Using WireGuard app vs. native VPN app on iPhone

[Hudiniyo]

Hi all,

I have two nooby questions regarding using vpn on iPhone:

i) Is that true that even if I use the WireGuard app on iPhone, iOS (apple) still can "call home" outside the VPN tunnel?

ii) Does it change anything if I use some vendor's vpn app for iPhone (like proton vpn, ivpn etc.)? Or in other words, is there any advantage in using a vpn app provided by the vpn provider?

Thanks in advance!

 

[L&LD]

i) Yes, Apple will circumvent anything they seemingly allow you to do.

ii) Yes, by using a vendor's 'app', you've given away more of your privacy and have an additional attack vector open on your device. Even if it's not from that 'app' author itself, others may still leverage it to compromise your phone.


What are you expecting VPN to do for you? Unless you control both ends of the VPN tunnel (and do not venture outside of that tunnel to go surf, for example, 'google.com', there is no protection/security or privacy provided.

 

[Tech9]

iOS (apple) still can "call home"

What is your concern? Mobile devices rely on online services. This is how they work.

 

[Hudiniyo]

L&LD, Thank you for your response and sorry for not replying sooner!

i) Yes, Apple will circumvent anything they seemingly allow you to do.

i) So basically, using a vpn on an iPhone/iPad, doesn't prevent Apple from ignoring it.. which means that: a) Apple will know my true ip address anyway, and b) theoretically, it can see all the not encrypted data transferred over the cellular network \ wifi.

Am I right?

ii) Yes, by using a vendor's 'app', you've given away more of your privacy and have an additional attack vector open on your device. Even if it's not from that 'app' author itself, others may still leverage it to compromise your phone.

As for using the wireguard app vs using a vpn vendor's dedicated app:

Okay. I understand that any app I install, adds an attack vector. But from this perceptive, theoretically, there shouldn't be a difference between installing the wireguard app and some vpn vendor's app. Am I right?

On the one hand, it feels weird (privacy-wise) installing a vpn app on my phone which is associated with my phone number.. But if I trust the vpn provider when it comes to my network traffic, shouldn't I also trust it with the iPhone app... ?

On the other hand, shouldn't a dedicated vpn app be much more reliable in maintaining a vpn tunnel and provide more configurations (comparing to the wireguard app), the main of which is a kill switch option (which does not exist in the wireguard app)?

However, given your response above, now I'm not sure that a kill switch option can be implemented in IOS...

I would like to hear your opinion on this.

What are you expecting VPN to do for you? Unless you control both ends of the VPN tunnel (and do not venture outside of that tunnel to go surf, for example, 'google.com', there is no protection/security or privacy provided.

I use a vpn mainly as an additional layer of privacy. First off all, I trust my vpn provider more than I trust my ISP when it comes to privacy. I do not engage in any illegal activity, but I just do not want my ISP to know and log everything I do online. Secondly, I do not want any site I visit to know my ip address (I know, sites can still fingerprint me and probably there is not much I can do to prevent it entirely, but it is my understanding that practicing some privacy-wise online habits, can make it harder).

In other words, is there any point in using a vpn at all (if not for watching Netflix content from another county)?

I know, that at this point, most of you think that I am paranoid for asking all these questions..

Thank you !

 

[Hudiniyo]

What is your concern? Mobile devices rely on online services. This is how they work.

This is a good question. Generally, I want to understand if there is any benefit in using a vpn for someone who wants to increase his online privacy.

Thanks.

 

[L&LD]

ia) Yes.

ib) Yes, there is no point in a VPN. Particularly on a 'walled garden' OS like iOS.

What makes you trust any paid-for VPN provider? Their loyalties lie on the bottom line (i.e. profits) not providing you with anything 'real' in terms of security or privacy, which is an illusion they sell to coerce/scare you into giving them your money. Yes, you can watch 'dumb' TV shows from another country. But the cost is far greater than that superficial benefit.

A VPN is only offering security and privacy when the traffic you generate is contained wholly within the tunnel it creates. That is great if all you want to do is within that tunnel (and now, you're 100% trusting that VPN provider).

The moment you leave that tunnel and go to the actual website/server you want to engage with: security and privacy go out the window.

Drop the paid-for VPN. Save your money. Be more discerning about which websites you visit and what links you click. That will keep you more secure than any paid-for VPN has the capacity to do.

If you're online, you're not 'private' or 'secure', but you can minimize your attack area. Not using 'apps' is a big step in that direction, IMO. As is not using mobile devices to browse with (which, because everything is an 'app' there, you have 100% no control over, (even if options are exposed that say you do).

Is a paid-for VPN a benefit for anyone to ensure/increase an individual's online privacy? NO. That is simply a fallacy and scare tactic that those same companies use to get you to part with your money.

Put another way, even if the VPN provider was my own family, I wouldn't use it, (and I would otherwise trust them implicitly). Why? Because they host no servers that I need/want to interact with (i.e. they are not the internet, and the actual surfing happens outside of the VPN tunnel, no matter who controls it).

 

[Tech9]

I want to understand if there is any benefit in using a vpn for someone who wants to increase his online privacy

Commercial VPN services are more like proxies. You can change your exit point and watch different region content; you can use them as better option in airports, hotels, other public Wi-Fi; some people download torrents and hide the activity from the ISP, etc. You don't get more online "privacy" though. You just change one ISP with another (with better promises) and pay both. Then you deal with inconveniences. You will get services refused (VPN servers are well known), you will get more authentication screens, your Internet will be slower, inconsistent (server load dependent) and with higher latency.

 

[sfx2000]

Hi all,

I have two nooby questions regarding using vpn on iPhone:

i) Is that true that even if I use the WireGuard app on iPhone, iOS (apple) still can "call home" outside the VPN tunnel?

ii) Does it change anything if I use some vendor's vpn app for iPhone (like proton vpn, ivpn etc.)? Or in other words, is there any advantage in using a vpn app provided by the vpn provider?

Thanks in advance!

The official WG app for iOS is fine - that being said, apps for push notification, etc - they'll go thru the tunnel, just like Android.

The office OpenVPN client is similar here.

Just be aware of this...

Third party apps from the VPN providers - it's really up to them...

Remember - commercial VPN service is not private, it's a proxy service - your source IP can still determined, and so can the destination IP's...

 

[Hudiniyo]

Thank you for the detailed response!

A VPN is only offering security and privacy when the traffic you generate is contained wholly within the tunnel it creates. That is great if all you want to do is within that tunnel (and now, you're 100% trusting that VPN provider).

The moment you leave that tunnel and go to the actual website/server you want to engage with: security and privacy go out the window.

Ok, understood.

Drop the paid-for VPN. Save your money. Be more discerning about which websites you visit and what links you click. That will keep you more secure than any paid-for VPN has the capacity to do.

Noted, thanks.

If you're online, you're not 'private' or 'secure', but you can minimize your attack area. Not using 'apps' is a big step in that direction, IMO. As is not using mobile devices to browse with (which, because everything is an 'app' there, you have 100% no control over, (even if options are exposed that say you do).

I guess that I'm lazy, but I find it hard not to use my cell phone \ iPad for browsing..

Is a paid-for VPN a benefit for anyone to ensure/increase an individual's online privacy? NO. That is simply a fallacy and scare tactic that those same companies use to get you to part with your money.

I get it. I'm just very surprised that people pay for commercial vpn services (I doubt it that all they want is accessing Indian Netflix, for example). The strangest thing is, that usually the more advanced users use vpn services.

Put another way, even if the VPN provider was my own family, I wouldn't use it, (and I would otherwise trust them implicitly). Why? Because they host no servers that I need/want to interact with (i.e. they are not the internet, and the actual surfing happens outside of the VPN tunnel, no matter who controls it).

To conclude - so you are not recommending using a commercial vpn provider for browsing the internet (or anything which is outside the vpn tunnel). Would you recommend using TOR? If so, then only for onion sites or for the clear web also?

Given your explanation, I assume your recommendation remains the same regarding using a commercial vpn service on a pc (and not on an iPhone\iPad).

Thank you!

 

[Hudiniyo]

You just change one ISP with another (with better promises) and pay both.

Some people say that they prefer to trust a service provider with some promises (and maybe some independent audits results) than an ISP, with no promises or privacy audits.

Thanks.

 

[Hudiniyo]

The official WG app for iOS is fine - that being said, apps for push notification, etc - they'll go thru the tunnel, just like Android.

The office OpenVPN client is similar here.

Just be aware of this...

What does it mean? That only apps that are based on push mechanism will go thru the tunnel, but not some apps that run in the background silently ?

Third party apps from the VPN providers - it's really up to them...

Remember - commercial VPN service is not private, it's a proxy service - your source IP can still determined, and so can the destination IP's...

"your source IP can still determined" - it is known to the vpn provider, but it should not be known to anyone else (unless there is some misconfiguration or ip leak).

"and so can the destination IP's.." - I understand that it is known to the vpn service provider and to the destination.

Could you explain please?

Thank you.

 

[sfx2000]

"your source IP can still determined" - it is known to the vpn provider, but it should not be known to anyone else (unless there is some misconfiguration or ip leak).

Applications leak it - using WiFi calling is a good example here...

 

[Tech9]

Some people say

Some people trust advertisements blindly.

 

[L&LD]

Thank you for the detailed response!

I guess that I'm lazy, but I find it hard not to use my cell phone \ iPad for browsing..

I get it. I'm just very surprised that people pay for commercial vpn services (I doubt it that all they want is accessing Indian Netflix, for example). The strangest thing is, that usually the more advanced users use vpn services.

To conclude - so you are not recommending using a commercial vpn provider for browsing the internet (or anything which is outside the vpn tunnel). Would you recommend using TOR? If so, then only for onion sites or for the clear web also?

Given your explanation, I assume your recommendation remains the same regarding using a commercial vpn service on a pc (and not on an iPhone\iPad).

Thank you!

You're welcome.

If you really want to be more secure/private, then don't use mobile devices (that track your every breath). Your choice, but now you know.

I'm surprised that people get duped and pay for commercial VPNs too, but they're certainly not 'advanced users', in my experience. Anyone who understands how the internet works/is based on, drops the VPN they're paying for if they need it for anything other than showing they're browsing from another location than the one they're in (and even for the latter case, the reasons to use one is very weak, IMO).

TOR is worse (you really don't know who you're trusting/connecting to, at all).

A commercial VPN is just modern snake oil for the promises offered. The internet just doesn't work like they want you to think it does. They just want your $$$$, as any good Corp does. No matter what device you're using (walled garden, PC, or app/account-based handhelds).

Save your money, only go online if/when necessary. Don't travel with handheld devices, don't allow/use IoT devices on your network. And you'll be far 'safer' and 'private' than when using any commercial VPN.

And if you are addicted to handheld devices, and social media. Your soul is already sold.

 

[Hudiniyo]

You're welcome.

If you really want to be more secure/private, then don't use mobile devices (that track your every breath). Your choice, but now you know.

I'm surprised that people get duped and pay for commercial VPNs too, but they're certainly not 'advanced users', in my experience. Anyone who understands how the internet works/is based on, drops the VPN they're paying for if they need it for anything other than showing they're browsing from another location than the one they're in (and even for the latter case, the reasons to use one is very weak, IMO).

TOR is worse (you really don't know who you're trusting/connecting to, at all).

A commercial VPN is just modern snake oil for the promises offered. The internet just doesn't work like they want you to think it does. They just want your $$$$, as any good Corp does. No matter what device you're using (walled garden, PC, or app/account-based handhelds).

Save your money, only go online if/when necessary. Don't travel with handheld devices, don't allow/use IoT devices on your network. And you'll be far 'safer' and 'private' than when using any commercial VPN.

Thank you very much!

And if you are addicted to handheld devices, and social media. Your soul is already sold.

p.s. I stopped using social networks a few years ago

 

[Skeptical.me]

You're welcome.

If you really want to be more secure/private, then don't use mobile devices (that track your every breath). Your choice, but now you know.

I'm surprised that people get duped and pay for commercial VPNs too, but they're certainly not 'advanced users', in my experience. Anyone who understands how the internet works/is based on, drops the VPN they're paying for if they need it for anything other than showing they're browsing from another location than the one they're in (and even for the latter case, the reasons to use one is very weak, IMO).

TOR is worse (you really don't know who you're trusting/connecting to, at all).

A commercial VPN is just modern snake oil for the promises offered. The internet just doesn't work like they want you to think it does. They just want your $$$$, as any good Corp does. No matter what device you're using (walled garden, PC, or app/account-based handhelds).

Save your money, only go online if/when necessary. Don't travel with handheld devices, don't allow/use IoT devices on your network. And you'll be far 'safer' and 'private' than when using any commercial VPN.

And if you are addicted to handheld devices, and social media. Your soul is already sold.

Wow, I must be a sucker. I use a VPN for downloading from Usenet and streaming DirecTV from Australia. And I'm on Twitter every day, surf websites on all my pc's/devices. And have IoT devices attached to my network. But I couldn't give two hoots about privacy anymore. I'm just not that interesting, and I'm broke, lol.