Our goal at NordVPN is to provide our customers with intuitive experiences, ease of access, and the most advanced VPN features in the industry. We take pride in our continuous focus on security; however, sometimes, it comes with the cost of building a terrible feature. Here's why.
We recently found ourselves facing a Catch-22 situation, when, due to bugs in Apple's VPN API configuration, we had to choose to either sacrifice our users' experience with the app or, under certain scenarios, put a risk on their security or privacy. We believe such a choice should never occur in the first place, and we suspect that a global tech powerhouse often boasting about its focus on users' privacy understands this as well. As of yet, we are saddened by the fact that our pleas for Apple to implement the necessary fixes on their operating systems continue to be acknowledged yet bafflingly ignored.
Being limited in what we can do on our side, we decided to offer a feature that, while aiming to offer the best possible solution security-wise, radically differs from our vision of an intuitive and smooth experience users should expect from their cybersecurity provider.
Stay invisible on a local network feature is our way to mitigate the TunnelCrack and TunnelVision vulnerabilities present in the VPN industry. In the case of TunnelCrack, certain routers may be configured in a way where they leak VPN traffic when using non-RFC1918 IP addresses, which is an industry-wide issue and only applies to macOS and iOS platforms. TunnelVision attack, in general, is a network technique that uses an operating system's dynamic host configuration protocol (DHCP) to try to route the traffic outside of the VPN's tunnel.
For our macOS VPN clients, the “Stay invisible on a local network” feature automatically sets the appropriate API parameters and alerts users when connected to an unsafe network, mitigating the VPN traffic leak on macOS. We have also built an unsecured network detection feature that will detect non-RFC1918 IP ranges, notify about possible risks, and inform users to enable “Stay invisible on a local network.” On iOS, the app will also inform users when they connect to an unsecured network through push notifications and in-app messages. The feature was fully released by the beginning of August 2023.
In contrast, our iOS VPN clients present more considerable challenges due to issues within Apple's implementation of the API parameters. Notably, in iOS versions 14.2 and above, enabling the "Stay invisible on a local network" feature causes internet connections to crash under certain conditions. It also prevents our VPN application from receiving client updates, leading to user internet connection crashes when updates are released.
The NordVPN team hopes that this inevitably crude solution for an impossible situation will, for the time being, offer sufficient data privacy for our users and – at the same time – prompt Apple to implement the necessary changes faster.
What OS are impacted?
The TunnelCrack and TunnelVision vulnerabilities affect our macOS and iOS VPN clients, while our Android, Linux, and Windows clients were immune due to implemented mitigations.
NordVPN Linux and Windows applications can configure the OS's firewall to prevent any traffic from exiting the device except through the VPN tunnel.
What connectivity limitations are put in place when this feature is turned ON?
With the feature turned ON, users cannot access other network devices, such as computers, printers, or TVs. The feature also blocks AirDrop usage.
What experience-breaking effects can users expect?
Enabling the feature in iOS 16.4 and later versions can prevent the NordVPN application from receiving client updates, leading to crashes of the user's internet connection when updates are released. Once users are cut off from the internet, the only solution is a device restart.
How can users ensure the safety of their data in NordVPN apps?
NordVPN apps do not leak traffic under any known circumstances if the Stay invisible on a local network and Kill Switch features are enabled within the app settings menu. It’s important to note that the feature is only available to iOS versions 16 and above. Visual instructions on how to enable the feature on iOS or how to enable this feature on macOS.
Does the feature protect users from TunnelVision utilizing Option 121, too?
Yes, it does.
Can NordVPN provide a bug-free solution without Apple's input?
No. Unfortunately, the bugs that come with using our feature are beyond our control. Apple's team has confirmed the bugs' existence and gave no clear timeline for their resolution.
What else can users do to ensure a better experience using this feature?
We believe that sufficiently maintained digital security is a collective effort. While we will continue searching for better solutions within our capacity, we are adamant that Apple needs to address the urgent issues of significant bugs in their operating systems. We invite everyone who is not indifferent to user privacy and security issues to keep pressuring Apple to fix its shortcomings in VPN API service.