>>https://sneak.berlin/20201112/your-computer-isnt-yours/
>>
>Al, from the article:
>"@patrickwardle lets us know that trustd, the daemon responsible for these requests, is in the new ContentFilterExclusionList in macOS 11, which means it can’t be blocked by any user-controlled firewall or VPN. In his screenshot, it also shows that CommCenter (used for making phone calls from your Mac) and Maps will also leak past your firewall/VPN, potentially compromising your voice traffic and future/planned location information."
>
>I guess that is intended to mean firewall or VPN on the Apple itself - can't see how a firewall at router or other machine would be compromized by Apple HW going through it (pls correct if wrong, as networking not my forte!).

Yes, that's the way I read it. The article mentions you now need an external router/firewall to filter your outgoing traffic. You can no longer rely on privileged OS processes playing by the rules.

The linked YCombinator thread says some Mac users overcame the outage by sinkholing the destination Apple domain:

sudo emacs /etc/hosts # add `0.0.0.0 oscp.apple.com`

It's only by convention that OSs choose to obey things like HOSTS files; there's nothing stopping them from filtering it and always allowing their own traffic.

>Extrapolating from that, at least any VM running on a traditional, OS based host system could be filtered by the host OS ?

Yes, as long as the guest doesn't get out of its sandbox.

>Seems MacOS will not barf totally on trying to install as guest OS early on, as per:
>
>https://www.howtogeek.com/289594/how-to-install-macos-sierra-in-virtualbox-on-windows-10/
>https://www.hackint0sh.org/how-to-install-macos-on-virtualbox/
>
>Probability of buying one of the new ARM based machines just multiplied by 0.01, as control of host OS might be not given to owner - probably Apple thinks HW is only on lease :-((
>
>sad state of things...

No kidding! More recent events:

Android phoning home and chewing through data plans: https://www.theregister.com/2020/11/14/google_android_data_allowance/

HP Instant Ink recent changes - part of an entertaining Cory Doctorow read at the EFF: https://www.eff.org/deeplinks/2020/11/ink-stained-wretches-battle-soul-digital-freedom-taking-place-inside-your-printer . He does go a little over the top, claiming "The printer industry leads the world when it comes to using technology to confiscate value from the public, and HP leads the printer industry." Sorry, Cory, the banking/finance/market trading sector is multiple orders of magnitude better than that.