I saw the news about Little Snitch coming to Linux via eBPF and Rust. On paper, it looks fancy. In reality, the backend is closed source.
Personally, I don’t see the point in installing a proprietary black box to monitor other black boxes. I’m sticking with my AdGuard Home setup and OpenSnitch for when I actually need to trace a binary.
I wrote up my thoughts on why I think this is a solved problem for most FOSS-first home labs.
Butbutbut the name has ‘open’ in it. How can this be?
(I worked on OpenUnix and OpenLinux, so I get it)
Not familiar with this, but jumping on the opensnitch bandwagon. I use it, plus ufw, plus pihole.
Kill the DNS lookups, kill it at the network level of possible, and if it’s sneaky OpenSnitch catches it at the application layer.
I’ve been using Opnsnitch for a while now after seeing someone here suggest it. It’s great
I’ve used Little Snitch on macOS, but I agree that a closed-source blob won’t fly on Linux. OpenSnitch exists, though I haven’t tried that one.
Nice, something running in an eBPF context with a blob in the middle, what could go wrong …
Also there are already a lot of binary blobs in the kernel, that also makes me nervous a bit.
Also there are already a lot of binary blobs in the kernel, that also makes me nervous a bit.
You can compile your own kernel, you know?
I’m speaking about the firmware and other blobs that are there because devices wouldn’t work without it.
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/WHENCE
Also, you only need that stuff in the first place if you don’t have control over the operating system and your browser (like on Apple or Microsoft). For me, using a Firefox-based browser with uBlock Origin on both phone and desktop is enough so I don’t have to ever see ads, and I just don’t install spyware in the first place.
These things are for the nasty little surprises, more relevant for the proprietaries, but not useless on linux. They’re for the unknown unknowns, and that’s a good thing. The next supply chain vuln might bite you, and opensnitch might let you know.
It’s nice for malware purposes, say if you get something nasty you can hopefully get alerted when it tries to phone home.
Careful. Almost every Firefox based browser still pings out to various google domains and sends out other telemetry.
Librewolf is fine though.
Librewolf (with some overrides and a source patch) on the desktop and Fennec on Android. Before Librewolf I used upstream Firefox with the Arkenfox user.js, but Librewolf made that obsolete.
I haven’t looked into Fennec’s current version in detail, mostly because I use the browser so rarely on my phone and my main consideration is not getting ads when I do, but they might still use SafeSearch and stuff like that, so if you’re aware of any better alternatives that are in F-Droid please tell me.
IronFox. You might have to manually add the repo if not using another F-Droid client like Droid-ify: https://gitlab.com/ironfox-oss/fdroid
Or Obtainium.
Little Snitch has nothing to do with ad blocking. I don’t know what you’re talking about.
Little Snitch is literally used for blocking ads as well as other network traffic. My main point was that you don’t have to use it for blocking the other traffic, because Linux systems won’t have unwanted traffic to begin with, since you have full control over it. And for the ad part, there’s better solutions than network-level filtering if you have control over your browser.
So is it more that you don’t know what I’m talking about or that you don’t want to, for whatever reason?
Little Snitch is a application based firewall for outgoing connections. It is not mainly an Adblock of any sorts. It may be used that way with filter lists, but that is in no way it’s primary goal or purpose.
My main point was that you don’t have to use it for blocking the other traffic, because Linux systems won’t have unwanted traffic to begin with, since you have full control over it.
That is kinda naive, and absolutely depending on what software you install and use. Thinking „there can be no unwanted traffic on my system, as I use Linux and am in full control“ means you either have VERY high faith no application on Linux calls home ever, or vastly overconfidence in yourself and your system. If there was absolutely no use in applications like little snitch, things like OpenSnitch or Portmaster would not exist for Linux either.
Well, if you think homelab there are plenty of other ways to realize a sink holes (pi hole, blocky, …).
Little snitch and others are a good addition which can be useful, e.g. when roaming with a mobile device.
