[rsfinn]

This article by Jacopo Jannone refutes the notion that macOS sends an application's hash to Apple "on every single app open": https://blog.jacopo.io/en/post/apple-ocsp/

Also in that article, the OCSP protocol is supposed to go over HTTP and not HTTPS: "If you used HTTPS for checking a certificate with OCSP then you would need to also check the certificate for the HTTPS connection using OCSP."

Furthermore, the returned information apparently includes a timeout period for the result to be cached at the endpoint, and according to Jeff Johnson, Apple has raised that timeout in the wake of Thursday's incident from 5 minutes to 12 hours: https://lapcatsoftware.com/articles/ocsp.html

There's certainly room to argue about Apple's approach, but let's make sure we're arguing about the actual behavior.