> In November 2020, Apple’s use of online OCSP checks came under fire, driving it to take immediate steps to protect privacy, and to state that certificate revocation checks will change in the following year to feature:
> “a new preference for users to opt out of these security protections”, which presumably means both hash lookup and certificate revocation checks.
> As far as I’m aware, none of those three changes has yet been implemented, although there are only four months left before that year elapses.
I'm the reason they "came under fire", and they had been transmitting the app launches unencrypted back to Apple for two years already at that point. It of course continues today. It looks like it will continue in 12.x all next year, too.
> “a new encrypted protocol”;
> “strong protections against” [OCSP] “server failure”;
> “a new preference for users to opt out of these security protections”, which presumably means both hash lookup and certificate revocation checks.
> As far as I’m aware, none of those three changes has yet been implemented, although there are only four months left before that year elapses.
I'm the reason they "came under fire", and they had been transmitting the app launches unencrypted back to Apple for two years already at that point. It of course continues today. It looks like it will continue in 12.x all next year, too.