Bug:

Affected versions 12.23.1-12.72.0 (May 2022-Feb 2024) with split tunneling feature.

Impact:

Exposed visited domains to user’s ISP, potentially leaking browsing history.

Affected users:

Windows users with active split tunneling (about 1%).

Fix:

Upgrade to version 12.73.0 (removes split tunneling temporarily).

Alternatives:

Disable split tunneling or use ExpressVPN version 10.

Note:

All other traffic and content remain encrypted.

  • Lunch@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    11 months ago

    From what I know they were perfectly aware of the situation but did little about it… So thats a red flag. But yeah, there is a lot more to this, and that one source doesn’t cover it all, and is another source that shills certain VPNs themselves, hence why I said its not a great source itself. I can edit in some additional sources that are worth reading regarding the case when I get home.

    But imo, there isn’t a single good reason to use ExpressVPN, instead of Mullvad, IVPN or ProtonVPN.