user3939382

What I want is Little Snitch on steroids built into the OS where every process, including all native ones, including UI apps, are blocked from network connectivity by default, and the user gets an easy monitor of outgoing traffic with TLS/SSL inspection built in (you'd need some OS API to enable that).

Kind of like granular oauth permissions, apps should have to declare which outgoing they have, a description/why, and allow inspection of the actual traffic.

What Adobe CC, Google Chrome, MS Office, and macOS/Windows itself do with this background network connectivity is completely out of control and abusive to the user. They get away with it because the vast majority of users are non-technical and don't realize it's happening.

I've profiled and decrypted the background traffic on a stock Android install and the volume was also appalling. Getting macOS to 0 background traffic involved blackholing large Apple IP blocks at the router, whereas some of their processes use random IPs from these ranges and don't use DNS.

Just as the general public doesn't have the awareness or ability to fight for their privacy rights I doubt any of this will ever be remedied.

exceptione

  What I want is Little Snitch on steroids built 
  into the OS where every process,
You cannot trust an OS you cannot build yourself. That's why I see Linux as the only option for professionals and privacy minded people.
proee

How do you know there are no outside efforts to log linux activities? There's a lot of source code to go through and is it possible there are callbacks even within OSS that most people are not aware of?

rhaway84773

I don’t need to go through all the source code myself. The fact that Apple itself, for example, relies on Linux for most of its servers and has not raised any alarms about bits of Linux phoning home is a pretty powerful heuristic that it’s relatively safe.

Multiply that by all the multibillion dollar other companies, the tens of thousand open source focused smaller and large companies, the hobbyists, the enthusiasts, the CS professors, the CS undergrad and grad students, the PHD candidates who would be thrilled to discover a flaw on the basis of which they could write their thesis, etc. and I think one can have a fair degree of confidence.

There’s still a decent chance something would be missed. But it’s much smaller than the chance that the proprietary OS owners, whom we know for a fact phone home and have been trying to collect increasing amounts of data, are sending stuff we may not know about.

robocat
> The fact that Apple itself relies on Linux for most of its servers is a pretty powerful heuristic that Linux is relatively safe [paraphrased by me]

Many world-class companies depend on Windows, so does that mean you think Windows is safe?

An individual does not have the same access to custom tools, and teams of competent people, that ensure their usage of the Linux ecology is secure.

A recent example: I was investigating using CloudFlare Functions, because I think CloudFlare has world-class security and that “serverless” product avoids many security issues I might have with other solutions. Yet one setup step suggested piping in a script from curl to shell (commonly suggested for install steps!). Even worse, https://github.com/cloudflare/wrangler2 is their CLI tool to help development, and Wrangler is based on the node ecology, which is completely insecurable as an individual developer IMHO (trillion dollar companies can probably secure the dev environment). I use a VM to provide some sandboxing, but it still leaves me feeling icky.