Automatic Profile Switching
Have you ever opened up your MacBook in a coffee shop and got a bad feeling that you’re exposing too much information to an unknown network? Or did you ever burn through your mobile phone’s data plan way too fast because you hooked it up via tethering and some file synchronization app thought it might be a good idea to download that huge file right now? Or maybe you have to use a POP email account via an unencrypted connection and you’re uncomfortable to just let the email app send your password in plain text out there? (You should be!)
Any Little Snitch user knows that creating rules in response to Connection Alerts or creating them manually in Little Snitch Configuration is the way to go to limit or outright deny any network access for certain or all processes.
And maybe they know that you can use profiles to create sets of rules that, for example, allow your email app any connection while your “Home” profile is active but no connection at all while the “Untrusted” profile is active. That is all well and good, but you still have to remember to actually switch to the “Untrusted” profile when you’re arriving at our hypothetical coffee shop.
There’s just one problem: it might already be too late for that right after opening up your MacBook. File sharing services and email clients are usually faster in blurting data out into the network than you can say “one caffè latte, please”. And features like Power Nap in OS X Mountain Lion even let your Mac wake up while its lid is closed to check for emails and do other things on the network.
Automatic Profile Switching to the Rescue
This is where the new Automatic Profile Switching comes in. When you join a Wi-Fi network, plug in an Ethernet cable, or connect to a VPN, it basically does what it says on the box: it automatically switches to a certain profile.
The first time you connect to a network, Little Snitch presents you the new Profile Switching Alert which lets you define the profile to be activated automatically the next time you join the same network. Of course, this also activates the profile right when you click the OK button.
While the alert is shown, no network traffic at all is allowed – not to the Internet, not to the local network – regardless of any rules you have defined. This means your Mac’s name does not pop up immediately on all the other coffee shop guest’s Finder sidebar for file sharing and it also means it doesn’t send unencrypted passwords to your POP mail server.
Now you can decide which one of your existing profiles to activate, to simply do nothing – leaving any currently active profile active – or to create a new, empty profile altogether.
It’s good practice to keep an “Untrusted” profile with just a few general “deny” or “ask” rules in it around. If you choose that profile in the Profile Switching Alert every time you’re in a network you don’t trust, Little Snitch helps your Mac keep a low profile on the network.
Enabling Automatic Profile Switching
Automatic Profile Switching is disabled by default. To enable it, open Little Snitch Configuration’s Preferences, switch to the “APS” tab and check the appropriate box.
The default action when an unknown network is joined is to “Ask”, in other words: “Show me the Profile Switching Alert for unknown networks”. If you want, you can set a default profile that gets activated instead, thereby completely bypassing the Profile Switching Alert.
If you allow Little Snitch to save the geolocation of networks, you can see them all on a map in Little Snitch Configuration.
Automatic Profile Switching in Action
When you connect to a network for which you answered a Profile Switching Alert before, Little Snitch automatically switches the active profile to the one you configured. You might wonder how you know it just did that. Well, you probably just connected to a different Wi-Fi network or plugged in an Ethernet cable, which most of the times is something you do consciously (hopefully).
But sometimes, you simply do not or cannot realize that your Mac’s network configuration just changed. To be on the safe side, Little Snitch shows one of those nice little notifications on OS X Mountain Lion (users on Snow Leopard and Lion will see something similar):
Profiles and Networks
You can configure multiple networks to activate the same profile. For example, you probably want the same “Coffee Shop” profile to be activated when you join the network of your favorite coffee shop, but also when you join the network of their rival: your second-most favorite coffee shop across town. Simply select the same profile in the Profile Switching Alert and you’re done.
Of course you can change the mappings from networks to profiles at any time in Little Snitch Configuration. You can see all networks that activate a particular profile:
… or you can see all profiles at once by choosing Window > Known Networks.
Now go and enjoy your coffee before it gets cold. Little Snitch protects your privacy in the meantime.
What do you think about this new feature? Let us know on Twitter or App.net!