←back to thread

Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

(twitter.com)
1183 points robenkleene | 1 comments | 20 Oct 20 15:51 UTC | HN request time: 0.214s | source
Show context
3pt14159 ◴[20 Oct 20 16:03 UTC] No.24838967[source]
This is one of those tough cases where software cuts both ways.

Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.

Most people are the opposite and this move protects the most sensitive data from being easily scooped up or muddled in easily installed apps, or at least easily installed apps that don't use zero days.

Is the world better or worse due to this change? I'd say a touch better, but I don't like the fact that this change was needed in the first place. I trust Apple, but I don't like trusting trust.

replies(19): >>24838993 #>>24839043 #>>24839086 #>>24839126 #>>24839194 #>>24839419 #>>24840315 #>>24841406 #>>24841984 #>>24842961 #>>24843115 #>>24843241 #>>24844017 #>>24844287 #>>24844319 #>>24844636 #>>24845405 #>>24845660 #>>24845932 #
Wowfunhappy ◴[20 Oct 20 16:05 UTC] No.24838993[source]
If I install Little Snitch, it's because I trust Little Snitch to be responsible for my computer's network traffic, over and above anyone else.

I recognize that this won't necessarily apply to all users or all apps, but there needs to be a way for the user to designate trust. Apple services and traffic should not get special treatment.

replies(3): >>24839030 #>>24839084 #>>24842512 #
coldtea ◴[20 Oct 20 16:08 UTC] No.24839030[source]
They provide the OS. If you don't trust them, then you shouldn't trust anything running on top of it either...
replies(15): >>24839099 #>>24839130 #>>24839176 #>>24839223 #>>24840636 #>>24840860 #>>24842029 #>>24842089 #>>24842540 #>>24842969 #>>24843232 #>>24843903 #>>24843921 #>>24844882 #>>24845297 #
Wowfunhappy ◴[20 Oct 20 16:14 UTC] No.24839099[source]
You could (and perhaps would) make the same argument about Intel (for providing the processor) or Broadcom (for providing the wifi chip) or Comcast (for providing internet service). And it's true, all of these parties have the ability to use their positions for nefarious purposes.

However, I would like to limit that potential as much as possible, partly by creating a stigma against practices that remove control from the user.

replies(1): >>24840224 #
LocalH ◴[20 Oct 20 17:40 UTC] No.24840224[source]
I find it interesting how the needs of legitimate security mesh so well with the industry desires to kill off general-purpose computing for the majority of users
replies(5): >>24840678 #>>24841760 #>>24842599 #>>24843104 #>>24844722 #
matheusmoreira ◴[21 Oct 20 04:23 UTC] No.24844722[source]
User freedom means being able to command our computers to do anything, even if it's against the law or against the business interests of corporations. A free computer is by definition hostile to corporations and governments since it can be used against them.

Security as an industry is generally all about protecting the interests of corporations and governments. Just look at how they react when normal people use subversive technology like encryption. The people in power simply cannot tolerate anything they have no control over.

replies(1): >>24845344 #
1. saagarjha ◴[21 Oct 20 06:47 UTC] No.24845344[source]
> Security as an industry

…is not a monolith. There are plenty of people in security interested in giving you freedom as a user, actually, many do it specifically for that reason.