|Location||British Virgin Islands|
|Logs||No logs (audited)|
In today's world, the list of entities that wish to spy on us seems endless. Tech companies want to use our data to target ads at us. Competitors want to steal our employer's trade secrets. Hackers want to steal our data to rob us of money or just ruin our lives. Even our own governments want to spy on us.
Right now in the USA, the SolarWinds hack is being used as a rationale for expanding the government's abilities to spy on US citizens. I don't really understand their arguments. All I know is we are the only ones even pretending to be interested in protecting our privacy.
In this environment, everyone needs a good VPN. That's why we are here right now, examining ExpressVPN to see if it should be on your shortlist. In this ExpressVPN review, we'll look at the pros and cons of ExpressVPN to see if this VPN is worth your attention.
September 2021 ExpressVPN News Update
This month we've had two major news stories related to ExpressVPN. We at SecurityTech find both of them to be disturbing, and they have caused us to stop recommending ExpressVPN.
One story involves the purchase of ExpressVPN by Kape, an Israeli cyber security firm. While this sounds innocuous at first, Kape was previously known as Crossrider, an adware company whose products were frequently blocked as malware by Symantic and other antimalware apps. While ExpressVPN says they will still operate as an independent company, it is hard to place much faith in a VPN that is owned by a former malware publisher.
The other story involves Project Raven, a covert cyber espionage operation. According to Reuters, “At the behest of the UAE’s monarchy, the Project Raven team hacked into the accounts of human rights activists, journalists and rival governments.” The team hacked into US computer systems, violating various US laws.
One member of the Project Raven team, Daniel Gericke, is currently CIO of ExpressVPN. Gericke and two other members of the team entered into a plea deal with the US Department of Justice. As part of Gericke's plea deal, he is required to provide full, complete, and truthful information to the FBI or any other US. government organization. The court documents don't list any limitations of what subjects Gericke must provide information on, which is troubling since he is in an executive position at a company that is supposed to protect user information from the government.
While I have long been a fan of ExpressVPN, I have to agree with Edward Snowden, who tweeted,
If you're an ExpressVPN customer, you shouldn't be.Edward Snowden tweet, Sept 15, 2021, 7:00 PM
- Strong security and privacy
- Secure apps for virtually any operating systems or devices
- Lightway VPN protocol added for better performance
- Large, secure server network
- Good streaming and torrenting performance
- Dedicated VPN router app
- Excellent support and refund policy
- Slow OpenVPN performance
- Relatively high price
- Limited feature set
Looking at the Pros of ExpressVPN
In this section we will go in-depth into each of the “Pros” categories. While I tried to organize the information in order of importance, that approach quickly breaks down. Beyond the first few items, the relative importance of specific features and capabilities becomes highly subjective.
Strong security and privacy
ExpressVPN has a reputation for providing strong security and privacy for its users. That reputation is backed up by facts and features like these:
Excellent no logs policy and real-world “testing”
Many VPN services claim to keep no logs of their users' activities online. But you can't rely just on a company's claims. Why? I know of two VPNs (IPVanish and PureVPN) that claimed to keep no logs, yet were caught turning over information on their users to government officials. There are surely other VPNs that secretly keep logs despite their “no logs” claims.
I suggest you take the “trust but verify” approach. Seek out no-logs VPNs that have actually had their no-logs status verified. ExpressVPN leads the pack here. Not only has their no-logs status been verified by third-party audits, but it has also been verified in a real-world geopolitical incident. Curious? Keep reading.
The no-logs policy
Here's what ExpressVPN has to say about user privacy:
ExpressVPN is a premium VPN provider focused on user privacy and anonymity. Our network is built around specifically NOT knowing the internet activities of our users. As privacy is a core part of our service offering, ExpressVPN is in the business of protecting our users’ private internet data.
We do not collect logs of your activity, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, meaning no logs of your IP address, your outgoing VPN IP address, connection timestamp, or session duration.
That's pretty clear. No logs. Period. Except…
… that the VPN apps have an option to share crash statistics. This data is completely anonymized. It doesn't include any personal information, and you can turn it on or off easily in the app's Options. To adjust this setting, select Options, then Advanced. You'll find the option under the heading Help improve ExpressVPN.
So ExpressVPN has an excellent no-logs policy. How do they hold up in action? Let's see.
ExpressVPN hired PricewaterhouseCoopers to verify their no logs claims. The audit verified the TrustedServer technology and the no logs policy. It also confirmed that all privacy protections are being adhered to correctly.
Getting your logging policies audited is still very rare in the VPN world. The fact that ExpressVPN has done so is one of the big reasons why they are such a trusted name in the industry. But ExpressVPN also has real-world proof of their no-logs claims.
ExpressVPN server seized by a hostile government
In December 2017, Turkish authorities physically seized an ExpressVPN server looking for customer data. The authorities had demanded that ExpressVPN turn over logs of user activity on that server. ExpressVPN informed the authorities that they are a no-logs VPN and therefore had no logs to turn over. They further emphasized that the company is based in the British Virgin Islands and not subject to Turkish law.
Determined to get the information they were after, the Turkish government then seized an ExpressVPN server to look for user data. They were unable to find any user data because ExpressVPN does not keep logs.
The Turks were unable to get the information they wanted because it didn't exist. No amount of international pressure or even theft of ExpressVPN hardware could force the company to provide logs that never existed in the first place.
Your data is safe with ExpressVPN.
A privacy-friendly home base
A VPN provider generally has to comply with the laws of the jurisdiction where it is based. ExpressVPN is based in the British Virgin Islands (BVI). This is great for users. Despite the name, the BVI are an independent country, not part of Britain.
Unlike the UK, the BVI is not a member of the Five Eyes surveillance alliance (or any other such organization). The British Virgin Islands are known for their strong privacy protection. The judicial system in the BVI only responds to local legal actions and cannot force companies to produce records on their customers. In short, this is a privacy-friendly home base for a pro-privacy business like ExpressVPN.
The kind of encryption that gets applied to your traffic depends on which VPN protocol you decide to use. But regardless of which you do choose, know that all the encryption algorithms ExpressVPN uses are very secure.
For OpenVPN and IKEv2 protocols, ExpressVPN uses AES-256 with an RSA-4096 key and SHA-512 HMAC authentication.
For the Lightway protocol, ExpressVPN uses AES-256-GCM and ChaCha20/Poly1305, plus D/TLS 1.2 for server authentication.
ExpressVPN also implements Perfect Forward Secrecy negotiated through a Diffie-Hellman key exchange.
You can change VPN protocols on the fly right in the VPN app. The following image shows the list of VPN protocols that are available in the ExpressVPN Windows client:
The automatic option will select the protocol that the app thinks is best for you based on your network settings. If you want the best performance, I recommend you select Lightway – UDP instead. Use this for significantly better download speeds unless you run into problems.
Network Lock (a kill switch)
Network Lock is the name ExpressVPN has given to their kill switch. It keeps your data secure by blocking internet traffic if the VPN connection fails for any reason. This way, no data accidentally gets transmitted outside the VPN tunnel. It ensures that your real IP address remains hidden at all times.
You control Network Lock through the app. To ensure that Network Lock is active, you'll select Options, then the General tab, then find the Network Lock section.
Note that there are two options here. The second allows your computer to continue communicating with printers and other devices on your local network when Network Lock is active. Unless you have reason to doubt the security of your local network, it should be fine to leave this option checked.
At the time of this ExpressVPN review, Network Lock was only available in the VPN apps for Windows, Mac OS, Linux, and routers. We tested Network Lock on Windows and Mac OS. In both cases, it worked perfectly.
The ExpressVPN mobile apps don't have Network Lock, but they do have kill switches. On Android, it is called Network Protection. On iOS the Auto-Connect feature functions as a kill switch in addition to automatically reconnecting to the VPN when possible.
ExpressVPN leak test results
We put the following ExpressVPN apps through our standard VPN tests to see how they held up on Windows, Mac OS, and Android. ExpressVPN has a great reputation when it comes to leaks and data security. As expected, we didn't find any problems whatsoever.
The security and leak resistance that ExpressVPN delivers is one of the reasons it is such a good option for activities like downloading torrents and other P2P content.
Secure apps for virtually any operating system or device
What kind of device do you need to protect with a VPN? If you are using ExpressVPN, it almost doesn't matter. This VPN provider covers all but the most obscure bases. And even there, you can probably protect your Commodore 64 or other under-the-radar devices by installing ExpressVPN on your router. Seriously though, here are gizmos and gadgets that ExpressVPN supports:
“Desktop” operating systems: Windows, Mac OS, Linux, Chromebook, Kindle Fire
“Mobile” operating systems: Android, iOS
Router app for a dozen router models, plus manual setup for many others. See this page for a current list.
Web browser extensions
Chrome, Firefox, Edge
Apple TV, Amazon Fire TV, Chromecast, NVIDIA Shield, Roku, Samsung Smart TV, most other Smart TVs
Nintendo Switch, Playstation, Xbox, other gaming consoles
MediaStreamer feature supports even more devices
As if all the above connectivity wasn't enough, the folks at ExpressVPN have one more trick up their sleeve. Its called MediaStreamer and it is a smart DNS service that can unblock content and give you access to your favorite streams. It is a great solution for unblocking content, but it does not hide your identity like the full ExpressVPN VPN does. That means you definitely do not want to use this for downloading torrents or other potentially copyrighted content.
ExpressVPN desktop app
Okay. Now you know that ExpressVPN has apps for tons of stuff. But what do they look like? Like this:
This is the ExpressVPN Windows app. It is a good example of what the ExpressVPN apps look like, within the limits of the device you are using the app on. The design is clean and minimalist, holding all the info you need in a compact window.
Tapping the three lines in the top-left corner of the VPN app opens up a menu with more features and settings, like this:
In particular, this menu contains the Options option. Clicking Options opens a window where you can configure Network Lock, select the Lightway protocol and other important actions.
One feature I really appreciate in ExpressVPN is split tunneling. This feature allows you to control which apps pass their traffic through the VPN tunnel, and which will connect directly to the regular (unencrypted) internet.
I use it to deal with a couple of websites that won't allow me to log in using a VPN. In the past, I had to disconnect the VPN whenever I wanted access to one of those sites. It was a pain, and it was horrible for security. With split tunneling, I can route those websites outside the VPN tunnel and use them normally, while remaining protected everywhere else.
To configure split tunneling, open the VPN app's Options (or Settings) page and find the Split tunneling section. As you can see in the following image, you have three options:
- All apps use the VPN
- Do not allow selected apps to use the VPN
- Only allow selected apps to use the VPN
By default, all apps will use the VPN tunnel. If you select one of the other options you will then need to select the apps that will, or will not, use the VPN tunnel.
Split tunneling is available in ExpressVPN Windows, Mac OS, Android, and router apps. For more detailed instructions on using this powerful feature, check out this Split tunneling support page.
Note: Even if you route an app's traffic outside the VPN tunnel, the app still uses ExpressVPN's DNS.
ExpressVPN Android app
The ExpressVPN Android app, is very similar to the Windows app, as you can see below. There are a few minor differences (the selection called Options in the Windows app is called Settings in the Android app, things like that), but overall, there is a pleasing consistency in the user interfaces across the various operating systems.
ExpressVPN Linux app
One exception to the consistent user interface theme pops up when you install ExpressVPN on a Linux box. In this case you will forego the slick interface and do everything from the terminal.
If you are a veteran Linux user, this shouldn't give you any problems. If you do want help, you can get it on this page.
Lightway VPN protocol added for better performance
ExpressVPN created the Lightway VPN protocol from the ground up to “make your connection faster, more reliable, and more secure.” It accomplishes all those goals. It is faster than ExpressVPN's OpenVPN implementation. It establishes connections quickly and can transition between networks seamlessly (great for mobile use). It also has a much smaller code base than OpenVPN or IPSec.
All this makes the Lightway VPN protocol sound very similar to the WireGuard VPN protocol. And that inspired us to see if ExpressVPN with its Lightway is as fast as WireGuard-powered services like NordVPN or Surfshark.
Note: Lightway is available for Windows, Mac OS, Linux, and Android.
Speed test results
We ran a full set of speed tests to see how ExpressVPN performed with the Lightway VPN protocol. Our test setup has a 500 Mbps Ethernet connection that gives a VPN plenty of bandwidth. Here are the results of those tests.
Seattle test results
We connected to an ExpressVPN server in Seattle and got a speed of 136 Mbps.
This isn't horrible, but is nowhere near the speeds we recorded for NordVPN or Surfshark when testing them with their WireGuard-based protocols.
Los Angeles test results
When we tried a connection to a Los Angeles ExpressVPN server, we got 214 Mbps.
This is far better than the results we got when doing the same test with OpenVPN (as you'll see later). However, it isn't a very good result. When we ran the same test with NordVPN and their WireGuard based NordLynx protocol, we recorded a speed of 304 Mbps. With Surfshark we got 346 Mbps.
New York test results
When connected to a New York ExpressVPN server, we got 214 Mbps.
On the same test, the competition clocked in at 280 Mbps and 397 Mbps, respectively. While Lightway definitely boosted ExpressVPN's performance, it still leaves ExpressVPN running far slower than their top competitors.
If the fastest connection is your priority, you'll be happier with NordVPN or Surfshark.
Large, secure server network
I'm not overwhelmed by the speed of ExpressVPN, but there is much more to being a top-end VPN service than raw speed. Assuming a VPN is fast enough for your needs, the size and quality of its server network looms large. This is a strong point for ExpressVPN.
When I wrote this review, ExpressVPN claimed, “3,000+ VPN servers in 160 VPN server locations in 94 countries.” That's a large network, covering many more countries than most VPNs do. As a point of comparison, NordVPN (our #1 ranked VPN) covers 60 countries.
Their best coverage is in Europe and North America. But they also offer plenty of locations in South America, Africa, the Middle East, and the Asia Pacific region. ExpressVPN also goes to great lengths to make sure these widely dispersed servers are secure. At the heart of that effort is their TrustedServer technology.
TrustedServer technology for security and privacy
ExpressVPN's TrustedServer technology has two main elements. The first is that all ExpressVPN servers run strictly in RAM. The operating system and apps cannot write data to the hard disk. With the operating system and apps running only in RAM, there is no way that any data can persist on the server once the power is turned off. The only thing that is stored on the server's hard drive is, “…a cryptographically signed read-only image containing the software needed for the server to boot—nothing else.”
The other element of TrustedServer is the way the company administers its servers. Instead of installing software on each server piecemeal, first the operating system, then some apps, then a patch a few days later, ExpressVPN installs the entire software stack (operating system, apps, etc.) all as a single block, every time the server is started.
Because every server has to load all its software new every time it starts, ExpressVPN knows exactly what software every server is running. This ensures that every server is running the same updated software at all times. It makes the network more secure by eliminating possible misconfiguration or other random problems that can occur when manually managing thousands of servers around the world.
Good streaming and torrenting performance
ExpressVPN is a good VPN for both streaming and torrenting. As we've already established, it isn't the fastest VPN around, but with Lightway, it is faster than most other VPNs. And ExpressVPN has all the other characteristics that you want to see in a streaming or torrenting VPN. Let's take a look.
ExpressVPN is a solid choice for viewing Netflix and other streaming services. It does a great job of defeating the geo-blocking systems that these services use to control who can connect to any given regional content library.
As you can see in the image below, I connected to an ExpressVPN server in the UK to watch a show, which worked perfectly.
To watch Netflix anywhere in the world using ExpressVPN all you have to do is connect to an ExpressVPN server in the region of interest (the UK in this example). Then launch Netflix and log in normally.
If perchance you get an error where you can't connect to Netflix like this, it is easy to resolve. Contact ExpressVPN customer support through their 24/7 live chat line. They'll tell you which server to use to make the connection you want.
Note: At the time of this review, ExpressVPN was able to connect to the following Netflix regional libraries: Australia, Canada, France, Germany, Italy, Japan, UK, US.
ExpressVPN also works well with other streaming services. We've tested it with Amazon Prime, Disney Plus, Hulu, Kodi, and BBC iPlayer.
Note: Although we haven't had any problems connecting to BBC iPlayer, we've heard from others that ExpressVPN doesn't work for them when connecting to BBC iPlayer. If this service is of particular importance to you, consider trying NordVPN or Surfshark. To the best of our knowledge both work well with iPlayer right now.
Torrenting (and P2P downloading) performance
ExpressVPN is a very good VPN for torrenting. The service places no restrictions or limitations on P2P / torrenting activities.
Why is ExpressVPN so good for this:
- The service is fast enough to do the job without making you crazy waiting for your download.
- ExpressVPN doesn't impose bandwidth limits or other traffic restrictions on torrents.
- Because it is based in the British Virgin Islands, ExpressVPN is not affected by DMCA requests to copyright violation messages from the big media companies.
- ExpressVPN's apps are really solid. They don't leak, or otherwise expose your real identity, which keeps you safely anonymous while downloading.
If you are concerned about security and privacy while torrenting or downloading content peer-to-peer, ExpressVPN is a definite contender.
Dedicated VPN router app
If you like the idea of protecting all your stuff by installing a VPN on your router, ExpressVPN could be exactly what you need. That's because it is one of the few VPN services that offers a dedicated VPN router app. While it isn't a universal app that works on any router (wouldn't that be something!) it does work on a number of different routers.
If you have one of the supported routers, setting up ExpressVPN on that router will just take a few moments, and give you an unlimited number of connections with your VPN. ExpressVPN treats the router as a single connection, even though every device connected to your router will be using that connection.
Everything will be protected by the VPN's encryption and will have its IP address and location hidden from view. And everything will have the benefit of ExpressVPN's split-tunneling, Network Lock (a kill switch). This is because the router will only count as one connection, but it will provide every device that connects to your router with the full benefits of the VPN: encrypted traffic, new IP address, location anonymity. You'll also be able to switch everything to a new VPN server quickly and easily.
There is one drawback to using your router as a VPN app. If you do this, the router must handle all the encryption and decryption for all the connected devices. Most routers don't have the CPU power or storage to be able to handle this task for more than a handful of connections at a time. So if you plan to hook up a lot of devices, be sure the router has the processing power to keep up.
Excellent support and refund policy
ExpressVPN has long had a reputation for providing quality support. I'm happy to say that this still seems to be the case. I contacted ExpressVPN support numerous times and always received fast, courteous, and accurate help. Their support team seems to be very knowledgeable about the product, which isn't always the case with some other VPNs.
The best way to interact with the team is through their 24/7 live chat support line. Visit the ExpressVPN website and you'll find a link for the live chat in the bottom-right corner of the page. Hit that link for fast help. I don't think I've ever had to wait more than a minute to start a chat with them.
The live chat support option is will come in handy if you have problems installing ExpressVPN on your devices, or are just confused about something. It also comes in very handy if you have trouble connecting to a streaming media service right before something starts and you need to know which server to connect to immediately.
Note: I find that uBlock Origin blocks the ExpressVPN help link (and that of many other sites too). If you have the same problem you can disable uBlock Origin for ExpressVPN then reload the page to see the link.
ExpressVPN refund policy
ExpressVPN has a strong refund policy. You get a 30 day money-back guarantee on all their VPN subscriptions. If you are not 100% satisfied, you can cancel on day 30 (even if you are on a one-month plan), and get a full, no-questions-asked refund.
Cons of ExpressVPN
While ExpressVPN has a lot of positive characteristics, it also has some negatives. We look at the main ones here.
Slow OpenVPN performance
As I mentioned earlier, ExpressVPN's OpenVPN performance is not very good these days. This is troubling because the OpenVPN protocol is still the most popular VPN protocol and offers very good security. OpenVPN is also open source and trusted by many users and organizations.
We ran a number of OpenVPN protocol speed tests on our 500 Mbps test connection. We were not impressed with the results.
Here are the OpenVPN results for an ExpressVPN server in Seattle: 32 Mbps.
And here are the Open VPN results for an ExpressVPN server in Los Angeles: 41 Mbps.
I would expect much better performance than this, particularly when you consider that we were testing on a 500 Mbps connection. I suggest you improve your ExpressVPN experience by using the Lightway protocol instead of OpenVPN whenever possible.
Relatively high price
ExpressVPN may not be the most expensive VPN service available, but it does have a relatively high price. However, you can take advantage of the discount coupon offer we have here to get the best available price on ExpressVPN. It works out to $6.67 per month for the 15 months of your subscription.
Limited feature set
Surprisingly for a VPN with an above average price, ExpressVPN offers fewer features than the other leading VPN services. For example, NordVPN includes specialized VPN servers with features that ExpressVPN can't match, including: Double VPN servers, Tor-over-VPN servers, Obfuscated servers, and P2P servers.
NordVPN also includes CyberSec, a very effective ad, tracker, malware, and phishing domain blocker. CyberSec boosts your online security while speeding up your browsing (by keeping ads etc. from ever reaching your device).
ExpressVPN offers none of those things. They have definitely fallen behind when it comes to advanced VPN features.
Here are the questions that seem to be asked most frequently with regard to ExpressVPN.
Is it legal to use ExpressVPN?
ExpressVPN and other VPNs are legal to use in the vast majority of countries. Some countries where VPNs are (or have been) illegal are Belarus, Iraq, and North Korea. VPN use is restricted in a handful of other countries, include China, Russia, Turkey, the UAE, and Iran.
If you are in a modern Western democracy, VPN use is almost certainly legal.
Is ExpressVPN really private?
ExpressVPN has an excellent reputation for protecting the privacy of its users. The service has a strict no-logs policy which has been confirmed by third-party audits. We know of no instance where ExpressVPN user private information has been hacked, stolen, or intentionally exposed.
Is ExpressVPN good for gaming?
ExpressVPN is okay for gaming. It has a large, reasonably fast server network, with locations in the top gaming countries around the world. And if you use the new Lightway VPN protocol, ExpressVPN is faster than most VPNs, so it won't have too much of an impact on your play speed.
Does ExpressVPN work in China?
While the Chinese continue their efforts to control internet access, ExpressVPN continues to work just fine in China.
If you contact ExpressVPN support, they can give you a list of servers that are designed to work in China. These special obfuscated servers will make the ExpressVPN traffic look like regular HTTPS encrypted traffic. Most websites and internet services require the use of HTTPs encrypted traffic these days, so the Chinese do not censor it. As a result, your obfuscated VPN traffic should pass right through the Great Firewall and evade the Chinese censorship efforts.
Is ExpressVPN good for Netflix?
Yes, ExpressVPN is good for Netflix, particularly if you use the company's new Lightway protocol, which makes for a faster connection than the OpenVPN protocol. Regardless of the protocol you use, ExpressVPN does a good job of unblocking several popular Netflix regional libraries.
However, Surfshark is faster than ExpressVPN and can unblock more regional Netflix libraries than ExpressVPN can. If top performance with Netflix is a priority for you, check out our Surfshark VPN review.
ExpressVPN Review Conclusion: Should you try it?
There's a lot to like about ExpressVPN. It is secure and goes to great lengths to protect your privacy. It has VPN apps for everything (almost) and those apps are reliable, secure, and easy to use. It does a very good job of streaming video from around the world and can keep you out of trouble when you are downloading that hot new torrent. It is even significantly faster than it used to be thanks to the new Lightway VPN protocol.
And while ExpressVPN is very good at many things, the competition has caught up. NordVPN is much faster. Surfshark does a better job of streaming geo-blocked content. And both the challengers are less expensive.
ExpressVPN is now one of the top VPNs, but in my mind, it is no longer the undisputed king of VPNs. Now it comes down more to which of the leaders do you like the best or which has the best particular capabilities for the way you will use your VPN.
ExpressVPN is definitely worth a look, but so are NordVPN and Surfshark. I recommend you read our VPN reviews of all three products, then choose one that fits your needs. Take advantage of the 30 day money-back guarantee they offer to test drive it and see if it meets our needs. If so, congratulations are in order. If not, try one of the others. I am confident that one of the big three will meet your needs. Good luck!
If you want to try ExpressVPN, grab the coupon below for the best savings:
Other VPN reviews on SecurityTech: