Get the top HN stories in your inbox every day.
Terretta
kybernetyk
The problem is: you can't do upgrade pricing in the app store. So your users would have to pay full price for a 2.0 upgrade.
You could of course buy outside the app store - but you don't want that. And I don't want that, too (as a dev selling my software). Purchase orders are a PITA and I have been shafted by enterprise more than once. They get their licenses, I'm not getting my money because they just don't pay. Sucks to be me.
As much as I don't like what apple is doing with their app stores I hate enterprise even more. I don't want enterprise as a customer - no matter how much they promise to pay me. (And that sentiment is pretty universal with anyone who had to deal with enterprise customers). Sucks to be you, I guess.
Terretta
> The problem is: you can't do upgrade pricing in the app store.
That is not a real problem.
Many apps handle this by checking for a prior version and giving a discount (see Omni or Affinity approach), by having an upgrade window (e.g. 1Password approach before switching to subs outside app store), or by just charging full freight again (which nobody who values software actually minds, and enterprises that budget full retail software per person/year anyway definitely don't even think about).
If you charge $X a month over time and think that's fair, you can charge $X * 24 every two years, and let people who dislike the upgrade treadmill just sit on the old version till iOS APIs shift out from under them.
In the meantime, you had the two years cash up front which funds future development.
> They get their licenses, I'm not getting my money because they just don't pay. Sucks to be me.
What are you talking about? The Apple Business Manager UI is a web based app store, one searches for the app, clicks to pay full retail, and you get your full money, immediately, the same as you get your IAP or sub. Meanwhile, the app is bought in bulk, assigned to the employee base, and you just sold 15,000 copies at retail by having a full price version when you otherwise couldn't sell any.
You don't talk to the enterprise and more importantly, I don't have to talk to you, or any other indie dev with weird bespoke purchasing processes not already approved by the enterprise procurement and expense systems.
newaccount74
> you just sold 15,000 copies at retail by having a full price version when you otherwise couldn't sell any
That's wishful thinking. No business buys 15,000 copies of an app just like that.
My experience from the point of view of an independent software developer is that:
1. The company will email you to fill out some forms because they are considering a bulk purchase. You get all excited and jump right into filling out their forms.
2. They will ask for a volume discount.
3. They will ask for some more forms to fill out. They'll casually mention that they are looking at competitors as well. Okay, maybe now they can finally make the purchase...
4. Ultimately they will order 5 licenses and move them around between employees as needed.
In the mean time, 50 private customers will have bought a license without ever contacting you.
If there's a market where businesses randomly buy 15,000 copies of an app let me know and I'll switch to making apps in that market.
(Also, in my experience, most bigger companies don't use Apple Business Manager, they buy software via resellers like Software One)
kybernetyk
>That is not a real problem.
It is to me. I don't want the app store full with different versions of my software that will confuse any prospect buyer.
I also don't want my main customers to feel shafted because every N months I just push out a new app at full price. What happens to the people who bought like 2 weeks ago? I have only 100 promo codes I can send out - and those who use promo codes can't write a review.
Ah yes, reviews. My $50 Mac App has over 700 reviews (4.8 avg rating). It took years to build that up. I'm not throwing this away just because some corporate admin waves the idea of someone purchasing "15,000" units (which is never going to happen anyway). Heck if you really intended to give me $750k you could contact me and I'd put up a special version of the app just for you. But guess what: You're never going to buy 15k units from me. Neither is anyone else.
So, my main customers are single users who are not in a corporate setting. They are my main source of revenue. I'm not going to fuck with them to get into the "maybe corporate is going to give you a million dollars" lottery. I've been doing this software business shit for too long to be that naive.
You're barking up the wrong tree here. Go to Apple and complain why you can't purchase IAPs with your magical Apple IDs.
foooorsyth
> or by just charging full freight again
But is this possible with a one-time-full-price app in the App Store? It’s not, right? Once someone pays for your app, they get all updates forever. I think that’s what the person you were replying to was getting at.
Basically, there are 3 major purchase models for software:
1) I’m buying a forever license
2) I’m buying this major version only
3) I’m subscribing to this software on a monthly/yearly basis
The App Store only seems to support 1) and 3), but not 2). If you want to do 2), you have to roll it yourself outside of Apple’s infrastructure. Which means sending your own invoices, setting up your own key mechanisms, and all of that associated pain
dikaio
This is one of the things that bothers me about Apples app install process; I reinstall my OS often and when I start installing software via App Store, Apple displays the price and the notification that you will be charged never giving the user prior indication of whether the app is a new version that you will or will not pay for. With all the brilliant heads behind Apple you would think they would be able to get the UX right on this.
mrzool
I have the same exact same issue. Managed Apple IDs are a joke, the only use I have for them is to backup the contacts of my users so that when they get a new device they get their email autocompletion back. Keychain sync is disabled. Using the App Store in any capacity is impossible. There's absolutely no way to use in-app purchases/subscriptions. I got almost laughed at by an Apple rep the other day when I asked if it was somehow possible, as an Apple Business administrator, to purchase extra iCloud storage space for a user.
This is a great article to send to those developers that only use IAP to license the complete version of their apps:
https://blog.kandji.io/in-app-purchases-for-enterprise-buyer...
wkat4242
Yeah managed Apple IDs don't work for most enterprises as they require the email and UPN to be the same. In our configuration this is different for a very good reason. We're not going to change 200.000 users just because Apple doesn't support something.
Also manually resolving duplicate accounts at this scale is impossible.
Managed Apple IDs were a nice idea but the implementation sucks. I was hoping they'd fix them after release but it's been like 4 years now and it hasn't happened.
luckman212
Ran into the same issue recently implementing managed AppleIDs. I couldn't believe it.
No way to purchase >5GB of iCloud storage for staff using these IDs
WTF!? Is anyone aware of a workaround for this?
sleepybrett
Little Snitch Mini seems to be almost a demo for Little Snitch, which you can buy outright with a license up front. So buy that for your employees.
jiveturkey
mattl
This doesn’t contain the mini product
jiveturkey
The parent didn't want the mini product. He wanted the full paid version (what you get if you do the IAP in the mini product).
memsom
The UI does look different, but functionality looks the same.
minusf
is the non-mini version also not acceptable? that's what i use and it has no iap.
undefined
inconceivable
right, i'm sure this guy is going to turn his company into a very specific type of enterprise software vendor just because you want him to.
mrzool
> turn his company into a very specific type of enterprise software
They would just need to release a pro version of their app you can pay upfront in the App Store, and then release paid updates later following the same model. No need to "turn a company" into anything.
kybernetyk
> and then release paid updates later following the same model.
How? Paid updates are not possible with the app store. If they were we wouldn't have to jump through those anti-user IAP and subscription hoops.
vaxman
What OP is talkin’ about is “The Way” that Apple requires such devs to interface with its (not their) Business customers via its AppStore. Mac-only devs do have to cater to those customers whether they have them direct or resell thru MacAppStore, or they don’t make it very long. The problem with selling direct is that the Business customers all want the conveniences of only dealing with a single vendor (the Apple) since that’s possible now (via the MacAppStore).
Platform gatekeepers in 2023 should simply vet third-party app stores and award them a Certificate once they pass anti-Fraud. The hardware itself should otherwise run open source firmware that only enforces UL/FCC certification requirements and basic UI standards (be they audio, video, or network). If Apple wants to go beyond that, they can setup Claris or something with its own such Certificate to compete with Amazon and all the other potential third-party ecosystems. This hunk of garbage may look ridiculous, but cast it in an Al custom NC enclosure with miniLED and an m2ultra and… https://www.worthpoint.com/worthopedia/brother-geobook-nb-80...
ary
People are probably going to be confused between this and the "full" version of Little Snitch. My take on it is that Little Snitch Mini is something you can install on a non-technical friend or family member's computer whereas power users may want to stick with the existing offering.
I say this as a long time heavy user of Little Snitch. It's very annoying when you first get it installed, but it provides really useful control over what installed software is getting up to. After a time you settle into a natural rule set for your personal patterns and only see alerts when new or updated software tries a network connection that hasn't been seen before.
"Mini" strikes me as much more of a fire-and-forget product, which I appreciate but won't personally use.
dmix
I've always thought this should be a feature in an OS for advanced users. Combined with some OS level security optimizations it could be quite a powerful security feature for the paranoid and at-risk.
I haven't tried mini but there's probably plenty of UX gains in between the standard Little Snitch fine control approach and the UBlock Origin style community curated defaults where control/customization is optional/on-demand.
ary
Completely agree. Occasionally I run Charles Proxy[1] on my iPhone to analyze network activity and am disturbed by what I see. Software shouldn't be able to open arbitrary network connections without user consent/control, but we're not there yet to a large enough degree on mobile unfortunately.
KyeRussell
The reality is that this sort of control would only be attractive to a very very small fraction of users, and no, not just because ‘people don’t care about privacy’ or whatever. There are just very few situations where someone is going to be able to look at this sort of data and do anything meaningful with it, especially when a) most apps are justifiably internet-connected, and b) the homogeneity of public cloud infra means you can’t really tell anything apart from endpoint alone.
kalleboo
Starting in iOS 15.2 you can turn on the App Privacy Report to log which domains each app on your phone connects to https://support.apple.com/en-us/HT212958
It would be nice for them to add a block option in there as well
jjoonathan
Yes, but these days commercial OSes are seeing a hefty uptick in "first party malware," so to speak, making a third party audit attractive for reasons completely independent from technical integration.
yuuho
Anything external to the OS level is doomed anyway, from the security standpoint. APIs offered to the good guys can be misused by the bad guys. You see this with all those snakeoil virus scan offerings which dramatically increase attack surface (exploited regularly, but that's not what Symantec an friends are telling you).
Plus, anything external to OS level is easier to trick into not seeing what you are doing. And again, if sth external can install itself so deep into the OS that that's hard, then the bad guys can do that too and hide.
elesiuta
> I've always thought this should be a feature in an OS for advanced users. Combined with some OS level security optimizations it could be quite a powerful security feature for the paranoid and at-risk.
I agree, by integrating it with an OS with good sandboxing you can provide some powerful security benefits, otherwise the main use cases I see are marginal privacy improvements by blocking telemetry from non-malicious apps, or reducing bandwidth usage.
Android does a pretty good job of this with its sandboxing and the network permissions for apps, and you can view the data usage per app in your settings.
edit: here is a good resource explaining Android security features and firewalls https://madaidans-insecurities.github.io/android.html
chatmasta
Little Snitch is great, but it does a bit too much for my liking. I've been using LuLu [0] which is a free product from Patrick Wardle, and I'm pretty happy with it. It mostly stays out of the way and I just need to approve new connections the first time I run an app.
bredren
Do you use Spaces in MacOS?
LS seems to have trouble popping transfer attempt warning modals even if set to all desktops.
dhess
I've seen this recently, but only in the last few months, after years of using Little Snitch with Spaces, so I think it's a new thing either with the most recent version of Little Snitch, or macOS Ventura.
chatmasta
I think so? If that's what the thing is called when I swipe between desktops. I've only used LuLu on this machine though, and it seems to have no problem (though I guess I wouldn't notice if it wasn't popping up sometimes).
One thing I have noticed with LuLu is that the connection attempt sometimes shows the address of my VPN server rather than the actual upstream destination address of the request. But sometimes it shows the upstream - I'm not sure what the pattern is there.
angst_ridden
Yup. They have an FAQ on the subject, and claim it's a Ventura bug and not one of theirs.
I've filed a bug report with Apple, for all the good that will do.
What's weird, annoying, and frustrating is that it will work correctly for the first day or two after a reboot, then start exhibiting the bad behavior. Once the "wrong desktop" popups start, they continue until the next reboot.
RamblingCTO
I was like "ohhh good reminder, need to install that again". Then I remembered and checked that I already have it installed ... it asked me for a connection today as well. Speak of automatisms in your daily life haha
He has very good stuff there, love it!
oktwtf
> Find the Snitch that fits you best!
microtonal
I have been a Little Snitch user for a long time, but I am still very much interested in Mini. When an App Store version of something is provided, I prefer that because of the mandatory sandboxing.
TedDoesntTalk
What is the sandboxing done by apps from the App Store?
microtonal
See: https://developer.apple.com/documentation/security/app_sandb...
The most important property is that the app cannot read/write arbitrary files/directories in your home directory [1]. All access is mediated through privilege-separated open/save dialogs or drag and drop (which creates a link to a file/directory in the app's sandbox).
I do trust Objective Development (the makers of Little Snitch), but with any application processing untrusted input, there is always the risk of compromise and its good if the compromise is limited to the sandbox of the app.
[1] Though access to certain directories also requires confirmation for non-sandboxed apps in recent macOS versions.
daneel_w
I bought Little Snitch long ago but managed to squander my license a couple of years later. Mini is unfortunately a subscription app, which is something I these days consider a hostile/unfriendly business pattern. I won't be going back. LuLu is a free alternative.
hayst4ck
I generally agree with you so I looked it up.
In-App Purchases:
Yearly Subscription $13.49
Monthly Subscription $1.49
The real question is, is little snitch rent seeking? Given what happened after Catalina, I am giving them the benefit of the doubt at the moment. Paying for updates before receiving them definitely creates a conflict of interest.
Having looked at their website and seeing SKU-ification (Cutting a product different ways to try to hit different price points) and other business over product decisions, I am definitely feeling shaky about the future of little snitch. SKU-ification is 10x the red flag that a subscription model is.
It's worth considering that viruses now days will check and see if programs like this are running and then delete themselves rather than execute the payload.
latexr
> 3-4 years of subscription approximately being equal to a license sounds reasonable.
Which is probably why the apps on the App Store which offer both subscription and lifetime pricing tend to have the latter at about 3 times the cost of the former. But Little Snitch Mini does not offer that choice.
I’d be willing to pay more than 40$ for a one-time purchase of Little Snitch Mini, but there’s zero chance I’ll do it as a subscription.
happybuy
Lifetime pricing / one-time purchases seem to be a double-edged sword for app sellers.
You satisfy users who are happy to pay a large amount upfront by they are also likely your most enthusiastic customers. So in essence they would be the customers who would probably pay more than 3 years of subscriptions over the period the lifetime payment covers.
Users who aren't that enthusiastic are more likely to not use the app for long periods and also unlikely to pay a large upfront cost.
hayst4ck
I see both sides. This dilemma is capitalist hell.
Why is obdev sku-ifying their product? Because the incentive model for selling a license means that the market can saturate and there is a lack of recurring or stable income/income safety for the dev. In order to get new spikes of income, a new product is generated. If the market for a particular license becomes saturated, how will they make more money?
Licensed based sales incentivizes creation of new product and disincentivizes incremental improvements on already complete products.
On the other hand, subscription models incentivize rent seeking. If money is coming in, there is no reason to do more work. Income is not dependent in any way for work done, except maybe compatibility adjustments.
So a license is a wonderful model for the buyer and not so great for the seller. A subscription is awful for the buyer, but too good for the seller.
So what kind of payment method/pricing scheme, keeps the developer engaged in improving the product, but doesn't incentivize rent-seeking?
How would you price things if you were the seller?
throwaway2037
I like this post. It is honest. Are you OK with no upgrades and no new features? That is one advantage to the subscription / cloud-y model. That said, I agree with your sentiment. I usually stay away from subscription products.
crossroadsguy
It is so interesting to see this line of thinking. I am sure it comes with purchasing power or local spend vs saving culture. I mean I genuinely find it interesting. Because subscriptions pile up. They do.
I saw this phenomenon, with horror, devour/take-over note-taking and journal app scenes in almost entirety (except some open source react native/hybrid apps).
Cort3z
> It's worth considering that viruses now days will check and see if programs like this are running and then delete themselves rather than execute the payload.
Wait, is this true? Do you have any resources backing this up. This would be a good protection mechanism if you can distill it to the minimum footprint to trigger this self destruct on viruses.
hayst4ck
For windows it is true. I don't know if there are mainstream osx trojans, but I don't see why they wouldn't have the same behavior.
There are services like crowdstrike where you can upload a trojan, it will then run the trojan in a VM to try to see what it does. In response, trojans try to detect if the system they are on is a vm and if it has sufficient power (lots of ram, lots of cpu, age of installation/uptime) rather than minimal power as well as try to detect of the machine is capable of malware analysis or detecting it through installed tools (is python installed, etc.).
From first hand experience manually reverse engineering some e-mail trojans for fun, I can tell you it is true that at least some e-mail trojans will:
1. Check the resources of a machine to be reasonably confident it is not a honey pot/profiler
2. Check what is installed to be reasonably sure the owner is not technical
I tried to use google to find a nice article to read of a breakdown of a trojan, but google seemed determined to return general population level results rather than technical/professional ones.
daneel_w
>"That's surprisingly modest. 3-4 years of subscription approximately being equal to a license sounds reasonable."
To me it's not modest, because I don't plan to stop using the software after just 3-4 years.
decko
I think the point is that after 3 to 4 years, a new version of the perpetual license version would be released and you would spend that amount to upgrade anyway. Of course you could choose no to upgrade, but that’s not always an option when support for new macOS versions are not available in the older version.
whynaut
From their 'Compare' page, it seems like they are targeting entirely different kinds of users, not price points.
keyle
Using LuLu for so long I actually forgot that I have it running! +1 for LuLu.
guessmyname
I've been using Little Snitch for years, and it's probably the most important software on my computer. However, I've noticed a problematic trend in modern software development: developers are using the same hostname to serve both functional and non-functional web APIs.
For example, let's say that Apple's Xcode sends harmless data to their telemetry service at telemetry.apple.test. Even though the data is anonymous, I still choose to block it because I believe in protecting my data. But then, I realize that some features of Xcode, such as CI/CD, no longer work. It turns out that Xcode is also using the same domain to host an API for their cloud CI/CD offering. (hypothetical example)
I've been trying to solve this problem by routing my network traffic through my own software and manually inspecting the traffic from time to time. I redirect non-functional HTTP requests to /dev/null and functional requests to the corresponding website. It works, but it's not a scalable solution.
So, I have a feature request for the Objective Development team. Could they please implement an option to view the raw HTTP request in the alert window, especially if the network connection is to send an HTTP request? Sometimes, it's hard to decide whether to click “Allow” or “Deny” based solely on the hostname and port.
paxys
This isn't some new "problematic trend". A website serving all kinds of requests from a single domain name has been how things have worked forever.
Pages making cross-origin requests is in fact a new phenomenon, and has been widely adapted by the ad industry simply because the ad server cannot trust the content host to report its own ad view/click-through numbers. If the server doing the data collecting or ad serving is the same as the one providing the content, there's zero reason for them to be on different domains. And for all these cases any kind of network-level blocking is always going to be ineffective.
wepple
> Could they please implement an option to view the raw HTTP request in the alert window,
This would be very, very hard to do well. First, for anything that doesn’t use standard libraries for TLS it’s simply not possible. And for things that do, you’re putting this software in a phenomenally trusted position. And then actually maintaining and using a deny/allow list based on something more granular than host:port will be so high that it’s a 0.1% of users type feature.
Negative RoI
antifa
> I've been trying to solve this problem by routing my network traffic through my own software and manually inspecting the traffic from time to time.
What do you recommend for someone looking to get started with doing this to their own device(s)?
rsync
"It turns out that Xcode is also using the same domain to host an API for their cloud CI/CD offering. (hypothetical example) ..."
By "domain" I think you mean a full FQDN and not a top-level "apple.com" and I agree that this is troublesome and then go further and suggest that this is by design.
ramzyo
I think this maybe could indicate potential increased usage of reverse proxies? Total shot in the dark though, not sure.
donohoe
I would happily pay $20 or $30 for a version of this, but I will absolutely not pay a subscription fee for extra features. I have too many subscriptions...
I want to support this developer but not this way. Uninstalling :(
keyle
It's surreal, to pay for the internet on a monthly basis, ...
and then pay for parts of your computer to NOT talk to the internet on a monthly basis!
berdon
If you buy directly and not from the app store it isn't subscription: https://www.obdev.at/products/littlesnitch/order.html
resoluteteeth
Isn't that a different product? This thread is about Little Snitch Mini
viewtransform
How much is the subscription fee ? - it is not mentioned on their site.
simple10
Subscription is $13.49/yr or $1.49/mo for mini according to Mac Store page.
lockhouse
In all fairness, you can't even buy a cup of black coffee from a 7-Eleven for that much.
mackopes
In the UK it's £12.49 per year or £1.29 per month
micromacrofoot
software is ongoing though, the subscription model makes more sense if you want ongoing maintenance
deely3
profits mainly. some software managed to work just fine for years with one time buy..
micromacrofoot
Yeah some, and a lot of the time you'd be running it with gaping security holes. There's no way little snitch can keep on top of OS and network updates without a decent amount of ongoing maintenance.
qup
Much software still works like that, for free.
The software that can't be released free often has users that require features that need constant maintenance. API integrations, for instance.
These features aren't really optional anymore to be competitive.
raydev
You don't understand how modern macOS works.
Zetice
It's so cheap, why do you care?
hh3k0
Why wouldn't he care? Keeping track of all the subscriptions "forced" upon you is a huge pain in the ass these days – and seemingly getting worse.
Personally, I refuse to use subscription services out of principle. I much prefer to pay once and have it off my mind.
Zetice
Wouldn't a saner way to live be to judge the value you get out of something to determine how much you're willing to pay for its use?
Just seems needlessly limiting to act like this out of principle.
tenpies
For only $400 per decade, I will handle your Little Snitch Mini subscription.
Longer licensing agreements are also available. ;)
latexr
Subscriptions add up. And there’s no guarantee they won’t jack up the price at the most inconvenient time and leave you hanging (LastPass, for example, has done that). For users, a subscription mean loss of control.
daneel_w
It's sort of unfriendly to corner customers into having to buy the application over and over each year.
npunt
Smart move to go for the more casual user, it suggests Obdev has been doing their homework and proactively talking to regular users, rather than just blindly building feature requests. Tools like this so often get sucked into serving the loud minority of expert users with ever more esoteric use cases, which leads to a death spiral of audience capture where the tool gets more and more complicated and harder to approach for casuals.
Little Snitch Mini looks great, I'm going to recommend it to friends!
apimade
I've been beta testing Little Snitch Mini for the past 6 weeks and I have to say it's exactly what I wanted. Really happy with it, the development team should be proud of such a great product. It does a few things, and it does them very well.
However I don't love the SaaS nature of the product post-release, because tying my security posture to a credit card payment isn't something I love. Sure, I can make it so I only have to worry about it once per year - however what value does this continue to bring me beyond the current capabilities?
It seems the last iteration of Little Snitch from 4 to 5 added a CLI, some of the traffic stats we can see in Mini, but was mostly compatibility-related updates. MacOS went through some pretty major changes going to Ventura and all of the Extension-level changes which affected so many security tools, so I feel like the work there was substantial and justified the new license. For $69 (or $30 on-sale) every few years, it definitely makes me question the value the original version provides a power-user or technical user, over a monthly subscription which I'd need to monitor over the years in this new product, LSM.
Now I'm unsure what market segment the LSM product addresses. uBlock Origin seems to serve the majority of use-cases for a typical casual user, and network-level filters really don't seem relevant for the everyday user - particularly with the increasing adoption of DoT/DoH, making DNS-level filtering less useful. I originally assumed this product was for power-users who didn't need the full suite of LSM, and liked the MVP-style interface. But just for the sake of not having to worry about an on-going fee - I think I'll be hard-pressed to adopt it.
As a workaround - I'd love an option to pre-purchase 3 years up-front.
lucideer
As someone who's been paying for Little Snitch for a long time this is an odd move, as this seems to do everything I would want.
Sure, I've availed of some of the more advanced features in the paid version, but they definitely never seemed essential to me. What I mainly need is the basics they've included in the free version now.
I wonder if this is a direct response to Lulu (have been meaning to try it but migration is friction)
darkstar999
But you don't get connection blocking for free.
> The network monitoring functionality, including the real-time connection list, traffic diagrams and the animated map view can be used for free!
> The full feature set, including connection blocking, extended traffic history time ranges, advanced display and filtering options and more is available as an in-app purchase.
dylan604
I guess if you are just doing an investigation to see if there is any unusual traffic, the free version can be useful. Since it's not actually preventing any of the traffic, it doesn't make the paid for version useless. For those that want to stop the data flow but continue using the chatty software, upgrading to the paid version would still be a thing. If you're the type to just stop/remove chatty software, then this free version will help find them. Seems kind of cool.
lucideer
Ah! Ok I did miss that detail. In that case this makes more sense.
kccqzy
I used to use Little Snitch quite a lot, but eventually I gave up. Two things contributed to it: (a) a lot of apps started using nsurlsessiond to load URLs, obscuring the real originator; (b) a lot of apps started making requests to ec2-xx-xxx-x-xx.us-west-2.compute.amazonaws.com and making the server essentially anonymous except that it's hosted on AWS.
Have things improved in the past few years?
slimebot80
Silly question, but how do we know to trust an app where all internet traffic passes through it?
There's a lot of scrutiny of VPN services in this regard, should it be the same here?
paxys
At some level you have to trust whatever you install on your computer. There's no way to ever prove that it is safe or not. If the developer's reputation, recommendations by the community, quality of the product etc. aren't enough then it's best to just not use it.
Beyond that, Little Snitch (and Little Snitch Mini I assume) operates as a network firewall. It can see the domain where the traffic is going, and block it if it wants, but can't see or decrypt the contents of the message. The OS itself will not allow it to.
tinglymintyfrsh
I use LS. Mini wouldn't work for me at work or home. It's probably targeted and useful for non-developer users.
I also use Objective See's LuLu, OverSight, ReiKey, and RansomWhere.
LuLu + LS makes any app using telemetry shriekingly obvious and selectively denyable.
Work additionally deploys YARA, MS MDE, Malware Bytes, and an MDM. There are other internal tools for password projection, DLP (anti-exfil), and pre-execution binary allow/denylisting.
krono
LuLu itself sends telemetry to Sentry by default
sneak
This is why I pay for LS. The whole point of the software is to avoid nonconsensual phone-home; if it does it itself, how or why would you ever trust the developer?
I'd literally rather pay for proprietary software than maintain a fork of LuLu.
Zetice
It's not nonconsensual, you can literally block it with itself.
clairity
that's the only telemetry it sends (afaict) and that's pretty easy to block with lulu itself (which is what i do).
Get the top HN stories in your inbox every day.
"The full feature set, including connection blocking, extended traffic history time ranges, advanced display and filtering options and more is available as an in-app purchase."
So this means as a company using MDM, I cannot purchase it for all my employees.
MacOS devs who see IAP and subscriptions as the only purchase paths are leaving corporate purchases on the table.
We choose software we can pay for. We are fine if it's priced fairly to support the developer and the work to get to the next version. We are fine paying for the next version too.
But IAP or subs paid for by company? Apple itself doesn't support that on Macs managed using their corp device management. (And no, the user cannot buy it and expense it either, IAP/subs are disallowed on managed Apple IDs.)
Indie MacOS devs, all you have to do is also list a full retail version. You will have buyers. $2.99/month sub also sold $79 full price and a major update each 2 years with a new full retail version number? You will still have buyers, and you'll have the cash now, instead of over the 2 years.