books-edge.apple.com

[4d62]

Which domain(s) should be blocked?

cds.apple.com books-edge.apple.com

Why should these domain(s) be blocked?

~~* Looks like it sends some telemetry data as showcased in https://www.youtube.com/watch?v=TJiOv2sLVxY @ 6:20 ~~

• Hit when opening apple books ( @ 8:28)

[4d62]

The video also mentions urls like oscp2.apple.com which is requested when an unknown application gets opened. Someone with a mac would have to check if blocking it doesn't cause issues . (same vid @ 5:20)

[Retold3202]

The video also mentions urls like oscp2.apple.com which is requested when an unknown application gets opened. Someone with a mac would have to check if blocking it doesn't cause issues . (same vid @ 5:20)

ocsp2.apple.com should not be blocked, it's a legitimate domain part of App Notarization & Certificate Validation, used to help prevent malicious software & domains. (Reference)

[Retold3202]

As far as cds.apple.com goes, this is an interesting one and caught my eye. I actually noticed this domain myself on my network yesterday. It appears to be used as part of Apple's Help Documentation. Reference:

direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd owner: me destination: cds.apple.com ports: 443 protocol: 6

I just tested this on macOS and was also able to confirm this:

I'm personally not convinced this is actually being used for telemetry, I can't seem to find any evidence or data backing that up. (The video you linked only shows the connection being made, not that data is actually being sent to it).

[4d62]

The video you linked only shows the connection being made, not that data is actually being sent to it

This can be very far fetched but a GET is made to the url with the data in params and apple just logs telemetry from those values

[4d62]

Edit: Image didn't load

But if it's just from help it probably just fetches help pages and has to have version. I personally don't use a mac so it's hard to verify this for myself. Probably shouldn't be blocked.

Is there any issues with the books-edge tho?

[Retold3202]

Is there any issues with the books-edge tho?

After some testing & experimentation, I think I understand what this is now:

It seems to be some sort of first-time set-up/initialization for the app. On macOS, I only saw the domain called once on the first launch of the Books app - After that, it has not been called again that I can see. This would also make sense based off what we can see in the video you linked:

So, I'm currently under the impression that this probably isn't worth blocking, unless we can see the domain being called on a consistent basis for ex. telemetry/analytics.

[hagezi]

Thank you for your support. I don't see anything "blockable" here either and agree with @Retold3202.