![]() Moreover, network latency due to the distance between client and server, especially for intercontinental connections, may dwarf whatever local process latency exists between kernel and network extension. While some speed test measurements may appear lower when Private Relay is enabled, your actual browsing experience remains fast and private.Īdditional latency may be the price of protecting your privacy, and that's a price I'm willing to pay. This design may impact how throughput is reflected in network speed tests that typically open several simultaneous connections to deliver the highest possible result. And speaking of performance, do you know what else can degrade it? iCloud Private Relay! Apple essentially admits this while trying to dance around the fact: Private Relay uses a single, secure connection to maintain privacy and performance. Apple is imposing its decision on everyone, with no options. I'm not persuaded that performance over privacy is a good tradeoff for network extension users. This small minority tends to care deeply about their privacy, which is why they spent the money to purchase Little Snitch. Little Snitch is not a built-in macOS component but rather an optional third-party app, used by only a small minority of Mac users. Windows comparisons, but that's still a red herring and makes little sense, because benchmarks would not typically be taken with a network filter extension installed. Perhaps Objective Development is referring to Mac vs. Every browser on the Mac is affected equally by a network extension like Little Snitch it makes no difference whether you use Safari, Google Chrome, or Firefox. I feel that bringing up browser benchmarks is a red herring that doesn't help the argument at all. That‘s the most relevant operation for most users, after all. They want to be the best and fastest and browser benchmarks are a common way to compare systems. When you open a web page in a browser, it‘s quite possible that 10 to 100 more connections are opened (to various trackers and ad servers, by the way) and delaying each connection only by a few milliseconds would degrade perceived performance. The Network Extension makes a decision based on rules, sends back the result via to the original user space process which in turn sends it down to the kernel. When a connection should be established, the data must be passed from the kernel to an Apple user space process and from this user space process to the respective Network Extension. Objective Development's blog post talks a lot about latency: Thus, I think we need to start with the assumption that network filter extensions ought to avoid leaking your IP address, if possible. ![]() Apple's own iCloud Private Relay, which is similar to a VPN in some ways, is also designed to hide your IP address. However, the developer of Little Snitch ( Objective Development) claims that this behavior is by design, not a bug, and indeed defends the design.īefore I address the defense, I want to emphasize that IP address leaks are a serious privacy problem. I've received no response from Apple to my bug report. ![]() In my follow-up blog post, I mentioned that I filed a bug report with Apple (FB12088655 "Privacy: Network filter extension TCP connection and IP address leak"). I didn't have much time to look at it last week, so I'm coming back to it now. Another strange thing about their response was the timing, which was the morning after the WWDC keynote, so it mostly got lost in all of the other big news. ![]() I guess it literally goes without saying that this discussion was spurred by my blog posts. Last week the developer of Little Snitch responded to my blog posts, though they didn't directly mention me: There has been some discussion recently about the bypassing of Little Snitch by the first datagram of a three-way TCP handshake. Previous: Safari 17 Link Tracking Protection DetailsĪrticles index Jeff Johnson ( My apps, PayPal.Me, Mastodon) Little Snitch "denied" connections leak your IP address: Developer response June 12 2023Ībout a month ago I wrote a blog post and a follow-up about how Little Snitch-and all network content filter extensions, as it turns out-leak your IP Address. Little Snitch "denied" connections leak your IP address: Developer response ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |