February 11, 2024 at 12:39PM
ExpressVPN removed split tunneling from versions 12.23.1 to 12.72.0 after a bug exposed user browsing domains to configured DNS servers. This impacted 1% of Windows users. Upgrading to version 12.73.0 removes split tunneling, to be reintroduced after bug fix. If unable to upgrade, disabling split tunneling or using version 10 is recommended to prevent DNS request leaks.
Key Takeaways from the Meeting Notes:
– ExpressVPN removed the split tunneling feature from its latest software version due to a bug that exposed users’ visited domains to configured DNS servers.
– The bug affected ExpressVPN Windows versions 12.23.1 – 12.72.0, published between May 19, 2022, and Feb. 7, 2024, and only impacted users utilizing the split tunneling feature.
– The split tunneling feature allows selective routing of internet traffic, providing simultaneous local and secure remote access.
– The bug caused DNS requests to be sent to the user’s ISP instead of ExpressVPN’s infrastructure, potentially exposing browsing history.
– This issue only occurs when the split tunneling mode is active.
– ExpressVPN recommends that impacted Windows users upgrade to the latest version, 12.73.0, which removes the split tunneling feature. Alternatively, they can disable split tunneling or use version 10, which is not impacted by the bug.
ExpressVPN plans to re-introduce the split tunneling feature in a future release once the bug is fixed. If users absolutely require split tunneling, they should download and use version 10 to avoid the bug.