ExpressVPN Publishes PwC Audit Report

ExpressVPN released today an independent audit of its VPN servers by PwC (PricewaterhouseCoopers). The publication of the audit underlines ExpressVPN’s commitment to transparency and delivering to customers privacy and security that they can trust.

In the audit, PwC’s security audit professionals examined ExpressVPN’s servers and code to confirm compliance with ExpressVPN’s published privacy policy and to validate that its TrustedServer technology works as described.

Key elements of the privacy policy that were reviewed include ExpressVPN’s policy of not collecting activity logs, connection logs, or any other information that could compromise users’ privacy or security by linking them to specific online activity.

“Our customers trust us to protect their privacy and security, and we believe in earning that trust through transparency, rather than just asking them to take our word for it. Audits by trusted third parties provide independent verification of the privacy and security commitments we make to customers,” said Harold Li, vice president, ExpressVPN.

“In this latest audit, we gave PwC extensive access to our servers, code, and engineers and invited them to independently vet our privacy policy. We’re very pleased with the results.”

The audit also checked the accuracy of claims ExpressVPN has made about how its TrustedServer technology works. TrustedServer sets a new standard in the VPN industry for privacy and security by minimizing data risk and ensuring software consistency at scale.

It ensures all data is wiped with every reboot by having servers run in RAM only (never hard drives⁠) and it delivers greater security through consistency across ExpressVPN’s 3,000+ servers by reinstalling the entire software stack fresh every time a server reboots.

This comprehensive audit is just the latest in ExpressVPN’s work to increase transparency in the VPN industry, with the goal of empowering consumers with the information they need to choose the best VPN for them.

Last year, ExpressVPN worked with the Center for Democracy and Technology to launch an industry initiative on responsible disclosure in the VPN sector. Earlier this year, it published a security assessment of its browser extension by cybersecurity firm Cure53 and also open-sourced the extension source code.

The company provides detailed information about its security practices on its website and has developed open-sourced leak-testing tools to enable independent verification of its apps’ protection against leaks. ExpressVPN is committed to publishing additional audits and penetration tests in the future.

“Privacy and security have never been more important, and consumer VPNs are being adopted at an ever faster rate. It’s thus crucial that we have high standards for trust and transparency in the industry,” added Li.

“ExpressVPN will continue leading the way not just in delivering the best in privacy and security, but also in enabling everyone to verify that for themselves.”

Read the complete audit report here.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.