Facetime exposes client IP addresses

$ cat post.txt | | 1 min read

Apple's Facetime, by default, has privacy concerns. When a call is initiated - and for the duration of the call - a peer-to-peer connection between both ends of the call is established.

A peer-to-peer session from & to port 16393 observed during a Facetime call; the destination is the far side's residential IP address.

For organizations or individuals with a high threat posture, using Facetime is not recommended. Using Signal instead, with the "always relay calls" option enabled, is advised. If absolutely necessary to use Facetime, the use of a VPN will mitigate this particular risk - but not others as have previously been found in Facetime.

"Always relay calls" enabled in the Calls section of Signal's settings.