ExpressVPN, the consumer privacy and security company, has taken transparency to a whole new level by revealing hidden problems associated with Domain Name Server (DNS) leaks, as revealed in its latest research paper, ‘Shedding Light on Hidden Dangers: A New Perspective on DNS Leaks’.

The cybersecurity company gained prominence for its regular audits conducted by reputable third parties, turning the spotlight on the importance of independent validations of privacy and security assurances made to users. By choosing transparency over silent assurance, the firm is clear about its commitment to building trust among users.

Several months ago, Attila Tomaschek, a VPN specialist and writer for CNET, noted an unusual behaviour of DNS requests during his usage of the split tunnelling feature on a Windows device. Recognising the seriousness of this discovery, ExpressVPN directly addressed the issue, which was later confirmed as resolved by both their internal team and Tomaschek himself.

Keen to restore confidence in its Windows applications, ExpressVPN took the initiative to engage Nettitude, a cybersecurity firm, in March and April of 2024, with the specific goal of verifying the resolution of the DNS issue related to split tunnelling and conducting a comprehensive penetration testing of the software in question. The audit performed by Nettitude luckily resulted in only one medium-severity issue being identified, which was promptly resolved, further underlining the robust security of the ExpressVPN app for Windows in particular.

This matter under investigation not only indicated possible flaws within ExpressVPN's systems but also raised broader concerns about the industry standard practices for testing DNS leaks. ExpressVPN's further analysis into Windows DNS concluded with findings so fundamental that they may bear significant implications on the VPN industry as a whole. A similar flaw was detected in another VPN provider, which has swiftly adopted the solution put forth by ExpressVPN, suggesting that the problem may be more widespread than first assumed.

By sharing its research paper in the public domain, ExpressVPN hopes to incite other industry players to scrutinize and improve their software applicability. Similarly, the company aims to foster a renewed focus on the potential risks linked with DNS leaks, highlighting that the traditional methods of assessing online safety, particularly about these leaks, may be inadequate.

The company's research divides DNS leaks into Type 1 and Type 2. Type 1 leaks occur when DNS requests bypass the VPN tunnel because of configuration mishaps or inadequate protection measures. These leaks betray the user's IP address to DNS servers, compromising their anonymity and privacy. On the other hand, Type 2 leaks may be more subtle but are equally dangerous. They happen when DNS requests are directed to DNS servers that the user has not conscientiously selected.

ExpressVPN's research emphasises the pressing need for increased attention on Type 2 DNS leaks. The study further identifies the existence of Stealth DNS servers, which are not detected by standard DNS leak testing tools, thus leading to a false sense of security among users.

ExpressVPN asserts that this breakthrough is more than just about enhancing the security of its customers; it is a significant contribution to the evolution of the VPN industry as well. They underscore the importance of constant research, innovative approaches, and concerted efforts to bolster online privacy and security universally. The paper is available in full on engrXiv (Engineering Archive) for those interested in gaining a comprehensive understanding of the leaks, threat scenarios, and mitigation strategies.