Remove IVPN

anon4692472 · December 26, 2025, 2:55pm

Remove IVPN from list of recommended VPNs for it’s failure to implement a functioning kill switch.

When using Apple services on iOS 16+, a VPN connection does not fully protect your privacy against Apple. Even with an active VPN connection and kill switch enabled, traffic from your iOS 16+ device to Apple servers can leak outside the VPN tunnel and expose your local IP address to Apple. For this reason, during the next release we are removing the kill switch feature from the IVPN iOS app. Connections to non-Apple servers are not vulnerable to this leak, thus general privacy benefits of your VPN connection are unaffected.

flowrpowr · December 26, 2025, 3:26pm

Last time I’ve checked, Mullvad VPN also doesn’t have a kill switch on iOS.

This might just be an iOS problem instead.

Bhaelros · December 26, 2025, 3:38pm

While you are at it, maybe remove VPNs completely then? It is Apple issue, not a VPN software issue but people fail to see that.

anon69871701 · December 26, 2025, 4:05pm

This seems like an issue made due to frustration with current discussion on Proton. Platform leaks are different from leaks due to faulty implementation. One of them can be solved by the VPN vendor. Hope you are able to eventually see that.

anon1333233 · December 26, 2025, 4:05pm

I don’t feel it really makes much sense to remove it because of the leakage on apple devices. AFAIK, all VPN, at least on iOS suffer from the same problem because it’s the way it’s designed. Removing ivpn for this criteria would effectively mean that every other vpn that has an iOS client would also have to be removed.

kissu · December 26, 2025, 4:58pm

Original article from IVPN: Removal of kill switch from our iOS app due to Apple IP leak issue

nateb · December 26, 2025, 6:34pm

In my personal, unofficial opinion, between this thread and the one about ProtonVPN from the other week, the real problem here is the killswitch criteria. If we continue to enforce that, then we can’t recommend any VPNs for iOS except Private Relay, which isn’t even really a full-VPN because it only works in Safari (as I understand it) - among other concerns with that idea.

In my official opinion as a team member, I’ll bring this up to the team to discuss. But be patient with us as it is the holidays, some of our team members are on PTO, and it may take a while to get a decision sorted out.

mongrel306 · December 27, 2025, 9:17am

A similar issue is DNS leakage on Android, which remains unresolved in Android 15.

But since this is an OS issue and not a VPN provider issue, it has not affected the recommended list.

I believe the same applies to this current issue. It’s information worth noting, but I don’t think it warrants removal from the recommended list.

ignoramous · December 27, 2025, 1:57pm

Don’t think “killswitch” is the problem. Recommending platforms (for VPN use) that don’t enforce it are. The material that goes “hide traffic from ISPs” is. The public VPN providers that don’t implement “killswitch” are.

In short, if there’s a “killswitch”, the VPN client must implement it and optionally let the user enable it, regardless of the platform’s enforcement (or lack thereof).

In Android’s case, on a non-rooted device, the traffic “leaks” with “killswitch” is minimal, but without it, all bets are off. Recommending using VPN clients on Android, then, without a “killswitch” is diabolical and a dangerous suggestion.

In iOS’ case, from what I read on these forums, the “killswitch” only exempts Apple apps (discounting non-leaking but non-recoverable bugs such as loss of Internet connectivity when the VPN client implementing “killswitch” itself is “killed”), which is still okay in the grand scheme of Apple’s walled-garden.

gapless · December 27, 2025, 3:35pm

Back when I was using IVPN and this issue was blowing up, had a small email exchange with the IVPN iOS dev at the time and he stated that, from their testing, the majority of the queries bypassing the WireGuard tunnel were Apple’s services related to the App Store, iOS updates, push notifications (APNs)*, some location related^[1] services like Weather, Apple Maps, Find My, Apple Pay, HomeKit, along with some cellular* related stuff like Wi-fi calling. They observed no leaks from Safari, third party email or messaging services like Tutanota, WhatsApp or Signal.

*Apparently, there are some proxy clients for iOS that claim to be able to force APNs and cellular services into their tunnel. Here’s a screenshot from an app called Shadowrocket^[2] (also supports WireGuard). Seems to have a huge following , but alas most of the documentation/discussion relating to it seems to be in Chinese or Russian. Like most things in life, there seems to be a whole world out there that us English speakers aren’t privy to.

apparently disabling features you don’t need in the Location Services section of the Settings app greatly reduces the amount/frequency of these queries ↩︎
Banned by the CCP, so it must be doing something good. ↩︎

foolclown · January 1, 2026, 5:42pm

It seems to have a website in English. Could you point me to where you saw the Russian/Chinese discussion? I’m interested in seeing what’s written in Russian

gapless · January 2, 2026, 4:44am

There were a couple more, but can’t remember the exact search queries I used that led to them. Sorry. It was more of a glancing interest. I was simply curious as to why Shadowrocket has consistently ranked amongst the top paid apps in the iOS App Store charts in many countries and was wondering what people were using it for.

foolclown · January 2, 2026, 6:47am

Thank you. Honestly, kind of heartwarming to see that the Russian tech wizardry is still as savage and creative as it’s always been.

The pages you linked provide detailed descriptions on how to evade the Great Firewall of Russia, in order to be able to connect to Western sites like Instagram, Discord, foreign banks, etc, while still being able to access Runet easily. The guides provide links to meticulously crafted lists of DNS servers, with and without suffixes, that do or do not contain certain blocks and filters (such as ads or snooping IPs/domains).

The filters are created and updated religiously by volunteers, and provided to everyone free of charge. All other setup steps are described in the simplest possible language. I am not sure why this specific service is picked (Shadowrocket) but I’m pretty sure it’s because it provides options for implementing these kinds of complex workarounds; (installing config files, to be more precise); it’s also possible that it might to be harder to detect by the Roskomnadzor (Propaganda and Communications Surveillance service) - but this point is pure speculation.

The guides happen to target specifically Apple devices. I don’t know anything about iOS and macOS VPN leaking unfortunately. But that’s not the focus of the guides either way.

More on topic: I think it is silly to remove IVPN for this reason. It is an Apple design choice, not theirs. Sucks, really, but what can a 3rd party VPN provider do. Mullvad doesn’t offer a kill switch on its iOS app either. In fact, their iOS app is like a pale shadow of their actual app on, say, Linux. Precisely because of Apple

foolclown · January 2, 2026, 6:51am

Um okay right after making this post I went and clicked “Vote”. It was my first time doing it and for some reason I thought I was voting against removing IVPN. Then realized the vote is only for if you think it should be removed.

is there a way for me to unvote this, please? Sorry lol

Topic		Replies	Views
Are there any VPNs with a strong kill switch on MacOS? Questions	8	1011	February 22, 2025
Remove ProtonVPN Tool Suggestions	95	6173	January 16, 2026
Please do not completely trust the kill switch functions of VPN clients General software , website	8	1545	December 26, 2025
Mention kill switch leaks caused by OS limitations Site Development	9	620	January 5, 2026
Your VPN Kill Switch Won't Stop All Leaks General article , guide , software	29	4110	October 22, 2025

Remove IVPN

Related topics