Monday, 11 May 2015

Little Big Snitch

What do the following applications have in common: Evernote, Chrome and Spotify?
A lot, obviously. They’re all fine desktop applications available in many environments (Windows, Mac, and even Linux for Chrome).
Oh, and they all call home to Google. Evernote pings Google Analytics upon starting, probably to collect usage statistics; Chrome calls home before any browsing commences, pretty much destroying all chances of browsing being genuinely anonymous; and Spotify seems to rely on Google’s services to run in the first place.
The above three are just one blatant example for the way Google has managed to weave itself into the very fabric of our Internet. It’s not only there as the most dominant search engine by far; neither is it there solely in the role of the provider of the world’s most dominant mobile operating system. It’s in pretty much everything we do online, period. Just in case we needed further proof concerning Google being the biggest danger to Internet users.
In case you’re wondering how I know all of the above, the answer is: Little Snitch.

Little Snitch is one of the more admired Mac applications around. It’s a firewall, like many others before it, but to the best of my knowledge it is a fairly unique one: whereas most firewalls provide controls at the application level, as in – they let you control which applications can access or be accessed from the Internet, Little Snitch goes one step further. It lets the user take control over each individual Internet connection initiated by an application.
I will use Firefox as an example. When I start this web browser application, Little Snitch shows me how Firefox contacts Mozilla (its maker), how it contacts Google (to download an up to date list of malicious websites), and how it contacts the makers of most of my browser add ons just to say hello. Sometimes it also checks to see whether new versions of these add ons are available.
If I use Firefox to actually browse around, as opposed to merely starting it up, Little Snitch can show me what each page I’m looking at does. Some are straight forward: Duckduckgo goes to, well, Duckducgo. Some aren’t as simple: If I read an email with the latest Dick Smith sale and I ask to show the remote content included in the email (i.e., images included in the email in addition to its text), I can see that in addition to downloading the images that email pings two other third party trackers.
And so on; the image of the Internet, as revealed by Little Snitch, is quite a horrific one. Almost every app makes some unnecessary calls. The Witopia VPN application calls home to the software company on whose code the application is based. 1Password, the password management application I cannot recommend enough, calls home to its maker AgileBits.
You may argue there is no harm in those calls; I will argue to the contrary. If all this data these companies collect is so irrelevant, why is it that so much data gets collected by so many applications and web pages? Clearly, someone out there thinks there is money to be made of our data. Lots of it, given the extent of what’s going on.
Little Snitch can help you fight this war of attrition. If you are dedicated to the cause, you can devise rules for each application that prevent the ongoing lynching of your privacy. It’s a tough fight to wage, though, and it is also a losing battle: unless we force a change of behaviour at the political level, the likes of Google will always find the next better way to keep their eyes on us. Some times there are workarounds: Chromium, the open source browser on which Chrome is based, does not call home to Google (assuming you replace the Google default with another search engine); other times, though, as per the Spotify case, you'd have to give up on using its services.
There is little doubt that the story I’ve seen on my Mac repeats itself on your PC and your smartphone just the same. It is also clear why the NSA collects so much metadata and governments rush to enact data retention legislation: if the commercial world can do it, why can’t they capitalise on the fact?
Clearly, we need to stop this line of thinking. We need to win our Internet back.

In the mean time, as a tool for seeing the online world for what it is, and for supplying some protection as per the level the user chooses to deploy, Little Snitch is essential.
Highly recommended.


Image copyrights: Objective Development Software GmbH

No comments: