The leaking past the VPN thing is pretty obnoxious. There are people who may be subject to policy and/or regulatory requirements that don’t permit split tunnels (even if supposedly not in userspace), so it will be interesting to see what burdens the use of an OS that intentionally leaks data will place on certain companies. In contrast, it’s pretty funny that while they let their own data collection apps leak past a tunnel to call home, they do not let the link local ipv6 traffic that Sidecar uses leak past a non-split VPN; i.e. if I’m on corporate VPN, I can no longer connect my tablet as a Sidecar monitor to my Macbook because that traffic is blocked.

From: NANOG <nanog-bounces+dhubbard=dino.hostasaurus.com@nanog.org> on behalf of Mark Tinka <mark.tinka@seacom.com>
Organization: SEACOM
Date: Tuesday, November 17, 2020 at 2:37 AM
To: Saku Ytti <saku@ytti.fi>
Cc: North American Network Operators Group <nanog@nanog.org>
Subject: Re: Apple Catalina Appears to Introduce Massive Jitter - SOLVED!

On 11/17/20 09:26, Saku Ytti wrote:

https://support.apple.com/en-us/HT202491
I am not trying to make any argument, just wanted to add context.

Yes, saw that too, and that post by Apple is also highlighted (and explained) in the same report.

The Gatekeeper OCSP checks remain unencrypted.

It still leave two glaring issues:

Apple are still not saying anything about their OS apps bypassing local firewalls and leaking our IP address and location past any VPN's we may be running on Big Sur.

The backdoor in iMessage's encryption that allows Apple and other "interested parties" to view our iMessage texts.

Mark.