ExpressVPN reasserts its privacy claims with third no-logs audit
The provider, one of the best VPNs, is known for its privacy credentials and these were proven in this audit.
KPMG LLP examined ExpressVPN's privacy policy and TrustedServer technology and "reasonable assurance" was provided that ExpressVPN does not collect activity or connection logs.
A verified no-logs policy is a must-have for the most private VPNs and Windscribe's recent court case proved just how important they are.
ExpressVPN says its "technology is engineered so that activity logs and connection logs are never retained."
KPMG assessed these claims by examining ExpressVPN's TrustedServer technology and its privacy policy. The assessment was conducted under the globally recognized International Standards on Assurance Engagements (ISAE) (UK) 3000 Type 1.
TrustedServer's design means it prevents log collection. No-logging is built into the technology and the process is constantly reviewed.
The servers regularly reboot, and any accumulated data is forgotten. KPMG confirmed that no personally identifiable information, such as a user's IP address, is logged on the server, or exported from the server in any way.
The firm provided "reasonable assurance" that TrustedServer "does not collect logs of users' activity, including no logging of browsing history, traffic destination, data content, DNS queries, or specific connection logs."
No issues were identified. KPMG confirmed the results aligned with ExpressVPN's no-logs policy and users were protected.
These claims were true as of 28 February 2025 and KPMG's full assessment report is available to read.
ExpressVPN says it makes continuous efforts to validate its privacy promises and regular independent audits are essential for this.
"Independent assurance isn't just a checkbox for us – it's fundamental in our efforts towards trust and transparency," said Aaron Engel, Chief Information Security Officer at ExpressVPN.
"Having KPMG evaluate our technologies and assess our privacy protections again demonstrates our unwavering commitment to maintaining the highest standards of user privacy protection."
Engel added that "by subjecting our systems to rigorous third-party scrutiny, we're not just verifying our current protections – we're establishing a standard for accountability that we hope will raise the bar across the entire VPN industry."
ExpressVPN has published 23 third-party audits and it recently commissioned two assessments of its Lightway protocol.
Lightway has been remade in Rust to make it even faster and more secure. Cure53 and Praetorian completed the assessments and positive results were found – low-risk findings were immediately addressed by ExpressVPN.
The Lightway protocol also fully supports post-quantum encryption, meaning ExpressVPN users can protect their devices with the highest standards of security.
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
26 minutes ago
- Yahoo
UK web surfers warned of cyber security risks following new Online Safety Act
Web surfers in Great Britain have been warned that certain online workarounds could expose them to potential cyber attacks. It comes after the introduction of the Online Safety Act, which has led many people searching for ways to circumvent the new restrictions. Introduced this month, the Online Safety Act is focused on blocking access to adult material online. The legislation requires all users wanting to access particular sites to enter their information in order to prove their age. Communications regulator Ofcom claims the policy will drastically reduce the number of children accessing inappropriate content. "This is a significant change to how adults in the UK access pornography, and is a key step in helping to protect children from harmful content when they're online," Ofcom said in a recent statement. READ MORE: HMP Dovegate name inmate tragically found dead this morning READ MORE: Student entrepreneur running business from bedroom makes £788k made-up VAT claim But - although the bill is aimed at children - numerous adults have criticised the legislation. Sceptics have argued they do not want to provide personal details such as names, email addresses and financial information in order to access adult platforms. Additionally, specialists have expressed worries that this mandate could leave people more vulnerable to online criminal activity, with scammers potentially looking to capitalise on the fresh verification system. Jake Moore, Global Cybersecurity Advisor at ESET, explained: "There are still details of the act that are missing that could even pose significant privacy and security risks by collecting data such as ID uploads and financial information." As reported by the introduction of the act has sparked a surge in the use of Virtual Private Networks (VPNs), which conceal users' online activity and can mislead websites into believing a computer is located in another country. A VPN provider has reported a significant surge in UK downloads, with these apps currently dominating the top spots on app stores. While it may appear to be a straightforward solution, downloading and using a VPN can carry certain dangers, particularly when searching for free versions. The web is awash with sites offering VPN services at no cost, but such deals are frequently too good to be true. "One of the primary concerns with free VPNs online is that they may not have robust security features," the EC-Council University said. "Many free VPN providers lack the resources to develop and maintain strong security protocols, leaving their users vulnerable to cyber threats such as malware, hacking, and phishing. "Free VPNs need to generate revenue, and they often do this by logging and selling users' data to third-party advertisers. These VPN providers may log your browsing history, online activity, and personal information and then sell it to advertisers, compromising your online privacy." Prior to considering downloading a VPN, it's essential to carry out comprehensive research and verify that any software you install is entirely safe. "We understand the temptation of having a secure online connection for free," the Mozilla team stated. "It's important that you know, however, that the risks of free VPNs may make you think twice about that free price tag. When VPNs are offered to users for free, that means that providers have to gain revenue in another way." Following the implementation of the Online Safety Act, a petition has been created urging the Government to abolish it. At the time of writing, it had attracted more than 423,000 signatures. The petition stated: "We believe that the scope of the Online Safety act is far broader and restrictive than is necessary in a free society. For instance, the definitions in Part 2 covers online hobby forums, which we think do not have the resource to comply with the act and so are shutting down instead. "We think that Parliament should repeal the act and work towards producing proportionate legislation rather than risking clamping down on civil society talking about trains, football, video games or even hamsters because it can't deal with individual bad faith actors." Should a petition reach 100,000 signatures, it must be considered for parliamentary debate. Get daily headlines and breaking news emailed to you - it's FREE
Los Angeles Times
an hour ago
- Los Angeles Times
FireAid retains law firm to review grants, after Trump's misleading criticism
The organizers of the wildfire relief organization FireAid have retained a law firm to review its grantmaking process. The move follows misleading criticism from President Trump and right-wing politicians who have called for FireAid to be investigated. FireAid, a benefit produced by Clippers owner Steve Ballmer, music mogul Irving Azoff and others, quickly raised $100 million in January, following the devastating Eaton and Palisades fires that tore through southern California. The concert featured A-list performers like Billie Eilish, Lady Gaga and Olivia Rodrigo, and the group quickly made $50 million in grants to local nonprofits supporting cash and food aid, housing, childcare and other immediate needs. A second round of $25 million followed, focusing on legal aid, mental health, permit assistance and other continuing issues. A third round will go out later this year. Yet the organization has come under criticism in recent weeks by both Palisades residents and Republican politicians, including California Rep. Kevin Kiley, alleging a lack of transparency in the grantmaking process and disagreements with the strategies for distributing funds. While FireAid has published a detailed report of every group that received funds, President Trump weighed in recently to call FireAid 'A TOTAL DISASTER.' The President continued with misleading criticism, saying the event 'LOOKS LIKE ANOTHER DEMOCRAT INSPIRED SCAM. 100 MILLION DOLLARS IS MISSING. WAS SUPPOSED TO TO GO TO THE LOS ANGELES FIRE VICTIMS, FIRES THAT, WITH PROPER MANAGEMENT, WOULD NEVER HAVE EVEN HAPPENED.' In response, FireAid said that its accounting firm KPMG will have a comprehensive report on the grants' impact ready in December and a six-month progress report within weeks. Additionally, it has 'tasked Latham & Watkins to conduct a comprehensive review of FireAid's governance and grantmaking processes. This review will also include assessing whether recipient organizations are using funds in alignment with FireAid's stated purpose and commitments. We've shared this update with Rep. Kiley, along with documentation showing how FireAid funds are delivering real relief — from food and housing to legal aid and direct cash assistance. 'FireAid was established immediately after the Fires to provide relief through various non-profit charitable organizations that have the infrastructure and experience that could be leveraged to support those affected by the Fires,' the organization continued. 'By allocating funds to non-profit charitable organizations with experience and capability across a broad spectrum of necessary services, FireAid has strived to ensure that assistance reaches the communities and individuals most affected by the Fires in a responsible yet efficient and impactful manner.'
Forbes
10 hours ago
- Forbes
How DEI Optimizes (Not Compromises) Merit
Heather Price | Founder and Co-CEO at Symmetra | Recognised Global DEI Expert. There has been no shortage of claims lately that DEI has gone too far and compromised merit, and that fair treatment in the workplace should be determined by merit alone. But I believe this view is based on a false dichotomy. Diversity and meritocracy are not mutually exclusive. Far from undermining merit, a well-designed and well-implemented DEI strategy nurtures merit by identifying and dismantling hidden barriers and practices that exclude anyone from fair opportunity. The Paradox Of Meritocracy Meritocracy, the principle that rewards should be based on individual ability and effort, is a cherished ideal. But research shows that when institutions declare themselves to be meritocratic, they often become more—not less—biased. In a foundational study, it was found that companies professing a strong belief in meritocracy were more likely to reward men over equally performing women because the belief in objectivity ironically reduces self-scrutiny in decisions, giving managers subconscious permission to act on stereotypes. This highlights a critical truth: Declaring systems meritocratic does not make them so. Genuine meritocracy requires active effort to identify and correct systemic distortions that obstruct the fair progression of all talent. This is precisely what DEI practices set out to achieve: to recognize and reward true merit and embed fairness for all in the workplace. In fact, new research demonstrates that a focus on high performance and rewarding merit, properly implemented, has the effect of increasing diversity. Bias And Barriers To Real Meritocracy There is a raft of research demonstrating the structural and cognitive barriers that prevent true merit-based decisions. People tend to favor those similar to themselves. This affects hiring, performance reviews and promotions into leadership, which often privilege Western communication styles or prestigious educational pedigrees. The irony is that diversity and performance are positively correlated, not contradictory. A peer-reviewed study on 43,000 hedge funds showed that diverse teams outperformed more homogenous teams by 4% to 6% annually through superior arbitrage of market anomalies, greater ability to avoid behavioral biases and superior risk management. When non-majority individuals fear being judged through stereotypes, their performance can suffer, a phenomenon called stereotype threat. These folks internalize the message that they don't fit the mold of success, which reinforces their sense of being an "imposter." In a survey of 750 female executives, KPMG found that 75% of them reported experiencing imposter syndrome at certain points in their careers, most often when transitioning to new roles. Meanwhile, implicit bias skews evaluations, even among well-intentioned leaders, often undervaluing the contributions of non-majority employees. The Kirwan Institute's "State of the Science" report consolidates recent findings on implicit bias, emphasizing its pervasive nature across the workplace and underscoring the importance of systemic approaches for effective mitigation. Many high-potential non-majority candidates face barriers long before they enter the workplace: unequal access to elite schools, mentors, internships or international assignments, thereby developing less "experience capital." Without deliberate interventions, diverse talent remains underdeveloped or invisible in traditional talent pipelines. In the workplace, merit-based advancement is defined as proven performance combined with future potential. And herein lies the problem, because studies show that men are promoted based on potential, due to more confidence in their future promise, while women employees are promoted only on proven performance and repeated proof of their capability to achieve similar advancement. This systemic bias contributes significantly to persistent disparities in diverse leadership. Research shows that women often receive less actionable and more vague feedback compared to men. Without clear, developmental, skills-based feedback, they struggle to pinpoint what's needed for advancement, and the cumulative impact renders them less likely to advance into more senior positions. Strategies To Build A Diverse Meritocracy—Without Backlash The goal is not to lower the bar, but to find the best people, including those often overlooked. Below are evidence-based strategies to do so. • Reframe and refine job descriptions with communal rather than agentic language, including recognition of transferrable skills and experience. • Use structured interviews. These reduce bias and are more predictive of performance than unstructured ones. • Remove identity markers from CVs to avoid implicit bias. • Rely on skills-based assessments rather than credentials or referrals, which often perpetuate exclusivity. • Broaden outreach to candidates who would be unaware of or unlikely to apply for opportunities. • Offer targeted sponsorship and stretch assignments to high-potential employees from underrepresented backgrounds. • Audit promotion data to spot patterns of attrition or stagnation. • Use consistent, job-related, transparent criteria for advancement to minimize "cultural fit" as an exclusionary standard and disrupt similarity bias of managers. • Introduce evidence-based approaches to ensure fairness around promotions and pay. • Mandate the use of bias disruption processes in talent acquisition and talent management. • Position DEI as a business and innovation strategy. • Frame DEI as enhancing merit and objectivity, not compromising it. • Highlight the performance dividends of diverse teams: better decision-making, greater creativity, stronger financial results. Top-down DEI mandates can backfire if seen as imposed or punitive. Instead: • Build coalitions and engage managers as partners in talent discovery. • Position inclusion as a fundamental leadership competency for future-fit leaders . • Leverage employee voices to build understanding that the objective of DEI is to recognize and reward true merit and embed fairness for all in the workplace . Conclusion: DEI Is Merit Meritocracy is a powerful and necessary goal—but it cannot be achieved by declaring it. It must be built, intentionally and inclusively. DEI is not a deviation from merit but a strategy to elevate it, especially when bias and inequity are systemic. When organizations commit to dismantling these barriers, they don't dilute excellence; they multiply it. The future belongs to organizations that understand this truth and lead accordingly. Forbes Human Resources Council is an invitation-only organization for HR executives across all industries. Do I qualify?
