Yes, that is used to exchange information between iDevices. The "Find my" mechanism is proprietary and closed source, so you cannot categorically discard the possibility of iOS using such tunnel to send/receive/forward such information.
Yes it could be something else. But if we want to be rigorous, we cannot discard possibilities we aren't 100% sure about.
You are right... and being rigorous is the only path to trust. We can shift the issue from "what is it" to "why isn't it documented and why does status report inactive.
84.5 MB through utun2/IDS during stated isolation—benign or not—contradicts "wireless features turned off" and users have no verification path.
The "closed source" problem you identified is the core issue. So to be rigorous, plausible deniability ends where the telemetry contradicts the UI.
lucasar|2 months ago
TakeFlight007|2 months ago
84.5 MB through utun2/IDS during stated isolation—benign or not—contradicts "wireless features turned off" and users have no verification path.
The "closed source" problem you identified is the core issue. So to be rigorous, plausible deniability ends where the telemetry contradicts the UI.