Again, how does this help the "I opened app from porn developer now my computer broadcasts that I did that" case?

I just checked my Steam library and none of them use codesigning so I guess that solves that. Video playing apps do though, so depends on plausible deniability.

It does seem like this could be fixed using the private relay system. It certainly doesn't need to be unencrypted.

Who would run the intermediate hop, though? Other Macs?

Randomly selected CDN companies.

https://security.apple.com/documentation/private-cloud-compu...

I guess it would be nice if they added that then :)