Little Snitch comes to Linux, but the core logic is closed source
TheIPW
73 points
25 comments
April 09, 2026
Related Discussions
Found 5 related stories in 58.2ms across 4,075 title embeddings via pgvector HNSW
- Little Snitch for Linux robenkleene · 14 pts · April 08, 2026 · 85% similar
- LittleSnitch for Linux pluc · 420 pts · April 09, 2026 · 83% similar
- Little Snitch for Linux – Because Nothing Else Came Close Cider9986 · 27 pts · April 09, 2026 · 81% similar
- TPM-Sniffing LUKS Keys on an Embedded Linux Device [CVE-2026-0714] Tiberium · 19 pts · March 01, 2026 · 47% similar
- Show HN: Sonar – A tiny CLI to see and kill whatever's running on localhost raskrebs · 137 pts · March 20, 2026 · 45% similar
Discussion Highlights (9 comments)
roscas
Glad you also talk about OpenSnitch. It is critical to have it installed. OpenSnitch and PiHole are simply a must on every network.
lapcat
See "Little Snitch for Linux" https://news.ycombinator.com/item?id=47697870 Also: > Little Snitch is not there to replace OpenSnitch. It's just an additional option you can choose from. Some people might prefer it, others not. https://news.ycombinator.com/item?id=47701918 > But I currently can't make the entire project Open Source. My other option would be to keep it completely private (wrote it mostly for myself in the first place). > I think it's still better to make it public and only partially Open Source so that some people can benefit from it. If you don't trust us, that's completely reasonable, just don't install it. https://news.ycombinator.com/item?id=47701740
knowaveragejoe
One nice thing about LittleSnitch on linux is that it comes with a web UI by default. Is there anything like that for headless systems using OpenSnitch?
melon_tusk
How anyone could trust OpenSnitch is beyond me.
kelsey98765431
last thing in the world i want is to install proprietary software on linux. even less so is something meant to be security software and interacting directly with my network stack.
bornfreddy
> ...my primary line of defence is AdGuard Home. By handling privacy at the DNS level... To each their own, I guess, but that would be a hard pass from me. One example from mobile: FF on android keeps trying to connect to its various services (like firefox.settings.services.mozilla.net). For privacy reasons, I use NetGuard to block this and other similar domains. But there is a gotcha: there are sites (like seekingalpha.com) who refuse to load if access to these same domains is blocked - even on a completely different browser! With NetGuard I can still visit those sites in the secondary browser while blocking Mozilla tracking. With DNS blocking I wouldn't be able to do that.
senojsitruc
I wrote GlowWorm ~20 years ago, duplicating much of the LittleSnitch functionality at the time. I remember discovering remote kernel debugging across ethernet; it was magical. https://glowworm.us
guessmyname
I’m as paranoid as the next person but what’s the purpose of this article? If you don’t like closed source software and don’t trust the developer(s), then don’t use the software. Why waste time writing an article that all it does is critize the developer’s decision? If you care so much about the software you run in your computer, then do what I do: open a disassembler and reverse engineer the code, inspect every single HTTP(S) call, every network packet, every system call, and then maybe you will feel at ease.
zahlman
There's https://github.com/obdev/littlesnitch-linux , and https://github.com/evilsocket/opensnitch and probably many others.