Please note that regardless of the product the current behavior is inconsistent not just with the previous versions of macOS, but also within the current one: it's strange that iCloud Private Relay behaves differently with and without the Firewall. The bug is still there in macOS 15.1, but there's a slight change as if there was attempt to fix it, but it gets back 5-10 minutes later.

This is actually a very good question, doing anything in the extension is quite problematic with a limit that low. For instance, our use case is simple: we pass settings from the main app via a file. That file weighs more than 2MB so reading it is already problematic. We have to use some ugly workarounds and pass it in chunks instead.

@dverevkin Denis, please take a look at this issue: https://github.com/dart-lang/sdk/issues/45116 It'd be useful if you could supply info about your patch there.

Any chance anyone from Apple could reply?

Nevermind, the issue is not that simple

The issue is still here on Beta 9. so if there are further updates to this very specific case I am quite surprised that this case is considered "very specific". All users without IPv6 are affected. As far as I know, there are way more users like that than others. Also, I suppose this thread should've been called "Transparent Proxy breaks Youtube for all users without IPv6" to make it clear that this whole thread is not about a specific case of breaking IMAP, but about a much more serious issue. Is there at least any workaround for that?

Apple's SSH sees the wrong remote address for some reason. My point is that it's not just Apple's SSH, this is quite a serious issue actually. I suppose that it affects all apps that use new Apple networking API, and that's why Safari and Apple's SSH are affected, and Chrome or ssh from brew aren't. For me this bug lead to Youtube being broken in Safari. Here's what was going on: Safari "thinks" that all domains have the same IP address (0.0.0.0) Note that Youtube serves static content from *.googlevideo.com subdomains using HTTP2 All these subdomains have the same wildcard certificate Points 1-3 (same IP, same cert, HTTP2) are enough for Safari to start using HTTP2 connections coalescing That leads to Safari sending HTTP2 requests to a wrong server completely breaking loading videos. Having said that I believe it is not correct to say that using the Transparent Proxy API will break every app. I admit I might have indeed exaggerated it a bit, but I still consider this a major (if not critical) bug. I really hope that you're able to reproduce this issue with the example from @ngorskikh. If you think it makes sense for me to submit a TSI or Feedback or do anything else, please let me know.

Is there any update on the issues posted here? All three of them seem rather serious. Especially the one about Safari and wrong source address. As far as I understand, it means that every app that uses new networking api will be broken by mere presence of a transparent proxy. Is there at least a temporary workaround for this bug?