- ExpressVPN is delivering on its promises of more frequent independent audits.
- The latest round of audits focused on ExpressVPN’s privacy-related practices.
- ExpressVPN users can rest assured that their data is never logged or stored.
The latest round of audits was conducted by KPMG and Cure53, both of which are respectable companies that specialize in cybersecurity. The goal of the audits was to test ExpressVPN’s claims that it logs and stores no personally identifiable data, emphasizing the protections provided by the TrustedServer technology. That’s an in-house VPN server technology, thanks to which ExpressVPN’s servers don’t use hard drives; they rely only on RAM instead.
The audit done by Cure53 placed an emphasis on the ExpressVPN TrustedServer setup and sources, checking for security vulnerabilities. The audit found 7 low-level issues and 3 medium-level issues, most of which have already been patched by ExpressVPN. None of those were severe vulnerabilities that could lead to data leaks.
Also, most of the found vulnerabilities are linked to the L2TP protocol, which ExpressVPN is in the process of deprecating, which should be complete by the end of October 2022.
In the end, we’ll mention that these latest audits (as well as all the previous audits) and their reports are available on the ExpressVPN website. You can access them by logging in to your account and visiting your dashboard.
If you’d like to learn more, check out our summary of what’s new in ExpressVPN.