Comment by Spivak
Yep, I wish they would go the full way and block socket access entirely so your own outgoing traffic is always introspectable even with cert pinning. It would make it blatantly obvious when apps try shady shit.
Yep, I wish they would go the full way and block socket access entirely so your own outgoing traffic is always introspectable even with cert pinning. It would make it blatantly obvious when apps try shady shit.
It sounds similar in spirit to Little Snitch, mentioned in the article (on macOS, but which inspired OpenSnitch, which runs on Linux). It is awesome indeed, if a bit overwhelming at first. Most regular users would just uninstall it to avoid the constant barrage of requests initially, and then every time a new piece of software tries to connect to anything.
Shady shit? Not every network request is a call to an HTTP REST API.
Blocking socket APIs would break every app that supports other protocols. Goodbye file transfer apps, VPN apps, file sync apps, database tools, SSH clients, remote desktop clients, audio and video conferencing apps, etc.
I had a great Windows firewall like this about 20 years ago. It would pop up a dialog for every network request from an app. You could block or allow based on port or destination, or "block all". It was amazing, because as you say, it made it very obvious when an app was trying shady shit.
I would love to have that back, but I was never able to find a firewall so hostile to the user experience of the general population.