M1 Macs maintain a persistent, hardware-serial-number linked TLS connection to Apple

In case you didn’t know, here you can find some very useful information about the new Apple M1 Macintosh and all the privacy related things about it.

Big Sur on M1 (and possibly on Intel) maintains a persistent, hardware-serial-number linked TLS connection to Apple (for APNS, just like on iOS) at all times when you are logged in, even if you don’t use iCloud, App Store, iMessage, or FaceTime, and have all analytics turned off.

There’s no UI to disable this.

This means that Apple has the coarse location track log (due to GeoIP of the client IP) for every M1 serial number. When you open the App Store app, that serial number is also sent and associated with your Apple ID (email/phone) if you log in.

Apple knows when you leave home, or arrive at the office, or travel to a different city, all with no Apple ID, no iCloud, and no location services.

This has always been the case on all devices using iOS, too.

This change is essential for blocking such traffic, and I’m glad for it, but there is a long way to go when it comes to pressuring the pro-privacy forces inside of Apple to do more.

Apple removes first-party firewall exemption in macOS 11.2 beta 2

This doesn’t mean that everything is bad because Apple decided to remove the ContentFilterExclusionList (in 11.2 beta 2) and that means socket filter firewalls (e.g. LuLu) can now comprehensively monitor/block all OS traffic.

Read more and learn more at the following sources.

Hacker News – Apple removes first-party firewall exemption in macOS 11.2 beta 2https://news.ycombinator.com/item?id=25771022

Twitter – Apple decided to remove the ContentFilterExclusionList (in 11.2 beta 2)https://twitter.com/patrickwardle/status/1349488392732491776