Privacy - Apple - Software spying

[JJayet]

This prevent Apple from getting a bunch of informations such as user IP and launched softwares

See here for more details:

https://sneak.berlin/20201112/your-computer-isnt-yours/
https://twitter.com/lapcatsoftware/status/1326990296412991489

[beerisgood]

Nonsense.
A OCSP service isn't spying but for secure connections.

[CyanoTex]

Nonsense.
A OCSP service isn't spying but for secure connections.

Mind you, there are some privacy concerns.

But take it with some 🧂.

[crssi]

^^ But in that case you will need to disable OCSP in browser (like the preference in Firefox named security.OCSP.enabled), otherwise there will be breakages.
But, if you disable OCSP in browser, then there will be no connections to those addresses and DNS deny to such will never happen.

So in any case, IHMO, this is not to be solved on the DNS level, but in the browser.

[crssi]

I felt not being confident (and still do) in my inner judgement, and after reading Thorin-Oakenpants response I could see that @JJayet proposition might not be pointless, worth considering and giving end users choice.

[beerisgood]

Some people obviously don't understand the purpose or mechanism of the Online Certificate Status Protocol (OCSP).

A report wrote, macOS sends an "application hash" each time you run the app. This "hash" is the encoded, already-known certificate that is sent to the OCSP server for the validity check.

The same happens when you go to a website that supports OCSP and use Firefox …

Read more at https://blog.jacopo.io/en/post/apple-ocsp/

[JJayet]

As @crssi I think it could have some value being in another list and not a general one.
At least until the service is accessed with HTTPS, I still do think it's a privacy issue but I don't think it should be blocked for all users as it would create security concerns.

Thanks to @beerisgood for pointing that out very clearly :)