Latest news with #TrustedServer
Tom's Guide
3 days ago
- Business
- Tom's Guide
ExpressVPN launches servers in every US state – here's why you should care
ExpressVPN has upgraded its server network to include one in every US state. There are now 62 server locations across the country, up from 24. ExpressVPN is one of the only providers on our best VPN list that can claim this title. Private Internet Access (PIA) – also owned by Kape Technologies – is the only other VPN we recommend that has a server in every US state. Operating servers in every US state means faster speeds for ExpressVPN users. There can be a wider distribution of server load – the number of people using a particular server at one time – but users are also physically closer to them. The launch of the new servers has seen ExpressVPN increase its US server count by 38, with multiple servers in the high-demand areas of Los Angeles and New Jersey. All of ExpressVPN's servers are physical, but there won't necessarily be a physical server in every state. A proportion of locations are virtual servers and your traffic is routed through a physical server nearby. Regardless of this, your IP address will always match that of your chosen state. The new servers run on ExpressVPN's TrustedServer technology. This is RAM-only and wipes all data every time it reboots – a reboot cycle is completed every week. Fast speeds will also be delivered thanks to ExpressVPN's unique Lightway Turbo protocol. In our latest round of testing, we saw ExpressVPN hit speeds of 890+ Mbps, which makes it one of the fastest VPNs. Shay Peretz, Chief Information Officer at ExpressVPN said the provider wanted to "meet users where they are." "People want privacy that works with the rest of their lives. They want tools that match the digital environments around them, without friction. Our goal is to make that possible without sacrificing security or speed," he added. ExpressVPN has servers across all of the US, covering 62 locations and 50 states. How does this compare to its competitors? In the grand scheme of things, having a server in every US state isn't crucial. Major locations such as New York, Texas, Florida, Chicago, and California will always be covered. For those connecting from outside the US, state-specific servers aren't normally required. But for those living in the US, there may be a need to connect to a server in a certain state. The US has state and federal governments, meaning laws can differ from state to state. Websites can be blocked or restricted in certain states and you may want to connect from another state to access them. Bypassing broadcasting blackouts can be another reason you may need a server in every US state. Sports broadcasting has a history of blackouts, and certain agreements may result in a game not being broadcast for some viewers. Ticket sales, distance from the ground, and exclusive rights deals are all reasons blackouts may occur. You should ensure you're not breaking any laws or terms and conditions before using a VPN to access restricted content. Finally, as mentioned above, having geographically closer servers can improve speeds and help distribute server load. We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
Engadget
26-06-2025
- Business
- Engadget
ExpressVPN's external auditors confirm no-logs policy as of February
"ExpressVPN never keeps data that could tie you to any online activity," the VPN provider claims on its website. An independent audit from late February supports those claims. Accounting firm KPMG found "reasonable assurance" that the VPN provider's system prevents the logging of user activity. The product is one of Engadget's top VPN picks. The firm's audit put ExpressVPN's TrustedServer system under a microscope. That's the company's RAM-based system. In theory, this approach means user data is wiped with every server reboot. (Doing so would prevent even the possibility of long-term storage.) Some competitors, including NordVPN, also use RAM-based servers. Meanwhile, ProtonVPN counters that properly encrypted hard drives are just as secure. Another counter-argument to RAM-based servers is that they're only as effective if they're rebooted. In theory, a company could run RAM servers for marketing purposes, but then never restart them. That's where audits can help. KPMG has a high level of confidence that the no-logging system functioned as advertised in late February. "Controls provide reasonable assurance that the ExpressVPN TrustedServer does not collect logs of users' activity," KPMG's paper reads. That included "no logging of browsing history, traffic destination, data content, DNS queries or specific connection logs." KPMG's assessment was an ISAE 3000 Type I audit. That means it focused on ExpressVPN's control design and implementation at a specific point in time. (Meanwhile, a Type II audit would have gone farther, testing the effectiveness of those controls over an extended period.) If you aren't familiar, KPMG is one of the Big Four accounting firms. It's a trusted name that corporations shell out big bucks to for audits like this. The assessment looked at several factors. These included documentation reviews, observing the system at work and interviewing ExpressVPN personnel. The audit's conclusion applies "as of February 28, 2025." You can read KPMG's full paper for a more detailed breakdown.
Tom's Guide
26-06-2025
- Business
- Tom's Guide
ExpressVPN reasserts its privacy claims with third no-logs audit
ExpressVPN has completed a third audit of its no-logs policy and TrustedServer system. The provider, one of the best VPNs, is known for its privacy credentials and these were proven in this audit. KPMG LLP examined ExpressVPN's privacy policy and TrustedServer technology and "reasonable assurance" was provided that ExpressVPN does not collect activity or connection logs. A verified no-logs policy is a must-have for the most private VPNs and Windscribe's recent court case proved just how important they are. ExpressVPN says its "technology is engineered so that activity logs and connection logs are never retained." KPMG assessed these claims by examining ExpressVPN's TrustedServer technology and its privacy policy. The assessment was conducted under the globally recognized International Standards on Assurance Engagements (ISAE) (UK) 3000 Type 1. TrustedServer's design means it prevents log collection. No-logging is built into the technology and the process is constantly reviewed. The servers regularly reboot, and any accumulated data is forgotten. KPMG confirmed that no personally identifiable information, such as a user's IP address, is logged on the server, or exported from the server in any way. The firm provided "reasonable assurance" that TrustedServer "does not collect logs of users' activity, including no logging of browsing history, traffic destination, data content, DNS queries, or specific connection logs." No issues were identified. KPMG confirmed the results aligned with ExpressVPN's no-logs policy and users were protected. These claims were true as of 28 February 2025 and KPMG's full assessment report is available to read. ExpressVPN says it makes continuous efforts to validate its privacy promises and regular independent audits are essential for this. "Independent assurance isn't just a checkbox for us – it's fundamental in our efforts towards trust and transparency," said Aaron Engel, Chief Information Security Officer at ExpressVPN. "Having KPMG evaluate our technologies and assess our privacy protections again demonstrates our unwavering commitment to maintaining the highest standards of user privacy protection." Engel added that "by subjecting our systems to rigorous third-party scrutiny, we're not just verifying our current protections – we're establishing a standard for accountability that we hope will raise the bar across the entire VPN industry." ExpressVPN has published 23 third-party audits and it recently commissioned two assessments of its Lightway protocol. Lightway has been remade in Rust to make it even faster and more secure. Cure53 and Praetorian completed the assessments and positive results were found – low-risk findings were immediately addressed by ExpressVPN. The Lightway protocol also fully supports post-quantum encryption, meaning ExpressVPN users can protect their devices with the highest standards of security. We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
