Um, the article is about the fact that despite repeated promises, this change never actually happened. iOS traffic still randomly floats outside the active VPN connection.
That’s not true. I use Wireguard to only connect to my local network. 192.168.86.0/24 is passed through Wireguard and nothing else.
Not true, I use tailscale regularly to get to remote resources
Not “the same thing” as the point of VPNs isn’t privacy but access things on a local network.
Awesome. Cheers for that, I’ll incorporate that into my use case now. I use Airplane Mode occasionally and hadn’t put two and two together just yet.
This even sounds like a feature.
Article has click bait title unfortunately
Sure, but that doesn’t mean it’s intuitive or correct. Being technically true is not the point.
The safest option depends on your threat model.
VPNs have been misappropriated. Their intent is to access infrastructure locally.
They don’t provide more security or privacy by default, sometimes even less since you are giving all of your data to the provider which might have more incentive to monitor your traffic than your ISP.
iCloud private relay, HTTPS, technologies that already provide security and privacy.
Data leaks for native apps is a non issue, endpoints already encrypted, it doesn’t matter if it’s your ISP or a VPN provider. DNS they know you use Apple Music unless you’re using encrypted DNS, even better oblivious DNS.
Please define your threat models if you care to reply.
Airplane mode is a pretty simple fucking thing.
If the process doesn’t stop all data output in a reliable way then it’s absolutely terrible.
Don’t forget Apple promised to fix sending OCSP through plain text in 2020, and it’s still not fixed! Sometimes I think Apple treats users like idiots that only listen to the marketing team.
Tim is too busy adding ads into the default apps or trying to figure out more ways for subscription services. We need to push them to implement those safety patches!
I’m using the built-in L2TP client and this only happens when the local and the remote IP ranges match. You didn’t use a common IP range, so that’s why it works for you
It’s only a problem when I’m connected to a WiFi network that has the same IP range as my home network. It works if I’m on cellular
It works with any traffic that uses App Transport Security
That’s one of its uses yes, but most people use them to encrypt data traffic or spoof their location
It is a feature, most people don’t use a VPN for privacy, they’re used for securing data in transit for accessing remote servers.
It seems pretty reasonable from a usability perspective. If you want real privacy, you better not be using a smartphone in the first place.
Think of this in a different way: if you had some perfectly functional long-lived connection on one network interface (like an on-going file transfer) and then you connect another network interface to the system, would it be “intuitive” for that existing connection to be suddenly interrupted or dropped? The Darwin kernel doesn’t think so, hence why we have the behaviour today in macOS and iOS. To the system, a VPN is just another network interface. All the same rules apply.
I don’t want my hotel unsecured WiFi to be able to snoop my traffic. Will a vpn help?
I don’t want my online activity (reddit, health/activity tracking, location-based services (weather) and purchases to be tracked and monitored by Amazon, Google of Meta etc.).
Indeed. People benefit more from encrypted DNS than consumer VPN services.
Beautiful post! Well written! And username definitely checks out in some Orwellian way…