Little Snitch 6?

Hi friends,

A few weeks ago ObDev released Little Snitch 6, which is a paid upgrade from version 5. I’m curious if any of you have upgraded to version 6? If so, how are you finding it? A worthwhile upgrade? Any gotchas? Love it? Hate it?



I ran the beta and upgraded straight away.
Working well and doesn’t need to reboot every update because of the new extension.
It’s easier to add new blocklists and if you don’t have encrypted dns it will now enable for you.

I have a license for v4/v5, but those versions were not compatible with the corporate software on the MacBook I’m currently using, so I haven’t used Little Snitch for quite some time.

However, v6 seems to be compatible! I’m running it in Demo Mode for about a week and like it so far.

Might purchase it when I buy a new personal Mac (which I postpone until after the WWDC keynote).

PS: How do you handle connections to IP addresses?

When a connection is to a domain I usually have at least a hunch whether it’s good or bad, but with IPs I’m clueless… (and don’t know what to do: accept or block?)

This was already the case for version 5.

I used V4 but stopped because I ended up having to allow many connections from Safari which I do not understand. As such, I don’t see a value in it. It’s useful when you can control individual app but these days, most of the things I do are in Safari and I have to allow almost everything for it to work.

1 Like


That was my experience as well. I spent hours tracking down “why is it connecting to Spain/Ireland/etc” type connections only to find out it was a benign Apple, Microsoft, CDN, etc. site. Or one that was impossible to identify.

IMO Little Snitch is kind of like WebMD. You can spend a lot of time researching symptoms and end up with more worry than when you started.


I believe Little Snitch have some sort of an open-source library of “trusted” connections now. So, it’s something that one can use and have some sort of peace of mind. After V4, I went with Firewalla “router” which also supports a set of open sourced rules. That way, my network is some what protected at the network layer, and I don’t have to run a software to deal it. I still think that this is a missed opportunity for Apple for discontinuing their AirPorts network business.



All my devices travel frequently. I subscribe to the eero plus service for my home router.

1 Like

Good choice! I had a eero network at home too but I can’t use eero Plus because I’m outside USA.

1 Like

You never “allow” each and every connection for the browser. You allow everything for the browser and let blocklist do the magic of blocking spam/ads domains. In addition, use ublock.

for individual apps, allow the domain of the app and block everything else (one filter). That’s all. I never spent time on looking at each connection. Only time that happens is when I install a new app and it takes 30 seconds honestly.

blocklists. They stop everything by default for all apps.


After David’s brief review, I I installed Little Snitch and quickly purchased it. Like David, I tried it many versions ago but gave up due to all the alerts (not knowing which were ok or not). The blacklists and silent mode work fantastically. I have tried ad blockers before but always gave up on them. FWIW.

1 Like

I tend to use Murus and the companion apps for my firewall/app tracking… a bit over my head at times, but does what I like/need it to do

I’m interested in Little Snitch. I tried it but it was just too much in a way.

Does Little Snitch monitor for outgoing activity that might be dubious automatically or is that just up to me to figure out?

I think it was the last bit that made me uninstall it again.

But I am worried about certain other apps that I have installed.

For example I have been using BOOM for Mac for years and it records the sound constantly on my Mac or at least has access to the microphone

You can have blocklists setup that will block spammy/unsafe calls.

I setup it up once, when I installed it and never touch it that much. And, every time I install a new app, I either deny everything, or only allow specific domain. This only happens when I first start this new app. And there is no maintenance after that.

See my comment here Little Snitch 6? - #11 by andy4222

1 Like

Okay, it’s just that it’s hard for me to know when I install a new app whether its activity is harmful or not. So I wouldn’t know to block it or not.

But you’re saying you only allow for the new app to contact its domain is that understood correctly?

I guess I’m asking if Little Snitch has protocols that instinctively stop harmful activity

I have 1Blocker install which stops malicious ads etc. does little Snitch work with that?

Yes, 1blocker is only for the browser and maybe at DNS level if you have that. LS is across the system, its more powerful and worth it for the peace of mind.

Notice how much people were freaking out about Bartender collecting data or not with the app update. I don’t care about any of that, because LS blocks everything for such apps that don’t need internet access to work in the first place lol.

But again, isn’t it hard to determine if an app needs internet access or not. I mean going throug ph t hat initial setup I have no idea whether an app is communicating maliciously or not. I can see that bartender doesn’t need it, but does that mean it’s malicious

No, it’s not difficult to determine this. I keep it simple and don’t care about intent/maliciousness of the app. If an app doesn’t require internet to func, “deny”. That’s it. For e.g., if Bartender is connecting to the internet in good intent, I don’t care, it’s a menu bar app, “blocked”!

List down the apps here and we can help. here are a few examples:


  • browser = yes, allow all (but your 1blocker will filter ads on the page, plus LS blocklists)
  • keyboard maestro = No, it’s a productivity app (unless you have a workflow which is fetching something from let’s say weather API, then I will only allow that domain. This applies to all apps)
  • hazel = no
  • bartender=no
  • Alfred=no
  • MS Office=strict NO lol
  • Adobe=strict No
  • All apple apps = yes
  • Cardhop=No
  • Some dictionary=No
  • some image/file/video converter=no
  • RSS app=Yes, allow all
  • Spotify=allow only domain. Rest everything is tracking/stats of the user activity
  • Terminal/iTerm=Yes
  • Whatapp=yes, only for whatsap domain

Get the idea? It’s not that difficult, you will encounter this every time you open the app for the first time after installing LS, be patient. Long term, it will be in passive mode, running in the background requiring no maintenance on day-day basis.

Long term it’s so much peace of mind to install ANY app and try it out, without worrying about “privacy”.

PS: I update all the important apps once every 6 months/year manually by downloading the dmg, that too if there are many major feature/bug fixes. Have RSS running on all these apps changelog lol. This is only for important ones, rest everything i don’t care. e.g., Quitter or Hazeover.


A few examples of connection I had allowed/denied years ago. Never changed them after

Global: this was automatic from a blocklist, I didn’t add them.