> most people do not want to deal with giving permission to each and every one of these services.
It’s far worse than just annoying: if people have to give permission to a bunch of things they don’t understand, they will absolutely give permission to something they shouldn’t.
You want the user to make a few decisions as possible, and every single one should be an actual decision: where the user knows what the options are, has an actual stake, and might legitimately choose either option depending on their preferences and circumstance.
The more times they have to click “yes” without thinking, the more susceptible to malware they become.
I think this is a bit of an odd take, given that the alternative is that the computer just silently allows you to download content from anywhere. I don't think this makes someone any more susceptible to malware than they already were. Little Snitch is the sort of software that the average person wouldn't install, anyway.
I understand the point, though. Going to just about any major website you will be pummeled with prompts to allow for a dozen different domains just to view one page, and it doesn't really give any indication of what those are used for. They have a what seems to be infinitesimally small list of connections that they do recognize and explain their use, but ultimately it's pretty useless for the vast majority of prompts.
I'd like there to be a better way to deal with this, but I'm not really sure what the solution to it would look like. You can download blocklists and just silently allow other connections, but I don't think that's significantly better than just using a hosts file.
The most useful thing Little Snitch does is alert me when individual applications try to phone home. For browsing the web it feels more like a chore.
> the computer just silently allows you to download content from anywhere
How many times have you been asked to approve a download? How many of those times have you said "no"?
If the answer is "hundreds" and "zero," what's the point? If the answer "hundreds" and "ten just in the past week," then that's exactly the point, and it serves a valuable purpose.
My response was mostly to your last sentence, "The more times they have to click 'yes' without thinking, the more susceptible to malware they become." There exists a dichotomy of you click on a link, it loads the page or begins the download or alternatively, you click the link, Little Snitch checks its filters and if it doesn't have a rule set, it'll prompt you to set one. In no case is the second one going to make someone more susceptible to malware, because the worst case scenario, where someone approves every single download, results in exactly identical outcomes as the person who does not have Little Snitch installed.
I agree broadly with your point that prompt fatigue or decision fatigue is problematic and should be avoided when possible. I think this is a problem in particular with Little Snitch even, which doesn't do enough to provide. However, the point of Little Snitch is to allow someone to monitor and control the traffic at a granular level and the consequence of providing that utility is the frequent prompts whenever you're visiting a new site. To Obdev's credit, silent mode exists and you can set it to deny or allow all traffic without a prompt (and evaluate the traffic at your leisure).
It’s far worse than just annoying: if people have to give permission to a bunch of things they don’t understand, they will absolutely give permission to something they shouldn’t.
You want the user to make a few decisions as possible, and every single one should be an actual decision: where the user knows what the options are, has an actual stake, and might legitimately choose either option depending on their preferences and circumstance.
The more times they have to click “yes” without thinking, the more susceptible to malware they become.