ExpressVPN

Description

Peter Burchhardt and Dan Pomerantz are Wharton School graduates who founded ExpressVPN in 2009. Express Technologies Ltd., the operating entity, registers and bases itself in the British Virgin Islands, a territory with no data retention laws, and outside the jurisdiction of intelligence-sharing agreements such as the Five Eyes alliance. Kape Technologies, owned by Israeli billionaire Teddy Sagi, purchased the company in September 2021 and also owns CyberGhost and Private Internet Access, though each brand remains separate.

ExpressVPN has servers in over 105 countries and does not publish the exact number of machines in its fleet. The service is aimed at users who value speed of connection, streaming access and ease of use on a wide range of devices such as desktop operating systems, mobile platforms, routers and smart TVs.

LIGHTWAY PROTOCOL

ExpressVPN created Lightway as their own VPN protocol and published the first version of Lightway in 2020, with a full public release and open-sourcing of the core code in August 2021. The protocol aims at faster connection establishment — usually completing the handshake in a fraction of a second — reduced battery consumption on mobile devices, and more robust reconnection behavior when a device switches between networks.

Lightway operates outside the operating system kernel which keeps the codebase small and easier to audit than kernel-level implementations. The original implementation used the C programming language; the team later reimplemented the codebase in the Rust programming language, which has memory safety guarantees that remove entire classes of security vulnerabilities that are present in C programs. ExpressVPN commissioned Cure53 for an audit of Lightway in 2021 and 2022, then commissioned both Cure53 and Praetorian for an audit of the Rust reimplementation in 2024.

The protocol uses wolfSSL as its cryptographic library, a library that has FIPS 140-2 certification from independent validation. For data encryption, Lightway supports AES-256-GCM and ChaCha20/Poly1305, and uses D/TLS 1.2 for server authentication. When a device loses a connection — steps into an elevator, switches from Wi-Fi to mobile data, or enters a network dead zone — Lightway flags the session as idle, not terminating it. Once the connectivity is restored, the session is resumed on the same server without going through a complete reconnect cycle.

A feature called Lightway Turbo distributes traffic over multiple simultaneous channels to boost throughput on connections where one channel is underperforming. Post-quantum protection using ML-KEM, the key encapsulation algorithm chosen by NIST for post-quantum standards, is a built-in feature of Lightway instead of an optional add-on.

WIREGUARD IMPLEMENTATION

Standard WireGuard assigns every client a static internal IP address that remains the same between sessions, which raises a privacy issue because the server must record the assignment to route return traffic. ExpressVPN did not take the base protocol and build its WireGuard stack on top of it, but instead rebuilt it from scratch within its TrustedServer infrastructure. The custom implementation adds ephemeral credentials — each session is given a new encryption key and internal IP address — so no persistent identifier is used to tie sessions to a particular user. Post-quantum encryption using ML-KEM is integrated at the handshake level, and the implementation maintains full wire-level compatibility with standard WireGuard clients. ExpressVPN launched this custom build of WireGuard in August 2025, concluding a shift in strategy from its previous stance of refusing to implement WireGuard because of its original shortcomings in privacy.

OTHER SUPPORTED PROTOCOLS

In addition to Lightway and WireGuard, the apps support OpenVPN over UDP and TCP, IKEv2/IPsec, L2TP/IPsec, and SSTP. OpenVPN connections are encrypted with AES-256-CBC using RSA-4096 and SHA-512 HMAC authentication and secured with TLSv1.2. The automatic protocol selection mode analyzes network conditions and selects the protocol that provides the best balance of speed and reliability for the current connection, eliminating the need for manual selection in most cases.

TRUSTEDSERVER TECHNOLOGY

TrustedServer is a reference to ExpressVPN’s practice of running all server software in RAM, as opposed to persistent disk storage. Because RAM is completely cleared on each reboot, no user data, logs or session records can survive a power cycle or server restart. The server image is loaded fresh from a read-only source on each boot, which also removes the possibility of persistent malware getting a foothold on the server between reboots. Cure53 audited the TrustedServer implementation, and ExpressVPN has four ISO certifications on information security management, cloud security, privacy, and business continuity.

NO-LOGS POLICY AND AUDITS

ExpressVPN’s privacy policy states that the service does not log IP addresses, browsing history, traffic content, DNS queries, connection timestamps, session durations or bandwidth usage. The company has gone through several independent audits that verify these claims, with the latest audit having been completed in 2024. In addition to the no-logs audits, Cure53 and other companies performed security audits on the application code and server infrastructure. ExpressVPN is also a member of the VPN Trust Initiative, an industry group that it helped found in December 2019 to promote accountability and transparency standards among VPN providers.

MEDIASTREAMER

MediaStreamer offers Smart DNS functionality for devices that cannot install VPN applications — smart TVs, gaming consoles, Apple TV and similar hardware. Rather than encrypting traffic, MediaStreamer redirects DNS queries through ExpressVPN’s DNS servers so that the device appears to be located in another country for the purpose of accessing geo-restricted content. This provides faster speeds than a full VPN tunnel, but at the cost of not providing any privacy protection for the connection itself.

SPLIT TUNeling AND KIll Switch

Split tunneling allows users to specify certain applications or IP ranges to not be routed through the VPN tunnel, while all other traffic is routed through the VPN tunnel. In February 2024, ExpressVPN revealed that a bug found in versions of Windows released between May 19, 2022, and February 7, 2024, caused DNS queries from split-tunneled traffic to leak the domains users visited. The company patched the vulnerability and made it public. The kill switch prevents all internet traffic if the VPN connection is unexpectedly dropped, which stops the device from reconnecting to an unencrypted direct connection.

ADDITIONAL TOOLS BY PLAN TIER

ExpressVPN redesigned its plans to include other security tools with the VPN service. The Basic plan contains the core VPN, Lite Protection (ad and malicious site blocking), and up to 10 simultaneous devices. The Advanced plan increases the number of devices to 12 and adds Advanced Protection, which extends the blocking to trackers and adult content. Higher tiers include ExpressKeys (a password manager with autofill and secure notes), Identity Defender (US users only), and ExpressMailGuard, a tool to create masked email addresses to protect the user’s real address when signing up for services. ExpressAI, an AI-powered assistant, was announced along with these tools and is still in limited rollout.

PRICING AND AVAILABILITY

ExpressVPN is on the premium end of the VPN market, with monthly pricing that is higher than most competitors. The two-year plan, with its periodic promotional discounts, lowers the monthly cost considerably from the month-to-month rate. All plans have a 30-day money-back guarantee. The service accepts credit cards, PayPal, Bitcoin and other payment methods. Users who subscribe through an app store instead of the ExpressVPN website handle cancellation through the subscription settings of the respective app store.