Little Snitch Help

Classic Research Assistant

If you have been using Little Snitch before, you probably know the situation: A connection alert asks you whether to allow or deny a connection, but you have no idea what that process is good for. Is this process part of the system? Is it a third party software component? Why does it want to connect to this particular server? An answer to this question often requires profound Internet research.

To save you from this tedious task, we provide the results of our own research available in an online database.

Obtaining information

The database is only contacted on explicit request of the user:

Obtain database information

This additional click protects your privacy: Connection data is only sent to Objective Development on explicit request, not for every line in Network Monitor or Little Snitch Configuration when you step through the list.

Before the assistant can be used, a rule allowing access to an obdev.at server must be created. The first time you attempt to query our research database, Little Snitch will ask you whether to enable the service and to create the rule. If you later want to revoke the permission, simply disable or delete the respective rule for the Little Snitch Helper process.

How does it work?

When you click the button to query our database, a URL request (a GET request) is sent to our database server. The request contains all connection properties so that the information we provide can be as specific as possible:

INFO DESCRIPTION
Language The preferred language you have chosen in System Preferences so that we can respond in the correct language, if available. We currently provide information in English and German.
Incoming Whether this is an incoming our outgoing connection.
macOS Version Version of your macOS installation. Some system daemons behave differently on different versions of the operating system, so it may be useful to have specific information available.
Bundle Identifier If the process is an application, it has a bundle identifier which uniquely identifies it. This field is empty for non-application processes.
Executable Path The full path of the process executable in the file system.
Localized Name For applications, the app name localized to your language. We don’t use this for matching database entries, but may need it when we research a frequently requested app.
Via-Path If an application performs the request via a Unix command, the full file system path of the Unix command.
Server The remote server’s DNS name (if available) or IP address (otherwise).
Port The connection’s destination port number for TCP and UDP, 0 for other protocols.
Timestamp The current time in low resolution.
Signature A short signature. Timestamp and signature are there to sort out invalid requests before any database query is done. This is a first level of protection from online attacks.

The response is the database entry in XML format, prefixed with a signature.

Which information about queries is stored?

We (Objective Development Software GmbH) collect statistics about which connection is requested frequently, so we can add information for those records. We do not store any information in our database that could identify you. In fact, requests with the same set of parameters (except timestamp and signature) are merged into a single database record. Your IP address is only stored in standard web server logs, which are rotated regularly.


Was this help page useful? Send feedback.
© 2016-2019 by Objective Development Software GmbH