All iOS VPNs are worthless and Apple knows it, claims researcher

13»

Comments

  • Reply 41 of 43
    elijahgelijahg Posts: 2,854member
    elijahg said:
    Obviously this idiot has never seen the exemption lists of MANY VPN clients, even those outside iOS ecosystem, such as Windows and macOS...

    Take Cisco AnyConnect, do you know how many domains are in the default tunnel exemption list that end users CANNOT modify?!?!

    The guy making these claims is so full of shit it's not even funny. I have yet to see ONE SINGLE COMMERCIAL VPN service that totally routes 100% of connections via the tunnel, except for my own OpenVPN server I run, which I have setup to route ALL traffic, and it actually does, even on iOS!
    Except it doesn’t, due to this bug. Which shows you don’t actually have any idea whether your OpenVPN tunnel really does tunnel all data or not. 
    Uh, yeah I do; I run my OpenVPN server on a Ubiquity EdgeOS router, and I have DPI enabled, and can instantly see when a device connected to it is routing all data via the tunnel, or directly outside the tunnel.

    Nice try, this isn't a bug, but a legit feature being exploited against it's true intent in order to turn a profit. Remember, WE ARE THE PRODUCTS for these capitalists, not the other way around.
    Considering you don't even know how Ubiquiti is spelt, I wouldn't be so cocksure. Also EdgeOS's DPI only reports on what it can inspect, not what it can't. So an encrypted non-HTTPS/TLS connection doesn't show.
  • Reply 42 of 43
    magman1979magman1979 Posts: 1,301member
    elijahg said:
    elijahg said:
    Obviously this idiot has never seen the exemption lists of MANY VPN clients, even those outside iOS ecosystem, such as Windows and macOS...

    Take Cisco AnyConnect, do you know how many domains are in the default tunnel exemption list that end users CANNOT modify?!?!

    The guy making these claims is so full of shit it's not even funny. I have yet to see ONE SINGLE COMMERCIAL VPN service that totally routes 100% of connections via the tunnel, except for my own OpenVPN server I run, which I have setup to route ALL traffic, and it actually does, even on iOS!
    Except it doesn’t, due to this bug. Which shows you don’t actually have any idea whether your OpenVPN tunnel really does tunnel all data or not. 
    Uh, yeah I do; I run my OpenVPN server on a Ubiquity EdgeOS router, and I have DPI enabled, and can instantly see when a device connected to it is routing all data via the tunnel, or directly outside the tunnel.

    Nice try, this isn't a bug, but a legit feature being exploited against it's true intent in order to turn a profit. Remember, WE ARE THE PRODUCTS for these capitalists, not the other way around.
    Considering you don't even know how Ubiquiti is spelt, I wouldn't be so cocksure. Also EdgeOS's DPI only reports on what it can inspect, not what it can't. So an encrypted non-HTTPS/TLS connection doesn't show.
    Really? That's the best you can do? Pick up on a spelling mistake and hurl an insult my way for it? Really good pal...

    Oh, and BTW, determining whether a device is leaking data outside the VPN tunnel isn't rocket science (despite you inferring this cannot be done with EdgeOS DPI). It's quite simple really; if you're connected to a VPN that is supposed to route 100% traffic via the tunnel, and the DPI shows any connections initiated to/from the device that are outside the tunnel (regardless of encryption protocol used), then you know it's leaking data.

    Also, we use Cisco firewalls at work, and I have even deeper reporting on that tech, and it too shows that when I use my OpenVPN server there is no data leakage because it's properly configured, whereas with another VPN it does show the leakage, so it's not a BUG. And Apple just clarified that they do have an API flag that can allow VPN devs to force all connections via the tunnel if implemented, but it seems most VPN app devs aren't implementing the flag, so this whole "controversy" is essentially mute, as it's not Apple at fault, but as usual, lazy, monetization-driven devs.
  • Reply 43 of 43
    elijahgelijahg Posts: 2,854member
    elijahg said:
    elijahg said:
    Obviously this idiot has never seen the exemption lists of MANY VPN clients, even those outside iOS ecosystem, such as Windows and macOS...

    Take Cisco AnyConnect, do you know how many domains are in the default tunnel exemption list that end users CANNOT modify?!?!

    The guy making these claims is so full of shit it's not even funny. I have yet to see ONE SINGLE COMMERCIAL VPN service that totally routes 100% of connections via the tunnel, except for my own OpenVPN server I run, which I have setup to route ALL traffic, and it actually does, even on iOS!
    Except it doesn’t, due to this bug. Which shows you don’t actually have any idea whether your OpenVPN tunnel really does tunnel all data or not. 
    Uh, yeah I do; I run my OpenVPN server on a Ubiquity EdgeOS router, and I have DPI enabled, and can instantly see when a device connected to it is routing all data via the tunnel, or directly outside the tunnel.

    Nice try, this isn't a bug, but a legit feature being exploited against it's true intent in order to turn a profit. Remember, WE ARE THE PRODUCTS for these capitalists, not the other way around.
    Considering you don't even know how Ubiquiti is spelt, I wouldn't be so cocksure. Also EdgeOS's DPI only reports on what it can inspect, not what it can't. So an encrypted non-HTTPS/TLS connection doesn't show.
    Really? That's the best you can do? Pick up on a spelling mistake and hurl an insult my way for it? Really good pal...

    Oh, and BTW, determining whether a device is leaking data outside the VPN tunnel isn't rocket science (despite you inferring this cannot be done with EdgeOS DPI). It's quite simple really; if you're connected to a VPN that is supposed to route 100% traffic via the tunnel, and the DPI shows any connections initiated to/from the device that are outside the tunnel (regardless of encryption protocol used), then you know it's leaking data.
    No my friend, aside from pointing out your "mistake", I quite clearly stated to you that EdgeOS's DPI doesn't show data it doesn't recognise. There was no inference. And there were no insults, please do point out where I insulted you?

    Also where did I claim sniffing the data on a PHY was "rocket science"? I simply pointed out that you incorrectly believe EdgeOS's DPI shows all traffic, when it does not. As a reminder, you said "I have DPI enabled, and can instantly see when a device connected to it is routing all data via the tunnel, or directly outside the tunnel." This is false on EdgeOS. Aside from that, if you have Cisco firewalls at work, why even mention the rather less sophisticated EdgeOS's DPI at all? Nothing to do with you inventing that particular justification due to your claims being false, then. Seems a bit odd too that you have your own VPN, plus a leaky commercial one. Why? All seems very convenient. 

    Also, all this rubbish about monetisation driven blah blah is entirely conjecture on your part. 

    Just as an aside, randomly capitalising words doesn't make what you say truthful.
    muthuk_vanalingam
Sign In or Register to comment.