Defcon33 Applestorm

HealthyRabbit27 · November 19, 2025, 7:53am

Hello everyone,

During the defcon33 an interesting presentation was about Apple telemetry in Apple Intelligence/Siri. The speaker broke the TLS encrpytion layer with MITMproxy and Frida.

And it seems that their telemetry is a bit invasive and reporting stuff like all opened apps at each Siri request the user does.

Should it be added to the MacOS page, with the mitigation associated (by using firewalling with Lulu or LittleSnitch).

More here : https://youtube.com/watch?v=BNmJ3qBP9GE

khoa · November 19, 2025, 8:32am

Hi @HealthyRabbit27 , welcome to the forum.

Apple isn’t doing this covertly. This behavior is documented in Apple’s Siri privacy policy.

When you use Siri and Dictation, your device may send other contextual data to Apple, including from third-party apps you allow to integrate with Use with Siri Requests, such as:

Contact names, nicknames, and relationships (for example, “my dad”), if you set them up in your contacts

Form of address, if set in language and region settings

Music and podcasts you enjoy

Names of your and your Family Sharing members’ devices

Names of accessories, homes, scenes, shared home members in the Home app, and Apple TV user profiles

Labels for items, such as people names in Photos, Alarm names, and names of Reminders lists

Names of apps installed on your device and shortcuts you added through Siri

From the wording, you should consider this list non-exhaustive.

On the MacOS Overview page, Privacy Guides recommends turning off Siri altogether.

If you use any of Apple’s online services, you should read the privacy policy of that particular service to avoid getting caught off guard.

HealthyRabbit27 · November 19, 2025, 8:56am

Oh ok thank you very much !

Why LittleSnitch and Lulu are not mentionned (as far as I know) on the MacOS page ?

HauntSanctuary · November 19, 2025, 12:55pm

LittleSnitch and Lulu are rendered more on the somewhat useless side because Apple has abstracted the system/OS communication to the internet away from the control of the user, because why would you block their Apple Telemetry data, you silly person you?

redoomed1 · November 19, 2025, 2:41pm

As with the other OS-centered articles in the Knowledge Base, the macOS Overview is a page which highlights the first-party tools to enable, disable, and use on macOS.

Since Little Snitch and LuLu are third-party tools, they would be housed in the Recommendations part of the website IF approved in the following discussions:

Topic		Replies	Views
AppleStorm: Unmasking the Privacy Risks of Apple Intelligence News article	16	1210	December 19, 2025
Hardened MacOS feat. Michael Bazzell Questions	4	2003	July 24, 2025
Session Is Getting A Major Privacy & Security Boost!｜This Week in Privacy #30 (Dec 5, 2025) Livestreams	25	1257	December 11, 2025
Does using NextDNS with iCloud Private Relay harm your privacy on iOS? Questions	9	737	November 28, 2025
Is there a place to submit tips/stories/press releases to Privacy Guides? Meta	2	152	November 26, 2025

Defcon33 Applestorm

Related topics