Hacker News new | ask | show | jobs
by tedmiston 3436 days ago
> Research Assistant

> Have you ever wondered why a process you’ve never heard of before suddenly wants to connect to some server on the Internet? The Research Assistant helps you to find the answer. It only takes one click on the research button to anonymously request additional information for the current connection from the Research Assistant Database.

I'm so glad they built this feature.

The hardest part about using Little Snitch is trying to figure out whether processes that look like system or daemons are making legitimate connections.
2 comments
developer2 3435 days ago
Frankly, I don't think Little Snitch is usable because of this. And no, a lookup tool is not good enough. For a paid program, I would expect them to maintain a list of the "required/acceptable" connections and "unnecessary" connections for popular programs, and automate the process of approval for each app.

Perfect example: Spotify is impossible to manually whitelist without spending well over an hour accepting or denying each of the exhaustingly large number of domains it touches. I bet that nearly every user simply gives up and whitelists the entire application, which defeats the purpose of paying for and installing an app like Little Snitch in the first place.

Little Snitch should be doing that work up front for its users. One person on their end spends a day or two figuring it out for an app, and saves tens of thousands of user hours having to individually perform that task. No anti-virus out there alerts a user to every filesystem read and write - they maintain databases of known threats. The same should be true for this kind of software.

Yes, it would require constant maintenance on their part. If they needed to up the price to make such a strategy viable, so be it. As it stands, I uninstalled out of frustration after using the demo for 6 hours. The alerts and interruptions never stop.

link
computator 3435 days ago
Oh this is so exactly my experience as well. I love the concept and the fine grain control that's possible, but it's so damn frustrating to use. So many obscure processes on OSX want outbound access that I gave up trying to research each; on the other hand, if I deny everything I'm worried that something subtle is going to fail and I'll end up spending half a day figuring out why.

> one person [does the work] and saves [us] tens of thousands of user hours having to individually perform that task

If Little Snitch is listening, please do this. I would be willing to pay more.

link
reconbot 3435 days ago
They do stop, and while I do agree it's annoying at first, your decisions about what to block and when, are different from my decisions about what to block and when. It's not about "threats" per-say but about privacy, operational security and choice.

I would totally accept some presets for apple services.

link
computator 3435 days ago
One preset that I would love is "maximum privacy while user initiated outbound still works". So my browser would work because I initiated it, but everything OSX or apps do in the background are blocked. Automatic updates are blocked? Good! Network time sync is blocked? Fine by me. Only what I initiate gets through. Can you do that as a preset please?
link
peteretep 3435 days ago
That's my default until VPN is up; Firefox only + a few network services that seem to be required
link
developer2 3435 days ago
There is simply too much trial and error caused by initially denying a connection, only to discover that it's a mandatory connection to allow the app to function properly. A ridiculous amount of time is spent changing an initial deny to an accept.

>> your decisions about what to block and when, are different from my decisions about what to block and when

It really would not be hard to offer sensible default presets per application. "Spotify is attempting to make its first connection. Would you like to a) block all connections, b) allow all connections, c) allow all connections required for standard operation only, or d) ask me for each connection (manual management)". Nobody is going to fine-tune every phone-home or analytics call; people who want them blocked will block them all, and people who don't mind won't block any of them.

The only reason it's a tough job is that applications can change frequently. Every time any app (ex: Spotify) releases a new version, it needs to be reviewed again to see if the "firewall database" needs updating. It would be useless to have a database of known connections if updates aren't disseminated to users within 1-2 days of a new release.

link
wst_ 3435 days ago
That is a valid point. But they could at least do a research and give all users useful info in pop-up window. Wouldn't it be easier to decide if one could read a message? Ex: "Process XXXZZZ666 - This process does this and that. Risk of blocking is this, risk of non blocking it that."
link
driverdan 3435 days ago
While Spotify does use a lot of domains most of them are subdomains for music. You can use a wildcard for them (*.ap.spotify.com ports 80, 443, 4070).
link
elastic_church 3435 days ago
but if I block Little Snitch from Little Snitch, will Research Assistant still work?
link
chris_wot 3435 days ago
Try the Little Snitch Research Assistant, it might be able to help.
link