Please steal this idea and make a product; I'll be your first paying customer:
Data Loss Protection (DLP) for retail consumers.
DLP (see http://whatis.techtarget.com/definition/data-loss-prevention... for a definition) goes beyond what Little Snitch does and does packet inspection to ensure that credit card numbers (for example) are never sent out from your network / box. Ideally, you can add regular expressions to define other PII that shouldn't be allowed to be sent out (your name, address, etc;).
DLP products exist for corporate use, but I don't know of any lightweight + inexpensive one for personal use.
WireShark, Fiddler or Charles can incorporate this functionality, if I am not wrong. Not sure how one would MITM SSL with WireShark, though.
This requires splicing SSL connections, which requires installing custom 3rd party root CA certificate, which in turn requires complete and unwavering trust in your filtering software vendor.
The only way to make this sort of idea work reliably is a managed learning approach that creates a whitelist of known-good network traffic patterns, and then only permits those.
A prescriptive signature-based black list, as you point out, is easily fooled with simple obscurity.
Rather, controlling what information software can get it's hands on (focusing on the input rather than output) seems to the only way out? This is what app permissions on phones and applet sandboxing, chroot jails & containers, etc; try to do.
An additional twist that seems daunting (but interesting) is to mark sensitive data at EVERY step in it's processing, with support from the OS and hardware, and never let out tainted data out without explicit permission. See Perl's tainted variables for the gist of the inspiration.
So if a = "User's name", which is protected data, and you do b = a, then b is tainted, too, and write(socket_fd, *b) would pop-up an alert.
All old hat, I bet, to security researchers. I'm just thinking out aloud.
Yes, I worked on a product with a DLP feature we touted yet it would fail to identify credit cards if you put extra characters between sets of numbers.
It sounds good, and because compliance is about by making good-sounding things mandatory (weekly password rotation, yay! /s) it got mandated in a lot of places.
And it did catch mistakes, like accountants sending the wrong files or to external addresses. Which I guess is justification for it right there.
But it's billed as a stronger (ie hacker) protection, for which it's useless, so I never liked it.
I think the world would be safer with an email plugin that helped you by suggesting that you should not send a document to a given address, based on rules and observations. It'd only be a suggestion so nobody would expect miracles, but it'd stop all the unintentional mistakes our system stopped, for a fraction of the price.
Try it for yourself - can you exfiltrate anything you like by zipping it up and appending it to a JPEG? I think you'll find you can! (7zip just ignores the image part so you don't have to do anything funky at the other end.)
Data Loss Protection (DLP) for retail consumers.
DLP (see http://whatis.techtarget.com/definition/data-loss-prevention... for a definition) goes beyond what Little Snitch does and does packet inspection to ensure that credit card numbers (for example) are never sent out from your network / box. Ideally, you can add regular expressions to define other PII that shouldn't be allowed to be sent out (your name, address, etc;).
DLP products exist for corporate use, but I don't know of any lightweight + inexpensive one for personal use.
WireShark, Fiddler or Charles can incorporate this functionality, if I am not wrong. Not sure how one would MITM SSL with WireShark, though.