ExpressVPN

Last updated
ExpressVPN
ExpressVPN-logo.svg
Developer Kape Technologies
Type Virtual private network service
Launch date2009;15 years ago (2009)
Platform(s)
Operating system(s)
StatusActive
Website expressvpn.com

ExpressVPN is a prominent virtual private network (VPN) service designed to enhance users' online privacy and security. It provides encryption for web traffic and masks users' IP addresses to protect their personal information and browsing activities from potential surveillance and cyber threats. [1]

Contents

The service is operated by Express Technologies Ltd., [2] a company registered in the British Virgin Islands, although its headquarters are situated in Hong Kong. [3] As of September 2021, ExpressVPN is owned by Kape Technologies [4] [5] , a global cybersecurity firm and reportedly has 4 million active users. [6]

History

ExpressVPN was founded in 2009 by Peter Burchhardt and Dan Pomerantz, two serial entrepreneurs who were also Wharton School alumni. [7]

On January 25, 2016, ExpressVPN announced that it would soon roll out an upgraded CA certificate. [8] Later that December, they also released open source leak testing tools on GitHub. [9]

In July 2017, ExpressVPN announced in an open letter and later a public statement by Apple, that Apple had removed all VPN apps from its App Store in China, a revelation that was later picked up by The New York Times and other news outlets. [10] [11] [12] In response to questions from U.S. Senators, Apple stated it removed the VPNs due to a request from the Chinese government. [13] In December, ExpressVPN came into the spotlight in relation to the investigation of the assassination of Russian ambassador to Turkey, Andrei Karlov. Turkish investigators seized an ExpressVPN server which they say was used to delete relevant information from the assassin's Gmail and Facebook accounts. [14] [15] Turkish authorities were unable to find any logs to aid their investigation, which the company said verified its claim that it did not store user activity or connection logs, adding, "while it's unfortunate that security tools like VPNs can be abused for illicit purposes, they are critical for our safety and the preservation of our right to privacy online. ExpressVPN is fundamentally opposed to any efforts to install 'backdoors' or attempts by governments to otherwise undermine such technologies." [16]

In December 2019, ExpressVPN became a founding member of the VPN Trust Initiative, an advocacy group for online safety of consumers. [17]

In May 2020, the company released a new protocol it developed for ExpressVPN called Lightway, designed to improve connectivity speeds and reduce power consumption. [18] In October, Yale Privacy Lab founder Sean O'Brien joined the ExpressVPN Digital Security Lab to conduct original research in the areas of privacy and cybersecurity. [19]

On April 28, 2022, Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology issued a new directive that asked the VPN providers to collect and store user data for up to five years. [20] [21] In response to the new VPN rules that require private network providers to store user information, ExpressVPN announced it would move its India-based servers to Singapore and the UK. [22] On June 2, 2022, ExpressVPN officially announced that it "refuses to participate in the Indian government's attempts to limit internet freedom." [23]

In 2023, ExpressVPN launched its app for Apple TV. [24] [25]

Acquisition by Kape Technologies

On September 13, 2021, it was reported that ExpressVPN had been acquired by Kape Technologies, an LSE-listed digital privacy and security company. [26] [27] At the time of the acquisition, ExpressVPN reportedly had over 4 million active users. [6] ExpressVPN announced in September 2021 that it would remain a separate service from existing Kape brands. [28]

In May 2023, Kape Technologies was delisted from the LSE in a transaction by Unikmind Holdings Limited, a company owned by the Israeli and Cypriot businessman Teddy Sagi. [29]

Daniel Gericke charges

In September 2021, ExpressVPN CIO Daniel Gericke paid a $335,000 fine for previously carrying out hacking operations on behalf of the U.A.E. government without having a valid export license from the US government. [30] [31] [32]

DNS request leaks

In February 2024, it was revealed that ExpressVPN software had contained a bug for several years that exposed the domains users were visiting. The bug was present in ExpressVPN Windows versions published between May 19, 2022, and February 7, 2024, affecting those who were using the split tunneling feature. [33]

Features

ExpressVPN has released apps for Windows, macOS, iOS, Android, Linux, and routers. [34] The apps use a 4096-bit CA, AES-256-CBC encryption, and TLSv1.2 to secure user traffic. [35] Available VPN protocols include Lightway, OpenVPN (with TCP/UDP), SSTP, L2TP/IPSec, and PPTP. [36]

The software also features a Smart DNS feature called MediaStreamer, to add VPN capabilities to devices that do not support them, and a router app, allowing the VPN to be set up on a router, bypassing unsupported devices such as gaming consoles. [37]

ExpressVPN is incorporated in the British Virgin Islands, a country that has no data retention laws, and is a separate legal jurisdiction to the United Kingdom. [38]

ExpressVPN's parent company also develops leak testing tools, which enable users to determine if their VPN provider is leaking network traffic, DNS, or true IP addresses while connected to the VPN, such as when switching from a wireless to a wired internet connection. [39]

In December 2021, ExpressVPN modified its product to protect against Log4Shell, updating its VPN to automatically block all outgoing traffic on ports used by LDAP. [40]

In January 2022, ExpressVPN launched Parallel Connections, a backend feature which simultaneously runs multiple methods of connecting a user to a given server, automatically picking the one that connects a user first.

ExpressVPN launched Aircove, a Wi-Fi 6 router that includes a built-in VPN, in September 2022. Aircove permits speed up to 1,200 Mb/s (600 Mb/s for 2.4 GHz and 1,200 Mb/s for 5 GHz), covers areas up to 1,600 sq feet, and offers a quad-core 64-bit processor. [41] [42]

TrustedServer

In April 2019, ExpressVPN announced that all their VPN servers ran solely on random-access memory (RAM), without the need of hard disk drives. In theory, as soon as a computer is shut down, all information on the server vanishes and cannot be recovered; the next time the server reboots, a fresh version of the VPN infrastructure is spawned. This was the first example in the VPN industry for such a server security setup, and was referred to as TrustedServer. [43]

In February 2022, ExpressVPN announced a $100,000 bug bounty for anyone who was able to hack its in-house technology, TrustedServer. [44]

As of August 2022, ExpressVPN's server network covered 94 countries. [45]

Lightway protocol

Lightway is ExpressVPN's open source VPN protocol. Launched in 2020, it is similar to the WireGuard protocol, but uses wolfSSL encryption to improve speed on embedded devices such as routers and smartphones. It does not run in the operating system's kernel, but is lightweight to support auditing. It is reportedly 2.5x as fast as OpenVPN and other older protocols, improves reliability by 40%, and supports TCP and UDP. [46] [47]

In August 2021, ExpressVPN announced the full public release of Lightway as well as full open-sourcing of Lightway's code. [47]

Research

In 2020, ExpressVPN announced its new digital security research initiative Digital Security Lab, which investigates digital rights and security issues while educating consumers. [48]

In 2021, Digital Security Lab released a new report that examined data collection practices in apps for opioid addiction and recovery. Research found that the large majority of all these apps provided by third parties, including Facebook, Stripe, Inc., and Google, access to user data. [49] [50] In a similar 2021 study, Digital Security Lab analyzed 450 apps and found that all studied apps contained questionable location trackers. [51] Digital Security Lab also conducted a study on Generation Z’s mental health, finding that 86% of Gen Z participants perceived that social media had a direct impact on their happiness. [52]

A 2022 survey on remote workers found that 78% of employers digitally monitor their employees without staff knowledge. [53]

See also

Related Research Articles

Virtual private network (VPN) is a network architecture for virtually extending a private network across one or multiple other networks which are either untrusted or need to be isolated.

<span class="mw-page-title-main">UC Browser</span> Chinese web browser developed by UCWeb Inc

UC Browser is a web browser developed by mobile internet company UCWeb, a subsidiary of the Alibaba Group. It was the most popular mobile browser in India, Indonesia, and Mali, as well as the second-most popular one in China as of 2017. Its world-wide browser share as of May 2022 is 0.86% overall according to StatCounter.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

<span class="mw-page-title-main">Digital privacy</span>

Digital privacy is often used in contexts that promote advocacy on behalf of individual and consumer privacy rights in e-services and is typically used in opposition to the business practices of many e-marketers, businesses, and companies to collect and use such information and data. Digital privacy, a crucial aspect of modern online interactions and services, can be defined under three sub-related categories: information privacy, communication privacy, and individual privacy.

AnchorFree is an internet privacy and security company that provides businesses and consumers with advanced technologies to enable secure and private web browsing. The company's flagship product is Hotspot Shield, a popular virtual private network (VPN) service and the top-grossing app for productivity in the Apple App Store. The company is led by David Gorodyansky, who founded the firm in 2005 with his friend Eugene Malobrodsky. AnchorFree is headquartered in Redwood City, California, with offices in Ukraine and Russia. Its most recent fundraising round in 2018 brought in $295 million, bringing total funding to $358 million.

<span class="mw-page-title-main">Private Internet Access</span> Virtual private network provider

Private Internet Access (PIA) is a personal VPN service that allows users to connect to multiple locations. In 2018, former Mt. Gox CEO Mark Karpelès was named chief technology officer of PIA's parent company, London Trust Media. In November 2019, Private Internet Access was acquired by UK-based Kape Technologies.

The Calyx Institute is a New York-based 501(c)(3) research and education nonprofit organization formed to make privacy and digital security more accessible. It was founded in 2010 by Nicholas Merrill, Micah Anderson, and Kobi Snitz.

<span class="mw-page-title-main">Proton Mail</span> End-to-end encrypted email service

Proton Mail is a Swiss end-to-end encrypted email service founded in 2013 headquartered in Plan-les-Ouates, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, Windows, macOS and Linux (beta) desktop apps and iOS and Android apps.

Teddy Sagi is an Israeli billionaire businessman based in London and Dubai. Sagi is the founder of the gambling software company Playtech, cybersecurity company Kape Technologies and owner of London's Camden Market. His personal wealth is estimated at US$6.4 billion, with interests in real estate, gambling software, payments processing, and digital advertising.

Norton, formerly known as Norton by Symantec, is a brand of Gen Digital co-headquartered in Tempe, Arizona and Prague, Czech Republic. Norton originally provided utility software for DOS, and currently offers a variety of products and services related to digital security, identity protection, and online privacy and utilities.

<span class="mw-page-title-main">Mullvad</span> Virtual private network provider

Mullvad is a commercial VPN service based in Sweden. Launched in March 2009, Mullvad operates using the WireGuard and OpenVPN protocols. It also supports Shadowsocks as a bridge protocol for censorship circumvention. Mullvad's VPN client software is released under the GPLv3, a free and open-source software license.

NordVPN is a Lithuanian VPN service with applications for Microsoft Windows, macOS, Linux, Android, iOS, Android TV, and tvOS. Manual setup is available for wireless routers, NAS devices, and other platforms.

<span class="mw-page-title-main">HMA (VPN)</span> Virtual private network service founded in 2005

HMA is a VPN service founded in 2005 in the United Kingdom. It has been a subsidiary of the Czech cybersecurity company Avast since 2016.

KeepSolid VPN Unlimited is a personal virtual private network software product available for iOS, macOS, Android, Windows, and Linux.

<span class="mw-page-title-main">PureVPN</span> Virtual private network provider

PureVPN is a commercial VPN service owned by GZ Systems Ltd. Founded in 2007, the company is based in the British Virgin Islands.

Surfshark is a brand of VPN services offered by the Netherlands-based company Surfshark B.V.

<span class="mw-page-title-main">Windscribe</span> Virtual private network provider

Windscribe is a commercial, cross-platform virtual private network (VPN) service provider based in Canada.

A virtual private network (VPN) service provides a proxy server to help users bypass Internet censorship such as geo-blocking and users who want to protect their communications against data profiling or MitM attacks on hostile networks.

NordLayer, formerly known as NordVPN Teams, is a network access security service with applications for Microsoft Windows, macOS, Linux, Android and iOS. The software is marketed as a privacy and security tool running on zero trust architecture providing protection on hybrid and multi-cloud cloud environments.

Surfshark B.V. is a cybersecurity company established in 2018. It launched its first product, a Surfshark VPN in the same year. Surfshark also has various cybersecurity tools: a data leak detection system Surfshark Alert, a private search tool known Surfshark Search, and an antivirus named Surfshark Antivirus, a personal data removal service Incogni, a credential generator Alternative ID, and a Dedicated IP service.

References

  1. "VA Technical Reference Model v 23.11". U.S. Department of Veterans Affairs. Retrieved December 30, 2023.
  2. "BVI-based Express VPN adds Bermuda server to network". November 2, 2023.
  3. Tomchick, C. (2021, March 11). Chinese vpns are recording world data on a massive scale.
  4. "Privacy is Our Priority". kape.com. Archived from the original on January 3, 2022. Retrieved March 3, 2022.
  5. "Kape Technologies buys ExpressVPN for $936 million". reuters.com. 13 September 2021. Archived from the original on September 13, 2021. Retrieved March 3, 2022.
  6. 1 2 "We've reached 4 million active subscribers!". Expressvpn blog . Archived from the original on January 20, 2023. Retrieved January 26, 2023.
  7. "VPN's coming-of-age: A discussion with the ExpressVPN co-founders". TechRadar. October 23, 2020. Retrieved August 11, 2021.
  8. "ExpressVPN's response to the 1024-bit CA key blog post". ExpressVPN. January 25, 2016. Archived from the original on January 4, 2018.
  9. "ExpressVPN Privacy Research Lab". www.expressvpn.com. Retrieved May 30, 2018.
  10. "Apple removes VPN Apps from China App Store". ExpressVPN. July 29, 2017. Retrieved April 17, 2018.
  11. Lee, Dave (August 2, 2017). "Apple defends complying with China". BBC News . Retrieved April 17, 2018.
  12. Mozur, Paul (July 29, 2017). "Apple Removes Apps From China Store That Help Internet Users Evade Censorship". The New York Times . ISSN   0362-4331 . Retrieved April 17, 2018.
  13. Hogan, Cynthia C. (November 21, 2017). "Letter from Cynthia C. Hogan, Vice President at Apple, to Senators Ted Cruz and Patrick Leahy" (PDF). U.S. Senator Patrick Leahy of Vermont. Archived from the original (PDF) on October 11, 2019. Retrieved April 17, 2018.
  14. "Social media posts, e-mails of Turkish policeman who killed Russian ambassador deleted via virtual computer". Hürriyet Daily News. 18 December 2017. Retrieved April 17, 2018.
  15. "New evidence links exiled Turkish cleric to Russian envoy's assassin". Arab News . 2017-12-19. Retrieved April 17, 2018.
  16. "ExpressVPN statement on Andrey Karlov investigation". ExpressVPN.com/blog. December 19, 2017. Retrieved April 17, 2018.
  17. Castro, Chiara (2023-09-28). "Top VPN providers get recognized as secure and ethical products". TechRadar. Retrieved 2024-09-14.
  18. "ExpressVPN Lightway wants to make internet connectivity faster". All Things Secured. May 6, 2020. Retrieved July 28, 2021.
  19. "ExpressVPN teams up with Yale researcher to kickstart new digital security initiative". TechRadar. October 29, 2020. Retrieved August 11, 2021.
  20. "Directions under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet" (PDF). Indian Computer Emergency Response Team . April 28, 2022. Archived (PDF) from the original on April 29, 2022. Retrieved June 3, 2022.
  21. "CERT-In issues directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet". Press Information Bureau . Archived from the original on April 28, 2022. Retrieved June 3, 2022.
  22. Ahmed, Nabeel (2 June 2022). "ExpressVPN moves India servers out of the country to ensure privacy, service continuity". The Hindu . Archived from the original on June 2, 2022. Retrieved June 3, 2022.
  23. "Rejecting data demands, ExpressVPN removes VPN servers in India". ExpressVPN. June 2, 2022. Retrieved June 3, 2022.
  24. Wes Davis (December 4, 2023). "The Apple TV just got its first big native VPN app". The Verge. Retrieved December 30, 2023.
  25. Attila Tomaschek (December 9, 2023). "ExpressVPN Releases Apple TV App: Our Hands-On Impressions". CNET. Retrieved December 30, 2023.
  26. "Kape Technologies Agrees to Buy ExpressVPN for $936 Million". Bloomberg News . September 13, 2021. Retrieved December 2, 2021.
  27. "Kape Technologies buys ExpressVPN for $936 mln". Reuters. September 13, 2021. Retrieved September 14, 2021.
  28. "ExpressVPN to join Kape to strengthen push for privacy". ExpressVPN. September 16, 2021. Retrieved September 16, 2021.
  29. "Successful public offer by Teddy Sagi for Kape Technologies". Successful public offer by Teddy Sagi for Kape Technologies. Retrieved 2024-04-26.
  30. "Three Former U.S. Intelligence Community and Military Personnel Agree to Pay More Than $1.68 Million to Resolve Criminal Charges Arising from Their Provision of Hacking-Related Services to a Foreign Government". Department of Justice. September 14, 2021. Retrieved September 25, 2021.
  31. "ExpressVPN CIO Helped United Arab Emirates Hack Into Phones, Computers". PCMAG. Retrieved 2022-12-04.
  32. "ExpressVPN employees complain about ex-spy's top role at company". Reuters. Retrieved 2024-09-09.
  33. "ExpressVPN bug has been leaking some DNS requests for years". BleepingComputer. Retrieved 2024-04-26.
  34. "ExpressVPN Review - Impressive Speeds, But One Small Drawback". RestorePrivacy.com. March 8, 2018. Retrieved May 17, 2018.
  35. "Which VPN Services Keep You Anonymous in 2018? - TorrentFreak". TorrentFreak.com. March 4, 2018. Retrieved May 30, 2018.
  36. "Which VPN protocol is best?". ExpressVPN.com. Retrieved September 30, 2020.
  37. Castro, Chiara (February 24, 2022). "ExpressVPN MediaStreamer: what is it and how to use it". TechRadar. Retrieved February 12, 2024.
  38. "ExpressVPN review: This speedy VPN is worth the price". CNET.com. November 19, 2020. Retrieved August 11, 2021.
  39. "New Open Source Tools Test for VPN Leaks | LinuxInsider". linuxinsider.com. 13 December 2017. Retrieved May 30, 2018.
  40. Corin Faife (December 16, 2021). "Log4j is patched, but the exploits are just getting started". Verge. Retrieved August 7, 2022.
  41. Mark Sparrow (September 22, 2022). "ExpressVPN Launches First Hardware Wi-Fi 6 Router With Built-In VPN Protection". Forbes. Retrieved October 16, 2022.
  42. Rae Hodge (September 29, 2022). "ExpressVPN Launches First Wi-Fi 6 Router With Built-In VPN". CNET. Retrieved October 16, 2022.
  43. "ExpressVPN inches closer to a 100% secure server with TrustedServer initiative". TechRadar.com. Retrieved September 30, 2020.
  44. Bill Toulas (February 8, 2022). "ExpressVPN offering $100,000 to first person who hacks its servers". Bleeping Computer. Retrieved August 7, 2022.
  45. "How does ExpressVPN work? Plus how to set it up and use it". ZDNet.com. August 17, 2021. Retrieved September 25, 2021.
  46. "ExpressVPN's Lightway protocol out of beta and available to all". Tech Advisor . August 10, 2021. Retrieved September 25, 2021.
  47. 1 2 Mike Williams (August 10, 2021). "ExpressVPN open-sources Lightway protocol and unveils security audit results". TechRadar. Retrieved August 7, 2022.
  48. Anthony Spadafora (October 29, 2020). "ExpressVPN teams up with Yale researcher to kickstart new digital security initiative". Tech Radar. Retrieved September 3, 2022.
  49. Sara Morrison (July 12, 2021). "The struggle to make health apps truly private". Vox. Retrieved September 3, 2022.
  50. Carly Page (July 7, 2021). "Opioid addiction treatment apps found sharing sensitive data with third parties" . Retrieved September 3, 2022.
  51. Eileen Brown (February 12, 2021). "These dating apps are tracking your location". ZDNET. Retrieved September 3, 2022.
  52. Eileen Brown (December 15, 2021). "Most Americans feel lonelier than ever despite social networking platforms". ZDNET. Retrieved September 3, 2022.
  53. Mark Perna (March 15, 2022). "Why 78% Of Employers Are Sacrificing Employee Trust By Spying On Them". Forbes. Retrieved September 3, 2022.