I’ve seen the same thing. You go to pay for something and suddenly half the internet wants to join the checkout process.
Most of it seems to be third-party scripts bundled in by payment providers, analytics, or “marketing” integrations the site owner probably didn’t even realise they enabled. It just accumulates.
The worrying bit is how normal it’s become. If you didn’t have uMatrix, you’d never even know it was happening.
You open one app to check a weather report or football results, and suddenly your phone is trying to talk to half the internet! It really highlights why "passive" devices are never actually passive.
I write these things because transparency is kind of the point of the platform. Most people don't have the time or the interest to open up a disassemble every time they want to try a new tool, they just want to know if it fits the FOSS ethos they moved to Linux for.
Pointing out that a "privacy" tool has a closed-source brain isn't an attack on the dev, it's just a heads-up for people who care about that sort of thing.
NetGuard is a solid tool for Android, but managing a whole home lab is a different beast. I've got dozens of VMs and containers tucked away in Proxmox; if I tried to micro-manage per-app permissions for every single one of them, I’d never get anything else done.
I prefer to take the hit on those rare site-breaking edge cases if it means I have a single, transparent "source of truth" at the DNS level. It's definitely a trade-off, but I'd rather spend my time building things than perpetually tweaking firewall rules for every new service I spin up.
I get the appeal; the Little Snitch UI is undeniably shiny. But for the headless Linux nodes in my Proxmox setup, I’ve never really felt the need for a proprietary dashboard just to see my network state. I’d much rather export my logs to something like Grafana or just check my AdGuard dashboard at the edge. It feels more "Linux" to keep the tools transparent and open than to invite a mystery binary onto my system just for the sake of a pretty graph.
I wrote this because I got tired of my home DNS being a single point of failure.
The setup is a mix of hardware: one local instance runs on Proxmox/Docker, and the second is on a Raspberry Pi running OpenWrt. Having that split across different host OSs ensures that a single hypervisor update doesn't take out the whole network.
The third instance is on a Debian VPS for mobile filtering. To avoid the battery drain of a constant VPN tunnel, I use this instance directly with Quad9 as the upstream. It's secured via strict client IP whitelisting in the AdGuard config to prevent it from being used as an open resolver.
Latency has been negligible on the VPS side, and the redundancy at home has saved my skin during several Proxmox reboots.
Most of it seems to be third-party scripts bundled in by payment providers, analytics, or “marketing” integrations the site owner probably didn’t even realise they enabled. It just accumulates.
The worrying bit is how normal it’s become. If you didn’t have uMatrix, you’d never even know it was happening.
reply