At my level of government I can even see what your doing on a VPN so I wouldn’t worry. VPN’s aren’t as secure as the common folks think…
Ah I’m just screwing with you, you can take your tin foil hat off
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
VPNs for iOS Are Broken and Apple Knows It, Says Security Researcher
- Thread starter MacRumors
- Start date
- Sort by reaction score
Ah I’m just screwing with you, you can take your tin foil hat off
Throw the baby out with the bath water much?There we go, Apple and it’s fake privacy commitments, surely just a hard to fix bug “again”.
Apple lets some Big Sur network traffic bypass firewalls
Firewalls are “100% blind” to ~50 Apple apps and processes under undocumented change.arstechnica.com
MacOS Big Sur reveals Apple secretly hates your VPN and firewall
Apple apps in the latest release of macOS can bypass firewalls and VPNswww.techradar.com
While this is bug that should get fixed you have to recall that for the initial intent of VPN this is not really an issue. A VPN was designed and intended to make your machine look like it's on another network in another location. Ex: you're at home or on a sales call in the field and need to use the server or printer in the office.
"privacy" companies have cop-opted the VPN structure to route all your internet traffic through them as the "remote location", and may provide add-on features to make you feel more secure.
For the overwhelming majority of people, even if your traffic (likely https, or other SSL encrypted data) bypasses the VPN the only thing anyone between you an the server can see is that you are connecting to the server, the data itself is most likely still secure and private.
When you're "out and about" or in less than "pro privacy" locations a VPN will keep those snoopers from seeing what you're actually doing; but then again simply using a VPN may raise suspicions and investigation by the authorities
VPNs aren't the magic panacea of privacy that those who sell them to you want you to believe they are unless you 100% trust the admins there to not be snooping on you for thier own gains.
"privacy" companies have cop-opted the VPN structure to route all your internet traffic through them as the "remote location", and may provide add-on features to make you feel more secure.
For the overwhelming majority of people, even if your traffic (likely https, or other SSL encrypted data) bypasses the VPN the only thing anyone between you an the server can see is that you are connecting to the server, the data itself is most likely still secure and private.
When you're "out and about" or in less than "pro privacy" locations a VPN will keep those snoopers from seeing what you're actually doing; but then again simply using a VPN may raise suspicions and investigation by the authorities
VPNs aren't the magic panacea of privacy that those who sell them to you want you to believe they are unless you 100% trust the admins there to not be snooping on you for thier own gains.
So VPN companies have hawked their apps for years despite knowing fully well that they didn’t work very well on iOS, and it’s Apples fault that developers weren’t being 100% honest with us?
Is this seriously what you took from the article?
what did expect from an Apple apologist?
Apple has been weird with VPN's for a long time -- that's one reason I carry an android phone too, instead of just my iPhone. (also hotspot functionality)
when you connect to a VPN, iCloud private relay is disabled/bypassed automatically.
Fixed that for you.
If it's on the interWEBS or electronic or radio waves, or a regular phone, the government pretty much anywhere can hear it, see it, log it, and use it against you.
Maybe not in court where it would be subject to public scrutiny, but pretty much everything everywhere is monitored, recorded, logged, and searchable. You certainly should assume it is.
I'm not paranoid. Not saying I actually KNOW anything, or anyone, or any of that business, but.
If you're not meeting face to face out behind the old K-Mart that's about to get torn down in a week someone can see or hear it.
This article is referring to VPNs designed for privacy. Corporate VPNs are likely to work fine.
IF this is true, this throws the whole premise of Apple's pro-privacy stance right out the window. Apple needs to respond and rectify.
One day Apple will get there. They just gotta stick with it for a while. 🤣
In the UK the government requires ISPs to save the web names of the sites you visit. Supposedly they don't know what happens when you get there (as if...). As for average users seeing what I have done on the internet in spite of a VPN, I doubt what you say is true. The average user wouldn't even have a clue about what a VPN is.
Since iOS 15.3 or 15.4 my VPN will drop every now and then for no reason. Never used to happen before
The headline and the article are misleading (Horowitz's headline: "VPNs on iOS are a scam" is particularly misleading because that is not what his data show). As far as others could reproduce (check out some Ars comments), one issue is that pre-existing connections are not always broken and then routed through the VPNs. There are fixes to that if it's an issue for someone, although the fixes could be disruptive (severing all preexisting connections, connecting to a VPN, going back to all the connections).
The other issue is the "leaking" of some connections to Apple servers (and a couple other servers apparently). These leaks are specific connections to specific servers that are split and do not appear to go through the VPN. Most new connections, however, go through and stay within the VPNs (except in the limited instances covered in the article). Whether or not this is a legitimate security risk needs additional investigation. For almost everyone, it's not likely to be an issue.
/I'm not acting as an Apple apologist here -- it looks like something needs to be fixed and Apple engineers should fix it. All I'm doing is pointing out that the issue is much more nuanced than the headline and MR summary suggest. It's definitely not a "VPNs on iOS are a scam" or "VPNs for iOS are Broken" type of issue.
Last edited:
The premise has already been thrown out the window many times, because this is far from the first story I’ve seen here about vulnerabilities that get reported to Apple by security researchers that are ignored or take forever to get patched.
Privacy. That’s
Last edited:
The article wasn’t entirety clear on where the fault ultimately lay. So if VPN apps don’t work right on iOS, why then are the parent companies still offering them for sale on the iOS App Store, much less keeping quiet about it?
Noticed that myself: sessions established before the VPN is up, are continuing outside the VPN. This is kind of desired- for two reasons: 1) I have a download running, and it would interrupt the download; require re-authenticiation; and 2) Microsoft ware had serious issues with VPN.
Skype will crap out mid-conversation; unable to re-connect. Teams; Calendar and OSX Mail using 365 will freak out; and each (!) ask for MFA token. Then the same dance (MFA, one each for Teams, Skype, Calendar, Mail) will continue on the MBP and my iPhone. Have to use it for work. Crapsoft.
Skype will crap out mid-conversation; unable to re-connect. Teams; Calendar and OSX Mail using 365 will freak out; and each (!) ask for MFA token. Then the same dance (MFA, one each for Teams, Skype, Calendar, Mail) will continue on the MBP and my iPhone. Have to use it for work. Crapsoft.
I have experienced this problem before. I hope Apple gets it fixed.
That's not the issue. The VPNs work well (of course, it depends on the VPN provider). There are, however, some issues with the implementation in iOS that should be fixed. These issues are not major, however. I'll repeat, they really are not major issues (unless someone shows they are; what Horowitz and others have pointed out so far are not convincingly major issues). Anyone saying they are is blowing things out of proportion, making mountains out of molehills, catastrophizing, and so forth without showing data that suggest VPNs are worthless on iOS. What the data show so far is some connections to some servers do not appear to go through VPN connections.
Last edited:
It's good that other organizations are testing the OS to hold Apple accountable. They find security vulnerabilities (which led to 15.6.1) and now this with the VPN issue. Users should be aware that the VPN is leaking data, and that their communications may not be as secure as they otherwise would think. Users need to know not to have a false sense of confidence. All that being said, I like macOS, iPadOS, watchOS, and iOS.
Has anyone tested if the new IOS 15.6.1 and iPadOS 15.6.1 fixes this issue?
Security is in their DNA. Oh wait, it's just music that's in there. It's looking like the wall around the garden is just a chain-link fence.