[HN Gopher] Big no on Big Sur: Mullvad disallows Apple apps to b... ___________________________________________________________________ Big no on Big Sur: Mullvad disallows Apple apps to bypass firewall Author : Semaphor Score : 59 points Date : 2020-11-16 18:55 UTC (2 hours ago) (HTM) web link (mullvad.net) (TXT) w3m dump (mullvad.net) | varispeed wrote: | It is a matter of time Apple will block it. They are thirsty for | your personal data and they need to know everything you do on | their computer. They also need to control what you can or cannot | open. You are just not smart enough in Apple eyes to use a | computer on your own. On a side note, if I was an Apple customer | I'd start making GDPR complaints. Surely just because a OS is not | a web app it doesn't mean it can violate privacy in such brazen | way. | judofyr wrote: | > They are thirsty for your personal data and they need to know | everything you do on their computer. | | This is completely opposite of what Apple does, no? Out of all | of the tech giants (Microsoft, Facebook, Google) it's my | impression that Apple is the one that sends the least amount of | data to their own servers. | pwinnski wrote: | Does this mean that MacOS packet filtering _does_ work as | expected, and can block any /all traffic, including traffic to | Apple? That's good, and what I would hope, but then I'm a little | confused about what nastiness Apple is doing in Big Sur related | to firewalls. | | Time to dig in, I guess. | pram wrote: | That problem is different: whitelisted Apple traffic is not | able to be dectected/stopped by _third party_ software using | the new userland network APIs (that replaced kexts) | gruez wrote: | >whitelisted Apple traffic is not able to be | dectected/stopped by third party software using the new | userland network APIs (that replaced kexts) | | This sentence suggests that there's no way to filter/vpn | whitelisted traffic, but this is clearly not the case, as | evidenced by this article. Furthermore, it's still possible | to block/filter traffic on a whole machine basis by using the | Packet Tunnel Provider API. | | https://news.ycombinator.com/item?id=25113039 | pram wrote: | You have poor reading comprehension if you think thats what | I said. | floatingatoll wrote: | macOS _packet_ filtering continues to work in Big Sur, as it | did in previous releases of macOS. | | macOS _content_ filtering changes in Big Sur as per any of the | articles posted each day for the past week or so. | | The content filtering API can see which user/app originated the | traffic, as it's running higher up in the stack; the packet | filtering API cannot, as it's running lower down in the stack. | whazor wrote: | A VPN provides internet connectivity, therefore it is more like | a partially broken internet connection instead of a firewall. | Semaphor wrote: | While I never used anything Apple, I'm a Mullvad user. This just | popped up in my RSS feed and I thought it would be relevant. | beervirus wrote: | This is just an ad. | gruez wrote: | AFAIK it's nothing to do with mullvad specifically. Using the | generic openvpn/wireguard client (or other VPN service's client | that are based on those clients) should also be fine. The only | thing that might be an issue would be VPN apps that implement | split/per-app tunneling. ___________________________________________________________________ (page generated 2020-11-16 21:01 UTC)