But we need strict financial oversight on medical services. What if someone tries to use it improperly?!? That’s fraud!
/s because Poe’s Law
You can make rules network-wide, per-app, or per-incident. The latter is useful for getting a handle on app behavior. Like if you see it contacting ‘updates.somedev.com’ weekly, you can choose to allow or disallow permanently based on how benign you think the app is. But more likely, anything trying to phone home has a dozen CDNs it’s trying to hit rather than an easily identifiable URL. Block one, it tries to hit the other. Maybe today, maybe next week. It gets overwhelming (which IMO is a feature for the dev, not a bug).
As a longtime Little Snitch user, it’s freakin exhausting.
Technology Connections on YT did a side-channel experiment on this very thing.
Normally I wholeheartedly recommend his stuff, but the side-channel content gets very long winded and rambling, linked video included.
I worked in a “datacenter” where the humidifier function for the HVAC unit was turned off because it leaked under the floor into an adjoining office when it was trying to humidify. Management refused to fix the unit due to the cost, and saw no issue with running the room with relative humidity in the teens all winter. Madness.