186
Why I’m skipping the proprietary "Little Snitch" for Linux
(the.unknown-universe.co.uk)
Opensnitch +1
I've been using Opnsnitch for a while now after seeing someone here suggest it. It's great
Butbutbut the name has 'open' in it. How can this be?
(I worked on OpenUnix and OpenLinux, so I get it)
I'm confused by this comment, (and the up votes) OpenSnitch is the fully open source application. It even says so in the article.
"If I ever needed to track down which specific application is making suspicious outbound connections, I would turn to OpenSnitch, the fully open-source, community-driven application firewall for Linux. It is not as polished as the new Little Snitch port, but every line of its code is open for inspection and it does not ask for blind trust."
Not familiar with this, but jumping on the opensnitch bandwagon. I use it, plus ufw, plus pihole.
Kill the DNS lookups, kill it at the network level of possible, and if it's sneaky OpenSnitch catches it at the application layer.
Nice, something running in an eBPF context with a blob in the middle, what could go wrong ...
Also there are already a lot of binary blobs in the kernel, that also makes me nervous a bit.
Also there are already a lot of binary blobs in the kernel, that also makes me nervous a bit.
You can compile your own kernel, you know?
I'm speaking about the firmware and other blobs that are there because devices wouldn't work without it.
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/WHENCE
This is optional, some distros even have a deblobbed kernel in repos. I believe arch does (linux-libre), guix. Debian used to ship without proprietary firmware by default but there’s since version 12 IIRC.
It's perfectly doable if you have the right hardware. You don't have to build those components when compiling it yourself.
Also, you only need that stuff to begin with if you don't have control over the operating system and your browser (like on Apple or Microsoft). For me, using a Firefox-based browser with uBlock Origin on both phone and desktop is enough so I don't have to ever see ads, and I just don't install spyware in the first place.
These things are for the nasty little surprises, more relevant for the proprietaries, but not useless on linux. They're for the unknown unknowns, and that's a good thing. The next supply chain vuln might bite you, and opensnitch might let you know.
Careful. Almost every Firefox based browser still pings out to various google domains and sends out other telemetry.
Librewolf is fine though.
Librewolf (with some overrides and a source patch) on the desktop and Fennec on Android. Before Librewolf I used upstream Firefox with the Arkenfox user.js, but Librewolf made that obsolete.
I haven't looked into Fennec's current version in detail, mostly because I use the browser so rarely on my phone and my main consideration is not getting ads when I do, but they might still use SafeSearch and stuff like that, so if you're aware of any better alternatives that are in F-Droid please tell me.
IronFox. You might have to manually add the repo if not using another F-Droid client like Droid-ify: https://gitlab.com/ironfox-oss/fdroid
Or Obtainium.
Little Snitch has nothing to do with ad blocking. I don't know what you're talking about.
Little Snitch is literally used for blocking ads as well as other network traffic. My main point was that you don't have to use it for blocking the other traffic, because Linux systems won't have unwanted traffic to begin with, since you have full control over it. And for the ad part, there's better solutions than network-level filtering if you have control over your browser.
So is it more that you don't know what I'm talking about or that you don't want to, for whatever reason?
Little Snitch is a application based firewall for outgoing connections. It is not mainly an Adblock of any sorts. It may be used that way with filter lists, but that is in no way it’s primary goal or purpose.
My main point was that you don't have to use it for blocking the other traffic, because Linux systems won't have unwanted traffic to begin with, since you have full control over it.
That is kinda naive, and absolutely depending on what software you install and use. Thinking „there can be no unwanted traffic on my system, as I use Linux and am in full control“ means you either have VERY high faith no application on Linux calls home ever, or vastly overconfidence in yourself and your system. If there was absolutely no use in applications like little snitch, things like OpenSnitch or Portmaster would not exist for Linux either.
It's nice for malware purposes, say if you get something nasty you can hopefully get alerted when it tries to phone home.
I’ve used Little Snitch on macOS, but I agree that a closed-source blob won’t fly on Linux. OpenSnitch exists, though I haven’t tried that one.
Thanks for the warning..
Well, if you think homelab there are plenty of other ways to realize a sink holes (pi hole, blocky, …).
Little snitch and others are a good addition which can be useful, e.g. when roaming with a mobile device.
this post was submitted on 09 Apr 2026
186 points (97.4% liked)
Linux
63789 readers
388 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 6 years ago
MODERATORS