NymVPN has pushed a practical privacy upgrade to Windows users with the release of beta split tunneling in v2026.7, available through the Windows v1.28.0 client. The change matters because VPN protection is rarely an all-or-nothing decision in daily use: people often need to shield sensitive traffic without forcing every app through the same encrypted route.
The update also reaches beyond convenience. Across platforms, NymVPN has introduced an experimental post-quantum key exchange system called the Lewes Protocol, a sign that VPN providers are starting to prepare not only for current surveillance risks but for future attacks from far more powerful computing systems.
Why split tunneling matters in real use
Split tunneling solves a common problem in consumer VPNs. Encrypting all traffic can improve privacy, but it can also create friction when certain apps work better on a direct connection, whether for speed, compatibility, or access to local network services. A good split tunneling tool lets the user decide which traffic needs stronger privacy and which traffic can stay outside the VPN without constant manual switching.
That is the significance of NymVPN bringing the feature to Windows in beta. A user can keep a browser or messaging app inside the VPN while letting bandwidth-heavy streaming services or latency-sensitive local applications connect through the ordinary internet connection. For many people, that is what makes a VPN workable as an everyday tool rather than something switched on only for specific moments.
Nym says the feature is still under development and is asking for user feedback, which is a sensible stance. Split tunneling can be deceptively hard to get right because it sits at the intersection of operating-system networking rules, app behavior, and user expectations. If traffic escapes the tunnel unexpectedly, privacy can be weakened. If routing rules are too rigid, the feature becomes confusing or unreliable.
Privacy control is becoming more granular
Nym’s roadmap points to a more detailed version of split tunneling that would route specific apps through either its Fast mode or its Anonymous mode. That distinction matters. In broad terms, VPN users are no longer choosing only between “on” and “off.” They increasingly want different privacy settings for different tasks: stronger anonymity for sensitive browsing, faster routing for ordinary protection, and direct access for trusted high-bandwidth apps.
This reflects a wider shift in privacy software. The market has matured beyond the promise of blanket encryption. Users now expect controls that fit real behavior across work, entertainment, and communication, especially on laptops and phones where many services run at once and not all of them benefit equally from tunnelled traffic.
Post-quantum security moves from theory toward deployment
The Lewes Protocol may draw less immediate attention than split tunneling, but it speaks to a deeper security question. Modern VPNs depend on cryptographic key exchanges to establish secure sessions. Post-quantum cryptography is designed to resist future attacks from quantum computers that could undermine some current public-key methods. For most users, that threat is not an immediate household concern, but providers are under pressure to prepare early because encrypted data captured today could, in theory, be decrypted later if stronger attacks become practical.
Nym says the new protocol is available for Fast mode and may also improve connection times and startup. That combination is important. Security upgrades are easier to adopt when they do not impose visible performance penalties. The company plans to test the protocol in production before making it the default for secure key exchanges, which suggests a cautious rollout rather than a marketing claim detached from operational reality.
Audit follow-through and platform polish
The release also includes changes for macOS, where NymVPN says it has strengthened the privacy of communications between the app and its background daemon, following recommendations from a 2025 Cure53 audit. That kind of work tends to attract less attention than user-facing features, yet it is often where trust is actually earned. External audits do not guarantee perfection, but acting on their findings is one of the clearer signals that a vendor is treating security as an ongoing process rather than a slogan.
Elsewhere, the company says it has fixed interface bugs tied to social logins and improved server selection on Android. Taken together, the update shows a provider trying to improve both the visible and invisible parts of VPN use: better controls for everyday traffic, stronger preparation for long-term cryptographic risks, and fewer weak points in the software around them.
