ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers.

However, this bug caused some DNS queries to be sent to the DNS server configured on the computer, usually a server at the user’s ISP, allowing the server to track a user’s browsing habits.

  • @LWD@lemm.ee
    365 months ago

    AdTech company buys out ExpressVPN for nearly a billion dollars in 2021, product proceeds to start leaking data in 2022. I’m not saying that bit malicious, but talk about being sloppy with your purchase.