My Mac contacted 63 different Apple owned domains in an hour, while not is use
193 comments
·June 12, 2025al_borland
neogodless
When Microsoft has telemetry:
* Windows is a spyware machine - how can anyone use it? Year of Linux baby!
When Apple has telemetry:
* It's working as expected.
So... to be fair, is there a thorough comparison of the two? How are they the same, and how are they different?
snehk
But the things mentioned in the post above yours have nothing to do with telemetry. They're more like core functions to make the system work at all.
neogodless
> Which then becomes a question of how much time/money to they invest in features for 1% of users? Now how much time do they invest in those same features when the 99% will stumble in there, turn a bunch of stuff off, then call support and ask why their weather widget isn't updating?
That sounds like telemetry?
sitzkrieg
take a look at fbs.smoot.apple.com and argue that isnt telemetry?
why does an os need to hit the internet AT ALL to work? osx doesnt of course
politelemon
No that's incorrect. It is listed in TFA.
brookst
I didn’t see the person you’re replying to ever mention Microsoft. It seems weird to accuse them of hypocrisy?
neogodless
This is a very valid criticism of my post and many that group "opinions" as if they come from a single source.
Here, the top-voted comment is OK with Apple software phoning home, but there's no evidence they are not equally OK with Microsoft software phoning home, so I'm contrasting this popular opinion with another popular opinion elsewhere.
Here's one example from a different user, where Microsoft is described as "the big daddy of spyware."
https://news.ycombinator.com/item?id=22246187
See also this sibling top-level comment from today:
politelemon
I read it as a criticism of HN not the GP.
JohnFen
Apple users tend to trust Apple (whether or not that trust is misplaced is a different topic). Very few people trust Microsoft.
klodolph
Honestly I would say “working as expected” for like 99% of Microsoft’s telemetry. I think the only difference is that I fucking hate hate hate OneDrive and so I’m gonna be more upset about the fact that Windows uses it. iCloud does not bother me so I don’t complain about it.
jamesy0ung
Apple is nowhere near as evil as Microsoft, so I’m willing to put up with it.
righthand
Apple has been involved in all the same government spying programs as Microsoft. They do not offer any services or products with E2E encryption that they do not control the key too.
goosejuice
Well if you're going to throw that out there, you might as well explain.
ehutch79
The people who complain about windows telemetry, arnt going to Mac, they use Arch Linux btw.
neogodless
Are you sure Mac users (or at least fans) don't also call or consider Windows telemetry "spyware"? I suspect they hold that opinion too.
But yes, Year of the Linux Desktop, baby!
ZeroTalent
Look into the app Little Snitch. It's fantastic! https://www.obdev.at/products/littlesnitch/index.html
I'm unaffiliated with the owners.
ChrisMarshallNY
Second Little Snitch.
> NOTE: Corporate IT departments no likee Little Snitch.
dev_hugepages
Do you have a story to tell us?
amelius
> Which then becomes a question of how much time/money to they invest in features for 1% of users?
The problem with Apple is that __anyone__ sits in a 1% group of users in one way or the other. But they try to make a one-size-fits-all product.
This is in contrast to Linux where everybody can do whatever they like, and most things are opt-in rather than opt-out.
al_borland
Apple ships to satisfy the 80%. 3rd party devs generally fill the needs of the 20% in various ways.
This is no different with Linux. How many Linux users use a desktop environment as-is without any plugins or tweaks? How many Arch users don’t have a single package from the AUR?
There are tools like Little Snitch on macOS to monitor and block all kind of network traffic.
msgodel
Should push really be going through Apple on a laptop? I kind of understand it on a phone (although users should be able to switch push providers if they want to eg use open source software that apple won't allow) but on a Laptop there's no reason to not just have the application manage the toasts/sockets itself.
null
ath92
Regular users don’t think of push notifications as something that needs to go through some central server owned by Apple. If Alice sends Bob a message, shouldn’t that require only their phones to communicate with one another, without some third party?
razemio
This would mean, that every app notification needs to contact a different server. Lets say you have 20 Apps that send notifications. 20 different connections would work in the background to fetch updates instead of 1.
Privacy vise this is an issue and the reason that messangers like signal and matrix would use their own services on android. However this reduced battery runtime by a good margin and android and ios get more aggressiv at killing background tasks each os iteration.
To make things worse, push notifications for matrix and signal where unrealiable, because manufacturers like oneplus, oppo and some others where killing all the background tasks against specification to win the influencer battery tests.
al_borland
In the Alice and Bob scenario, what happens if Bob’s phone is off or doesn’t have a single when Alice sends the message? Does the message just get dropped? Does Alice’s phone keep trying forever to send the message until it gets a response back that Bob got it? How long does it try before giving up? What happens if Alice and Bob are far apart and the phones can’t directly talk, how does Alice in LA send a message to Bob in NY without a 3rd party to relay the message?
If regular users don’t think about these things, it’s because they’ve never thought about these ideas at all. If they did, and they are able to think, they should come to the conclusion that a 3rd party is necessary in some form.
null
Henchman21
But how would they make sure that conversation is safe and approved if it isn’t monitored?
(/s for those who need it)
jjmarr
Is it even a push notification if you have to fetch them from a server?
nothrabannosir
Is there mobile push technology which is actually fundamentally push, all the way down to the transport layer? Like open socket, listening for incoming packets only, no notifications-> no traffic?
I was under the impression it was all polling if you go down far enough, but at least because of central registration the phone only needs to poll one single pubsub service instead of a separate server per subscription.
Could be wrong though?
msgodel
In theory you could do that, that's how I had push set up on my Pinephone. Often the ssh connection that was used for it was still live after rtcwake came back up. It's kind of a moot point since the WiFi radio couldn't wake the CPU up on its own though.
baby_souffle
Yes, sms is "actually push" all the way down to the transport layer.
As far as I know, this is still what push notifications are built upon for an idle/sleeping device.
Carrier infrastructure knows which tower you last connected to, instructs that specific tower to broadcast a message telling your phone to wake up and fetch the remaining 80% of the notification content (the sms bit is usually just enough for your device to learn the UUIDs of the notifications)
eadmund
> Is there mobile push technology which is actually fundamentally push, all the way down to the transport layer? Like open socket, listening for incoming packets only, no notifications-> no traffic?
That’s the end-to-end principle. Each host on the Internet is fully capable of listening on a socket and doing whatever its owner wants it to do.
The issue is when firewalls prevent incoming traffic, and when NAT prevents a host from even being on the internet. There’s not really a good reason for NAT with IPv6, but there are some good reasons for firewalls. They mostly boil down to human imperfection. The developers of one’s OS and software are imperfect, so the fact that a laptop sitting in Dallas can be probed by other computers in Frankfurt or Maseru thousands of times a second is an issue: a single bug will make one’s computer, and all its data, vulnerable. And users are imperfect, too. One might misconfigure one’s computer, and accidentally expose a service to the world.
There could be some approaches to mitigate these issues, but we’re probably stuck with firewalls forever. Which is really kind of sad.
PinguTS
How do you think push should work?
Any push service works this way. The client contacts the server to be updated. The server gives a no data or a data response. The server cannot magically contact the client.
j_w
Well, the server could contact the client. The client would just need to be listening on a port/address that the server knows. Which is completely infeasible for 99.99% of end user devices.
juped
What do you think the word "push" means in the word "push"? It doesn't mean "pull", btw.
SimianSci
Polling domains when attached to the network like this doesnt suprise me in the least. Apple's ecosystem has often been praised for its tight integration, and this consistent network connectivity is the result. Anybody who has worked with large scale services that rely on messaging services to ensure people get timely notifications and data, knows that you need services which are continuously polling endpoints to check and see if they have new information.
Organizations like Apple who service billions of devices cannot rely on a "push data to system only when something has updated" type of system, as such a system doesnt operate at their scale. They have to operate a system where individual clients are assumed to have an unreliable connection to the service, and where the client does the legwork of checking for new data stored in a centralized system.
This is what you are seeing in the article. Domains like [gdmf.apple.com] which govern device management, are where the declarative device management system is checking Apple's various databases to see if they need to update their configuration.
mzi
> Polling domains when attached to the network Apple devices do communicate over BT even when you explicitly turn it off and put your device in flight mode.
DrBenCarson
Only if you use Apple Watch and or Contact Tracing features
brookst
The article’s author would apparently be happier if everything were on a single domain with just ports or paths to separate services. Thinking about the number of DNS names seems kind of silly.
lapcat
This is an extremely uncharitable interpretation of the article.
The number was just intended to illustrate the amount of communication that occurs.
yaris
The amount of communications would be better illustrated by the number of connections made in a period of time, maybe complemented with the amount of data transferred up/down. Making a 1000 connections towards one domain name with different URLs does not fundamentally differ from making 1000 connections each towards a separate domain name (which names can be the same server, just with a bunch of IPs).
Ardren
For fun, compare and contrast the comments here to this post on Windows 10 from 5 days ago: https://news.ycombinator.com/item?id=44208050
brookst
This article: Apple’s OS relies on a lot of services to deliver its features!
That article: Microsoft reports every click you make
Is that the comparison you’re making?
joshstrange
No.
This article: My Mac contacted 63 different Apple owned domains in an hour, while not is use
> while not in use
That is not "Apple reports every click you make", _very_ different from Microsoft. These requests seem like they are all for background tasks to keep data up to date when the user goes to use it. Now can you see a difference between that and _reporting_ on what you are doing?
idoubtit
> These requests seem like they are all for background tasks to keep data up to date when the user goes to use it.
Where did you get this information? Is it just a guess based on what Apple declared about these domains?
In the article, there is no info about the content sent to these Apple owned domains. For all we know, MacOS could send detailed reports on the user's activity.
null
null
mtotheb
An important variable, the titles of the posts set the stage. That post's title was "Windows 10 _spies_ on your use of System Settings" whereas this one is "My Mac _contacted_ 63 different Apple owned domains in an hour, while not is use." It would be interesting to, in a month or so when everyone has forgotten this conversation, repost this with a more critical title and see if that reshapes the comments or influences their tone.
ryandrake
Apple gets a lot of benefit of doubt here and in the tech press, some of it having been earned. When other vendors' OSs phone home dozens of time, it's nefarious. When Apple phones home dozens of times, it's for innocent "core functionality" or other reasons that sound acceptable.
jitl
Would it really be better if there was one domain used for everything? If you want to turn off your Mac doing things like syncing data with the screen off, you can: https://support.apple.com/en-in/guide/mac-help/mh40774/15.0/...
this_user
Apple is the new Microsoft. They have pretty much saturated their target market. And since there is nothing much new to do, teams justify their existence in the org by changing existing things and adding unneeded functionalities that ultimately make the user experience progressively worse.
tl
Apple has been the new Microsoft long enough, I've begun to suspect the current environment cannot support a new Apple. Joel Spoksky's 2004 "How Microsoft Lost the API War" [1] applies to Apple's 2019 introduction of SwiftUI. Some of the AI companies are trying, but the more favorably I think of a competitor in that market, the less likely they are to build consumer hardware.
[1]: https://www.joelonsoftware.com/2004/06/13/how-microsoft-lost...
mark_l_watson
As so many other people have also said, many Apple services like iCloud sync require a lot of network I/O. I use two iPads, one with 64G of storage and the other with 1 terabyte of storage. Applications and data frequently get offloaded and reloaded on my old iPad.
I appreciate hand-off, and accept the overhead for supporting that.
Most data is encrypted at rest on Apple's servers and during transport. Check their documentation.
throw564367h
Same with Xiaomi products. Their products are all integrated together and communicate with one another.
nkotov
Apple has a nice list here where you can see what it connects to and why: https://support.apple.com/en-us/101555
lapcat
Little Snitch can detect and block connections at the process level.
JulianWasTaken
As can the (FOSS) LuLu: https://github.com/objective-see/LuLu
tetraodonpuffer
that works in a lot of cases, but unfortunately it seems sometimes you get these popups about nsurlsessiond (for example) where you know where the connection goes, but no idea where it comes from (especially if it's trying to connect to to some generic AWS hostname)
And as much as you can use little snitch for programs you install, these days it seems an endless whack-a-mole to block Apple's stuff as there's so many requests all the time. The more time goes by, the more it seems that the concept of "personal" computer is gone: there's nothing "personal" about it anymore, it's the computer plus an amorphous blob of online services one has no control over.
lapcat
> unfortunately it seems sometimes you get these popups about nsurlsessiond (for example) where you know where the connection goes, but no idea where it comes from (especially if it's trying to connect to to some generic AWS hostname)
Little Snitch might be able to tell which process triggered that, if you press the info button in the alert. I'll have to check next time it happens.
DavideNL
Nope. Triggered by `launchd` last time i checked…
RobT7k
Some Apple Apps can bypass Little Snitch though.
thomassmith65
With Apple, you want to block *.apple.com and white-list subdomains as you need them. If instead you black-list apple subdomains, the battle will never end.
fortran77
Why use Apple at all if it’s so user-hostile? (I’m a Windows user.)
greenavocado
Windows telemetry is way more insane
Small sample of telemetry and spying domains (out of date):
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocke...
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocke...
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocke...
https://raw.githubusercontent.com/Strappazzon/teleme7ry/mast...
potato-peeler
How does one verify all those domains are not essential to the OS?
zeeZ
That "small sample of telemetry and spying domains" also contains login pages and update downloads, among others. You're just saying everything Microsoft is telemetry and spying, here are all their domains.
SimianSci
Anybody who has done similar checks for windows will see an order of magnitude more connections being made. As someone who got their start managing windows devices, and who has gone through the painful steps of mapping out what each such connection is meant for, I was suprised to see that there was ONLY 63 connections being made in an hour for this article. The last time I mapped such connections for a windows device, we had measured about 200+ similar connections within a single hour.
MegaDeKay
To be fair, "about 200+" is far from "an order of magnitude" of 63.
null
LorenDB
Why use Windows at all since it's more user-hostile in terms of overt advertising and telemetry-gathering? (I'm a Linux user.)
(slight /s here but I'm also serious)
bmacho
Probably in exchange of some privacy it gives its users time/money?
onedognight
1) The ads in my start menu all come from one domain.
2) One is less than 63.
3) Profit?
exe34
Their hardware is quite nice - I have a mac book air from mid-2012 myself. (Although I moved to Nixos linux in 2016).
1vuio0pswjnm7
One of the things that really put me off about Apple's computers, namely their pre-installed OS, was how "chatty" they have become when attached to a local network, let alone the internet.
As such, I stopped buying Apple. I have not owned a Mac since the G4 days. I never attached it to the internet. I would use TCP/IP and a crossover cable to move files.
I always see a high vollume of traffic from other peoples' Apple computers on the wire that is not intitiated by the computer owner. To my sensibilities, this is cringeworthy. Because there is no way to turn if off. The computer owner has no control over it.
Apple fans can argue this is useful and convenient. That may be true. But that does not explain why it is mandatory, on by default and impossible to disable. I am not against useful options and convenience. I am in favor of control.
When I compile and install a NetBSD image the amount of mandatory network traffic is zero. It is up to me to decide what to enable. That's how I like it.
DavideNL
Somewhat related;
This week i configured Keyboard Maestro to turn off Wi-Fi and Bluetooth when my MacBook (M1 Pro) goes to sleep, and re-enable them on wake.
This has had a huge impact on the battery drain while not being used. Even when the lid is closed.
Would recommend.
Avamander
It's even better that quite a few of those connections are unencrypted (and are actively used by some vendors to profile devices).
SimianSci
From my understanding this isnt correct. While a DNS resolution may or may not be encrypted, which is highly dependent on the local client's environment. Data being sent to apple is not being sent via DNS, as these DNS connections are only the beginning of negotiating a conneciton to Apple's servers. The connections themselves where data is transfered, are negotiated using TLS and thus encrypted.
The only point where this is not the case would be system probes, such as captive-portal check, OCSP, or NTP, but none of these would be capable of portraying anything more than simple metadata, like your ip address.
Avamander
> Data being sent to apple is not being sent via DNS
Obviously I'm talking about what follows the name resolution.
> The connections themselves where data is transfered, are negotiated using TLS and thus encrypted.
They're not, as I said there are quite a few unencrypted ones. Last time I couldn't even set up a HomePod without allowing insecure connections.
> but none of these would be capable of portraying anything more than simple metadata, like your ip address.
Just the captive portal check alone contains things like the User-Agent, which has plenty more than just your IP.
While this seems like a lot, in some ways this is what user's expect. Push notifications should be coming all the time, assuming the system is on. Most users expect various maintenance services to run when the system idle so it doesn't interfere with their active use of the system. When users open apps like Weather (or view a widget), they expect it to already be up to date without having to manually refresh or wait for data to load when the app launches.
I'm sure some fat can be trimmed, and it may not all be user-centric, but a lot of this had to do with the expectations users have these days with the data being always up to date, instantly available, and proactive about alerting them to things they may want to know about, like rain coming to your area in 30 minutes.
One of my big pet peeves is when I pick up my phone in the morning, go to open an app, and it starts updating, so I need to wait for the download/install. It just had 8 hours on a charger to do that, and instead it seems to wait until it's taken off the charger and unlocked. With auto-updates on, I'd much rather this happen when placed on the charger and inactive, than actively in use and off the charger. The same can be said for a lot of things on the desktop.
This ends up mostly being a question of transparency and user control. Which then becomes a question of how much time/money to they invest in features for 1% of users? Now how much time do they invest in those same features when the 99% will stumble in there, turn a bunch of stuff off, then call support and ask why their weather widget isn't updating?