I do not understand the questions. I will try to answer.
But how would that work for devices that aren't tied to a specific service?
Any labeling system has standard lingo. When labeling food for example, vitamin content is listed as a % of the estimated daily value required for an average adult. Protein however is listed in grams. Terms such as "Yellow #5" are standardized. The same would happen when labeling your speakers. When a device is listening, we would need to have a term for "I listen on all IPV4 addresses" and "I listen on the local IP multicast address." If you've ever written socket code, there are already standards for these. We would need other standard terminology for payloads.
When you open the box, you would see a little piece of paper that says "This wifi speaker system communicates on the following protocols:"
IP4ANY | RTCP+TCP/UDP | 554 - 556 | LAN realtime streaming service for receiving audio; PCM audio data, device name, model number
*.spotify.com | HTTPS+TCP | 443 | Internet streaming service for receiving audio; PCM audio data, device name, model number
*.manufacturer.com | HTTPS+TCP | 443 | Firmware update service; sends model number, firmware version, device name, last update date
Hopefully it would not say:
*.centralmonitoringservice.cn | HTTP+TCP | 80 | Remote video monitoring and tunneling service; sends video, wifi password, user name, email address, device name
And the OP was saying this information is also coded into the device, in some standard machine-readable way.
If i cut them off from the internet then they simply don't work. I'd have to manually identify every IP that spotify uses and there seem to be a lot of them
This is where I am confused. Why would you need to do that?
My interpretation of what mlts proposed is kinda like what UPnP does. Today, UPnP already has a way for a device to request that the firewall open a port. I don't think it is super broadly used because security wasn't really considered when UPnP was designed. It is part of why some people just universally turn off UPnP on their routers. But my knowledge may be totally out of date. I didn't interpret mlts to be saying that all outgoing communication was turned off by default, and that the owner of the firewall would need to manually whitelist sites. That would be secure, and you could certainly do that today, but that won't be convenient for the end-user. One could certainly make a "friendlier" firewall that made this a bit easier, kinda like how personal firewall software works. "Hey, device WIFI_CAMERA_1234 wants to talk to nsa.trustme.cn. Allow Y/N?" :-)