MacOS sometimes leaks traffic after system updates

> In this scenario the macOS firewall does not seem to function correctly and is disregarding firewall rules ... Some examples of apps that do this are Apple’s own apps and services since macOS 14.6, up until a recent 15.1 beta.

This is not new - every time I update macOS, some of the system settings are changed to default including some in the firewall. And I have to painstakingly go through all of it and change it. Also, the few times I've reinstalled or updated macOS, I've always noticed that it takes longer for the installation if your system has access to the internet - so now I've made it a practice to switch of the router while installing or updating macOS or ios. (With all the AI bullshit being integrated everywhere in Windows, macOS and Android etc., I expect this kind of "offloading" of personal data, and downloading of data, to / from AI servers to keep increasing, especially during updates, to "prepare" for the new AI features in the newer OS updates. No internet means the installer is forced to skip it for later, saving you some valuable time, and hopefully you get to change the default setting before it starts up again. Whatever the claims of AI processing done on the Mac or iDevices itself, some "offloading" to their servers, will still happen, especially if the default settings - which you can change only after the OS is installed - also enables analytics and data collection.)

(More here https://news.ycombinator.com/item?id=26418809 and on this thread - https://news.ycombinator.com/item?id=26303946 ).

If you want leak-proof VPN, you need to implement it outside of your device, at the router level. This is true for any device but Apple devices in particular.

I highly recommended sniffing the traffic on the wire and piping it through wireshark. You can do this with a router, or a passive Ethernet tap. You’ll see a bunch of packets going to places other than your VPN entrypoint. If you use a router, you can check your mobile for leaks too. (Did you know if you have WiFi calling enabled, then your phone makes a TCP connection to a sensor server controlled by your ISP every 30 seconds? So if you’ve got T-Mobile and you’re abroad, not even using it as your default SIM, they’ll get a nice log of every exit IP you use.)

Apple’s seeming embrace of support for VPN and network filtering extensions is a red herring, because they’ll happily disable it for their own traffic.

On iOS, the App Store will skip any VPN, and similarly Apple will even block you from downloading updates if you’re on a VPN. I only realized this when I used my wireless router with VPN on it and updates failed to download.

On Mac, there are a bunch of issues, especially on first boot. It seems like the Mac will refuse to establish the VPN until it can make one connection outside of it. I encounter this when my computer wakes from sleep and the on-demand wireguard tunnel (using Cloudflare Warp) fails to send packets. I unplug my Ethernet, disable always-on, wait 30 seconds (for some timeout?), re-enable always-on, and then plug in the Ethernet and in connects. But I’m not actually sure this isn’t leaking, I need to investigate more.

it also leaks the audio of tabs before logging in.

Even though I had disabled all 'restore' applications features, macos sometimes decides to 'start' browsers BEFORE logging in after a restart AND those start auto-playing audio from whatever was paused before the reboot (or many days before).

Since then I went rather deep disabling that feature, but I never trusted it.

The article has today's date on it, but I could swear I read this exact same article a month ago...

I've heard NixOS is good, but I guess I still need a GUI os because of browser and some apps I use regularly. I would love to get out of the macOS world, its going to a bad place. Seems like I've configured my whole digital life around apple.

> Unfortunately apps are not required to respect the routing table

Insane. Why even have one or expose it to the user if it's just suggestive fiction?

Vendors really need to stop privileging themselves on users machines.

The first boot after a macOS system update has long been bugged out. It launches a bunch of apps you didn’t even have open before updating, seems to be the 5-10 most recent apps you quit. Yes they were fully quit, yes I have the “resume” setting off. It also doesn’t do a resume, it launches them, i.e. tells them to create new windows, and it launches them before it finishes mounting disks, resulting in every update being followed by all my most used apps appearing out of nowhere and telling me all my config and data is gone. It doesn’t really matter, you just reboot again and you’re good, it’s just careless and makes the OS feel unstable. Maybe the firewall thing is unrelated, maybe it finally forces Apple to fix the bug, we’ll see.