Not Apple. This is the US government deal of having backdoors.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 16 VPN Tunnels Leak Data, Even When Lockdown Mode Is Enabled
- Thread starter MacRumors
- Start date
- Sort by reaction score
Does anyone actually doubt that TC has sold out to the Chinese state and other entities in order to secure sales and operations in locations that don't accept actual privacy among communication?
Lockdown Mode doesn’t appear to be as locked down as we expected.
US Government backdoor scheme. Every US company needs to comply to do business in Tech. Check out Snowden whistleblower.Apple clearly doesn't want to fix this for some reason.
I read somewhere that if you enable VPN, then toggle Airplane Mode On then Off, existing connections will be dropped and then reconnected via VPN. Of course the VPN needs to establish a connection before anything else. I've no idea if that is 100% guaranteed though.
Last edited:
It works, and it was posted in here in a previous story. Well it works for my F1 TV app anyway. Before I knew about this ‘bug’ I actually thought the app had blocked VPN workarounds.
Both! It is a hard problem to solve if it was not thought of from the beginning, considering the iPhone has been around way before VPN's were popular for privacy it definitely was not built in.
I understand Apple being slow in fixing this, because it is not just about throwing resources and saying fix it. These problem's require a lot of thought to fix it the right way and bake it into the foundation.
At the sometime, the importance of VPN's for privacy is becoming very crucial and this should be at the top of their list.
I personally doubt it is though, because the majority users do not care and don't use a VPN for privacy.
Exactly. These pRiVaCy VPNs are just tunnel-all VPNs. For split tunnel vpn this is not a problem at all. Most use cases are split tunnel in the corp world. That’s why Apple doesn’t care. It’s amazing that people think VPN equals privacy, it doesn’t. If you don’t think these major VPN carriers are not letting the NSA into the data center one way or another ….I have a bridge to sell you. There are a lot more ways to track you even over a VPN. I doubt 99% people using VPNs for privacy have done anything else but fall for the marketing hype. There is no such thing as privacy anymore. This is a layer that has to be used with other layers. VPN is not a singular solution.
This is by design for System services in order to guarantee their integrity, in other words the VPN should only be used for user traffic
Last edited:
That's ok until system services leak user intent and metadata.
Apple’s response on this issue from August 2022:
Sounds like we’re going to need to get loud about this to get it fixed. Unfortunately, Apple has publicly ignored previous reporting on this issue. Apparently because it’s by design.
Sounds like we’re going to need to get loud about this to get it fixed. Unfortunately, Apple has publicly ignored previous reporting on this issue. Apparently because it’s by design.
Hmm the one conspiracy theory that hasn’t come up much is when the time comes that most Americans have iPhones ; the possibility that we all may be hacked by a foreign government and the apple servers are taken down and all communications of our iPhones is completely stopped; I wonder what will we do. Most of us having iPhones in this country eventually can lead to our day of reckoning. Privacy has never really been truly private even with iPhones btw.
When your iPhone connects to any WiFi, it will check if it’s a paid WiFi hotspot every single time. Even if it’s a private, personal hotspot or router.
(Example of paid hotspots: meaning hotspots at cafes, airlines, subscriber telecom provided, etc.)
It will override your iPhone’s existing VPN and DNS settings to ping captive.apple.com.
If captive.apple.com can’t be reached, it won’t connect to WiFi.
Cell carriers have Apple bake in “Managed Networks” that auto-connect by default.
For example, if you have T-Mobile, you likely have t-mobile hotspots as “Managed Networks” in Settings > WiFi > Edit (Top Right Corner) that auto-connect and can’t be removed. They’re silently installed with service.
Your iPhone will use “captive portal” and ping public hotspots at every location you are near.
To make matters worse “Auto-Join” resets every time you remove the SIM or turn off/on the eSIM (Settings > Cellular > “SIMs” > Toggle off/on “Turn on this SIM”
(Example of paid hotspots: meaning hotspots at cafes, airlines, subscriber telecom provided, etc.)
It will override your iPhone’s existing VPN and DNS settings to ping captive.apple.com.
If captive.apple.com can’t be reached, it won’t connect to WiFi.
Cell carriers have Apple bake in “Managed Networks” that auto-connect by default.
For example, if you have T-Mobile, you likely have t-mobile hotspots as “Managed Networks” in Settings > WiFi > Edit (Top Right Corner) that auto-connect and can’t be removed. They’re silently installed with service.
Your iPhone will use “captive portal” and ping public hotspots at every location you are near.
To make matters worse “Auto-Join” resets every time you remove the SIM or turn off/on the eSIM (Settings > Cellular > “SIMs” > Toggle off/on “Turn on this SIM”
Last edited:
So an Apple device has a few services that continue to communicate directly with Apple HQ, outside of a VPN tunnel that you launch for some secure browsing, watching a movie in another region, …
Sounds fine by design to me.
My family still knows where I am, my various Apple devices still work together, Apple knows my device isn’t stolen, …
Sounds fine by design to me.
My family still knows where I am, my various Apple devices still work together, Apple knows my device isn’t stolen, …
Apropos of nothing, it seems the Pixel 7 scored higher on device security by an independent auditor than the iPhone 14, though you can reasonably quibble with the pertinence of their criteria.
Not only TC, but every CEO in every company in America. There’s not one that will tell you, convincingly, that they have NOT sold out to the Chinese state. That’s proof right there.
That's really interesting. I work as a QA Engineer at another somewhat big tech company and this happens to us at times too. That said we do eventually fix stuff if it isnt a regression, but it is prioritized lower depending on impact to the customer/how much pain it has caused. Alot of bugs that exist over multiple release cycles tend to not be blockers or driving much frustration for the average user so they inherently make their way to a backlog.
I just think the use of the word VPN or Virtual Private Network is being misused by marketers. Just because you encrypt some traffic and not other traffic it is not creating a genuinely logical virtual private network (except when you consider cases of split tunneling) but technicalities aside. They should just talk about what traffic is encrypted and what isn’t. Or find a new name rather than calling it a VPN. The implications and expectations are too vast.
And if they are trying to implement a proper vpn then they should do it PROPERLY.