ExpressVPN’s Privacy Protections Tested in 2 New Audits by KPMG & Cure53

  • ExpressVPN is delivering on its promises of more frequent independent audits.
  • The latest round of audits focused on ExpressVPN’s privacy-related practices.
  • ExpressVPN users can rest assured that their data is never logged or stored.

Earlier this year, ExpressVPN promised to invest in a greater frequency of third-party audits. That said, back in March, the VPNs published the results of its audit and penetration testing by F-Secure, focusing on the VPN’s Windows app. And now, ExpressVPN has unveiled that two new audits were done, focusing on Privacy Policy protection and server technology security.

The latest round of audits was conducted by KPMG and Cure53, both of which are respectable companies that specialize in cybersecurity. The goal of the audits was to test ExpressVPN’s claims that it logs and stores no personally identifiable data, emphasizing the protections provided by the TrustedServer technology. That’s an in-house VPN server technology, thanks to which ExpressVPN’s servers don’t use hard drives; they rely only on RAM instead.

The audit done by KPMG emphasized ExpressVPN’s controls network and interviews with the VPN's team members. In other words, the goal was to check the processes, systems, and controls intended to ensure that ExpressVPN’s servers are in compliance with its Privacy Policy.

We’ll remind you that as per ExpressVPN’s Privacy Policy, the VPN claims “not to collect logs of your activity, including no logging of browsing history, traffic destination, data content, or DNS queries.” Aside from that, “ExpressVPN never stores connection logs, meaning no logs of your IP address, your VPN IP address, connection timestamp, or session duration.”

KPMG’s audit concludes that ExpressVPN fully complies with its Privacy Policy. The VPN truly doesn’t log anything more than anonymous analytic data. More precisely, ExpressVPN logs your app versions, successful connection attempts, and the aggregate sum of data transferred. None of that data can be connected to a single individual.

The audit done by Cure53 placed an emphasis on the ExpressVPN TrustedServer setup and sources, checking for security vulnerabilities. The audit found 7 low-level issues and 3 medium-level issues, most of which have already been patched by ExpressVPN. None of those were severe vulnerabilities that could lead to data leaks.

Also, most of the found vulnerabilities are linked to the L2TP protocol, which ExpressVPN is in the process of deprecating, which should be complete by the end of October 2022.   

In the end, we’ll mention that these latest audits (as well as all the previous audits) and their reports are available on the ExpressVPN website. You can access them by logging in to your account and visiting your dashboard.

If you’d like to learn more, check out our summary of what’s new in ExpressVPN.

How to Watch America’s Got Talent Season 18 Online: Live Stream AGT from Anywhere
America's Got Talent Season 18 is back with a new set of episodes, and we have all the important details you may...
How to Watch Ex On The Beach UK Season 11 (2023) Online from Anywhere
Ex On The Beach UK 2023 is just around the corner, and we have all the details you may need on this...
How to Watch The Greatest Auction Online Free from Anywhere
Are you a fan of auctions? Do you get a thrill watching bidders compete for rare and valuable items worth millions of...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari