Did it block?

How effective are blocklists actually? Let’s find out!

Blocklists are a fine thing. With just a few mouse clicks they are set up and immediately they effectively protect against unwanted Internet connections to tracking servers, advertising servers and malware sites.

From then on, they perform their duties quietly and unnoticed in the background. But sometimes it would be quite exciting to also watch them at work.

This was already possible with Little Snitch Mini. The red flashing in the menu bar icon or in the connection list serves as an indication that one of these unpleasant connection attempts has just been detected and prevented.

With Little Snitch Mini 1.3 there is now another exciting possibility to get a closer look at your blocklists: The blocklist statistics!

A counter is now displayed for each blocklist entry, indicating how often the entry in question has already been effective:

And a new filter option in the search field allows you to see only those entries that have been effective at least once:

The filtered view is sorted by frequency. So you can easily find the most often used entries at the top of the list.

Does “unused” mean “useless”?

With some blocklists, it is possible that even after months of use, not a single entry appears as used.

However, this should not lead you to the false assumption that this list is unnecessary and might therefore be removed.

If and how often a list takes effect depends a lot on what that list specializes in. Lists that specialize in tracking servers will potentially hit frequently, because user tracking for advertising purposes is a widespread evil.

On the other hand, lists that protect against malware servers should, in the best case, never take effect. Otherwise, this would be an indication that you were actually affected by a connection attempt to one of these potentially dangerous servers, but fortunately it was successfully detected and prevented by the blocklist.

You can compare this to the lock on your front door. Just because there are no traces of an attempted break-in on the door does not mean that you should remove the lock.

So enjoy using blocklists with Little Snitch Mini and see how often they take action for you!

Three-way handshake bypassing Little Snitch

There has been some discussion recently about the bypassing of Little Snitch by the first datagram of a three-way TCP handshake. The facts: When a deny-rule for a domain is set in Little Snitch, and a TCP connection is made to that domain, a TCP SYN

What are blocklists and why should you use them?

Everyone has heard of them, blocklists, blacklists, denylists. But what are they? In short, a blocklist is a database of Internet servers known for spreading spam, malware or unwanted advertisements. If a blocklist is installed on your computer,

A wall without a hole

Update: Apple has released macOS 11.2 on February 1, 2021, removing the controversial ContentFilterExclusionList. It seems that Apple is willing to admit mistakes. The unfortunate hole in the wall that raised a lot of privacy and security concerns
Archive