over the small screen. She is a psychotherapist, not an IT person, and was quite distressed about how hard it all was.
AFAIR, there were three requests like that. I was busy dealing with an anxious person and did not take the time to note the details in the way I would have if it was something I planned to talk about myself. I’m not saying Apple are wrong to do this, but they are wrong for me to do that because I know what I’m doing and I’m happy to make those decisions for myself.