This is deal breaker for me and lots of security conscious professionals. I have foreseen this "Apple goal" in the past and the only thing thats keeping me to use MacOS is Little Snitch and Mullvad VPN combination. Sadly in Linux world there is no commercially viable option for access rules per app basis and I don't understand why. I don't have answer for another question: As a business I learned from Apple that keeping tight security and protecting your intellectual property is big thing. How on earth big business is complicit in this telemetry approach from Microsoft, Google and Apple? If you are business captured metadata is enough to know important metrics about your company and this may work against you in the long term. Thats why I am against cloud based apps (like Figma), and I am furious with Sketch for not providing collaboration solution and bragging about "Mac Only" approach.

It's because it's very time-consuming but ultimately it's more security theater than any meaningful benefit. An attacker has many ways to easily bypass tools like Little Snitch and they only have to succeed at one of them, whereas you have to hope that you take time away from your job to successfully block all of them.

If you're trying to prevent data exfiltration, you don't trust the client at all — confine it to a dedicated locked-down system on a restricted network which only allows egress to the minimal subset of trusted services. That's a much more winnable battle than trying to prevent every possibility on a general purpose computer running tons of things which are allowed to connect to the internet and legitimately uses lots of outside services.

Similarly, a lot of the data breaches you hear about are caused by people with legitimate access saving the data somewhere insecurely. Spending time on that is a lot more beneficial to most organizations than tracking every TCP socket.

Thanks for your comment. You described exactly what I am going to do. + Hardware Firewall/Vpn.