[teraflop]

The whole point of something like Little Snitch is to detect, and give you the option of preventing, connections that you wouldn't otherwise know about. For instance, programs that secretly phone home with telemetry about the user's behavior.

I can easily imagine such a program doing its own DNS lookups (or just using hardcoded IP addresses) to avoid detection, and this approach allows you to block it anyway.

Sure, you could do the same thing manually. But you might as well say "why does anyone need Visual Studio Code when we have sed and awk?"

[throwawei369]

My point is. With Linux and FOSS software, you do not necessarily need to treat programs as hostile. By default, most software is open and can be audited. If you decide to extensively use proprietary software then you have bigger problems that even Little Snitch cannot solve.

There are better alternative routes you can take that do not involve a "MITM" for all your connections.

[KyeRussell]

Your head is firmly in the clouds if you believe that “audit all your software” is an appropriate solution for even the majority of desktop Linux users. The sun still rises every day with people using software that they aren’t personally auditing. Continued interest in this project proves its use. I don’t buy that you genuinely believe your viewpoint. You’re just being a FOSS purist.

[beagle3]

You somehow assume exploits never happen.

There’s no MITM involved. Just another hop (potentially with an interactive go/no decision.

[throwawei369]

If am not wrong, Little snitch doesn't stop any malicious domain that the user is not aware of.

Little snitch is effectively a MITM app for all connections on the system it is installed on.

[beagle3]

Little Snitch can be setup whichever way you like, but the default/recommended way is for it to ask the user about every connection attempt, which you can then approve or deny (for a limited time, or forever).

Little Snitch is a gate. It either lets a specific connection through, or not; it does not modify it. It all happens on your own machine. You keep using that term, "MITM", I don't think it means what you think it means.