This limits the amount of data which can be sent semi-reliably to several 10 kilobytes.
That’s disappointing. You can fit an SSH key in there, some browser cookies (which no browser properly protects), or a keylogged password.
I always thought that the blocklist rules were handled by the kernel directly like iptables, but apparently not. That seems like the fix: make Apple let NetworkExtension users totally block an IP on first use, only allowing one TCP SYN through.
That’s disappointing. You can fit an SSH key in there, some browser cookies (which no browser properly protects), or a keylogged password.
I think this is also an argument in favor of asking vendors to use macOS sandboxing or to get apps from the Mac App store (since they are sandboxed). The best application is an application that does not have access to arbitrary files (I think key logging always requires the accessibility permission bit).
That seems like the fix: make Apple let NetworkExtension users totally block an IP on first use, only allowing one TCP SYN through.
I think this is also an argument in favor of asking vendors to use macOS sandboxing or to get apps from the Mac App store (since they are sandboxed).
I wish Apple offered more capabilities to sandboxed apps; my understanding is that their restrictions prevent entire categories of apps, including Little Snitch itself, from possibly being sandboxed.
That’s disappointing. You can fit an SSH key in there, some browser cookies (which no browser properly protects), or a keylogged password.
I always thought that the blocklist rules were handled by the kernel directly like iptables, but apparently not. That seems like the fix: make Apple let NetworkExtension users totally block an IP on first use, only allowing one TCP SYN through.
it’s chrome vs adblockers all over again in terms of API access
agreed - but at the OS level. very upsetting.
I think this is also an argument in favor of asking vendors to use macOS sandboxing or to get apps from the Mac App store (since they are sandboxed). The best application is an application that does not have access to arbitrary files (I think key logging always requires the accessibility permission bit).
Seems like a nice improvement!
I wish Apple offered more capabilities to sandboxed apps; my understanding is that their restrictions prevent entire categories of apps, including Little Snitch itself, from possibly being sandboxed.
There is an App Store version of Little Snitch now (Little Snitch Mini).
Huh. I stand corrected!