- cross-posted to:
- securitynews@infosec.pub
- cross-posted to:
- securitynews@infosec.pub
Bug:
Affected versions 12.23.1-12.72.0 (May 2022-Feb 2024) with split tunneling feature.
Impact:
Exposed visited domains to user’s ISP, potentially leaking browsing history.
Affected users:
Windows users with active split tunneling (about 1%).
Fix:
Upgrade to version 12.73.0 (removes split tunneling temporarily).
Alternatives:
Disable split tunneling or use ExpressVPN version 10.
Note:
All other traffic and content remain encrypted.
From what I know they were perfectly aware of the situation but did little about it… So thats a red flag. But yeah, there is a lot more to this, and that one source doesn’t cover it all, and is another source that shills certain VPNs themselves, hence why I said its not a great source itself. I can edit in some additional sources that are worth reading regarding the case when I get home.
But imo, there isn’t a single good reason to use ExpressVPN, instead of Mullvad, IVPN or ProtonVPN.