Having VPN issues with one of the Big Sur 11.2 versions? You’re not alone. Aside from VPNs, various other security apps (firewalls, anti-malware, etc.) were suddenly at risk, thanks to the inclusion of a key feature (removed in the second beta.) More details below.


First-Party Apps Excluded from VPN Tunnels

So which feature gave the security community a headache before the full 11.2 launch? Well, turns out that the ContentFilterExclusionList component allowed more than 50 Apple apps to bypass VPN tunnels. This meant increased chances for data leaks from apps like iCloud, now that the apps’ network traffic would no longer be encrypted.

Not only that, but affected VPNs could no longer mask their true IP addresses from Apple. In other words, your real life location would always be visible to the tech giant. Fortunately, the top VPNs for Mac (such as ExpressVPN, Private Internet Access, ProtonVPN, and more) remained unaffected. Some providers (Surfshark, CyberGhost VPN) continued investigating whether Apple’s exclusion list caused any issues with their clients.

Third party apps such as firewalls and anti-malware software would also exclude Apple apps from their security checks. This would allow hackers to create malicious code capable of evading security scans by simply attaching itself to first-party applications.

Thankfully, the problem is mostly irrelevant now, seeing as the tech giant removed the “feature” entirely before releasing the final version of the Big Sur 11.2 update.


Why Did Apple Add Such a Feature in the First Place?

According to an Apple software engineer (in a report by ZDNet), the ContentFilterExclusionList was added simply because of time constraints. More specifically, the company didn’t have enough time to fix all the bugs that resulted from the introduction of the new Network Extension Framework system before the initial launch of Big Sur.

Unsurprisingly, the VPNs that were affected by the issue used the NEFilterDataProvider and NEAppProxyProvider APIs included in the system. Since the exclusion list has been removed, it’s entirely safe to use VPNs, firewalls, and so on.

Now, just because the issue no longer affects VPNs, that doesn’t mean every VPN is safe to use. Here’s what we mean.


Watch Out for Free VPNs on macOS

In July 2020, 20 million people woke up to find all their online data (including emails, passwords, and payment data) leaked online. Who was responsible? Seven free VPNs based in Hong Kong, whose privacy policies all claimed the providers didn’t log user data.

You might be thinking this is an isolated incident, but a recent study shows that many free iOS and Mac VPNs don’t respect Apple’s data collection policies. Not to mention about 60% of the free VPNs with the most downloads are under Chinese ownership. This means all your data could potentially land in the hands of a government known for heavy censorship and far reaching mass surveillance of its citizens.

On top of all this is the fact that any free VPN can legally sell your data to third parties, much like Internet providers are doing nowadays. All they need to do is add a few lines in their terms of service, stating that they may collect and sell your data. 

All in all, the hassle probably isn’t worth it just because a product is “free”.