Do VPNs actually work anymore?

[blackxacto]

I have been having installation issues w NordVPN since iOS16 dropped. I’m about to leave it. So i read on the web at Forbes that Apple has made its system software incapable of allowing third party VPNs to hide my data exchanges using an Apple device. Is this true?

If so, how do i trust my Apple device if i travel or leave my wifi net at home?

 

[Nermal]

My VPN (using Apple's built-in client) works fine under 16.5.1c.

VPN is not designed to "hide data exchanges": it's a tool for connecting ("virtually", rather than physically) to a foreign ("private") network. This seems to be a common misunderstanding, and I'm aware that some commercial VPN providers take advantage of this in their marketing. However, I don't believe that the error you're receiving has anything to do with that.

 

[BigMcGuire]

I use Nord VPN successfully on my iPhone and MacBooks. I also leave on Privacy Relay and have no problems.

I only use VPN when on public WiFi that I do not trust (which isn't too often these days).

My suggestion: Try turning off WiFi and seeing if you can get access to Nord VPN's login servers on cellular to see if it is your local WiFi having a blip. <shrug>

 

[blackxacto]

My VPN (using Apple's built-in client) works fine under 16.5.1c.

VPN is not designed to "hide data exchanges": it's a tool for connecting ("virtually", rather than physically) to a foreign ("private") network. This seems to be a common misunderstanding, and I'm aware that some commercial VPN providers take advantage of this in their marketing. However, I don't believe that the error you're receiving has anything to do with that.

So if they encrypt plus send to their own server before being sent out to the world, you dont call that hiding my data exchanges, what the heck is it called?

 

[Nermal]

It's not that it doesn't encrypt, but that it's not designed for hiding data. It's designed for connecting to other networks, and the data transmitted to that other network is indeed encrypted.

The news that did the rounds a while ago was that some types of data, e.g. connections to Apple services, would not go via the VPN. If you're trying to use a VPN for privacy then that may be a concern, but it's not a bug per se.

 

[blackxacto]

It's not that it doesn't encrypt, but that it's not designed for hiding data. It's designed for connecting to other networks, and the data transmitted to that other network is indeed encrypted.

The news that did the rounds a while ago was that some types of data, e.g. connections to Apple services, would not go via the VPN. If you're trying to use a VPN for privacy then that may be a concern, but it's not a bug per se.

Why else would i buy into a VPN but privacy?
If there is no privacy w VPNs, why even talk about VPNs? Thats their marketing sell, we protect your data. Sounds like a complete lie. Unless Apple opens access so the VPNs can provide security.

 

[BigMcGuire]

I'd recommend watching:

and

and doing some research on what a VPN actually does.

 

[blackxacto]

Thank you for your patience. So i go to a doctors office that offers patient wifi access to internet. In the waiting room I ok connecting to their wifi net, enter the bank website, w a https address, my activity is encrypted. OR use my iphone ISP data, sign into https bank website which is encrypted. So i never needed VPN to protect me from someone who breaks in & watches the doctors patient wifi net.

 

[one more]

Why else would i buy into a VPN but privacy?
If there is no privacy w VPNs, why even talk about VPNs? Thats their marketing sell, we protect your data. Sounds like a complete lie. Unless Apple opens access so the VPNs can provide security.

Apart from “privacy”, you can use VPN tunnels to access country-region locked sites, TV channels, etc. If your main purpose is to hide your net traffic/identity, you could also use Apple’s own Private Relay and Private Browsing, Tor Browser, etc.

 

[gilby101]

VPN is not designed to "hide data exchanges": it's a tool for connecting ("virtually", rather than physically) to a foreign ("private") network.

I think you are confused by two different roles for VPNs. 1) The traditional role is to connect to a private network - e.g from your home computer to your work network. 2) The VPN which allows a user to hide their traffic from their service provider and to hide their IP address from web sites. I think the OP's question is regarding the second type.

 

[ManuCH]

It's not clear to me why you cannot run NordVPN, but that Forbes report surely sounds wrong. I use VPNs all the time on my iOS devices (be it NordVPN or my own).

And what others said is true: a VPN won't *hide data* in an absolute way. It will hide data from the middle man, exposing it to the next middle man.

If you want to hide your data from your ISP (or from whoever runs the public wifi of the hotel or restaurant you're at), sure, use NordVPN. Just keep in mind that NordVPN and their ISP are now those who can "see" your data (or rather, metadata, because everything is encrypted with SSL/TLS nowadays anyway).

The question you need to ask yourself is who you are more comfortable with seeing your data. Depending on the country you live in, you will not want your ISP to see your data. In other countries it doesn't really matter. And in the end it's a matter of your principles and how you would like to handle it. But totally hiding your data from everyone is, I'd say, "next to impossible". You just need to decide who you expose it to.

And if we omit the data hiding subject, VPNs are still very useful to, among other things, unlock streaming websites or even get better prices when ordering products. Or make sure the websites you visit show up in your own language when you are on vacation in a foreign countries. And so on.

 

[it wasnt me]

you can use VPN tunnels to access country-region locked sites, TV channels, etc.

Which is a side effect of their implicit privacy feature.

 

[Airforcekid]

Thank you for your patience. So i go to a doctors office that offers patient wifi access to internet. In the waiting room I ok connecting to their wifi net, enter the bank website, w a https address, my activity is encrypted. OR use my iphone ISP data, sign into https bank website which is encrypted. So i never needed VPN to protect me from someone who breaks in & watches the doctors patient wifi net.

This is why I use 1.1.1.1 WARP unlike most VPNs it actually has good peering agreements and is free unless I want better routing. Its perfect for accessing banks etc. on public Wi-Fi or cellular connections.

 

[elvisimprsntr]

I don’t trust these so called third party “privacy” VPN providers who get YouTube channels to shill their wares in exchange for a kickback.

I host my own IPSec VPN on my https:// pfsense.org enterprise class open source firewall.
1. Allows secure remote access to my entire home network.
2. Tunnels all traffic through VPN connection, including DNSSEC, DNS over TLS, and any other content filtering and firewall rules.
3. Requires no third party VPN app to be installed on any client, since Apple bakes in support for IPSec.
4. Price is exactly right.
5. Not handing my data over to another, potentially offshore, provider who can mine/sell my data and be subjected to subpoenas.

You want to set up a MESH VPN between multiple sites that traverses CGNAT? Tailscale on pfSense is perfect for that.

 

[Arctic Moose]

I use OpenVPN to connect to a corporate network, and Wireguard for privacy when connecting at hotels or airports, and haven’t had any issues with either on Macs or iOS devices.

 

[blackxacto]

I use Nord VPN successfully on my iPhone and MacBooks. I also leave on Privacy Relay and have no problems.

I only use VPN when on public WiFi that I do not trust (which isn't too often these days).

My suggestion: Try turning off WiFi and seeing if you can get access to Nord VPN's login servers on cellular to see if it is your local WiFi having a blip. <shrug>

Everytime I try to sign into NordVPN i get the same message, above, tech tells me to use OpenVPN. Why pay Nord anymore

 

[chrfr]

Everytime I try to sign into NordVPN i get the same message, above, tech tells me to use OpenVPN. Why pay Nord anymore

OpenVPN is just a different protocol- you still need a VPN server, and NordVPN provides OpenVPN configurations.

 

[OhMyMy]

I don’t trust these so called third party “privacy” VPN providers who get YouTube channels to shill their wares in exchange for a kickback.

I host my own IPSec VPN on my https:// pfsense.org enterprise class open source firewall.
1. Allows secure remote access to my entire home network.
2. Tunnels all traffic through VPN connection, including DNSSEC, DNS over TLS, and any other content filtering and firewall rules.
3. Requires no third party VPN app to be installed on any client, since Apple bakes in support for IPSec.
4. Price is exactly right.
5. Not handing my data over to another, potentially offshore, provider who can mine/sell my data and be subjected to subpoenas.

You want to set up a MESH VPN between multiple sites that traverses CGNAT? Tailscale on pfSense is perfect for that.

WireGuard seems more secure and lightweight compared to IPSec from what I remember. Why not that?

 

[OhMyMy]

Personally I don’t believe there’s any real need for VPNs anymore especially with Private Relay for Safari and since it also routes any unencrypted traffic from apps thru their servers as well. The only thing VPNs are good for these days would be to conceal your location which in and of itself isn’t much as the IPs are shared but then again they can read all the data and log it.

Used to be one of those that never accessed internet without a VPN but I use NextDNS with 3rd party filters now to block all known trackers which is the biggest privacy concern.

For the ones that need the best I suggest a personal VPN with WireGuard or another open source protocol at home with tracker blocking.

 

[elvisimprsntr]

WireGuard seems more secure and lightweight compared to IPSec from what I remember. Why not that?

Because WG is not baked into Apple systems, thus requiring a third party app to be installed. pfSense supports IPSec config export and IPSec HW crypto. Use what ever you prefer.

For the average Apple user, all they read/hear is they need a privacy VPN from the shills on the internet, then unnecessarily shell out their hard earned coins because they do not have the skills or time to implement an alternative solution.

 

[TracerAnalog]

Thank you for your patience. So i go to a doctors office that offers patient wifi access to internet. In the waiting room I ok connecting to their wifi net, enter the bank website, w a https address, my activity is encrypted. OR use my iphone ISP data, sign into https bank website which is encrypted. So i never needed VPN to protect me from someone who breaks in & watches the doctors patient wifi net.

If you log in to a compromised or imposter network, all your internet traffic could be monitored (encrypted and all), or worse, redirected to fake (banking) websites… a VPN can tunnel you ‘out’ of the compromised network and hide all your internet traffic on said network. Also, VPNs act against things like super cookies stored by your ISP, but in return they could theoretically be stored by your VPN provider… so… yeah

 

[Wizec]

This is a good article about the limitations of VPNs on iOS:

iOS VPN leaks: why they happen and how to prevent exposure IPVanish

A problem causing iOS VPN leaks has recently resurfaced. Keep reading to learn precisely what is leaking and how to prevent them.

www.ipvanish.com