86
During a one hour period today, my computer contacted 63 different Apple domains while i was not logged on and using it.
I have been trying to minimize to the extent possible the reach of big tech into my life. A full 25% of the DNS queries from one of my computers (M2 MBA with macOS 15.4) are to Apple owned domains - even though my DNS provider (NextDNS) blocks Apple's native telemetry. Additionally, since I do not use Apple for my mail, contacts, calendars, podcasts or news, I already have the routes to those Apple services blacklisted.
Interestingly, my 2019 Intel MBP with the same DNS settings has less than 3% of it's DNS queries hitting Apple domains.
Here are the domains Apple contacted during one 60-Minute Period When I Was Not Using My ComputerOne Hour - 63 Apple Domains
• 1-courier.push.apple.com - Apple Push Notification Service
• 1-courier.sandbox.push.apple.com - Apple Push Notification Service
• api.apple-cloudkit.com - CloudKit, Apple's backend service for developers to store and sync app data
• api.apple-cloudkit.fe2.apple-dns.net - DNS/gateway services for Apple's infrastructure
• app-site-association.cdn-apple.com - Used for Universal Links
• apple-relay.cloudflare.com
• apple.com - Core Apple websites
• bag.itunes.apple.com - iTunes/App Store purchase container
• configuration.apple.com - for fetching various system configurations, including location services
• configuration.ls.apple.com - for fetching various system configurations, including location services
• cts.cdn-apple.com - CDN for network content
• entitlements.itunes.apple.com - Checks your entitlements for apps and content
• fbs.smoot.apple.com - for crash reports, analytics, or user feedback.
• fpinit.itunes.apple.com - Initialization for iTunes/App Store services
• gateway.fe2.apple-dns.net - DNS/gateway services for Apple's infrastructure
• gdmf.apple.com - Device Management Framework
• gsa.apple.com - Apple ID (IDMS) and Game Center Services (GSAS)
• gsa.idms-apple.com.akadns.net - Apple ID (IDMS) and Game Center Services (GSAS)
• gsas.apple.com - Apple ID (IDMS) and Game Center Services (GSAS)
• gsas.idms-apple.com.akadns.net - Apple ID (IDMS) and Game Center Services (GSAS)
• gspe1-ssl.ls.apple.com - related to Location Services (LS) and certificate validation (SSL)
• gspe35-ssl.ls.apple.com - related to Location Services (LS) and certificate validation (SSL)
• iadsdk.apple.com - Apple's iAd advertising network SDK
• init-p01md.apple.com
• init.ess.apple.com - Apple's Entitlement Services
• init.itunes.apple.com - Initialization for iTunes/App Store services
• kt-prod.ess.apple.com - Apple's Entitlement Services
• lcdn-registration.apple.com - related to Software Update and (CDN) registration
• musicstatus.itunes.apple.com - For checking the status of Apple Music or iTunes Match
• ocsp2.apple.com - Online Certificate Status Protocol
• p44-buy-lb.itunes-apple.com.akadns.net - related to the iTunes Store and App Store purchase
• p44-buy.itunes.apple.com - related to the iTunes Store and App Store purchase
• pancake.apple.com - telemetry
• pd.itunes.apple.com - related to the iTunes Store and App Store purchase
• proxy.safeBrowse.apple - for Apple's Safari Fraudulent Website Warning (Safe Browse)
• sandbox.itunes-apple.com.akadns.net - used by developers for testing in-app purchases
• sandbox.itunes.apple.com - used by developers for testing in-app purchases
• sas-uw2-pcms.apple.com - related to purchase or content management systems within Apple's retail or media ecosystem.
• sas.pcms.apple.com - related to purchase or content management systems within Apple's retail or media ecosystem.
• setup.fe2.apple-dns.net - DNS/gateway services for Apple's infrastructure
• st11p01su-lcdnreg.isu.apple.com.akadns.net - related to Software Update and (CDN) registration
• suconfig.apple.com - related to Software Update and (CDN) registration
• swallow-apple-com.v.aaplimg.com - related to content delivery or image services
• swallow.apple.com - related to content delivery or image services
• testflight.apple.com - for TestFlight, Apple's platform for beta testing apps
• time.apple.com - Network Time Protocol
• token.safeBrowse.apple - for Apple's Safari Fraudulent Website Warning (Safe Browse)
• us-ne-courier-4.push-apple.com.akadns.net - Apple Push Notification Service
• us-sandbox-courier-4.push-apple.com.akadns.net - Apple Push Notification Service
• use1-wps-prod.apple.com
• weatherkit.apple.com
• wps.apple.com
• www.apple.com - Core Apple websites
• xp.apple.com - telemetry
• gateway.icloud.com
• p177-content.icloud.com
• edge-062.usatl5.icloud-content.com
• p104-content.icloud.com
• setup.icloud.com
• p150-content.icloud.com
• p176-content.icloud.com
• p101-content.icloud.com
• mask-api.icloud.com
Apple Domains I Already Block• apple.news
• apple.tv
• podcasts.apple.com
• siri.apple.com
• caldav.icloud.com
• contacts.icloud.com
• mask.apple-dns.net
• mask-api.icloud.com
• doh.dns.apple.com.v.aaplimg.com
• doh.dns.apple.com
• apple-relay.cloudflare.com
• mask-canary.icloud.com
• mask-h2.icloud.com
• mask.icloud.com
• p120-caldav.icloud.com
Adguard on my router has apple services at 7% of all blocked domains in the last 24 hours (545 times). Adobe is 14% in that same window (1135 times). I hate it here.
Do you have a Roku? Mine is losing its mind that it can’t phone home, and all those ad settings are off.
Theres probably some Roku specific blocklists out there, but I got tired of playing whack a mole with all the new connections every week when I had my Roku. My partner also just wanted to watch tv without me fiddling with filters constantly, so I swapped to an Apple TV. It’s been nearly perfect with adguard (it even stops all ads on Hulu).
I have zero things Apple. Does it need Apple stuff to work? And is Jellyfin available?
I don’t think it requires iCloud or anything else apple. I’m not sure how “casting” works if you have a non-Apple mobile device, but that’s the only issue I can think of. Jellyfin works (I think it is called swiftfin) as well as Infuse. I also use Tailscale to watch things on my Apple TV from my NAS.
deleted by creator