Your Mac is a tiny but vociferous habitat amid an even more boisterous biome. The internet is a really loud place.
If you could somehow translate network traffic to an audible frequency, I’m sure it would sound like a rainforest of monkeys, tropical birds, frogs, bugs, and God knows what other creatures screaming out incessantly in a programed ritual of information mating.
But how loud should your Mac be? Who should it be allowed to cavort with?
Enter Little Snitch—a Mac application that alerts you any time any application on your Mac attempts to connect to the internet. You’re able to allow or deny connections on a permanent or temporary basis. Little Snitch groups these “rules” into profiles that can be network-specific or global. Best of all, as you join new networks, Little Snitch lets you assign them to profiles.
I use three Little Snitch profiles to muzzle the monkeys:
- Home: My home network, including Wi-Fi and ethernet connections
- Public Wi-Fi: Any open or public network I join
- LTE: Any network created by my iPhone or iPad’s hotspot feature
My Home Profile
On my home network profile, anything goes. I don’t have any data caps or security concerns at home, so I generally cut things loose. If home were the only twig in the internet rainforest I sat on, I probably wouldn’t need Little Snitch at all—though I do like how the menubar icon shows me if something is doing a lot of uploading or downloading.
My Public Wi-Fi Profile
If my home network is a tranquil pond of koi, public Wi-Fi is a muddy swamp full of piranha and pythons—with panthers patrolling the perimeter.
My Public Wi-Fi profile is much more restrictive. I’ve locked down just about everything except essential services, web browsing, and email. If I must connect to a public network, I want as little information flowing in and out of my Mac as possible.
My LTE Profile
When connected to LTE, the concern isn’t privacy predation. It’s data usage. And boy, does Little Snitch really help here.
Before I started using Little Snitch a few months ago, I was routinely running right up against my Verizon Wireless data limit around the 23rd day of each month’s billing cycle. My options were 1) impose a moratorium on LTE usage the last week of the month, 2) go over my limit and incur an overage charge, or 3) increase my data limit.
I stubbornly never chose option (3), meaning that every month I either had to give up the benefits of LTE or give up more money to keep using LTE.
I knew that Backblaze, my preferred online backup service, was part of the problem. Backblaze currently offers no way of restricting backups by network.1 And my Mac currently offers no way to change the behavior of applications on a network-by-network basis. As far as my Mac is concerned, a Wi-Fi network fed by LTE data is the same as any other Wi-Fi network.
To reduce the bleeding, I had to remember to manually pause Backblaze when connecting by LTE, and I frequently did not think to do that until it was too late.2
Now, Little Snitch essentially does the pausing for me. It’s as simple as permanently blocking
bztransmit the first time it tries to connect over LTE.
<img src="/img/img.png" alt=""/>
As soon as I began using Little Snitch this way, my LTE data usage issues went away completely. In fact, I barely climb above 2.5 GB of LTE data usage in any given month. Before, I would end up anywhere from 4.0 to 4.5 GB, putting me at or over my 4 GB plan.
Little Snitch lets me use just enough LTE on my Mac to be productive—mostly low-bandwidth web browsing and email.
My Cash Flow Profile
The economics here are what one might call intuitive. Little Snitch costs $35 once, and it saves me $10-15 every month. If you regularly hop across different networks, which each pose unique security and data usage challenges, I highly recommend trying out Little Snitch.
To be clear, this is not a criticism of Blackblaze. I HIGHLY recommend using Backblaze for bulk online backup. We just live at a time when mobile data isn’t yet a fully capable peer (cost-wise) compared to non-mobile networks. ↩
To a lesser extent, Dropbox can also be a data hog, so I usually block Dropbox by default and allow it on an exception basis. Most of my Dropbox work involves text files, so the bandwidth is pretty low. However, I’ve taken data hits in the past when someone else added a large amount of data to a shared folder and Dropbox synced the data while I was connected to LTE. With Little Snitch always watching, there’s no need to worry about these unforeseen data traffic bursts. ↩