VPN provider ExpressVPN has been leaking some users’ DNS requests for years, the company has said announced. The problem occurs in the ExpressVPN Windows application when the feature ‘split tunneling‘ is enabled. When ExpressVPN is active, all traffic goes through the VPN app. Split tunneling allows users to specify which apps go through the VPN tunnel and which apps connect directly to an open network.
“If you use split tunneling to ensure that certain traffic does not go through the protection of your VPN, your internet provider or a third party can gain access to traffic,” warns ExpressVPN on its own website. A bug in the feature causes DNS requests that should have gone to an ExpressVPN server to a third-party server, such as that of the ISP. This can see which websites the user visits.
Due to the error, ExpressVPN has released an update to version 12 of the Windows application in which split tunneling is completely disabled. The exact cause is now being investigated. ExpressVPN states that it was only able to replicate the situation in certain cases with certain apps. When the cause of the problem, that since 19 mei 2022 is present in the software, has been outdated and has been resolved, split tunneling will become available again in the VPN app via an update.
2024-02-12 08:32:00
#ExpressVPN #leaked #users #DNS #requests #years
