I run both (LS on Mac, at least), they do different things - pi.hole is a great ad blocker which applies to all of the devices on your network. Little Snitch is doing something different - it tells you every call that every app you use is making, and allows you to approve or deny each one. So, you can block telemetry for apps, or you can block certain apps from contacting certain servers, or you can just use it to watch what apps on your system are calling out to where.
To clarify, I'm aware that pihole is not intended to run on a client OS, and doesn't monitor at a process level. I'm focused on the intended effect rather than the process itself (blocking malicious/ad servers). And I think I framed my initial question incorrectly as if LS and PiHole as subtitutes. It's perfectly fine and even preferrable to use both as layered protection. I'm just thinking however when it comes for bang-for-buck it seems like PiHole is the better value proposition if you could only set up one.
pi.hole is primarily billed as an ad blocker, but the fundamental way it works is by applying a curated set of DNS lists that are blocked (commonly telemetry and ad servers), and the admin dashboard which is just a web page (therefore works on all platforms, smartphones included) will do the same thing: it tells you every call that every app on every device on your network is making, and you can approve or deny it. You can curate your own list as well and block servers/connections you don't want on the network.
LS afaik operates in the same area where it's intended to be used for privacy. I guess I could see it being useful for people who don't have admin access to their router, but for people who do have such access I would think the benefits of network-wide DNS monitoring/blocking would outweight the costs of having to configure your router settings.
Yeah, if you're just looking for ad blocking, you're right, pi.hole is the better bet.
Little Snitch is intended for per-process, per-connection blocking - for example, you may need, eg, an Instagram uploader app to contact Meta's servers, but an unrelated app should not be able to (and even in the case of the hypothetical IG uploader, you can get very fine grained about the controls - media.facebook.net, not telemetry.facebook.net). In that way, LS does have some advantages over pi.hole in that space - You'd need to set up every single item that you normally get for free from a blocklist, but it gives you much finer control over what's getting blocked and much better visibility into what connections your processes are trying to make.
Again, I don't think Little Snitch is the right answer if you're looking for ad blocking specifically, and if that's the extent of your privacy concerns, pi.hole's a better bet. Little Snitch is a per-application connection monitor and firewall - it _can_ block ads, but that's not its primary purpose.
LS seems to not be claiming any security promise on Linux because it can't make any guarantees given eBPF limitations. But the entire purpose is different and there is very little overlap in my view. PiHole is entirely (I think?) just applying the blocklist made easy. LS allows you to build the blocklist in real time.
I would guess that to the extent the blocklists include things that are loaded by applications and not websites, they are almost entirely built by users of something like LittleSnitch or OpenSnitch. This is also entirely doable with wireshark logs, but I think that requires more infrastructure to build into usable lists.
LittleSnitch isn't for ad blocking (only), it is for tracking/blocking/allowing ALL connections from various processes. PiHole only blocks DNS requests to known ad servers.
Completely different thing. A littlesnitch type thing is for all traffic. Pihole is a DNS query thing that prevents various ad content from being loaded. It's also trivially easy for a malicious application with network access to bypass any instance of pihole on your LAN by doing its own DNS over HTTPS lookups to its own set of server(s) by IP.
You might be surprised, there are plenty of low effort attacks out there that just install a crypto miner and phone home periodically without doing much to cover it up.
This is different. This shows you what in your operating system is making connections out and to where.
I run both (LS on Mac, at least), they do different things - pi.hole is a great ad blocker which applies to all of the devices on your network. Little Snitch is doing something different - it tells you every call that every app you use is making, and allows you to approve or deny each one. So, you can block telemetry for apps, or you can block certain apps from contacting certain servers, or you can just use it to watch what apps on your system are calling out to where.
To clarify, I'm aware that pihole is not intended to run on a client OS, and doesn't monitor at a process level. I'm focused on the intended effect rather than the process itself (blocking malicious/ad servers). And I think I framed my initial question incorrectly as if LS and PiHole as subtitutes. It's perfectly fine and even preferrable to use both as layered protection. I'm just thinking however when it comes for bang-for-buck it seems like PiHole is the better value proposition if you could only set up one.
pi.hole is primarily billed as an ad blocker, but the fundamental way it works is by applying a curated set of DNS lists that are blocked (commonly telemetry and ad servers), and the admin dashboard which is just a web page (therefore works on all platforms, smartphones included) will do the same thing: it tells you every call that every app on every device on your network is making, and you can approve or deny it. You can curate your own list as well and block servers/connections you don't want on the network.
LS afaik operates in the same area where it's intended to be used for privacy. I guess I could see it being useful for people who don't have admin access to their router, but for people who do have such access I would think the benefits of network-wide DNS monitoring/blocking would outweight the costs of having to configure your router settings.
Yeah, if you're just looking for ad blocking, you're right, pi.hole is the better bet.
Little Snitch is intended for per-process, per-connection blocking - for example, you may need, eg, an Instagram uploader app to contact Meta's servers, but an unrelated app should not be able to (and even in the case of the hypothetical IG uploader, you can get very fine grained about the controls - media.facebook.net, not telemetry.facebook.net). In that way, LS does have some advantages over pi.hole in that space - You'd need to set up every single item that you normally get for free from a blocklist, but it gives you much finer control over what's getting blocked and much better visibility into what connections your processes are trying to make.
Again, I don't think Little Snitch is the right answer if you're looking for ad blocking specifically, and if that's the extent of your privacy concerns, pi.hole's a better bet. Little Snitch is a per-application connection monitor and firewall - it _can_ block ads, but that's not its primary purpose.
LS seems to not be claiming any security promise on Linux because it can't make any guarantees given eBPF limitations. But the entire purpose is different and there is very little overlap in my view. PiHole is entirely (I think?) just applying the blocklist made easy. LS allows you to build the blocklist in real time.
I would guess that to the extent the blocklists include things that are loaded by applications and not websites, they are almost entirely built by users of something like LittleSnitch or OpenSnitch. This is also entirely doable with wireshark logs, but I think that requires more infrastructure to build into usable lists.
Some telemetry uses hardcoded addresses when DNS doesn't work.
Some telemetry might not be recognized by pi-hole as it is new or has nothing to do with ads.
LittleSnitch isn't for ad blocking (only), it is for tracking/blocking/allowing ALL connections from various processes. PiHole only blocks DNS requests to known ad servers.
Completely different thing. A littlesnitch type thing is for all traffic. Pihole is a DNS query thing that prevents various ad content from being loaded. It's also trivially easy for a malicious application with network access to bypass any instance of pihole on your LAN by doing its own DNS over HTTPS lookups to its own set of server(s) by IP.
I mean, if you're at the point where your machine is compromised by a process with full network access little snitch won't help much either.
You might be surprised, there are plenty of low effort attacks out there that just install a crypto miner and phone home periodically without doing much to cover it up.