I don't understand the negativity in here. I would never expect Little Snitch (my opinion) to completely block all network traffic on all levels and this seems reasonable to me. Does it leak my ip? Yes. Do I think it compromises my security? No, there's so much noise on internet facing services that just initiating connection would easily get lost in the noise of all the botnets, port scans and legitimate users.
There's huge amount of other ways how data can be exfiltrated if one wishes to do so, from domain fronting, DNS level (you can easily tunnel data via DNS), forcing OS and/or whitelisted application to do it on your behalf (haven't tried but I think the files where rules are stored is readable by current user/process?). Such techniques can bypass even insanely expensive network IDS taps if there is enough incentive on the attacker side. I would never expect Little Snitch to be on the same level as those expensive network taps.
I think the use case people now forget is preventing applications to send meaningful data to analytic services like google ad-sense and similar or sending full data payloads (like http body). For this it's good enough. If your worry is about advanced techniques that would exfiltrate the data via DNS tunneling, partial TCP handshakes or forcing to do the connection/beacon on OS level for you then Little Snitch isn't going to help you and your problem is somewhere else. The last Electron wrapped application you downloaded that is packed with 5+ ad services isn't going to do that so it can get your IP.
On the other hand the wording may have been changed slightly and their use of "data" word so it doesn't give user the wrong impression but there is also a balance between explaining in 1-2 sentences what it does and writing 20 page document just to explain that and be technically correct in every word.
There's huge amount of other ways how data can be exfiltrated if one wishes to do so, from domain fronting, DNS level (you can easily tunnel data via DNS), forcing OS and/or whitelisted application to do it on your behalf (haven't tried but I think the files where rules are stored is readable by current user/process?). Such techniques can bypass even insanely expensive network IDS taps if there is enough incentive on the attacker side. I would never expect Little Snitch to be on the same level as those expensive network taps.
I think the use case people now forget is preventing applications to send meaningful data to analytic services like google ad-sense and similar or sending full data payloads (like http body). For this it's good enough. If your worry is about advanced techniques that would exfiltrate the data via DNS tunneling, partial TCP handshakes or forcing to do the connection/beacon on OS level for you then Little Snitch isn't going to help you and your problem is somewhere else. The last Electron wrapped application you downloaded that is packed with 5+ ad services isn't going to do that so it can get your IP.
On the other hand the wording may have been changed slightly and their use of "data" word so it doesn't give user the wrong impression but there is also a balance between explaining in 1-2 sentences what it does and writing 20 page document just to explain that and be technically correct in every word.