Testing shows no plaintext exposure. Signals point to Android’s routing layer; fixes and public status notes are rolling out. [Singapore, October 13, 2025] — X-VPN, a global VPN provider owned by Singapore-based LIGHTNINGLINK NETWORKS PTE. LTD., has released results from its internal review of Blind In/On-Path signals. These network-layer techniques use spoofed packets and traffic analysis to infer user activity. The investigation found that the behavior stems from how some platforms—especially Android—handle network traffic, not from flaws in X-VPN’s tunneling or encryption design. [Singapore, October 13, 2025] X-VPN X-VPN’s engineers tested Android, Linux, Windows, macOS, and iOS to assess whether spoofed packets could reach VPN tunnels and provoke replies. The results showed that X-VPN’s use of AES-GCM encryption, zero-log architecture, and secure handshake protocols remain unaffected. The company emphasized that its core privacy protections held firm across all tests. Methodology and Findings Methodology and Findings As part of the internal review, the team followed the approach outlined in Blind In/On‑Path Attacks and Applications to VPNs, using probe injections and packet replay to monitor tunnel behavior. On Android, the default reverse path filter setting (rp_filter=0) allowed spoofed traffic to reach the tunnel interface, leading to observable replies. This behavior was consistent across several VPN services, including ExpressVPN, NordVPN, and Proton VPN, suggesting a platform-level issue rather than an app-specific flaw. Linux showed similar exposure, but because Linux allows full administrative access, X-VPN applied iptables rules to block spoofed responses at the interface level. No similar behavior was found on Windows, macOS, or iOS in internal test runs. Platform-Specific Fixes and User Protections Platform-Specific Fixes and User Protections Android’s network limitations mean no app—including X-VPN—can fully block the observed signals without platform-level fixes. Still, X-VPN is testing countermeasures like detecting probe signals and limiting reply behaviors. These are under review due to potential tradeoffs in performance and stability. On Linux, patched builds now include stricter interface controls. On Android, all users—including free-plan users—have access to the Kill Switch feature, which disconnects the internet if the VPN tunnel fails. This reduces data exposure in risky environments like public Wi-Fi. Free users get access to a limited number of servers, while Premium users unlock more locations, faster speeds, streaming servers, and stronger protections. Each Premium account can secure up to 5 devices at once. All traffic, regardless of plan, is encrypted using protocols like WireGuard, OpenVPN, and X-VPN’s Everest stack, which combines TLS and TCP features. Streaming servers under Premium plans remain unaffected by the reported behavior, and continue to support services like Netflix. This helps answer another frequent user concern: whether X-VPN’s streaming access is impacted by such network issues. Ownership, Audit, and User Concerns Ownership, Audit, and User Concerns X-VPN is operated by LIGHTNINGLINK NETWORKS PTE. LTD., a Singapore-registered company. The service maintains a no-logs policy, meaning it does not record user browsing activity or connection logs. While the company has not yet published a third-party audit of this policy, it confirmed that an external privacy review is currently in progress. This addresses a common question from users seeking independent verification of logging practices. Security Review and Transparency Commitments Security Review and Transparency Commitments Following its internal review, X-VPN reported its findings to Google through the official security process and shared full test results, including platform logs and traffic data. A third-party security audit is now underway to confirm what was found and how X-VPN’s protections respond. While X-VPN has long claimed a strict no-logs policy, this review is the first public step toward external verification. Users often ask whether the no-logs claim is audited—this process helps answer that. As part of its transparency policy, X-VPN will post future updates, security tips, and setup guides. Researchers and reporters can email security@xvpn.io for more information. security@xvpn.io So far, no active attacks have been detected, but X-VPN recommends caution on public Wi-Fi and urges users to keep apps and systems updated. Future fixes will be shared in coordination with platform vendors. About X-VPN About X-VPN X-VPN is a global privacy service used by over 100 million people. Operated by LIGHTNINGLINK NETWORKS PTE. LTD. and based in Singapore, X-VPN offers multi-protocol connectivity and a strict no-logs policy designed to protect session privacy across major platforms. Media Contact: support@xvpn.io Media Contact Source: X-VPN Source