Site banner image

Welcome to the CozyNet Blog!

How to stop spyware with OpenSnitch

Do you ever wonder if your desktop applications are up to no good, phoning home and doing who knows what without your knowledge? Well with OpenSnatch, you can! I like to think of OpenSnitch as an application version of the NoScript or nMatrix browser extensions. For any application that attempts to make a connection to a web service, it'll prompt you with the option to deny or allow, which I think can be pretty beneficial toward weeding out most spyware, whether intended or unintentional.

Usually OSS / FOSS applications can be trusted enough to not divulge unnecessary information by inconsiderately broadcasting info across the web, unlike their proprietary counterparts; but on some occasion, there are things they do that you may not be aware of.

Take for example the GNOME calculator. It’s just a calculator, right?

Well when you launch it, the application will also attempt to contact the International Monetary Fund exchange rate service! There’s a feature in the calculator for fetching the exchange rate of currencies, which some people might like. You can disable this in the preferences, but personally I would prefer it to not do this by default since now opening the calculator is enough to contribute to your digital foot print on the web, which you might otherwise not be aware of.

The IMF privacy policy does state that it collects visitor information such as IP addresses and user agent for analytic purposes. Thanks GNOME!

Here’s another one...

Pop_OS, so far a growing favorite OS of mine, has an application launcher for searching and launching desktop applications. Seems pretty simple, but guess what; it also makes connections to google, amazon, bing, and other various sites and services too! Gee whiz thanks System76, now how about you integrate some voice control crap nobody asked for too? Then I can pretend to be on Winders 10!

Why you do this to me poop-launcher?

This occurs under specific keywords though, but there’s no way to disable it in the privacy controls and it’s easy to trigger. You probably wouldn’t even be aware of it as you’re searching for something on your system and your query potentially sent off to some network service you didn’t ask for.

Here’s the list of keywords that activates this behavior here.

I’m aware that XFCE’s Whisker menu also supports a similar feature, but guess what? You have to enable it, then use a special character which then forwards the query to your default browser. It’s a much better privacy respecting method than whatever this is; Tsk tsk tsk!

There’s also another feature that doesn’t always work, but I believe it has to do with gsconnect and the GNOME notification center. On some occasion, if you open the notification center while watching a YouTube video, it’ll spawn a process something by the name of “gvfs-http” to fetch a thumbnail image. The image is then displayed into these player controls that hook into your web browser.

So with those given above examples, OpenSnitch is pretty good about picking this sort of stuff up and notifying you about it. It also works with WINE to some extent. You’d might be surprised by the number of Windows application installers that attempt to connect to Google analytics.

The interface is pretty straight forward. Your rules are stored in “/etc/opensnitchd/rules” and can easily make backups of them.

OpenSnitch can also be toggled from active to passive.

When prompted for an action, you can specify if you want a rule written specifically for the application, the port, IP, or domain name.

Then specify how long this rule should apply for followed by clicking on either Deny or Allow.

You can find OpenSnitch on GitHub with install instructions. It's pretty simple to setup on Debian based desktops, but I couldn't find anything for Arch. Nothing on Arch repos either, so good luck Archbros.

The first time you setup OpenSnitch, you’ll be bombarded with multiple prompts of various services attempting to connect to local sockets, loop back interface, and web services. The majority of it is innocuous, but also necessary, so read the prompts carefully and make sure to not block services like chronyd, systemd-resolved, your own web browser and mail client, or else you won’t be able to connect to anything! You’ll have to use your own judgment at times.

I’ve come across a few OSS / FOSS programs over the years that make calls to web services such as Google analytics, online spell checker and grammar dictionaries, etc; and it seems to be a growing trend. I don’t agree with this behavior and believe it’s unnecessary. If the web service features are secondary to the applications primary function (for example, the GNOME calculator and the IMF exchange rate service), then they should be disabled by default and presented to the user as an optional feature with an explanation. Of course it’s understandable for online dependent applications, but a calculator, a word processor, an image editor, etc aren’t.

But since this isn't a perfect world where you can trust everyone, you get cool tools like this!

Thanks for reading my blog!

Date: 2023-01-21

Back to top!


  • Well this is useful thx!Keep up the good work :3
    Feb 18, 2023 Permalink Reply
    • Nice, looks useful. Good write up- thanks. 
      Feb 8, 2023 Permalink Reply
      • Never heard of this until now. Thanks for bringing it to my attention!
        Jan 23, 2023 Permalink Reply
      Back to top!