Someone created a similar extension for chrome called little rat[0], it needs to be installed in developer mode bec chrome doesn’t allow extensions to interact with each normally.
I was using a similar extension which whitelisted / blacklisted IP addresses in Chrome. I had it set to blacklist my home IP, which I paired with an in-browser VPN app. Since Chrome's latest extension update (about 3 weeks now?), I've had Chrome send requests to pages which were open before the extension loaded, leaking my IP. I assume similar issues could happen extension-to-extension, so this shouldn't be used for any privacy-related reasons - can't trust a Chrome extension to block 100% of anything.
I haven't used little snitch in nearly 15 years...
I love all the security focused apps that objective-see puts out, and they have a Little Snitch equivalent "LuLu".
Then you don't have control or visibility over Apple or third-party apps sending analytics likely without your approval.
LuLu has a fatal flaw: it drops or closes TCP connections randomly resulting in dropped SSH sessions. No amount of TCP keepalives on the client- or server-side will resolve this. This makes it a non-starter for anyone doing anything real.
Also good:
- BlockBlock - disk access application "firewalling" on top of macOS'es privacy & security settings is very good
- RansomWhere? - ransomware process mass file change interception
I currently don't have a Mac, but could we do an MITM inspection to see what is requested and responded?
Since this is a Google domain I wonder if Apple pins the certificates.
I am currently battling a bug on iOS where blocking mask.icloud.com & mask-h2.icloud.com leads to Mail 'checking for email' for a long time. But I can't inspect what is requested. And supposedly, this is the way to prevent iCloud relay: https://developer.apple.com/icloud/prepare-your-network-for-...
It's been some time since I have used Little Snitch and I never really got all that deep into it, so what I am thinking may already exist.
It would be nice if you could import a text or config file of standard things to allow/block. A general format that people could post, fork, edit, their own variations. Something akin to stevenblack/hosts providing a base list of hosts to block but the list is categorized as well as could be customized.
Another, probably better example, is something that could be saved in a dotfiles repository. You can share it with others but also if/when you need to setup a new computer, you don't have to start have completely fresh with Little Snitch.
I had thought that maybe it was pre-warming a connection so that when the user searches for something, it saves a network round trip and seems faster, but probably not if it’s to a static domain.
Interesting! I see this not so much as a feature people would use to make their own rules but a good feature for those creating lists of rules, like in this case "Un-Google my Mac"
Little Snitch is awesome, but i had to stop using it at version 5 because it can no longer be installed into a subfolder of the Applications folder.
Mac apps are supposed to be usable from any location (even outside the /Applications/ folder) and i have used hundreds of apps from /Applications/_Apps/ since the Mac OS X Public Beta in 2000 without issue.
Little Snitch >= 5.0 is the only one having problems here, despite supposedly being a "real native Mac app". what gives?
I think it might be a security thing. The Mach kernel uses full file paths at the heart of the system. They may be relying on Apple maintaining the Application folder integrity. If that allowed running from other locations it becomes harder to insure the integrity of binary running.
That seems like such a bizarre restriction imposed by the app developer. They must have gone out of their way to stop this, because every application on my system can run from pretty much anywhere on my filesystem.
It's as if a Windows developer decided their program should only be runnable from a directory under "Program Files". So weird! Do they provide an explanation on their web site for the change?
if Safari needs to use google as a search engine they (Google/Apple) might want to be able to track how many attempts were made vs successful, or to make sure its up and available (its never down right?), and I'd guess this check is a way to achieve that.
Considering that the relevant preference key is WBSOfflineSearchSuggestionsModelLastUpdateDateKey, and the check occurs exactly once a week, your guess seems wrong.
if Safari needs to use google as a search engine they (Google/Apple) might want to be able to track how many attempts were made vs successful, or to make sure its up and available (its never down right?), and I'd guess this check is a way to achieve that.
As a Little Snitch user, I'm glad to be able to tell both Apple and Google "None of your business."
It's a simple little phrase that used to be very common, but people seem to have forgotten it over the last 30 years.
> The trick is to use "via" in the Little Snitch rule. When you're creating the rules, enter the full file paths of the two processes, separated by "via".
It's amusing to hear of a software developer just beginning to block ssl.gstatic.com in 2025 when other folks have been denying access to ssl.gstatic.com and various other unnecessary domains for many years, years before Little Snitch even existed. The author confesses he did not know about his web browser phoning home to ssl.gstatic.com but titles his blog post about Little Snitch with the phrase "that nobody knows about" insinuating that he now knows about something that others do not. Funny.
Little Snitch was first released in 2003. Unfortunately, your comment is a stereotypical example of the worst of Hacker News, both condescending and ignorant.
In any case, it's unclear exactly which version of Safari and/or macOS started the specific behavior noted in the blog post. Moreover, as the blog post also notes, it's problematic to deny ssl.gstatic.com across the board, because that causes website breakage.
> The author confesses he did not know about his web browser phoning home to ssl.gstatic.com but titles his blog post about Little Snitch with the phrase "that nobody knows about" insinuating that he now knows about something that others do not.
This is a gross mischaracterization of the blog post, the title of which literally starts with "Little Snitch feature". I'm certain that nobody knew about the feature (matching an associated process with "via"), because the Little Snitch developers themselves weren't aware of it until they reviewed the implementation.
Correction: Little Snitch was first released in 2003. The domain gstatic.com has been in use since at least 2008. It appears that Little Snitch was first mentioned on HN somewhere around 2013. This blog appeared somewhere around 2007 the same year than HN launched. To be sure, no one was blocking ssl.gstatic.com before Little Snitch existed, i.e., pre-2003, because the use of the subdomain began about 5 years after the software was released. Apologies for the error and thank you for the correction.
Little Snitch has remained closed source for over 23 years. As such, there will always be things about it that its authors know that "no one else knows", unless they choose to share. Why this non-transparency might matter to some computer users is a question left for the reader.
[+] [-] amendegree|1 year ago|reply
[0] https://github.com/dnakov/little-rat?tab=readme-ov-file
[+] [-] noahjk|1 year ago|reply
[+] [-] cipehr|1 year ago|reply
Does anyone know if the same thing can be achieved with LuLu? https://objective-see.org/products/lulu.html It looks like it can but I haven't used it yet.
[+] [-] magic_smoke_ee|1 year ago|reply
LuLu has a fatal flaw: it drops or closes TCP connections randomly resulting in dropped SSH sessions. No amount of TCP keepalives on the client- or server-side will resolve this. This makes it a non-starter for anyone doing anything real.
Also good:
- BlockBlock - disk access application "firewalling" on top of macOS'es privacy & security settings is very good
- RansomWhere? - ransomware process mass file change interception
- ReiKey - input interception monitor
- ProcessMonitor, DNSMonitor, FileMonitor, TaskExplorer, KextViewer, NetIQuette, Dylib Hijack Scanner, KnockKnock
- Oversight - webcam and audio hijack monitor (although I use ancient EOL Growl + Hardware Growl just to catch hardware events too)
- No longer useful or usable: Do Not Disturb, LuLu
[+] [-] zikduruqe|1 year ago|reply
[+] [-] OptionOfT|1 year ago|reply
Since this is a Google domain I wonder if Apple pins the certificates.
I am currently battling a bug on iOS where blocking mask.icloud.com & mask-h2.icloud.com leads to Mail 'checking for email' for a long time. But I can't inspect what is requested. And supposedly, this is the way to prevent iCloud relay: https://developer.apple.com/icloud/prepare-your-network-for-...
[+] [-] lapcat|1 year ago|reply
[+] [-] fmajid|1 year ago|reply
https://transparencyreport.google.com/safe-browsing/overview
[+] [-] lapcat|1 year ago|reply
[+] [-] hk1337|1 year ago|reply
It would be nice if you could import a text or config file of standard things to allow/block. A general format that people could post, fork, edit, their own variations. Something akin to stevenblack/hosts providing a base list of hosts to block but the list is categorized as well as could be customized.
Another, probably better example, is something that could be saved in a dotfiles repository. You can share it with others but also if/when you need to setup a new computer, you don't have to start have completely fresh with Little Snitch.
[+] [-] lapcat|1 year ago|reply
[+] [-] MaxwellsDaemon|1 year ago|reply
[+] [-] lapcat|1 year ago|reply
[+] [-] hernantz|1 year ago|reply
[+] [-] perihelions|1 year ago|reply
https://hn.algolia.com/?query=opensnitch&type=all
[+] [-] jazzyjackson|1 year ago|reply
https://github.com/safing/portmaster
[+] [-] philsnow|1 year ago|reply
[+] [-] kylehotchkiss|1 year ago|reply
[+] [-] rustc|1 year ago|reply
[+] [-] tom1337|1 year ago|reply
[+] [-] dinkblam|1 year ago|reply
Little Snitch is awesome, but i had to stop using it at version 5 because it can no longer be installed into a subfolder of the Applications folder.
Mac apps are supposed to be usable from any location (even outside the /Applications/ folder) and i have used hundreds of apps from /Applications/_Apps/ since the Mac OS X Public Beta in 2000 without issue.
Little Snitch >= 5.0 is the only one having problems here, despite supposedly being a "real native Mac app". what gives?
off-topic rant mode off
[+] [-] detourdog|1 year ago|reply
[+] [-] ryandrake|1 year ago|reply
It's as if a Windows developer decided their program should only be runnable from a directory under "Program Files". So weird! Do they provide an explanation on their web site for the change?
[+] [-] lapcat|1 year ago|reply
[+] [-] iforgot22|1 year ago|reply
[+] [-] nerflad|1 year ago|reply
[+] [-] sbaildon|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] dmvjs|1 year ago|reply
[+] [-] lapcat|1 year ago|reply
[+] [-] reaperducer|1 year ago|reply
As a Little Snitch user, I'm glad to be able to tell both Apple and Google "None of your business."
It's a simple little phrase that used to be very common, but people seem to have forgotten it over the last 30 years.
[+] [-] midtake|1 year ago|reply
Everyone who has used homebrew knows this one.
[+] [-] KORraN|1 year ago|reply
[+] [-] lapcat|1 year ago|reply
[+] [-] 1vuio0pswjnm7|1 year ago|reply
[+] [-] lapcat|1 year ago|reply
Little Snitch was first released in 2003. Unfortunately, your comment is a stereotypical example of the worst of Hacker News, both condescending and ignorant.
In any case, it's unclear exactly which version of Safari and/or macOS started the specific behavior noted in the blog post. Moreover, as the blog post also notes, it's problematic to deny ssl.gstatic.com across the board, because that causes website breakage.
> The author confesses he did not know about his web browser phoning home to ssl.gstatic.com but titles his blog post about Little Snitch with the phrase "that nobody knows about" insinuating that he now knows about something that others do not.
This is a gross mischaracterization of the blog post, the title of which literally starts with "Little Snitch feature". I'm certain that nobody knew about the feature (matching an associated process with "via"), because the Little Snitch developers themselves weren't aware of it until they reviewed the implementation.
[+] [-] 1vuio0pswjnm7|1 year ago|reply
Little Snitch has remained closed source for over 23 years. As such, there will always be things about it that its authors know that "no one else knows", unless they choose to share. Why this non-transparency might matter to some computer users is a question left for the reader.
[+] [-] fragmede|1 year ago|reply