ExpressVPN Gets Audited by PwC to Validate Claims of Privacy and Security

  • ExpressVPN privacy policy, codebase integrity, and TrustServer architecture get validated by PwC.
  • The VPN provider has had their claims confirmed by an independent, and well-respected auditor.
  • The one-month audit is one of the most comprehensive and wide spectrum covering we have seen.

Independent audit experts PricewaterhouseCoopers (PwC) have audited ExpressVPN’s servers to confirm compliance with privacy policy and privacy protections, and also evaluated the company’s TrustedServer technology. Audits that are carried out by independent third parties have the value of confirming what the company’s claims, or debunking them if they are invalid. This is why ExpressVPN is ordering audits like this one, as they have done again in the recent past with Cure53 who audited their browser extension. Security claims are easy to make, but customers should only accept them after they have been put to the test by an independent entity.

For VPN (Virtual Private Network) service providers, it all starts in their codebase, who can access their servers, and what they are allowed to change in there. This was the focus of this audit, which was conducted under the International Standard on Assurance Engagements (ISAE) 3000. To perform the examination, ExpressVPN gave PwC extensive access to their team and system information for a full month, while they took part in interviews and openly shared all system management and data handling and logging activities in the company.

According to the TrustedServer architecture, the servers run in RAM only, and the bootloader on the server hardware boots directly into a read-only ISO image file (Debian Linux) that is digitally signed by Express VPN. There can be no booting without a valid signature, no files written to system locations, and no ISO content modifications. This, as well as the claim that no PII or IP addresses ever leave the contained environment,  was checked and confirmed by PwC. As for the codebase changes and deployment, it was affirmed that there can be no changes pushed directly in the master branch, so there can be no unchecked and unapproved code changes on the servers.

ExpressVPN is consistently scoring high in our reviews, and this latest news is only strengthening our position on promoting the product as a trustworthy privacy protecting solution. Other VPN vendors who have had their products audited in the past is TunnelBear, NordVPN, and more, but in this latest case of the ExpressVPN it is the first time that we see an auditor go beyond just testing the privacy policy compliance, validating key security technologies that are unique to the product such as the TrustedServer architecture. That said, this is one of the most complete and extensive audits we have seen in the industry so far.

Have something to say on the above? Feel free to leave your comments down below, or join the discussion on our socials, on Facebook and Twitter.

REVIEW OVERVIEW

Recent Articles

9 Best Halloween VPN Deals (2020) – Save up to 85% While Paying as Little as $1.65/Month!

There are many reasons why VPNs have become essential tools in our interaction with the Web. However, the fact is that they come with...

Netflix Introduces Another Price Hike in the US as Users Complain About Content

Netflix moved forward with another price bump to support the creation of more originals.Investors were happy with it, but many subscribers are...

ExpressVPN Review 2020 – An Extremely Well-Rounded VPN That’s Worth Its Price!

ExpressVPN is often found on the lists and overviews of the best VPNs available right now. Thanks to a clever combination of ingenious marketing...