Why would one use this over PiHole?

This is different. This shows you what in your operating system is making connections out and to where.

roughly 7 hours ago | parent | prev | next [-]

I run both (LS on Mac, at least), they do different things - pi.hole is a great ad blocker which applies to all of the devices on your network. Little Snitch is doing something different - it tells you every call that every app you use is making, and allows you to approve or deny each one. So, you can block telemetry for apps, or you can block certain apps from contacting certain servers, or you can just use it to watch what apps on your system are calling out to where.

▲

waterTanuki 6 hours ago | parent [-]

To clarify, I'm aware that pihole is not intended to run on a client OS, and doesn't monitor at a process level. I'm focused on the intended effect rather than the process itself (blocking malicious/ad servers). And I think I framed my initial question incorrectly as if LS and PiHole as subtitutes. It's perfectly fine and even preferrable to use both as layered protection. I'm just thinking however when it comes for bang-for-buck it seems like PiHole is the better value proposition if you could only set up one.

pi.hole is primarily billed as an ad blocker, but the fundamental way it works is by applying a curated set of DNS lists that are blocked (commonly telemetry and ad servers), and the admin dashboard which is just a web page (therefore works on all platforms, smartphones included) will do the same thing: it tells you every call that every app on every device on your network is making, and you can approve or deny it. You can curate your own list as well and block servers/connections you don't want on the network.

LS afaik operates in the same area where it's intended to be used for privacy. I guess I could see it being useful for people who don't have admin access to their router, but for people who do have such access I would think the benefits of network-wide DNS monitoring/blocking would outweight the costs of having to configure your router settings.

	▲	LamaOfRuin 6 hours ago \| parent \| next [-]
		LS seems to not be claiming any security promise on Linux because it can't make any guarantees given eBPF limitations. But the entire purpose is different and there is very little overlap in my view. PiHole is entirely (I think?) just applying the blocklist made easy. LS allows you to build the blocklist in real time. I would guess that to the extent the blocklists include things that are loaded by applications and not websites, they are almost entirely built by users of something like LittleSnitch or OpenSnitch. This is also entirely doable with wireshark logs, but I think that requires more infrastructure to build into usable lists.
	▲	mixmastamyk 5 hours ago \| parent \| prev [-]
		Some telemetry uses hardcoded addresses when DNS doesn't work. Some telemetry might not be recognized by pi-hole as it is new or has nothing to do with ads.

▲

cortesoft 6 hours ago | parent | prev | next [-]

LittleSnitch isn't for ad blocking (only), it is for tracking/blocking/allowing ALL connections from various processes. PiHole only blocks DNS requests to known ad servers.

▲

walrus01 7 hours ago | parent | prev [-]

Completely different thing. A littlesnitch type thing is for all traffic. Pihole is a DNS query thing that prevents various ad content from being loaded. It's also trivially easy for a malicious application with network access to bypass any instance of pihole on your LAN by doing its own DNS over HTTPS lookups to its own set of server(s) by IP.

▲

waterTanuki 6 hours ago | parent [-]

I mean, if you're at the point where your machine is compromised by a process with full network access little snitch won't help much either.

	▲	sampullman 5 hours ago \| parent [-]
		You might be surprised, there are plenty of low effort attacks out there that just install a crypto miner and phone home periodically without doing much to cover it up.