How ExpressVPNs TrustedServer Technology Keeps You Safe – How-To Geek

II.studio/Shutterstock.com

ExpressVPN is one of the best VPNs out there, largely because of how fast it is. This is due to several factors, not the least of which is the server technology the company employs. Called TrustedServer, it promises not just greater speeds than the competition, but also superior privacy. Lets take a look at how it works.

The full workings of TrustedServer are laid out in this post on the ExpressVPN blog by Shaun S., an engineering fellow at the company and the creator of the technology. The full post goes into remarkable detailwe wish more companies were this transparentso well just quickly recap it here for the less tech-savvy among you.

At the core of every VPN provider are its servers, computers that reroute your connection. Weve explained VPN servers in detail, but in short, they have their own type of hardware and software, including their own type of operating system.

In the case of TrustedServer, this operating system is a custom version of Linux, which is updated weekly. Each time a new version of the OS is created, the code is checked by a second engineerand, for more in-depth changes, even a third.

Each engineer also has to access their work using a special cryptographic key used to identify them. This ensures that nobody can add anything that might compromise the integrity of the OS, either through malice or by accident.

After the update has been put together, the new build of the OS is tested on internal servers by the team before deployment. Assuming all is well, the update is then rolled out, again with a number of failsafes to ensure safety.

Its a highly involved process with lots of double-checks, which, together with the transparency of the process, gives us a lot of faith in the security of ExpressVPNs servers. However, this isnt even what makes Trusted Server particularly unique.

The point to these regular weekly updatesbesides making sure any new threats can be dealt withis that resetting a server also deletes any data on it. This is because ExpressVPNs servers dont use regular hard disk memory to run, but instead run entirely on RAM, or random access memory.

The difference is that once you write something to regular memory, it stays there until somebody deletes it, while RAM wipes everything stored on it when the system reboots. This means that even if the system were to be breached, none of your logs (records that show when you connected and where you connected to) can be found. This is at the core of what VPNs areand thus is very important.

Naturally, the issue here is that if somebody were to breach the system (or get a warrant) on the day before the update is slated to go, theyd get a weeks worth of logs off of it. As such, ExpressVPN has implemented a system that it claims guarantees no logs are created, let alone kept.

Again, this system is layered, with failsafes built on top of failsafes. The first step is how ExpressVPN engineers its VPN protocolsthe rules that govern how the VPN server talks to other computers on the network. ExpressVPNs proprietary Lightway protocol allegedly keeps no logs whatsoever, but ExpressVPN has customized all the protocols it uses, like OpenVPN, so they dont do so, either.

However, you cant always predict what will happen: maybe a protocol will reconfigure itself by accident, or some other mishap makes it so that a log is accidentally created. To prevent this, ExpressVPN sets things up in such a way that any output by any VPN-related software is sent directly to a black hole inside the operating system.

Known as /dev/null, this is a special file that destroys anything sent there without a trace. Its a pretty cool little gimmick, and one we suspect is used by many VPNs to destroy logs.

All the above sounds great, but as is often the case with claims of no-log VPNs, youre taking all the companys promises at face value. After all, its not likely you can just go in and check whether TrustedServer works as advertised. To solve this issue, more and more VPNs are relying on independent audits performed by third parties.

ExpressVPN engaged PriceWaterhouseCoopers, a massive accounting and security firm better known as PwC, to conduct its audit of TrustedServer technology, and it passed with flying colors. This indicates that the technology works as advertised.

That said, there are a few notes we should make. For one, ExpressVPN doesnt allow you to sign up anonymously, so your personal data, like name and address are still in a database somewhere and could be vulnerable to attack.

The other is that, audit or not, youre still taking any no-log promises at face value. While ExpressVPN hasnt given us too much reason to doubt its word, PwC has: The companys recent history is rife with accusations of malfeasance: for example, one whistleblower claims that financial auditors pulled their punches to make sure that they would retain the business of Silicon Valley companies they were auditing. This 2020 article by accounting site Going Concern has a recap of some of the biggest lawsuits PwC was involved in.

That said, ExpressVPN also has undergone audits of other parts of its tech (like this one by Code53 for its browser extension,) so we feel confident in saying that TrustedServer works as advertised. Overall, ExpressVPNs transparency is a good indicator that you can trust its technology to keep your data safe.

Continue reading here:

How ExpressVPNs TrustedServer Technology Keeps You Safe - How-To Geek