> You seem to be waffling here between targeted and untargeted attacks.

Why do you think it matters? Little Snitch is used by enough people that it would be completely worthwhile as just an asset. With an infinite budget you don't look for the exploits once you have the target; you accumulate the exploits, and use them as you get targets.

I don't know how you think these apps are useful for small-time criminals to exploit, but governments somehow wouldn't be able to figure out a use for them. It reeks of "I have nothing to hide."

Maybe they use Little Snitch just to figure out what you're running, use another exploit to get into that, get blackmail material on one of your family members through connections made from files on your computer, and offer not to release it and to donate $500K to your project (that they'll set up for you, and will come from some obscure European foundation's fund), or "invest" (with no expectation or even mechanism for getting a return) into your LLC if you insert code into your software. Or even simply accept a pull request, which will be totally deniable if the code gets caught, and the pull request eventually traced to a Chinese/Russian/Iranian/North Korean IP.

I have no idea what evidence you expect people to leave. The goal is not to leave evidence. Why would someone announce that they were interested in you or targeting you?