After Snowden, We Quit Our Jobs to Build Privacy Software – It Reached 1.0

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
application-firewall Firewall Networking Privacy Linux

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • portmaster

    🏔 Love Freedom - ❌ Block Mass Surveillance

    • This is exactly the things we are aiming for, as Portmaster is intended to be as easy to use as possible.

    We currently already have support for AppImage and Snap packages on Linux and Windows Store apps and "svchost.exe services" on Windows. Additionally, we can detect common interpreters on Linux and correctly match the script file instead of the interpreter.

    The support for these systems is implemented as "tags", which are attached to a process internally in Portmaster. These tags are then used to match a settings profile.

    You can find the implementations here: https://github.com/safing/portmaster/tree/develop/process/ta...

    We almost had an implementation ready for what you want (matching the parent process), but we had to abort due to some difficulties in matching: The questions we could find a good answer for, was where do we put the information whether which binaries are merged into / inherit from the parent? The ideal scenario from a UX perspective would be to declare it on the parent as an "include all sub-processes" option. But this would mean we would need to fully resolve all parent processes including their settings every time we evaluate a process. We deemed this to be too slow and too complex for a quick and clean solution. If you or anyone else has a great idea, I'd be happy to have a call to discuss.

  • opensnitch

    OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

    • I'm a happy user of Opensnitch, but there's one important feature I miss: https://github.com/evilsocket/opensnitch/issues/406

    Suppose `curl` makes an outbound connection. I can add a rule for `curl`, but the rule cannot make use of the parent process hierarchy. Without this, any application could proxy through curl to evade firewall rules. For example if the process tree is git -> perl -> curl, I probably want to allow it, but spotify -> curl I want to deny. Another example is I probably want to allow (explicitly started) bash -> curl, but deny spotify -> bash -> curl.

    Does Portmaster support this? If so I'll take it for a spin!

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts