iOS VPNs Are Broken.
Third-party VPNs made for iPhones and iPads routinely fail to route all network traffic through a secure tunnel after they have been turned on, something Apple has known about for years, a longtime security researcher has claimed.
Only if you feel a need to use a VPN.
@mcfate
Ok …yes.
But I do, on my iPad, when not on my own network.
Just pointing out that there are plenty of people to whom this admitted flaw is completely immaterial.
I don't use networks I don't control.
@mcfate @corlin
Yes, but there are a great number of people for whom this is a potentially serious issue. I am on a Wireguard tunnel back to my home network right now to take advantage of my filtering on the go. Sure, I could live without it.
But what if I was sending sensitive legal documents through a corporate VPN, for example? The fact that even some of the traffic can bypass the tunnel means what you thought was encrypted might actually be grabbed in the clear.
Yes, but I'm not one of those people.
If I were sending sensitive documents, I'd be encrypting the documents themselves. That's "due diligence".
I'm not paid to worry about the "vast majority" of people who don't take the measures I take.
@mcfate @corlin
The other thing that strikes me is that the tunnel bypass might go unnoticed if you are just using a site like https://dnsleaktest.com to check your DNS servers.
This looks bad folks.
The links on this story
https://www.macrumors.com/2022/08/18/vpns-for-ios-are-broken-says-researcher/
https://arstechnica.com/information-technology/2022/08/ios-vpns-still-leak-traffic-more-than-2-years-later-researcher-claims/
https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php
To date, roughly five weeks later, Apple has said virtually nothing to me. They have not said whether they tried to re-create the problem. They have not said whether they agree on this being a bug. They have not said anything about a fix.