Little Snitch "denied" connections leak your IP address

submited by
Style Pass
2023-03-29 21:00:09

Little Snitch is a macOS app and network filter extension made by Objective Development Software. I purchased Little Snitch years ago, continue to use it, and will continue to use it. I've also done a lot to promote Little Snitch on my blog and even in the news media. However, this blog post raises a privacy issue with Little Snitch that bothers me, and I believe the public has the right to know about it. My hope is that highlighting this issue will prompt some improvements in Little Snitch to ameliorate it.

When you look at the implementation of Little Snitch, the interpretation of the word "data" becomes crucial. Technically, unless you allow the connection, Little Snitch does indeed prevent HTTP data from getting sent. Nonetheless, Little Snitch does not prevent TCP (Transmission Control Protocol) data from getting sent. This TCP data includes your IP address, which can often be used to personally identify you. The server knows that you, i.e., your IP address, tried to connect to the server, even when Little Snitch "denies" the connection.

The background to this blog post is that I was testing whether Little Snitch exempts its own connections to the developer's server from getting blocked by Little Snitch. I already knew that Little Snitch could block its own software update, but I wanted to see whether there was anything else, ironically in order to assuage someone else's fear about the app. The good news is that Little Snitch doesn't exempt its own connections, as far as I can tell. I tested this on one of my Macs that didn't yet have Little Snitch installed. I disconnected the Mac from the internet, installed Little Snitch, and went through the entire setup process. Below is a minimal set of rules that you can use for testing. It blocks everything except configd, which is required to connect to your router, and mDNSResponder, which is required to perform DNS queries. (By the way, the "Information from Objective Development" in the screenshot below was available without an internet connection, so it appears to be bundled with Little Snitch.)

Leave a Comment
Related Posts