I'd argue this opens up a giant attack surface where malicious software will try to route its command and control communication through a protected service. Do we really want to trust that Apple will keep all 50+ of these privileged services fully protected?

I think it makes the "world" slightly worse in that it will be harder to discover malware. Little snitch has a small user base, but it's been used to identify many forms of malware and protect many more people once the threat is identified.

If I install Little Snitch, it's because I trust Little Snitch to be responsible for my computer's network traffic, over and above anyone else.

I recognize that this won't necessarily apply to all users or all apps, but there needs to be a way for the user to designate trust. Apple services and traffic should not get special treatment.

> I trust Apple, but I don't like trusting trust.

Trust relies on faith or evidence, the overwhelming circumstantial evidence is that Apple can not be trusted with anything other than their commercial interests.

You can not trust Apple with anything else, therefore you must have faith.

Who cares about the world.. I just want full access to the system I paid for. This should always remain an option.

Why doesn't each individual user have the final say over whether she wants to accept the change or not? There is no option presented to the user:

   [ ] Do not trust Apple, trust only me

You say "Some people are smart, informed developers" but in this case, it appears Apple is treating every user as the same.

I am not a "developer" (nor am I particularly "smart") and yet I monitor traffic to/from computers I own. Maybe some incorrect assumptions are being made about so-called "users". I find it perplexing that any company should be able to prevent me from monitoring traffic to/from computers I own. I own the computers, I pay for the bandwidth. I do not buy Apple computers for the Apple software.

Actually, I don't think this is about trust. I mean, when I use an Apple OS, I (should) trust them, as their software has access to all my most sensitive digital information.

However, making it impossible to route the traffic of the system apps through a VPN of my choice (whatever the reason), is just broken functionality.

Is there anything Apple can do that makes their platform less accessible to the users that you would not support?

Have you used little snitch? It very clearly allows all apple traffic by default, and if you modify something that would affect it, you get a huge popup explaining what will happen and have to click on a red button to confirm.

> Is the world better or worse due to this change?

This is the false shortcut behind any attempt to weaken security. Security makes access harder, therefore let's weaken security to improve access.

The fact is that weakening security also makes malicious behavior easier and/or more likely. Changes like this are bad particularly because Apple users pay for a protected walled garden.

> Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.

Wouldn't say I'm that smart. Wouldn't call myself a developer either. But I'm still kind of dismayed. I used to love macOS (or OS X to be precise), but the clock has been ticking for years now. Near every decision made about macOS future goes in the wrong direction (for me). Right now I'm looking at Manjaro. But still, I need the Adobe CC suite to get my work done, so I will have to use two machines. I hate running two computers. But that's probably where I'll end up.

How is this good?

Either Apple doesn't trust Little Snitch and shouldn't let it interfere with any apps, or Apple does trust Little Snitch and shouldn't block it at all. There's no reason to implement this halfway.

Ah, yes, the "users actually want an operating system that undermines their every action" argument.

Trusting corporations (or any entity free from limitations and background checks) seldom bring the expected results.

If the data is so poorly protected in transit that a firewall app on the system is a concern, something has gone very wrong indeed. It's just going to see that your Apple services on your Apple device are speaking to Apple servers.

There's an availability consideration here, but that's about it.

why do you “trust” Apple?

In this case it's actually "just" a bug.

Apple fanboys will always ignore the facts... why would you want apps to bypass a firewall that you install... Apple need to fix their OS either way

Tech savvy users are not just the minority. They're also cheap. They've been conditioned by the FOSS movement to think all software should be free as-in-beer. (The people who started FOSS didn't say that, but that's what it's become.) They say they want free as-in-freedom, but since they are not willing to pay for it they don't exist. Those who pay set the agenda for everything.

Developing a truly polished operating system with a whole ecosystem of services is far, far beyond what volunteers and hobbyists can achieve. It's just too much work. It also requires focus and coordination and someone who is able and willing to say no. Without that the FOSS community rewrites everything over and over again instead of doing the not-fun parts of programming like fixing bugs and edge cases.

TL;DR: we get what we pay for. We don't pay for freedom so we don't get it.

Apple touted the T2 chip as the bee's knees in security. Now, we have a vulnerability that cannot be defended against. However, Apple went all in on the security of this T2 chip so that you cannot replace the SSD (besides the method to manufacture). I appreciate the desire at making a device difficult for a bad actor to get to your data, but they epicly failed and ultimately only made an user-hostile device. Oh, and the laptops with these chips also had the world's worst keyboard. Absolute trash.

Oh wow! This probably explains why every now and then when I wake my MacBook Pro from sleep it says no keyboard is connected! I thought I had some hardware problem on a basically brand new machine. Glad to hear it's only a stupid software problem!

> but is it really that hard to document these behaviors?

I imagine it is, given the bureaucracy of a big company. Apple's documentation has long been really dreadful, mostly nonexistent and where it does exist, usually incomplete and even wrong. I've assumed it was because the code itself is developed by isolated groups while the documentation presumably has to touch all sorts of people (publishing, translation, language checks, ...) in a kind of Conway's law.

However, hard or not, writing comprehensive documentation is quite doable. I have never been a fan of the Windows programming model but I have long admired not just MS's documentation but the amount of effort and commitment they obviously put in.

Apple cares about some things but in this regard it appears they simply don't give a shit.

Holy cow, you just explained a load of weird keyboard behavior I was seeing after waking from sleep.

> Apple seems to do all kinds of weird networking _stuff_. For instance, during wakeup, your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard. Probably checking timestamps on signatures for the keyboard firmware, or something stupid like that. This only happens if it happens to have a default route.

When did they start doing this? I'm still using High Sierra on my 2018 MBP work laptop, because the keyboard and trackpad was freezing for anywhere up to 5 minutes or more with Mojave after a wakeup (usually after a long sleep). Downgrading to High Sierra fixed it, but fighting with the machine was such a pain I haven't dared touch it since.

I'm wondering if you're describing the problem I was having, but could never figure out.

Unrelated but has anyone often had Chrome going on cpu usage rampage and unresponsive fairly frequency on 'wakeup from sleep'? It's almost certain to happen if the chrome has been updated and waiting to be restarted.

That's how typical Apple "magical/just works" features are implemented, i.e. very ugly behind the curtain.

Documenting means revealing the edge cases and the limitations, which engineering knows is the best kind of documentation. But marketing people are invested in the "magic".

Marketing people have too much sway at Apple.

The keyboard thing is new to me, wow that sucks. The other one sounds like a workaround for captive portals. I think there is some documentation on that wrt Safari and the built in networking, but it was mostly a workaround needed to deal with wifi hotspots that intercept dns until you pay/subscribe, and it causes safari to look hung - so they had to make it clear it wasn’t their browser hanging since it couldn’t make SSL connections.

OS is a weird design. It lets the machine belong to Apple/MS/Google not we, so they could update whatever they want or query to their website secretly. You can't even stop them because once you installed you agreed for all. You don't have choices to partially agree. It makes me feel like when you have a cecal surgery, the doctor also took out your foreskin for auto-updating.

You actually just helped me diagnose a really annoying bug I've been having lately. When I wake up my Mac from sleep mode the keyboard and mouse are unresponsive for a up to a few minutes in some extreme cases, sometimes I even have to hard reboot. I found online that it was related to VPNs trying to restore their connection but I could never find the link between the keyboard and the VPN.

It was also compounded by the VPN setting I use to disable all traffic until it successfully reconnects. Meaning whether my computer works or not is dependent on my VPN providers reliability.

Now that I know Apple thinks I need an internet connection to wake up my laptop securely I'm quite pissed by this. Brand new $4k laptop is a paperweight if my VPN can't connect.

I'm working from home now, and in my company we use Tunnelblick for vpn into corp network. VPN has time-based OTP so it never gets saved.

Sometimes when my MBP goes to sleep it loses wifi connection and VPN disconnects. When it wakes up, Tunnelblick asks for password, but it doesn't restore routes (I guess?). Basically no internet until I either enter password or click disconnect. At that moment I'm typing in my OS password and pressing Enter.

What then happens is that it waits for ≈30 seconds and then logs me in, as if it made a network request and waited until it timed out.

Could it be related to the issue you're describing?

Another reason why I'm going to stick with Linux for the foreseeable future.

I just wish the font rendering situation on Linux was better though. Text (in browsers) just looks so bad on Linux compared to both Windows and mac.

do you have a source for the keyboard part? I experience odd delays in typing and this would definitely explain that.

I was trying to figure out how my routing table was set up on my iPad and I found out that iOS doesn't expose any interface to routing tables, at any level of privilege. Very frustrating.

> wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard

... and what if your network is down? You can't even use your keyboard?

When I had the authenticate with watch option enabled, and for some reason the watch lagged, the Mac didn't allow me to log in with my password or finger.

> For instance, during wakeup, your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard.

Aha so this is why I need to put my MacBook back to sleep after waking on a spotty WiFi connection or when it was previously connected to vpn which timed out during sleep!

check out their captive portal detection. It's a mess of apple-specific garbage.

Hmm is this also why I can't use my bluetooth mouse at the login screen?

What's the DNS name and type that gets looked up?

> your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard.

Holy shit, this is why my macbook sometimes won't let me log in for like 15 seconds on my shitty cellular hotspot connection? Absurd. Apple software has fallen so far from just 10 years ago.

Even for shell scripts? I'm still on Mojave, and now I've got even less appetite to upgrade.

Apply Occam's Razor.

Why would the most successful company in history—a success gained in no small part through protecting users, selling hardware and services instead of their data, and promoting and enhancing privacy as a first-class feature—do that sort of thing? What possible benefit could such a centralized database serve? How's that gonna make them more money?

For what it's worth, my hacky solution to this is this script which kills all the background processes that use significant bandwidth. If you're interested in how I came up with the list of processes, I can share the BitBar [1] script I wrote for monitoring per-process network usage (I wrote a small wrapper around nettop that logs to a db, which is read periodically by my BitBar script to show me the per-process usage:

    if [ $(whoami) != root ]
    then
      echo "Please run as root, not $(whoami)"
      exit
    fi

    while true
    do
      killall -9 planb 2>/dev/null && echo "$(date) - Killed planb"
      killall -9 murdockd 2>/dev/null && echo "$(date) - Killed murdockd"
      killall -9 uplink-soecks 2>/dev/null && echo "$(date) - Killed uplink"
      killall -9 nsscacheclient 2>/dev/null && echo "$(date) - Killed nsscacheclient"
      killall -9 ksfetch 2>/dev/null && echo "$(date) - Killed ksfetch"
      killall -9 nsurlsessiond 2>/dev/null && echo "$(date) - Killed nsurlsessiond"
      killall -9 softwareupdated 2>/dev/null && echo "$(date) - Killed softwareupdated"
    done

[1]: https://github.com/matryer/bitbar

I use Trip Mode for that (https://tripmode.ch/). Though, it's not unlikely it'll have the same issues described in the OP, it does seem to block Apple stuff on Mojave.

Yeah, I tethered my MBP on the train and it used my entire 4GB data plan in about 15 minutes downloading an OS update.

Glad to know stopping shit like that is no longer an option.

Last year Apple introduced 2 flags on the network: “constrained” (the Low Data Mode toggle) and “expensive” (most cellular and personal hotspots). These are intended to let the app make intelligent decisions about what network requests to do. For example, “expensive” networks should disable background or speculative fetches and only fetch what the user asked for.

Presumably Apple apps that bypass the network filter are making use of these flags already, to avoid unnecessary network traffic.

Is there no chance for little snitch to block app store? I just have a demo ver of little snitch and will buy it for blocking all apple service. I always connect the internet through my phone outdoors. The bandwidth is limiting...

Btw, when I've been testing a "kill switch" on Windows (firewall configuration that doesn't allow internet access without a VPN running) using the built-in firewall, I discovered that

- Chrome adds a Firewall rule on installation that grants it access to all networks, bypassing kill switch configurations.

- Microsoft has an "Allow app through Firewall" [1] dialog that manages all of the rules for its apps and services along with some third-party apps. These rules again tend to allow everything, and at least on earlier builds from like 2018 they would reset to allow everything on _every_ update.

This was such a pain to deal with.

[1] https://az767233.vo.msecnd.net/images/Security/win8_winfirew...

My problem with defending this is even if you trust Apple now, what about in the future? Google used to be one of the good guys...

Eventually I don't think little snitch will even have apis to access stuff like that in the kernel as a kext as macos updates continue on.

I just moved from Macos to Linux. The Linux desktop experience has improved a lot in the past five years (at least KDE has).

I've become a huge fan of Linux Mint. It looks amazing and unlike before now there are no driver related issues (the thing that kept me from using it all this time).

The only thing I miss is Photoshop but I really can't think of a single reason besides that to not use Linux anymore.

“folks that want full control over their operating system” and “walware authors” want too much of the same thing.

I think everyone would appreciate ideas for solutions.

> I've written my own kernel extension that works in similar manner to Little Snitch, but does a lot more, including SSL MITM and on-demand packet capture, that I've been using for more than 10 years now.

I'd be interested to read more about this, and maybe even use your kext. I'm currently MITM'ing all of my SSL traffic[1] for a different, esoteric reason: I insist on using a 7-year-old version of macOS, and it doesn't natively support modern SSL ciphers, so I have to add it in with an mitm proxy.

I've run into a handful of issues with various software that I've had to work through as they arise, but if you've been doing this for ten years you've probably seen it all already.

1: https://forums.macrumors.com/threads/fixing-maverickss-outda...

hahaha. I also don’t plan to upgrade past Mojave. To me Catalina was a trainwreck and at this point I think I’m loosing a lot of trust I used to put in Apple.

this is compounded by the fact that I love Little Snitch and it has basically exponentially improved my life when it comes not only to browsing the web but when using any app on mac.

The linux desktop experience is still quite in a state. I will likely do the same and suffer Linux, but I think many will go back to windows as WSL continues to improve.

Apple is going to lose developers.

Little Snitch is the only thing keeping me on macOS.

How do we go about replicating this sort of per-process network visibility/permission on Linux?

I switched back to linux two years ago for exactly the same reason.

It was painful at first, but it's worth it. The only things I still miss are the visual feedback in the UI (lots of little stuff) and the feel of the trackpad.

But the customizability has more than made up for that in productivity. Like being able to edit the source code for the window manager.

Is your kernel extension public?

> Because as Apple well knows, once you make a backdoor, someone will figure out a way to exploit it.

I can't help but see this as the real reasoning behind the change. With EARN-IT on on the table and antitrust cases looming, they've got every reason to bend over and give governments whatever access they can.

If you're on a laptop, you won't necessarily always be able to filter on the router level.