Speaking of macOS's firewall being broken, there's a bug (or "feature"?) in the NetworkExtension framework which causes connections to get initiated (SYN, leaks your IP address) even if there's an explicit rule to deny that connection. This affects LittleSnitch, Lulu, and all the other apps building on top of the framework. Bug reports have been filed and as usual ignored by Apple.
> Apple doesn't seem to care that much about privacy applications of their OSes.
If I remember correctly, macOS (iOS as well?) also sends information about the application you are launching back to Apple from time to time. It doesn't contain the application's name directly but it does contain information about the developer of the app (their certificate; multiple apps can technically share the same developer though). They do this to be able to prevent the app from launching in case the developer has been done something nefarious. Bonus points go to Apple for making these requests over plain text connections, no pesky TLS - let the whole network see!
Apple committed on April 30, 2021 to sending these revocation checks over a new encrypted protocol within one year. AFAIK that turned out to be a lie, as there have been two OS releases since then and plaintext OCSP remains a thing.
ARM macOS also still gets boot tickets from the TSS server (which include permanent HW serials like chip ECID) via plaintext tcp/80 HTTP on every OS update.
More:
Little Snitch "denied" connections leak your IP address - https://lapcatsoftware.com/articles/2023/3/4.html
Follow-up to Little Snitch "denied" connections leak your IP address - https://lapcatsoftware.com/articles/2023/3/5.html
Little Snitch "denied" connections leak your IP address: Developer response - https://lapcatsoftware.com/articles/2023/6/3.html