The device is technically yours, but any app vendor can push a silent update and run any code with any privileges at any time. A European company that has exclusively served macOS customers until now has endorsed Linux to reduce reliance on foreign tech and released its software, “LittleSnitch,” for free.
LittleSnitch is a popular macOS software that informs users about the outgoing internet connections their apps make and allows them to block unwanted traffic with managed rules.
The company behind it, Objective Development Software, located in Vienna, Austria, just released a completely free version for Linux users.
“Recent political events have pushed governments and organizations to seriously question their dependence on foreign-controlled software,” the company explains in a blog post.
“Linux is the obvious candidate for reducing that dependency: no single company controls it, no single country owns it.
Linux has been gaining popularity among casual users, including gamers looking for an alternative to Windows. Linux is free, offers more privacy, less tracking, fewer ads and other annoyances, and runs on older hardware. Due to Steam’s push for Proton compatibility, the open-source OS now often offers better performance.
Christian, the developer who built the free version of the software, notes that users don’t need a lot to make Linux work: a browser, email client, text editor, development environment, git client, Signal, Wireshark, and a couple of other” apps.
And Linux is already “relatively calm on the network,” compared to proprietary OSes.
“On Ubuntu, I found 9 system processes making internet connections over the course of one week. On macOS, we counted more than 100,” the developer noted.
The apps need a leash
The company argues that every application can open a silent network connection without asking. Christian, who was used to tracking all connections on Mac, felt naked on Linux without similar visibility.
After exploring Linux alternatives, the developer didn’t find a tool that allows to see “which process is making which connections, and in the best case deny with a single click.”
“It's a strange feeling to have no idea what connections your computer is making,” Christian said.
The company’s flagship product for Mac is marketed to users as a way to stop tracking, ads, and other unwanted connections.
The Linux version also allows tracking apps’ connections to specific servers, blocking unwanted ones. LittleSnitch tracks traffic history and data volumes over time.
It includes popular automatically updated blocklists, such as those by Hagezi, Peter Lowe, Steven Black, and others, for cutting off whole categories of unwanted traffic at once.
The app uses a web interface, which can be accessed from another machine on the network. This choice enables monitoring network connections on remote Linux servers, which might appeal to homelab enthusiasts.
“Want to know what Nextcloud, Home Assistant, or Zammad are actually connecting to? Use Little Snitch on the server,” Christian said.
The company acknowledges that the Linux version has limitations compared to the paid macOS app and shouldn’t be used as a security tool – its focus is on privacy.
“On Linux, the foundation is eBPF (extended Berkeley Packet Filter), which is powerful but bounded: it has strict limits on storage size and program complexity. Under heavy traffic, cache tables can overflow, which makes it impossible to reliably tie every network packet to a process or a DNS name,” the company explains.
Attackers could exploit this limitation to get around the firewall by flooding the tables.
Christian added that from a feature perspective, “Little Snitch for Linux sits somewhere between Little Snitch Mini and the full Little Snitch: functional and useful, but without all the polish and depth of the macOS version.”
Little Snitch for Linux isn’t completely open source: two of the three components, the eBPF kernel program and the web UI are both available on GitHub, while the daemon (littlesnitch --daemon) is proprietary, but free to use and redistribute.
Which Linux apps call home?
Christian also tracked how some apps behave on Linux.
Firefox, which comes pre-installed as the default browser on Ubuntu, immediately showed ads before opening any website. The snitch tool confirmed that it connected to ads.mozilla.org, incoming.telemetry.mozilla.org, “and many more.”
“I went into the preferences and disabled most of the ads and tracking. But it still connects to some of these servers,” Christian noted.
While browsing, each website can use dozens or even hundreds of trackers from third-party servers. Many apps behave similarly on all platforms.
“If you install Thunderbird, Visual Studio Code, or any other major player, expect the same kind of metrics,” Christian said.
However, a notable exception was LibreOffice, which made no external connections at all.
“Quite unusual these days!”
Using an app for network filtering isn’t the only effective solution. Users can use DNS-level filtering and a firewall to cover the entire network. For web browsing, ad blocker extensions, such as uBlock Origin, eliminate even more annoyances by filtering unwanted code from being executed by websites.
Blocking external connections can also break the functionality of apps and websites, requiring a careful balance between convenience and privacy protection.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked