Little Snitch for Linux arrives — eBPF, Rust and a web UI to watch your machine
The launch
Objective Development’s Little Snitch has crossed the Rubicon: a Linux build is now public, and it has been reported that the author decided to build it after finding existing Linux tools “didn’t come close.” Allegedly, nothing else offered the quick, per-process visibility and one‑click deny model the macOS app is known for. The project was announced on the developer’s blog and framed as a response to growing concern about vendors being able to run arbitrary code via automatic updates.
Under the hood
It has been reported that the Linux version uses eBPF for kernel-level traffic interception, Rust for the main application code, and a web-based user interface. That stack is a smart play: eBPF gives low-overhead, portable visibility; Rust brings memory safety; and a web UI makes remote monitoring—say, for Nextcloud or Home Assistant servers—convenient from any device. Strange choice for a privacy tool? Maybe. Practical? Definitely.
Early findings
The emotional heart of the post is simple: the developer “felt kind of naked” without Little Snitch on Linux. During testing on Ubuntu it has been reported that only nine system processes made outbound connections in a week, versus more than 100 on macOS in a comparable test. He also observed Firefox reaching out to ads.mozilla.org and incoming.telemetry.mozilla.org before preferences were tweaked. Small sample, sure—but telling.
Why it matters
Why should you care? Because automatic updates mean vendors can run code on your machine at any time, and it has been reported that recent political events have sharpened scrutiny of that reality. Linux doesn’t magically solve the problem, but it gives choice: multiple distributions, the option to maintain your own, and now a familiar per-process firewall for people who want to know what’s calling home. Interested? Give it a try — and keep an eye on those connections.
Comments