Apart from security implications I can see multiple privacy issues here. Apple's services may attempt connections to non-Apple resources as well as Apple's.
My understanding is that trustd (Trust Daemon) will be allowed to report/validate (OCSP? CT?) certificates anywhere issuer points it to, and that nsurlsessiond (NSURLSession Daemon) will be allowed to attempt any connections other Apple processes will tell it to. From what I observed, opening a single podcast in Podcasts.app sometimes results in nsurlsessiond connecting to resources under multiple different domains.My pessimistic view of today's techworld tells me to follow the money on this and that I might not be able to block in-system ads in some future.
No comments yet.