Apple TV Receives First Big Native VPN App

ExpressVPN is the biggest VPN company so far to take advantage of the VPN support available in tvOS 17. According to The Verge, ExpressVPN will let Apple TV users connect to servers "in any of 105 countries around the world" so they can watch geo-restricted content around the world. From the report: To download it, you'll need to make sure you're on tvOS 17 -- earlier versions don't support native VPN apps at all. Once set up, the app will route your traffic through faraway servers before forwarding them to whatever streaming service or other internet server the Apple TV contacts. ExpressVPN on the Apple TV uses the company's Lightway protocol. Reddit users reported spotting the app last week. Most said they could switch countries to get around region restrictions, though some had issues logging in or getting it to work with specific apps. It's also a basic experience that lacks advanced VPN features like split tunneling, which dynamically applies the VPN connection to certain services as needed, freeing users from managing it manually.

From someone who knows nothing of Apple TVs

[Rosco P. Coltrane]

I assume you can sideload things into those devices, right? Because surely Apple doesn't allow THAT. Or if they do now, they won't for long when their entertainment corporate buddies start complaining.

Re:From someone who knows nothing of Apple TVs

[SeaFox]

Do the "entertainment corporate buddies" complain to Amazon or Google that you can sideload things onto Fire Sticks or Android TVs?

Re:

[saloomy]

Apple has long prevented a real browser or a kiosk on this device, I hope that changes. That being said, Apple is notorious about letting its own services steer around VPNs. That is why when I travel, I have a raspberry-pi in a case that connects via wifi or ethernet to any network, and creates a route-all site to site VPN back to a server I run in the US, which lets me do whatever I need. It also works great with Spotify, etc... I even have all day battery when I connect it to my Anker USB battery block.

Re: From someone who knows nothing of Apple TVs

[SeaFox]

What does that have to do with sideloading apps for pirate IPTV, which is clearly what the original poster was referring to?

Nobody cares about your home-made travel router, btw. I can open the OpenVPN client on my phone or my laptop and connect back to my home network without needing to worry about extra hardware.

Re: From someone who knows nothing of Apple TVs

[Shakrai]

I can open the OpenVPN client on my phone or my laptop and connect back to my home network without needing to worry about extra hardware.

His point is some Apple services bypass VPNs on iDevices. Now, having researched that, I don't think it's anything nefarious. It's mostly network detection tools and things like automatic failover for non-functional DNS (Android does this too: Give it a DNS server you control via DHCP then shut that server off. It'll start going to 8.8.8.8) but the point remains. The only way to be sure 100% of your traffic goes through the VPN is to do the VPN upstream of the iDevice. Even that isn't a surefire thing, an iPhone will continue to communicate with Apple via cellular data when on Wi-Fi unless you explicitly turn off cellular data. Again, not nefarious, it's there to provide a path [apple.com] if the Wi-Fi network sucks.

Personally, I never use third party Wi-Fi unless I truly (complete cellular dead zone on both my SIMs) have no other choice. That said, my solution, I implement DNS-over-TLS [wikipedia.org] with a configuration profile [apple.com] to trusted DNS resolvers. Quad 9, Google, and Cloudflare all support this, and have reasonable (Quad 9's is the best, IMHO) privacy policies. DoT closes off the biggest data leak (unencrypted DNS), hijacking, and privacy risk of untrusted networks.

For the rest of my communication, I trust TLS. Every app of consequence I use already communicates via TLS. The vast majority of webpages these days default to TLS. Wi-Fi calling (if I'm in a dead zone I likely need this) is also via a secure (IPSec VPN) encrypted channel. If someone is playing games with TLS I'll get certificate warnings. Unless they've owned the root certificate authority, in which case, you got bigger problems than untrusted Wi-Fi, lol.

The VPN path he has is valid but I think DoT is easier. For bonus points, you can enforce it on cellular data if you're so inclined, so you're closing off any data monetization games your cellular company might be trying to play with your DNS queries.

Re:

[SeaFox]

His point is some Apple services bypass VPNs on iDevices. Now, having researched that, I don't think it's anything nefarious. It's mostly network detection tools and things like automatic failover for non-functional DNS (Android does this too: Give it a DNS server you control via DHCP then shut that server off. It'll start going to 8.8.8.8) but the point remains. The only way to be sure 100% of your traffic goes through the VPN is to do the VPN upstream of the iDevice.

But that doesn't really matter in the context of this thread topic. As long as the VPN app on the device feeds the data for the specific apps over the connection the results will be what the user wants (bypassing geo-blocks). Personally I wouldn't travel with an Apple TV to begin with because it's already much bulkier and less-portable than a Fire Stick, Roku Stick, or a Chromecast. So needing to carry additional equipment to defeat perceived Apple-"spying" is a non-issue. It's interesting how Apple users g

Re:

[Shakrai]

Personally I wouldn't travel with an Apple TV to begin with because it's already much bulkier and less-portable than a Fire Stick, Roku Stick, or a Chromecast.

I've traveled with my Apple TV. It's not really a huge burden in the context of a bag already filled with laptop, tablet, and all the related fixings.

Re:

[Shakrai]

That is why when I travel, I have a raspberry-pi in a case that connects via wifi or ethernet to any network, and creates a route-all site to site VPN back to a server I run in the US, which lets me do whatever I need. It also works great with Spotify, etc

What solution did you use for this? I home built one for my Mom, which builds a site-to-site back to my house, then announces a Wi-Fi network for all of her streaming devices. This was my middle finger when the crackdown started on password sharing. Mom is disabled and lives on under $1,000/mo of SSDI, she doesn't have the money for streaming services, and until that crackdown started it was a nice little benefit they allowed me to give her. :-(

Re:From someone who knows nothing of Apple TVs

[Shakrai]

You cannot sideload apps onto ATV.

There are apps very commonly used for piracy (Plex) that have ATV versions. In fact, the ATV version of Plex is free, while you have to pay for a non-neutered version of the app for iPhone or iPad.

No more geofencing?

[Applehu Akbar]

Can I use this to pretend that my ATV is in London so I can stream BBC content?

Progress

[Carewolf]

Wow one day it might even compete with NVidia Shields and other Android TVs