Users attempting to access certain websites Wednesday encountered a message instructing them to disable VPNs or configure “split tunneling,” signaling a growing conflict between VPN services and increasingly sophisticated bot detection systems. The message, appearing in multiple languages including English, Dutch, and French, prompted a response from NordVPN, which advised users facing disruptions to either temporarily disable the service or utilize split tunneling features.
The issue stems from a surge in bot detection technologies employed by websites to prevent automated traffic and maintain security. These systems, however, are increasingly misidentifying legitimate VPN users as bots, leading to access denials. NordVPN acknowledged the problem, characterizing it as a “Bot Battle” and not solely a company-specific issue, but rather a broader trend impacting VPN services.
Split tunneling, a feature offered by many VPN providers, allows users to route specific applications or websites outside the encrypted VPN tunnel, while directing other traffic through it. According to PCMag, this addresses compatibility issues that can arise when using a VPN. By selectively routing traffic, users can potentially bypass bot detection systems that flag all VPN traffic as suspicious.
However, experts caution that split tunneling introduces security risks. Comparitech notes that when split tunneling is enabled, some online activity bypasses the VPN’s encryption, leaving that data vulnerable to interception by ISPs, Wi-Fi providers, or malicious actors on public networks. This can expose unprotected applications to potential cyberattacks and data leakage.
A VPN creates an encrypted tunnel between a user’s device and a proxy server, ensuring data security and privacy. While VPNs are designed to protect online activity, split tunneling compromises this protection for the applications or websites routed outside the tunnel. The trade-off between accessibility and security is a key consideration for users employing this feature.
As of Thursday, NordVPN has not issued a further statement regarding the ongoing disruptions, and the affected websites have not publicly commented on their bot detection practices. The situation remains unresolved, leaving users to navigate the conflicting demands of online access and data security.
