Hacker News new | ask | show | jobs
by reconbot 3435 days ago
They do stop, and while I do agree it's annoying at first, your decisions about what to block and when, are different from my decisions about what to block and when. It's not about "threats" per-say but about privacy, operational security and choice.

I would totally accept some presets for apple services.
3 comments
computator 3435 days ago
One preset that I would love is "maximum privacy while user initiated outbound still works". So my browser would work because I initiated it, but everything OSX or apps do in the background are blocked. Automatic updates are blocked? Good! Network time sync is blocked? Fine by me. Only what I initiate gets through. Can you do that as a preset please?
link
peteretep 3435 days ago
That's my default until VPN is up; Firefox only + a few network services that seem to be required
link
developer2 3435 days ago
There is simply too much trial and error caused by initially denying a connection, only to discover that it's a mandatory connection to allow the app to function properly. A ridiculous amount of time is spent changing an initial deny to an accept.

>> your decisions about what to block and when, are different from my decisions about what to block and when

It really would not be hard to offer sensible default presets per application. "Spotify is attempting to make its first connection. Would you like to a) block all connections, b) allow all connections, c) allow all connections required for standard operation only, or d) ask me for each connection (manual management)". Nobody is going to fine-tune every phone-home or analytics call; people who want them blocked will block them all, and people who don't mind won't block any of them.

The only reason it's a tough job is that applications can change frequently. Every time any app (ex: Spotify) releases a new version, it needs to be reviewed again to see if the "firewall database" needs updating. It would be useless to have a database of known connections if updates aren't disseminated to users within 1-2 days of a new release.

link
wst_ 3435 days ago
That is a valid point. But they could at least do a research and give all users useful info in pop-up window. Wouldn't it be easier to decide if one could read a message? Ex: "Process XXXZZZ666 - This process does this and that. Risk of blocking is this, risk of non blocking it that."
link