The leaking past the VPN thing is pretty obnoxious. There are people who may be subject to policy and/or regulatory requirements that don’t permit split tunnels (even if supposedly not in userspace), so it will be interesting to see what burdens the use of an OS that intentionally leaks data will place on certain companies. In contrast, it’s pretty funny that while they let their own data collection apps leak past a tunnel to call home, they do not let the link local ipv6 traffic that Sidecar uses leak past a non-split VPN; i.e. if I’m on corporate VPN, I can no longer connect my tablet as a Sidecar monitor to my Macbook because that traffic is blocked.
From: NANOG <[email protected]> on behalf of Mark Tinka <[email protected]> Organization: SEACOM Date: Tuesday, November 17, 2020 at 2:37 AM To: Saku Ytti <[email protected]> Cc: North American Network Operators Group <[email protected]> Subject: Re: Apple Catalina Appears to Introduce Massive Jitter - SOLVED! On 11/17/20 09:26, Saku Ytti wrote: https://support.apple.com/en-us/HT202491 I am not trying to make any argument, just wanted to add context. Yes, saw that too, and that post by Apple is also highlighted (and explained) in the same report. The Gatekeeper OCSP checks remain unencrypted. It still leave two glaring issues: * Apple are still not saying anything about their OS apps bypassing local firewalls and leaking our IP address and location past any VPN's we may be running on Big Sur. * The backdoor in iMessage's encryption that allows Apple and other "interested parties" to view our iMessage texts. Mark.
