# Apple pulling VPN apps



## Phishfry (Jul 30, 2017)

This is going to leave quite a few of our friends in the dark.

https://www.thebeijinger.com/blog/2...e-china-mainland-techies-bemoan-removal-major

I now respect Google for pulling out instead of bowing to Communist pressure.

Funny how Apple snubs a US terrorist investigation yet kisses ass to some Commies.

Might be time to break them up. Too big and monopolistic.


----------



## ralphbsz (Jul 30, 2017)

I don't see any market where Apple has a monopoly.  If you don't like their behavior, you are free to not buy their products.

P.S. I haven't thought about the details of this VPN thing; don't know whether I like or dislike it.


----------



## obsigna (Jul 30, 2017)

The story is a bit more complicated than Apple is the willing Collaborator of a Tyranny.

Companies are bound to local laws, and of course cannot opt out of those regulations which they and/or their customers don't like. For example, Volkswagen tried it, and learned the hard way that regimes don't tolerate any creativity in regulation bypassing.

Quite obviously, Apple got 3 choices:

try in China what Volkswagen tried in the U.S., and quite probable share a similar destiny,
close the App Store in China,
remove the Apps from VPN companies, which did not apply for and received a VPN license for the Chinese territory.
Regarding VPN, iOS comes with 4 built-in VPN clients, L2TP/IPsec, PPTP, IKEv2-IPsec, and Cisco-IPsec. These are not removed. The affected 3rd-party services rely on OpenVPN. The technical implication is, that OpenVPN is usually operated on the https port 443, and you cannot block this on the port level if you don´t want to block the whole https traffic. The other VPN services are running on dedicated ports, usually UDP 500, 4500 or TCP 1723, and at the great firewall these VPN services can be stopped completely by blocking any traffic on these ports.

Besides China, another view is, that many of these OpenVPN services install a root certificate on the iOS system. I guess 99 % of the users are not aware, that with a root certificate in place any 443 traffic may be intercepted by the VPN operator. See also https://blog.malwarebytes.com/threa...tising-on-ios-pushes-eyebrow-raising-vpn-app/

Note, I don´t say they actually do intercept, I state that it is possible to intercept. In the free world, we want to opt for installing our VPN service on our FreeBSD home server. This won't help in China though.

Apple is well aware of that problem, and removed VPN based ad-blockers from the App Store world wide, because of the risk of privacy abuse.


----------



## Deleted member 30996 (Jul 31, 2017)

Russia bans VPNs, anonymous web browsing

Only to restrict access to "unlawful content", of course.

Both are Communist countries, China being a more closed society, and they make the rules. You follow them or risk sanction. 

IMO, we in the US have our own privacy issues to deal with.


----------

