I'm glad that people are putting pressure on Apple to fix this and hope that they do.

That being said, I think many comments here are out of touch. We're talking about a specialized security feature which is not easily available on other platforms is only used by a minority of users and still works for most programs.

What exactly are your threat models that this is causing a problem for you? Are you sure that you can even use a mainstream OS if you need to block all outbound connections? If I had to have complete control over my outbound connections, I would use a hardware/software solution sitting between the computer and router.

Secondly, is this really bypassing VPNs or only the new firewall API? e.g. is it bypassing WireGuard?

"We're talking about a specialized security feature which is not easily available on other platforms is only used by a minority of users and still works for most programs"

I'm confused by this statement. We are talking about being able to implement firewalls and VPNs which can filter/redirect all outgoing connections. These are both abilities easily available on Windows and Linux.

I was referring to software firewalls. Obviously it's bad if a VPN is leaking traffic, but that's not confirmed yet... or at least I couldn't find any proof of that in the linked tweets.

Software firewalls like what comes by default on Windows since XP and Linux since... some version around 1997 I think?

Filtering any outbound traffic on those is either outright not supported or not worth attempting.

This is an interesting opinion, considering that iptables has been able to do this for decades, and nftables can, too. It is trivial to filter outgoing traffic and there are even convenient GUIs to do so.

To be fair I haven't looked at the state of Linux app firewalls in years, maybe there's something better available, but *tables is not it.