this is why I do not trust my devices to handle VPN and Tor of their own volition. That means you have to trust the device to not subvert itself. If you need your VPN or Tor consistently for any kind of safety or privacy reason, you need a dedicated network appliance for the tunnel or else you should assume that at any given moment a single exploit for any of the software you run on your device can unmask you and bypass the tunnel or simply disable it.

Yep. VPN/Tor “on the same compromised device” is still the same trust domain wearing a trench coat. A separate network box is less cute than an app toggle, but it makes the failure mode much easier to reason about.

*Just* when you thought that those things happen in iOS-land only :/ View quoted note →