i will have agree with your definition, but the issue here isn't with the nomenclature, it's with the bill of goods being sold as a service.
what people expect, and what is being sold, is an encrypted tunnel that all traffic goes through, to an endpoint. That this is called "VPN" is irrelevant.
I have a GL-iNet Mango that i have setup to provide "always on wireguard" to a computer in a datacenter i control the public IP for. I haven't tested, but i expect all data sent to and from any devices connected to that Device's SSID to be tunneled via wireguard to the computer in the DC, and therefore, to all outside observers the DC is where my device is. Obviously the ISP can see the session, but since they have no say over the DC endpoint, they have no way of knowing what the traffic is or where it's going. It could just be me doing SSH or video streaming or backups to and from the datacenter, or i could be watching netflix or youtube.
In that circumstance, an iOS device shouldn't be able to leak my local network's ostensible "public IP", since the actual transport layer is outside of the iOS device's control.
With all of this being said, i don't think there's any way to guarantee that leaks are impossible without literally air-gapping your devices and forcing all traffic through something that cannot communicate with anything but the remote endpoint - that is, if the wireguard connection fails, all pings fail, all TCP/UDP/etc traffic times out, and so on. In this manner, probably all things sold as "secure VPN" or as a service that does that are scams. This is the issue that TFA is complaining about.
in a situation where it's life and death - i would find an open wifi access point and connect a wireless bridge device (e.g. tp link TL-WR802N), with an STP ethernet cable to something similar to the gl-iNET mango, with 100% forced wireguard connectivity. I'd only consider this viable after doing tshark or tcpdump on the server i control log access to, to verify that my (local) MAC address and/or stuff like webrtc or whatever are blocked/dropped.
sorry for the length, but i didn't want to make multiple comments all over the threads.
what people expect, and what is being sold, is an encrypted tunnel that all traffic goes through, to an endpoint. That this is called "VPN" is irrelevant.
I have a GL-iNet Mango that i have setup to provide "always on wireguard" to a computer in a datacenter i control the public IP for. I haven't tested, but i expect all data sent to and from any devices connected to that Device's SSID to be tunneled via wireguard to the computer in the DC, and therefore, to all outside observers the DC is where my device is. Obviously the ISP can see the session, but since they have no say over the DC endpoint, they have no way of knowing what the traffic is or where it's going. It could just be me doing SSH or video streaming or backups to and from the datacenter, or i could be watching netflix or youtube.
In that circumstance, an iOS device shouldn't be able to leak my local network's ostensible "public IP", since the actual transport layer is outside of the iOS device's control.
With all of this being said, i don't think there's any way to guarantee that leaks are impossible without literally air-gapping your devices and forcing all traffic through something that cannot communicate with anything but the remote endpoint - that is, if the wireguard connection fails, all pings fail, all TCP/UDP/etc traffic times out, and so on. In this manner, probably all things sold as "secure VPN" or as a service that does that are scams. This is the issue that TFA is complaining about.
in a situation where it's life and death - i would find an open wifi access point and connect a wireless bridge device (e.g. tp link TL-WR802N), with an STP ethernet cable to something similar to the gl-iNET mango, with 100% forced wireguard connectivity. I'd only consider this viable after doing tshark or tcpdump on the server i control log access to, to verify that my (local) MAC address and/or stuff like webrtc or whatever are blocked/dropped.
sorry for the length, but i didn't want to make multiple comments all over the threads.