Last week I finally installed Little Snitch, a long-running Mac utility that lets you track every connection in and out of your computer. The latest version, released in July, comes with a map of where each connection is headed geographically, which is what convinced me to take the plunge. Now, Little Snitch can give you a physical representation of every IP your computer connects with. It will even light up particular paths when a new connection is made, a visual guide to all the invisible handshakes taking place each second just to keep your programs running.
When you can see those connections, the internet starts to look different. The first thing I noticed was that there are a lot of them. Over the course of a few days, my computer made thousands of connections spanning 21 different countries. The map works by domain registrations, which don’t map perfectly to physical geography, but it’s still remarkable to see the range in physical terms. Running Spotify in the background meant a steady stream of pings to Sweden, while MacOS meant even the tiniest tasks would phone home to San Francisco.
Background cookie-collection is now simply part of the web
The strangest connections came from my Chrome browser, as Little Snitch ran into the lattice of third-party tracking systems that undergird the modern web. Nearly every program sent out a few stray connections — either to analytics servers or third-party plugins — but while Slack and Steam were limited to a few dozen domains, Chrome sprawled up to four thousand. The connections were also spookier. A cloud provider called Cedexis phoned home to a registration in Beijing, while something called pixel.onaudience.com directed back to Poland. Without diving into network logs, it was hard to trace those requests even to a specific web page, let alone figure out what they were loading. That kind of background cookie-collection — from Russia, from China, from wherever — is now simply part of the web.
If that tracking makes us uneasy, it should be a familiar feeling. We see this in mobile apps all the time: users will rush to a hot app like Meitu or even Pokemon Go, only to pull back when they hear how much data the app is collecting. For years, plugins like Ghostery have made it clear how much tracking happens on the web, and how many strange third-parties are involved. But it’s one thing to know these connections are being made, and another thing to see it happen in real time.
The idea behind Little Snitch is to put you in control of those connections, but I don’t feel in control. I can block any of the domains at any time — all I have to do is click the red switch next to the name — but I’m nervous about how much damage that would do. Stopping processes at random is asking for trouble, particularly since central functions like certificate authentication are often the most poorly labeled. Even worse, I don’t know what I’d be trying to stop. What point is blocking a Chinese CDN when five more processes are going through private networks I can’t even identify?
Seeing the problem is the first step towards fixing it, but it’s going to take a lot more software and time before the map looks any less scary.