[picofarad]

> When/why should an app be allowed to bypass a user-configured VPN?

temporarily if full tunnelling isn't working, one can split tunnel to route around issues due to VPN

But imo an app should never bypass something like a network boundary.

[kotaKat]

Look at how far TikTok can go if you try blocking DNS. The hardcoded IPs, self-DNS-resolution and cat-and-mouse game of blocking is quite... interesting.

[vsgherzi]

Is there anywhere I could read more about this ?

[kotaKat]

https://github.com/M4jx/TikTokBlocklist

I think they may have scaled back from this, but they were running a 100% malware-style playbook to hit the Tiktok servers like it was some kinda sketchy C2 package. Lots of attempts of their own DoH (and DoT!) and normal DNS servers to try to get into the Tiktok network.