TechRadar has uncovered evidence that ExpressVPN is secretly preparing to add Shadowsocks support.
During routine scanning of the latest Windows ExpressVPN application (v12.201.0), we discovered a Shadowsocks executable file: ss-local.exe.
Article continues below
What are Shadowsocks? (and why do VPNs use it?)
Shadowsocks is an obfuscation technology used by VPNs such as Mullvad and PIA to secure internet access in regions with strict internet restrictions, such as China and Russia.
Lightweight proxy prioritizes speed and censorship circumvention over complete system-wide privacy. However, it can be used with other protocols (the rules that determine how your traffic is handled) to enhance its privacy-preserving credentials.
Standard VPN protocols have highly recognizable signatures. In comparison, Shadowsocks is based on standard TCP or UDP connections combined with encryption.
This removes recognizable VPN metadata and makes traffic indistinguishable from normal HTTPS web browsing, making it much more effective at evading censorship mechanisms like the Great Firewall.
Finding Shadowsocks in ExpressVPN
TechRadar’s routine scan of the latest Windows ExpressVPN application reveals a newly added Shadowsocks file (ss-local.exe). Additionally, traffic analysis confirms that the application now polls backend servers for a “aShadowsocks” status indicator.
Although currently set to FAKE For all observed locations, the integration of the local executable and server-side setting strongly suggests that ExpressVPN is preparing to launch Shadowsocks support on some servers.
Network traffic containing this server configuration can be seen below. It shows that the application receives data on the Los Angeles server, especially if it has Shadowsocks features.
{
"71": {
"autoSafe": false,
"dedicatedIp": "",
"geoLocated": false,
"hasShadowsocks": false,
"id": "71",
"latency": null,
"latitude": 33.916,
"longitude": -118.3,
"minimumEndpointCount": 50,
"name": "USA - Los Angeles - 5",
"offline": false,
"popularity_order": 33115,
"portForward": false,
"priority": 55,
"slug": "usa-los-angeles-5",
"smartLocationData": null
}
}What does this mean for ExpressVPN users?
Currently, ExpressVPN automatically applies obfuscation to all internet traffic. This means users have no manual control if a connection fails in heavily censored regions like China.
The introduction of Shadowsocks support could resolve this issue, giving users a vital workaround when standard connections are blocked. As with any obfuscation method, there are no guarantees. Still, when you’re trying to go online in a highly censored country, the more options you have, the better.
It’s unclear how Shadowsocks will be used by the app, or whether it will be rolled out to other operating systems. Regardless, its addition likely signals renewed interest in censorship circumvention from the most secure VPN on the market.
This discovery is part of a broader desire by ExpressVPN to modernize its ecosystem. Following the recent rollout of its new password manager, AI client, and private email relay, giving power users manual control over their obfuscation seems like a natural next step.
For anyone considering trying ExpressVPN, it’s worth noting that it’s currently at its lowest price ever. Take a look at the offer below.
ExpressVPN response
When reached for comment, ExpressVPN COO Shay Peretz said:
“As we continue to evolve our Windows application, we regularly evaluate and test different technologies that can help improve user connectivity and reliability, particularly in harsh network environments with experimental or inactive components.
“At this point, we do not have any specific feature announcements to share regarding Shadowsocks support or a timeline for potential availability. As always, if and when we introduce new features designed to improve connectivity or circumvention resilience, we will communicate these updates publicly.
“In the meantime, our focus remains on continually improving the performance and reliability of the ExpressVPN app. The latest versions already include improved HTTPS-based connectivity mechanisms that help users maintain stable access across a wide range of network conditions, and we are already seeing strong adoption, showing that we are moving in the right direction.”
