We all know that every VPN’s most basic and important feature is how well it keeps you private and secure. Yet it is sometimes overlooked, especially when you are blinded by all the other good features you can get from it.
But in the case of ExpressVPN, it does great in all categories of privacy and security.
It was recently acquired by Kape Technologies. It also owns Private Internet Access, CyberGhost, and ZenMate. This acquisition helps ExpressVPN level up its VPN service by investing more in the advancement of digital protection and security technology.
Logs Policy: Does ExpressVPN keep logs?
Of course, like almost every VPN out there, ExpressVPN still collects general information to administer your subscription like billing information and email address. They also collect other minimal details for maintenance and troubleshooting including the following:
- connection time
- apps and app versions
- the aggregate sum of data transferred
- anonymous diagnostics reports (which can be turned off by the user)
- VPN server location (but not your assigned IP Address)
If you think that’s not enough, they also developed an in-house technology called TrustedServer, which wipes out all data every time a server is rebooted (ram-only servers).
If you want to add another layer of protection, you can choose to create a new email dedicated to your VPN activities. Plus, they even recommended that you use Crypto payments (Bitcoin) to subscribe to their VPN services. This also minimizes the amount of personal information you submit to them.
Jurisdiction: Is it under the 14-Eyes Alliance?
One of the things we liked about ExpressVPN is that it’s located in the British Virgin Islands. Despite the fact that it’s part of the British overseas territory, this country has an autonomous government so there are no data retention laws.
On top of its strong privacy laws, it’s also outside of the 14 Eyes Alliance so they are not obliged to share any information with whoever demands it.
Encryption: Is ExpressVPN really secure?
All ExpressVPN traffic is encrypted using AES 256-bit standard — the same encryption the US government uses to protect classified information. This is also the encryption standard most VPNs use.
But unlike other providers, ExpressVPN elaborates that it uses a 4096-bit SHA-512 RSA certificate, as well as HMAC authentication, control-channel encryption, and data-channel encryption.
Plus, Perfect Forward Secrecy assigns your device a unique secret key whenever you connect to the app. This is replaced every 60 minutes for as long as your session stays open. So, should your system be compromised, the hacker will lose access after 1 hour, which limits the damage.
Basically, all these technical details only prove that ExpressVPN ensures that your data is protected.
Protocols: Which One is the Best?
If you don’t know what a VPN protocol is, simply put, it’s the method the VPN uses to connect your computer to the VPN server and transfer data.
Think of it as the pipeline that enables data to flow to and from the VPN server. If you use outdated ones, your connection will be slower and could be vulnerable to hackers. (Just like how a rusted pipe might spring a leak.)
Luckily, ExpressVPN gives you access to all the newest, fastest, and most secure VPN protocols:
- IKEv2 (not available on Android)
- L2TP/IPsec (Windows Apps only)
If you don’t know what any of that means, don’t worry. With the default auto setting, the ExpressVPN client automatically chooses the best protocol based on your usage.
We recommend using Lightway, which is the exclusive protocol developed by ExpressVPN. It’s super lightweight, uses less battery, and offers quick network transition. This makes it an ideal choice for mobile devices and is comparable with WireGuard.
Private DNS: Does it prevent DNS leaks?
Unlike many other VPN providers, which redirect your DNS traffic to a third-party provider, ExpressVPN runs its own zero-knowledge DNS servers. This guarantees that your data stays private.
When we used the software, we tested it on www.dnsleaktest.com and confirmed that it passed the DNS leak test. ExpressVPN showed that their VPN servers are handling all DNS requests.
ExpressVPN has also created its own open-source DNS testing tool, which you can try and use for free on its website (or access on GitHub).
ExpressVPN offers its version of Kill Switch called Network Lock. This is one of the essential features you’ll need to keep your data safe in case your VPN connection drops. What it mainly does is block all internet traffic until your connection is restored so that your IP address will not leak.
The Network Lock feature is only available on Windows, Mac, Linux, and router app. For Android, there is Network Protection which offers the same feature as Network Lock. However, take note that this might disrupt split tunneling. So make sure that you choose the right settings under Network Protection.
Split tunneling is a way to separate out VPN traffic. It doesn’t need to be passed through the secure VPN tunnel. That way, you can, for example, browse the web with your regular internet connection while your torrent client is connected via the VPN.
ExpressVPN is one of the best VPNs for split tunneling. It’s built straight into the ExpressVPN apps for Mac, Windows, Linux, Android, and routers. It is not yet available in the iOS app at the time of writing, so we’re hoping that they add it in the future.
Since ExpressVPN lets you choose which apps to include or exclude in your VPN connection, you can get very granular with which apps to let through.
Note: Split tunneling is not yet available for MacOS 11 at the time of writing.