this post was submitted on 09 Apr 2026
9 points (100.0% liked)

TechSploits

499 readers
9 users here now

All things relating to breaking tech, tech breaking, OSS, or hacking together software to perform something completely out of the ordinary, on purpose or by accident.

founded 2 years ago
MODERATORS
reddthat@reddthat.com
9
Little Snitch for Linux (obdev.at)
submitted 19 hours ago by ticoombs@reddthat.com to c/techsploits@reddthat.com
0 comments fedilink hide all child comments
 

A word on limitations

Little Snitch for Linux is built for privacy, not security, and that distinction matters. The macOS version can make stronger guarantees because it can have more complexity. On Linux, the foundation is eBPF, which is powerful but bounded: it has strict limits on storage size and program complexity. Under heavy traffic, cache tables can overflow, which makes it impossible to reliably tie every network packet to a process or a DNS name. And reconstructing which hostname was originally looked up for a given IP address requires heuristics rather than certainty. The macOS version uses deep packet inspection to do this more reliably. That's not an option here.

For keeping tabs on what your software is up to and blocking legitimate software from phoning home, Little Snitch for Linux works well. For hardening a system against a determined adversary, it's not the right tool.

I like this.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here