St Gallen has been archiving knowledge for over a thousand years. Now they are archiving AI models before they get retrained out of existence. The location is not a coincidence…
The technical detail that makes this egregious is that the leak happens in system_server, a privileged process. Android’s
own lockdown mode explicitly promises that no traffic bypasses the VPN. When the system itself sends the packet over the physical interface, that promise is broken at the kernel level, not in userspace. Calling this “not security bulletin class” is hard to defend.
