Closed 4d62 closed 5 days ago
The video also mentions urls like oscp2.apple.com which is requested when an unknown application gets opened. Someone with a mac would have to check if blocking it doesn't cause issues . (same vid @ 5:20)
The video also mentions urls like oscp2.apple.com which is requested when an unknown application gets opened. Someone with a mac would have to check if blocking it doesn't cause issues . (same vid @ 5:20)
ocsp2.apple.com
should not be blocked, it's a legitimate domain part of App Notarization & Certificate Validation, used to help prevent malicious software & domains. (Reference)
As far as cds.apple.com
goes, this is an interesting one and caught my eye. I actually noticed this domain myself on my network yesterday. It appears to be used as part of Apple's Help Documentation. Reference:
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd owner: me destination: cds.apple.com ports: 443 protocol: 6
I just tested this on macOS and was also able to confirm this:
I'm personally not convinced this is actually being used for telemetry, I can't seem to find any evidence or data backing that up. (The video you linked only shows the connection being made, not that data is actually being sent to it).
The video you linked only shows the connection being made, not that data is actually being sent to it
This can be very far fetched but a GET is made to the url with the data in params and apple just logs telemetry from those values
Edit: Image didn't load
But if it's just from help it probably just fetches help pages and has to have version. I personally don't use a mac so it's hard to verify this for myself. Probably shouldn't be blocked.
Is there any issues with the books-edge tho?
Is there any issues with the books-edge tho?
After some testing & experimentation, I think I understand what this is now:
It seems to be some sort of first-time set-up/initialization for the app. On macOS, I only saw the domain called once on the first launch of the Books app - After that, it has not been called again that I can see. This would also make sense based off what we can see in the video you linked:
So, I'm currently under the impression that this probably isn't worth blocking, unless we can see the domain being called on a consistent basis for ex. telemetry/analytics.
Thank you for your support. I don't see anything "blockable" here either and agree with @Retold3202.
Which domain(s) should be blocked?
cds.apple.combooks-edge.apple.comWhy should these domain(s) be blocked?
~~* Looks like it sends some telemetry data as showcased in https://www.youtube.com/watch?v=TJiOv2sLVxY @ 6:20
~~