My iCloud account has been compromised

I’ve found Little Snitch v. 5 (v. 6 is in beta) to be helpful.

Initially you’ll be hit with a broadside of connection data when you’re faced with the realization of just how many connections every website makes to somewhere else. Can be scary. It took me a while to get it under control.


I did try Little Snitch a while back. It caused such havoc that I gave it up. My problem did not come from my accessing a website (I don’t actually access that many, about half a dozen on a regular basis, usually have a VPN turned on and have link blockers turned on in my browser) but from an email apparently from a friend who it turned out had been hacked.


Understood. My thought was meant to raise awareness of what LS can do.

LS will NOT address the email issue you described.

What LS gave me was an appreciation of the sheer avalanche of connections that the vast majority of us have NO idea are happening with almost every click on the internet. The vast majority of those are benign. But there are those whom I ‘need to talk a second look at’.

I struggle with LS after several years and versions to this day. But it thwarted a hacking attempt just a few days ago (attempting to access the macOS Kernel on my Mac) that I would have been completely clueless to otherwise.


And you wouldn’t purchase the next update. :wink:

I’ve used LS since way back in the day and agree the number of connections a website makes is phenomenal. I get the impression there are more than there used to be but that could be my imagination.

The trouble with LS is that since you have no idea what the links are doing, you can block something essential to the website. Tracking down which of the links is the culprit can be intensely time consuming.

In all I think LS is a mixed blessing, but if it stopped something accessing the MaOS kernel then I guess it’s worth it.

My main defence against being hacked is leading an incredibly boring existence.

Ha! Jokes on you, hacker scum! My life has no significance! Hahaha!
Oh, wait a secon–

1 Like

I’ve used Little Snitch for many years, and I’ll admit, I never thought to try and use it to control what websites do inside of a browser. That seems to me a very complex and time expensive way to use the tool, when there are really good alternatives to that. So the browser gets blanket permission to make any connection it needs to, in my configuration.[1]

Here’s what I do in a nutshell:

  • In the browser: install uBlock Origin. Subscribe to a few of its blocker lists, and while doing so, note how they contain tens of thousands of rules. :slight_smile: This is why using LS for this is rather inefficient. Let other people figure out the bad stuff to filter, and what to avoid so sites don’t break. A quick read of the mission statement of one of the more popular list maintainers will show just how much of a job it really is to keep on top of blocking bad actors, because some of the worst will do anything to keep monitoring you, or harass you with broken website designs if you try. These tools will not only stop the tracking, but often repair the sites they break when you do.

    I go an extra step and also turn Javascript off in uBlock’s settings, so that each site has to be opted in. I’m not strict about that, as most things need those to look or work right. This is mainly a protective measure against bad links taking you to places with exploits. Without scripts the vast majority of exploit vectors are nullified. It’s a couple of clicks to enable a site the first time, and once you do that you’ll never do it again. So this really isn’t a big burden for what is ultimately a much safer browser configuration.

    That’s probably enough for most people, but I do also like Cookie AutoDelete. This is another opt-in tool, where by default every cookie that gets set in a tab is flushed automatically when you close the tab (or optionally after a time delay). You tell it what sites should be allowed, so you can stay logged in, and it flushes the rest. Simple solution, and low overhead peace of mind once you’ve got your main sites allowed. This extension will also help you routinely purge local storage, which is sometimes used to circumvent cookie policies.

  • Back to LS: default position is off for all software. It’s the simplest approach and it hardly breaks anything. Unless the software is about contacting the Web for some specific purpose, like an RSS reader, then there is no reason for it to be granted access. Most programs are using that to send usage data back to themselves, and often even worse, on to third parties. So that’s a good thing to just cut right out and not have to worry about.

    One exception here that I make is the email client. I do take a more detailed approach to allowing access to the mail servers I need, and blocking most everything else. This protects you against most email-based attack vectors (not loading unrecognised attachments remains your own responsibility).

  • What about software updates? A neat feature in LS is its profile feature. Profiles are overrides to your core settings that can allow temporary expanded access.

    For software with built in updaters, you can temporarily turn off its total block after it is launched, switch to your “Allow Updates” profile, then run the update checker. Some things may not be necessary, as some change logs are filthy with Facebook pixels and such, but most of that will be obvious. Once you’ve checked and downloaded an update with your new rules, you can switch the profile back off.

    But, another alternative is to use Homebrew and dispense with the inefficient approach of having software keep itself up to date. For me this is the simpler approach, but some might consider using the command-line to install and upgrade all software so foreign in and of itself, that a more time consuming process like LS profiles is “easier”.

TL;DR: use browser extensions and curated block lists instead of Little Snitch. Use Little Snitch to block whatever you want outside of that. To what extent you take that is a matter of user preference. For myself, I block almost everything unless I know I want it.

It takes a little time getting started, but like I say, once you allow the things you know you want, you won’t be messing with settings much at all, and you’ll be a lot safer for doing so (even if you don’t much care about the data mining and privacy stuff, these simple steps will do a lot to keep malware off your system and your online accounts safer).

  1. Well okay, I do block some Google addresses in LS since I use a Chromium-based browser, and it phones home at a level that I don’t believe extensions can stop. ↩︎