apple OS updates still transmit your ECID (unchangable permanent hardware identifier) in port 80 cleartext http on EVERY OS UPDATE on m1/m2/t2 for device-specific boot tickets. this allows intel agencies to track approximate location of all m1/m2/t2 macs on each update as they see the client IP and unique identifier across the backbones. this has been reported to apple multiple times, and they disallow such PII transmission unencrypted in all apps on the app store, but the OS still does it.