Why do you say it's equally difficult? By limiting network operations of a local application you can indeed prove this, as long as you trust the facilities provided by the operating system.

With web applications doing the same is more difficult, because you need to pass some requests, and some requests need to pass while others could be smuggling data.

On macs I feel like little snitch or LuLu are the norm. I wonder why, given that Windows and windows apps are historically more inclined to install stuff you don't want. Anyway, both are outgoing network monitors/firewalls and it's one of the first things I install on a new system.

Pretty sure they are very far from the norm, in % of Mac users

No making any accusations but I used Little Snitch extensively at a shop that didn't pay licenses for either Final Cut or the Adobe Suite.