- cross-posted to:
- securitynews@infosec.pub
- cross-posted to:
- securitynews@infosec.pub
Bug:
Affected versions 12.23.1-12.72.0 (May 2022-Feb 2024) with split tunneling feature.
Impact:
Exposed visited domains to user’s ISP, potentially leaking browsing history.
Affected users:
Windows users with active split tunneling (about 1%).
Fix:
Upgrade to version 12.73.0 (removes split tunneling temporarily).
Alternatives:
Disable split tunneling or use ExpressVPN version 10.
Note:
All other traffic and content remain encrypted.
Even just going off the article you posted “helped” is a strong word in regards to distributing malware through their framework. It appears that their framework had simply been hijacked by hackers to distribute malware and they had no involvement in that.
I’m not saying they’re trustworthy but the situation isn’t nearly as bad as this biased summary suggests.
The same website has rated express VPN as one of the most trustworthy vpns in their most recent review. Based on the high amount of independent audits the company is performing.
https://restoreprivacy.com/vpn/reviews/expressvpn/
Definitely do more research. I’m going to look into it myself but I’m paying until June anyways and I don’t think an immediate switch is necessary.
From what I know they were perfectly aware of the situation but did little about it… So thats a red flag. But yeah, there is a lot more to this, and that one source doesn’t cover it all, and is another source that shills certain VPNs themselves, hence why I said its not a great source itself. I can edit in some additional sources that are worth reading regarding the case when I get home.
But imo, there isn’t a single good reason to use ExpressVPN, instead of Mullvad, IVPN or ProtonVPN.