I saw the news about Little Snitch coming to Linux via eBPF and Rust. On paper, it looks fancy. In reality, the backend is closed source.
Personally, I don’t see the point in installing a proprietary black box to monitor other black boxes. I’m sticking with my AdGuard Home setup and OpenSnitch for when I actually need to trace a binary.
I wrote up my thoughts on why I think this is a solved problem for most FOSS-first home labs.
Also, you only need that stuff in the first place if you don’t have control over the operating system and your browser (like on Apple or Microsoft). For me, using a Firefox-based browser with uBlock Origin on both phone and desktop is enough so I don’t have to ever see ads, and I just don’t install spyware in the first place.
These things are for the nasty little surprises, more relevant for the proprietaries, but not useless on linux. They’re for the unknown unknowns, and that’s a good thing. The next supply chain vuln might bite you, and opensnitch might let you know.
Careful. Almost every Firefox based browser still pings out to various google domains and sends out other telemetry.
Librewolf is fine though.
Librewolf (with some overrides and a source patch) on the desktop and Fennec on Android. Before Librewolf I used upstream Firefox with the Arkenfox user.js, but Librewolf made that obsolete.
I haven’t looked into Fennec’s current version in detail, mostly because I use the browser so rarely on my phone and my main consideration is not getting ads when I do, but they might still use SafeSearch and stuff like that, so if you’re aware of any better alternatives that are in F-Droid please tell me.
IronFox. You might have to manually add the repo if not using another F-Droid client like Droid-ify: https://gitlab.com/ironfox-oss/fdroid
Or Obtainium.
It’s nice for malware purposes, say if you get something nasty you can hopefully get alerted when it tries to phone home.
Little Snitch has nothing to do with ad blocking. I don’t know what you’re talking about.
Little Snitch is literally used for blocking ads as well as other network traffic. My main point was that you don’t have to use it for blocking the other traffic, because Linux systems won’t have unwanted traffic to begin with, since you have full control over it. And for the ad part, there’s better solutions than network-level filtering if you have control over your browser.
So is it more that you don’t know what I’m talking about or that you don’t want to, for whatever reason?
Little Snitch is a application based firewall for outgoing connections. It is not mainly an Adblock of any sorts. It may be used that way with filter lists, but that is in no way it’s primary goal or purpose.
That is kinda naive, and absolutely depending on what software you install and use. Thinking „there can be no unwanted traffic on my system, as I use Linux and am in full control“ means you either have VERY high faith no application on Linux calls home ever, or vastly overconfidence in yourself and your system. If there was absolutely no use in applications like little snitch, things like OpenSnitch or Portmaster would not exist for Linux either.