Should I install OpenSnitch?
Is it secure? Won’t it compromise my privacy?
I’m not sure how a firewall would compromise one’s privacy.
OpenSnitch is a well-known tool that works great, from personal experience. Feel free to try it out if you want. I found it more reliable than Portmaster, especially when using a VPN.
2 Likes
I am not sure that this accomplishes that can’t be done with plain old iptables rules. Anyway a firewall isn’t usually needed on a workstation.
Selective picking which server you do allow while visiting a website.
Realistically not a viable solution when it comes down to manually managing a list of 500 endpoints.
Sure, you can say “F U Github” but most of the time, it’s more granular and you might want to load the assets of a new website without willing to get all the ads/banners/quick payments/other nonsense loaded.
Ad blockers can do that to some extent but Snitch goes deeper.
2 Likes
I’ve been using it since September. Kinda tedious to setup initially given how many general apps require internet connections, but after the first day or two, it starts to fade into the background more and only pops up for new apps/connections. Definitely a great app that I recommend.
2 Likes
What do you mean? Can you explain?
Because I am trying to build more secure setup. And get rid of any (if there is any) telemetry
First time you will start Little/Open Snitch it will ask you for allowing (or not) a connection to a server. Maybe you can guess the amount of servers/services your computer will be reaching out to but it can reach out about hundreds.
And everytime you open a new website, it will ask you which server call you want to allow or not there too.
If you do allow for a specific amount of time, it will prompt you again for each endpoints.
Login to the same website on another browser, it will ask exactly the same there again too.
Can be daunting especially in the beginning and the idea is to have a “deny all” by default, but then yes it’s a lot of stuff to whitelist.
At some point, it gets less annoying tho because you don’t need to whitelist your mail provider all the time and can keep it permanent. 
2 Likes
So it’s a content blocker for the entire system. Not something I would consider doing as it’s a pain in the ass. I do run medium mode (block third party scripts/frames globally) in UBO though and I think it’s good enough.
UBO is nice in a browser but plenty of other programs want to run things too, it’s very nice for those use cases too.
Also, nothing refrains you from allowing all the connections in your browser if you want to keep UBO-only there.
But there is definitely some patience to have if you want to have it granular haha. 
1 Like
Ideally you want to filter on 3 levels: browser (by Ublock Origin or natively in Brave, Device Firewall like Little Snitch and Network level DNS).
2 Likes
Ohhh wow, very nice one. Thanks for sharing! 
And yes all the way! 
Not friendly or easy but definitely a cool setup to have in the end, especially if the Network level is done at the router level. 
1 Like
I’ve got ph00lt0 running in Brave, Hagezi Pro++ for DNS, Simplewall, and a hardware firewall. Been using this setup for ages without a hitch.
1 Like
I saw you talking about this a few times before already.
I haven’t dipped into this one just yet but idk why it sounds like a damn paid product, hence why I glanced over 
yet it looks very much FOSS from what I can see?
Confusion is real with this naming convention huh.
Pro Max XL coming soon? 
On DNS level I recommend to use this lists in combination with Hagezi’ Multi Pro++ and OISD Big.