Why are Lulu or Little Snitch not included in Privacy Guides’ tools page, as Michael Bazzell suggests they are important for taking privacy further on proprietary OS’s like macOS?
They are still great apps to use for what they do and provide. Just because an app is not recommended doesn’t by default mean it is bad. They are still reputable apps that work well. Just know that.
But I guess they are not recommended here is likely because they do not pass the many thresholds PG sets for privacy apps.
2 Likes
Vote and share your thoughts if you want it to be added.
1 Like
There is a ongoing discussion of Little Snitch here that may provide insight.
With some discussion of Lulu as well.
1 Like
The LS thread reads like it or even both would be added as a recommendation but it still hasn’t? Not complaining just curious as to the hold up.
I’m more curious as to why Little Snitch or LuLu is often recommended (not here, but overall on the web) but something that hooks into the native pf firewall like Murus is not.
My best guess is that people don’t know about it. Even I didn’t. Thanks for sharing.
Is this the one you’re talking about? I ask because you didn’t link it.
1 Like
Yes, that’s the one. Apologies for not linking.
Never used it. Murus (and Vallum) just came up back when I was considering macOS. Seemed well regarded amongst people on netsec forums and subreddits.
Unless they are tagged with a decision, its still just in the discussion phase. Since the thread isn’t super active (no responses in 6+ months) and doesn’t have a lot of votes, it is likely not a huge priority for the staff to decide upon.
Because despite having them, MacOS tunnels and bypasses them at the OS level. As usual, Apple does not respect user preference.
A network-wide blocker is preferable to this to avoid Apple doing shenanigans behind your back.
You are right, but don’t you think for most people it just better to configure Lulu and stuck with it, instead of not installing any kind of third party firewall to let Apple collect any information they want?
In my opinion it’s very unreasonable, not adding such kind of toll for beginners in privacy.
I didn’t even realize there was a voting system. 
How can I cast mine?
Yeah I think having more beginner friendly privacy options is excellent helping encourage others to take back their privacy. I haven’t tried lulu but I’ve been using little Snitch for years. While maybe not perfect it’s really been great for me
In Tool Suggestion threads there will be a button to vote.
Votes are there just to show the staff people are interested. They do not have any bearing on if the tool will be recommended.
3 Likes
disclaimer: I co-develop a FOSS “Little Snitch”-esque app for Android
Don’t think consumers should run closed-source security/privacy product on their clients (see Tailscale, Signal, GrapheneOS etc), if there’s a capable FOSS alternative (in this case, some folks have reservations about LuLu).
Glasswire, “Little Snitch” of the Windows world, was sold to an Italian company (the founding team was pretty ideological about end-user privacy and yet …). The same thing happened with “Simple Mobile Tools”, though it was promptly forked as “Fossify”. No such thing happened with Glasswire.
4 Likes
Yeah for me I don’t like to give third party software full control over my networking. I’d rather use the built in firewall even if it’s a bit cumbersome. Maybe in the future macOS will add the capability to block outgoing connections to its application firewall.
1 Like
Well, arguably you can propose to list them as a means for harm reduction but since you are paying anyway, might as well pay for a better solution (like a separate router ala GLinet hardware solutions and paid VPN with capabilities to block trackers?
macOS is closed source anyways. On my GrapheneOS phone, I wouldn’t use a closed-source firewall, but on macOS, I don’t really see the harm. Little Snitch has a great reputation, is notarised by Apple, and you can easily see what connections it makes with Wireshark if you are so inclined.
1 Like
The “harm” here is:
- There’s an equally capable FOSS firewall which you could be using.
- You must trust the silicon manufacturer, the OS vendor, and the security software vendor. With these things, the more vendors you involve, the lower your defensive profile gets.
Like you say, if you trust LittleSnitch folks with security+privacy, all well and good; but like Glasswire and Simple Mobile Tools, the “vendor” could sell to another with no recourse (for ex, you can’t “fork” it).
1 Like