Help

Disabling the "Limit IP Address Tracking" feature in Monterey?

Go to solution
johntgeck
New Contributor III

Posted on ‎08-09-2022 10:35 AM

For safety and sanity, we'd like to be able to disable this feature on in our fleet. I couldn't find any documentation on a configuration profile payload or policy setting or even a homebrew script to disable this feature. A config profile would obviously be best as it would prevent the users from re-enabling. An ongoing policy that uses either a script or an actual policy payload would be... fine I guess, but less preferred as between recurring checkins the user could do whatever they wanted.

 

Does anyone have any resources on this?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
talkingmoose
Moderator
Moderator

Posted on ‎08-09-2022 10:46 AM

You mention “for safety and sanity”, but I’m curious what you mean by that? When enabled, this feature protects the end user’s privacy, and it only applies to Internet trackers within the Mail and Safari apps.

Jamf Pro already collects IP address information (both public and internal). What more are you after by trying to disable this feature?

View solution in original post

10 REPLIES 10

Go to solution
talkingmoose
Moderator
Moderator

Posted on ‎08-09-2022 10:46 AM

You mention “for safety and sanity”, but I’m curious what you mean by that? When enabled, this feature protects the end user’s privacy, and it only applies to Internet trackers within the Mail and Safari apps.

Jamf Pro already collects IP address information (both public and internal). What more are you after by trying to disable this feature?

Go to solution
johntgeck
New Contributor III
In response to talkingmoose

Posted on ‎08-09-2022 10:51 AM

Hah. Of course. I thought it was obfuscating the IP address at a network level, but that wouldn't make any sense. I think I was getting it confused with the "Private wi-fi address" setting on iOS. So this feature is only for those specific applications? How does that look on a network level? Is it running the traffic through a relay after it goes outside of our network or something? If you have a resource on how/what the feature actually does that I can read up on, I would appreciate it.

0 Kudos

Go to solution
talkingmoose
Moderator
Moderator

Posted on ‎08-09-2022 12:35 PM

Just those two apps according to the tiny text below the feature.

I can’t vouch for the accuracy of this post, but it makes sense to me. To limit IP address tracking, Apple would need to relay all Mail and Safari traffic through their servers. And it wouldn’t stop the most common form of tracking for email, which is an embedded personalized tracker in a link.

https://discussions.apple.com/thread/253657312

Go to solution
robmorton
Contributor

Posted on ‎08-18-2022 11:43 AM

Actually, just going back to the original question, is there a scripting/profile means to turn it off. If it always worked, it would be fine. It doesn't.

So, only Apple Mail/Safari. With the feature enabled and connected to a Verizon MiFi hotspot "nslookup google.com" from Terminal...

/AppleInternal/Library/BuildRoots/20d6c351-ee94-11ec-bcaf-7247572f23b4/Library/Caches/com.apple.xbs/Sources/bind9/bind9/lib/isc/unix/socket.c:2132: internal_send: fe80::dcaa:ccff:fe30:1e72%5#53: Network is down

Disable the feature and...

 

[2:35 PM] Scott, Anthony C. (MSFC-IS50)[Leidos, Inc.]

MSLAL0819110336:~ acscott2$ nslookup google.com

Server:        8.8.8.8

Address:    8.8.8.8#53

 

Non-authoritative answer:

Name:    google.com

Address: 142.250.9.113

Name:    google.com

Address: 142.250.9.101

Name:    google.com

Address: 142.250.9.100

Name:    google.com

Address: 142.250.9.102

Name:    google.com

Address: 142.250.9.139

Name:    google.com

Address: 142.250.9.138


So back to the original question, how can we disable this in mass.

Go to solution
joshuadent
New Contributor II
In response to robmorton

Posted on ‎09-20-2022 06:05 PM

Did you ever get anywhere on this? We also need to disable as it is causing DNS issues on our network.

0 Kudos

Go to solution
robmorton
Contributor
In response to joshuadent

Posted on ‎10-05-2022 05:23 AM

Sadly, nothing. It is really annoying and hits people when they travel since it is a new WiFi.

Go to solution
micb82
New Contributor II

Posted on ‎10-04-2022 08:10 AM

I have seen issues with NoMAD not working correctly when this is enabled.

0 Kudos

Go to solution
shurkin18
Contributor II

Posted on ‎10-20-2022 12:00 PM

We see issues with FortiClient AV/web filter + the "Limit IP Address Tracking" checked, had a few successful results when users manually would uncheck the feature and the network issues would stop.

 

Would be nice to know if there is a way to uncheck this via script, but I have a suspicion - since this is a privacy feature - Apple hid it, as I was unable to find it anywhere in any of the plist files related to Network/WiFi...

0 Kudos

Go to solution
Rhys
New Contributor

Posted on ‎12-11-2022 07:57 PM

Anyone have any luck finding a solution to this that isn’t just have the end-user disable it? 

This feature seems to be much more aggressive in macOS Ventura and iPadOS 16 to the point it’s causing issues with pages loading with an in-line firewall appliance.

Disabling Private Relay can be achieved by a MDM Profile and at the network DNS level, however this feature (Limit IP Address Tracking) functions independently of these. All a profile does is remove it as a configurable option within a user iCloud settings (which isn’t even in use).

0 Kudos

Go to solution
robmorton
Contributor

Posted on ‎12-12-2022 06:36 AM

I hope everyone that is having this issue is using Feedback Assistant to offer feedback as this is really not a friendly thing for Apple to do. It ends up that they end up being able to stop any site they want using their DNS system over a DNS system of our choice. If it only did what it said it did and only affected Mail and Safari, it would be annoying, but since it affects other programs, it is pretty sleazy. Almost scream spyware.

0 Kudos