Apple Users Got Owned
▻https://puri.sm/posts/apple-users-got-owned
This means that Apple not only knows which applications you have installed, it knows each time you run them. While in the past this was an optional service, now it’s mandatory and starting with Big Sur, you can no longer use a tool like Little Snitch to block this service, or route it through Tor for some privacy. Apple (and anyone who can sniff this plaintext communication) can know when you launched Tor browser or other privacy tools, or how often you use competitors’ applications.
[...]
Apple’s notary services doesn’t send information about the app, but instead sends information about the developer certificate used to sign them (which makes more sense given how OSCP works). This means that they can know, for instance, that you ran an application from Mozilla, but they can’t necessarily tell whether you ran Firefox or Thunderbird. If a developer only signs a single application, of course, they could correlate the certificate with the app. The service also seems to cache an approval for a period of time so whether it sends Apple information each time you run an app depends on how frequently you launch it.
[...]
Yet like with so many Apple features, security is a marketing term when the real motivation is control. While code signing already gave Apple control over whether you could install or upgrade software, this feature grants Apple control over whether you can run applications. Apple already has used code signing on iOS to remove competitor’s applications from the App Store and also remotely disable apps in the name of security or privacy.
There’s no reason to think they won’t use the same power on macOS now that it can no longer be bypassed.