←back to thread

Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

(twitter.com)
1183 points robenkleene | 3 comments | 20 Oct 20 15:51 UTC | HN request time: 0.722s | source
Show context
3pt14159 ◴[20 Oct 20 16:03 UTC] No.24838967[source]
This is one of those tough cases where software cuts both ways.

Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.

Most people are the opposite and this move protects the most sensitive data from being easily scooped up or muddled in easily installed apps, or at least easily installed apps that don't use zero days.

Is the world better or worse due to this change? I'd say a touch better, but I don't like the fact that this change was needed in the first place. I trust Apple, but I don't like trusting trust.

replies(19): >>24838993 #>>24839043 #>>24839086 #>>24839126 #>>24839194 #>>24839419 #>>24840315 #>>24841406 #>>24841984 #>>24842961 #>>24843115 #>>24843241 #>>24844017 #>>24844287 #>>24844319 #>>24844636 #>>24845405 #>>24845660 #>>24845932 #
1. solatic ◴[20 Oct 20 16:36 UTC] No.24839419[source]
> Is the world better or worse due to this change?

This is the false shortcut behind any attempt to weaken security. Security makes access harder, therefore let's weaken security to improve access.

The fact is that weakening security also makes malicious behavior easier and/or more likely. Changes like this are bad particularly because Apple users pay for a protected walled garden.

replies(1): >>24840403 #
2. m463 ◴[20 Oct 20 17:55 UTC] No.24840403[source]
What this will do is allow apple to decide what goes in and out of the machine.

It's pretty clear what they think - they allow basically any app to access the network on ios.

replies(1): >>24845238 #
3. spockz ◴[21 Oct 20 06:22 UTC] No.24845238[source]
Local network access is a separate permission since iOS 14. I’m not sure whether that is for scanning or multicast only (e.g. finding devices such as Chromecast) or complete access to anything other that the gateway and dns servers.