Here’s a joke: “Privacy is a fundamental human right.” – Apple.
How Apple – the self-proclaimed saviour and protector of our privacy – could think of having an ‘exclusion list’ to bypass firewalls and VPNs is beyond me. But one thing we can all agree by now is Apple is not a ‘privacy company.’
We were warned about this even before Big Sur’s big launch. That could have been a bug – betas can be buggy. Apple’s own developer Russ Bishop said so – and later deleted the tweet. But with the final version out for a week now, it has became clear that it was an intentional and silent move by Apple to allow their own traffic to be in an ‘exclusion list.’ In a nutshell, this means Apple’s apps have unrestricted network access on Big Sur.
This renders Apple’s own statement on their Privacy page untrue. It’s not up to me when and with whom I share my information. In fact, I don’t have the choice on macOS Big Sur. A company that talks big about privacy doesn’t understand the term itself. Surprising?
Now folks at ProtonVPN have announced that their VPN is not affected by Big Sur’s changes. According to an entry on the VPN provider’s blog, “[ProtonVPN’s] macOS app works on a system level and prevents these Apple apps from bypassing our VPN’s firewall.” Being a system-level app, ProtonVPN does not rely on NEFilterDataProvider or NEAppProxyProvider and uses Packet Filter mechanism to enable Kill Switch. If the Kill Switch feature is turned on in the VPN app, any connections outside the VPN tunnel are prevented – including Apple’s apps in the ‘exclusion list.’
The Kill Switch feature plays an important role here. Without it, traffic initiated before the VPN connection is able to connect to the internet – and remain connected – outside the VPN tunnel. Enabling Kill Switch prevents this by requiring the VPN to be connected before any traffic could flow on the network. In case the VPN connection breaks, traffic stops immediately until it reconnects – preventing apps like Apples’ from taking advantage of it.
During the whole Apple privacy blunder and the company’s lame effort to cover it up, ProtonVPN’s update comes as a relief. I would like more VPNs and firewalls to give us similar updates. And more importantly, I would like Apple to come out and address this whole blunder in a way suitable for such a company. Until then, we can all laugh at Apple every time they mention ‘privacy.’