ExpressVPN

Last updated
ExpressVPN
ExpressVPN-logo.svg
Developer Kape Technologies
Type Virtual private network service
Launch date2009;15 years ago (2009)
Platform(s)
Operating system(s)
StatusActive
Website expressvpn.com

ExpressVPN is a company providing online privacy and security solutions, including a virtual private network (VPN) service and a password manager. [1] Since September 2021, ExpressVPN has been a subsidiary of Kape Technologies, [2] a company wholly owned by Israeli billionaire Teddy Sagi. [3]

Contents

The service is operated by Express Technologies Ltd., [4] a company registered in the British Virgin Islands, with its headquarters in Hong Kong. [5]

History

ExpressVPN was founded in 2009 by Peter Burchhardt and Dan Pomerantz, two serial entrepreneurs who were also Wharton School alumni. [6]

In July 2017, ExpressVPN announced in an open letter and later a public statement by Apple, that Apple had removed all VPN apps from its App Store in China, a revelation that was later picked up by The New York Times and other news outlets. [7] [8] [9] In response to questions from U.S. Senators, Apple stated it removed the VPNs due to a request from the Chinese government. [10] In December, ExpressVPN came into the spotlight in relation to the investigation of the assassination of Russian ambassador to Turkey, Andrei Karlov. Turkish investigators seized an ExpressVPN server which they say was used to delete relevant information from the assassin's Gmail and Facebook accounts. [11] [12] Turkish authorities were unable to find any logs to aid their investigation, which the company said verified its claim that it did not store user activity or connection logs, adding, "while it's unfortunate that security tools like VPNs can be abused for illicit purposes, they are critical for our safety and the preservation of our right to privacy online. ExpressVPN is fundamentally opposed to any efforts to install 'backdoors' or attempts by governments to otherwise undermine such technologies." [13]

In December 2019, ExpressVPN became a founding member of the VPN Trust Initiative, an advocacy group for online safety of consumers. [14]

In May 2020, the company released a new protocol it developed for ExpressVPN called Lightway, designed to improve connectivity speeds and reduce power consumption. [15] In October, Yale Privacy Lab founder Sean O'Brien joined the ExpressVPN Digital Security Lab to conduct original research in the areas of privacy and cybersecurity. [16]

On April 28, 2022, Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology issued a new directive that asked the VPN providers to collect and store user data for up to five years. [17] [18] In response to the new VPN rules that require private network providers to store user information, ExpressVPN announced it would move its India-based servers to Singapore and the UK. [19] On June 2, 2022, ExpressVPN officially announced that it "refuses to participate in the Indian government's attempts to limit internet freedom." [20]

In 2023, ExpressVPN launched its app for Apple TV. [21] [22]

Acquisition by Kape Technologies

On September 13, 2021, it was reported that ExpressVPN had been acquired by Kape Technologies, an LSE-listed digital privacy and security company. [23] [24] At the time of the acquisition, ExpressVPN reportedly had over 4 million active users. [25] ExpressVPN announced in September 2021 that it would remain a separate service from existing Kape brands. [26]

In May 2023, Kape Technologies was delisted from the LSE in a transaction by Unikmind Holdings Limited, a company owned by the Israeli and Cypriot businessman Teddy Sagi. [27]

Daniel Gericke charges

In September 2021, ExpressVPN CIO Daniel Gericke paid a $335,000 fine for previously carrying out hacking operations on behalf of the U.A.E. government without having a valid export license from the US government. [28] [29] [30]

DNS request leaks

In February 2024, it was revealed that ExpressVPN software had contained a bug for several years that exposed the domains users were visiting. The bug was present in ExpressVPN Windows versions published between May 19, 2022, and February 7, 2024, affecting those who were using the split tunneling feature. [31]

Features

ExpressVPN has released apps for Windows, macOS, iOS, Android, Linux, and routers. [32] The apps use a 4096-bit CA, AES-256-CBC encryption, and TLSv1.2 to secure user traffic. [33] Available VPN protocols include Lightway, OpenVPN (with TCP/UDP), SSTP, L2TP/IPSec, and PPTP. [34]

The software also features a Smart DNS feature called MediaStreamer, to add VPN capabilities to devices that do not support them, and a router app, allowing the VPN to be set up on a router, bypassing unsupported devices such as gaming consoles. [35]

ExpressVPN is incorporated in the British Virgin Islands, a country that has no data retention laws, and is a separate legal jurisdiction to the United Kingdom. [36]

ExpressVPN's parent company also develops leak testing tools, which enable users to determine if their VPN provider is leaking network traffic, DNS, or true IP addresses while connected to the VPN, such as when switching from a wireless to a wired internet connection. [37]

In December 2021, ExpressVPN modified its product to protect against Log4Shell, updating its VPN to automatically block all outgoing traffic on ports used by LDAP. [38]

In January 2022, ExpressVPN launched Parallel Connections, a backend feature which simultaneously runs multiple methods of connecting a user to a given server, automatically picking the one that connects a user first.

TrustedServer

In April 2019, ExpressVPN announced that all their VPN servers ran solely on random-access memory (RAM), without the need of hard disk drives. In theory, as soon as a computer is shut down, all information on the server vanishes and cannot be recovered; the next time the server reboots, a fresh version of the VPN infrastructure is spawned. This was the first example in the VPN industry for such a server security setup, and was referred to as TrustedServer. [39]

In February 2022, ExpressVPN announced a $100,000 bug bounty for anyone who was able to hack its in-house technology, TrustedServer. [40]

As of August 2022, ExpressVPN's server network covered 94 countries. [41]

Lightway protocol

Lightway is ExpressVPN's open source VPN protocol. Launched in 2020, it is similar to the WireGuard protocol, but uses wolfSSL encryption to improve speed on embedded devices such as routers and smartphones. It does not run in the operating system's kernel, but is lightweight to support auditing. It is reportedly 2.5x as fast as OpenVPN and other older protocols, improves reliability by 40%, and supports TCP and UDP. [42] [43]

In August 2021, ExpressVPN announced the full public release of Lightway as well as full open-sourcing of Lightway's code. [43]

Research

In 2020, ExpressVPN announced its new digital security research initiative Digital Security Lab, which investigates digital rights and security issues while educating consumers. [44]

In 2021, Digital Security Lab released a new report that examined data collection practices in apps for opioid addiction and recovery. Research found that the large majority of all these apps provided by third parties, including Facebook, Stripe, Inc., and Google, access to user data. [45] [46] In a similar 2021 study, Digital Security Lab analyzed 450 apps and found that all studied apps contained questionable location trackers. [47] Digital Security Lab also conducted a study on Generation Z’s mental health, finding that 86% of Gen Z participants perceived that social media had a direct impact on their happiness. [48]

See also

Related Research Articles

Virtual private network (VPN) is a network architecture for virtually extending a private network across one or multiple other networks which are either untrusted or need to be isolated.

Intego is a Mac and Windows security software company founded in 1997 by Jean-Paul Florencio and Laurent Marteau.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

<span class="mw-page-title-main">Digital privacy</span>

Digital privacy is often used in contexts that promote advocacy on behalf of individual and consumer privacy rights in e-services and is typically used in opposition to the business practices of many e-marketers, businesses, and companies to collect and use such information and data. Digital privacy, a crucial aspect of modern online interactions and services, can be defined under three sub-related categories: information privacy, communication privacy, and individual privacy.

AnchorFree is an internet privacy and security company that provides businesses and consumers with advanced technologies to enable secure and private web browsing. The company's flagship product is Hotspot Shield, a popular virtual private network (VPN) service and the top-grossing app for productivity in the Apple App Store. The company is led by David Gorodyansky, who founded the firm in 2005 with his friend Eugene Malobrodsky. AnchorFree is headquartered in Redwood City, California, with offices in Ukraine and Russia. Its most recent fundraising round in 2018 brought in $295 million, bringing total funding to $358 million.

<span class="mw-page-title-main">Private Internet Access</span> Virtual private network provider

Private Internet Access (PIA) is a personal VPN service that allows users to connect to multiple locations. In 2018, former Mt. Gox CEO Mark Karpelès was named chief technology officer of PIA's parent company, London Trust Media. In November 2019, Private Internet Access was acquired by UK-based Kape Technologies.

Teddy Sagi is an Israeli billionaire businessman based in London and Dubai. Sagi is the founder of the gambling software company Playtech, cybersecurity company Kape Technologies and owner of London's Camden Market. His personal wealth is estimated at US$6.4 billion, with interests in real estate, gambling software, payments processing, and digital advertising.

Norton is a brand name used by the American company Gen Digital for some of its software.

<span class="mw-page-title-main">Mullvad</span> Virtual private network provider

Mullvad is a commercial VPN service based in Sweden. Launched in March 2009, Mullvad operates using the WireGuard and OpenVPN protocols. It also supports Shadowsocks as a bridge protocol for censorship circumvention. Mullvad's VPN client software is released under the GPLv3, a free and open-source software license.

NordVPN is a Lithuanian VPN service with applications for Microsoft Windows, macOS, Linux, Android, iOS, Android TV, and tvOS. Manual setup is available for wireless routers, NAS devices, and other platforms.

<span class="mw-page-title-main">Proton VPN</span> Virtual private network provider

Proton VPN is a VPN service launched in 2017 and operated by the Swiss company Proton AG, the company behind the email service Proton Mail. According to its official website, Proton VPN and Proton Mail share the same management team, offices, and technical resources, and are operated from Proton's headquarters in Plan-les-Ouates, Switzerland. On June 17, 2024 the company announced that it will be transitioning to a non-profit structure under the Proton Foundation.

<span class="mw-page-title-main">HMA (VPN)</span> Virtual private network service founded in 2005

HMA is a VPN service founded in 2005 in the United Kingdom. It has been a subsidiary of the Czech cybersecurity company Avast since 2016.

KeepSolid VPN Unlimited is a personal virtual private network software product available for iOS, macOS, Android, Windows, and Linux.

<span class="mw-page-title-main">PureVPN</span> Virtual private network provider

PureVPN is a commercial VPN service owned by GZ Systems Ltd. Founded in 2007, the company is based in the British Virgin Islands.

Surfshark VPN service is a digital privacy tool provided by the cybersecurity company, Surfshark. It also offers a data leak detection system, a private search tool, an antivirus and an automated personal data removal system.

<span class="mw-page-title-main">Windscribe</span> Virtual private network provider

Windscribe is a commercial, cross-platform virtual private network (VPN) service provider based in Canada.

A virtual private network (VPN) service provides a proxy server to help users bypass Internet censorship such as geo-blocking and users who want to protect their communications against data profiling or MitM attacks on hostile networks.

NordLayer, formerly known as NordVPN Teams, is a network access security service with applications for Microsoft Windows, macOS, Linux, Android and iOS and Browser extension. The software is marketed as a privacy and security tool that enables the implementation of Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and Firewall-as-a-Service (FWaaS) in hybrid and multi-cloud cloud environments.

Atlas VPN was a freemium VPN service provider, launched in 2019 with applications for Microsoft Windows, macOS, Linux, Android, iOS, Android TV, Apple TV, and Amazon Fire TV. It was discontinued in April 2024 and merged with NordVPN

Surfshark B.V. is a cybersecurity company that was established in 2018. It launched its first product, a Surfshark VPN, in the same year. Currently, Surfshark offers a range of cybersecurity tools: a VPN, a data leak detection system called Surfshark Alert, a private search tool known as Surfshark Search, and an antivirus named Surfshark Antivirus. The company also provides a personal data removal service called Incogni, an alternative credential generator called Alternative ID, and a Dedicated IP service.

References

  1. Heinzman, Andrew (Nov 6, 2023). "ExpressVPN Now Includes a Password Manager". How-To Geek.
  2. "Kape Technologies buys ExpressVPN for $936 million". reuters.com. 13 September 2021. Archived from the original on September 13, 2021. Retrieved March 3, 2022.
  3. "Teddy Sagi completed the acquisition of remaining 45.2% stake in Kape Technologies PLC (AIM : KAPE) from Pierre Lallia and others". MarketScreener. May 18, 2023.
  4. "BVI-based Express VPN adds Bermuda server to network". November 2, 2023.
  5. Tomchick, C. (2021, March 11). Chinese vpns are recording world data on a massive scale.
  6. "VPN's coming-of-age: A discussion with the ExpressVPN co-founders". TechRadar. October 23, 2020. Retrieved August 11, 2021.
  7. "Apple removes VPN Apps from China App Store". ExpressVPN. July 29, 2017. Retrieved April 17, 2018.
  8. Lee, Dave (August 2, 2017). "Apple defends complying with China". BBC News . Retrieved April 17, 2018.
  9. Mozur, Paul (July 29, 2017). "Apple Removes Apps From China Store That Help Internet Users Evade Censorship". The New York Times . ISSN   0362-4331 . Retrieved April 17, 2018.
  10. Hogan, Cynthia C. (November 21, 2017). "Letter from Cynthia C. Hogan, Vice President at Apple, to Senators Ted Cruz and Patrick Leahy" (PDF). U.S. Senator Patrick Leahy of Vermont. Archived from the original (PDF) on October 11, 2019. Retrieved April 17, 2018.
  11. "Social media posts, e-mails of Turkish policeman who killed Russian ambassador deleted via virtual computer". Hürriyet Daily News. 18 December 2017. Retrieved April 17, 2018.
  12. "New evidence links exiled Turkish cleric to Russian envoy's assassin". Arab News . 2017-12-19. Retrieved April 17, 2018.
  13. "ExpressVPN statement on Andrey Karlov investigation". ExpressVPN.com/blog. December 19, 2017. Retrieved April 17, 2018.
  14. Castro, Chiara (2023-09-28). "Top VPN providers get recognized as secure and ethical products". TechRadar. Retrieved 2024-09-14.
  15. "ExpressVPN Lightway wants to make internet connectivity faster". All Things Secured. May 6, 2020. Retrieved July 28, 2021.
  16. "ExpressVPN teams up with Yale researcher to kickstart new digital security initiative". TechRadar. October 29, 2020. Retrieved August 11, 2021.
  17. "Directions under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet" (PDF). Indian Computer Emergency Response Team . April 28, 2022. Archived (PDF) from the original on April 29, 2022. Retrieved June 3, 2022.
  18. "CERT-In issues directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet". Press Information Bureau . Archived from the original on April 28, 2022. Retrieved June 3, 2022.
  19. Ahmed, Nabeel (2 June 2022). "ExpressVPN moves India servers out of the country to ensure privacy, service continuity". The Hindu . Archived from the original on June 2, 2022. Retrieved June 3, 2022.
  20. "Rejecting data demands, ExpressVPN removes VPN servers in India". ExpressVPN. June 2, 2022. Retrieved June 3, 2022.
  21. Wes Davis (December 4, 2023). "The Apple TV just got its first big native VPN app". The Verge. Retrieved December 30, 2023.
  22. Attila Tomaschek (December 9, 2023). "ExpressVPN Releases Apple TV App: Our Hands-On Impressions". CNET. Retrieved December 30, 2023.
  23. "Kape Technologies Agrees to Buy ExpressVPN for $936 Million". Bloomberg News . September 13, 2021. Retrieved December 2, 2021.
  24. "Kape Technologies buys ExpressVPN for $936 mln". Reuters. September 13, 2021. Retrieved September 14, 2021.
  25. "We've reached 4 million active subscribers!". Expressvpn blog . Archived from the original on January 20, 2023. Retrieved January 26, 2023.
  26. "ExpressVPN to join Kape to strengthen push for privacy". ExpressVPN. September 16, 2021. Retrieved September 16, 2021.
  27. "Successful public offer by Teddy Sagi for Kape Technologies". Successful public offer by Teddy Sagi for Kape Technologies. Retrieved 2024-04-26.
  28. "Three Former U.S. Intelligence Community and Military Personnel Agree to Pay More Than $1.68 Million to Resolve Criminal Charges Arising from Their Provision of Hacking-Related Services to a Foreign Government". Department of Justice. September 14, 2021. Retrieved September 25, 2021.
  29. "ExpressVPN CIO Helped United Arab Emirates Hack Into Phones, Computers". PCMAG. Retrieved 2022-12-04.
  30. "ExpressVPN employees complain about ex-spy's top role at company". Reuters. Retrieved 2024-09-09.
  31. "ExpressVPN bug has been leaking some DNS requests for years". BleepingComputer. Retrieved 2024-04-26.
  32. "ExpressVPN Review - Impressive Speeds, But One Small Drawback". RestorePrivacy.com. March 8, 2018. Retrieved May 17, 2018.
  33. "Which VPN Services Keep You Anonymous in 2018? - TorrentFreak". TorrentFreak.com. March 4, 2018. Retrieved May 30, 2018.
  34. "Which VPN protocol is best?". ExpressVPN.com. Retrieved September 30, 2020.
  35. Castro, Chiara (February 24, 2022). "ExpressVPN MediaStreamer: what is it and how to use it". TechRadar. Retrieved February 12, 2024.
  36. "ExpressVPN review: This speedy VPN is worth the price". CNET.com. November 19, 2020. Retrieved August 11, 2021.
  37. "New Open Source Tools Test for VPN Leaks | LinuxInsider". linuxinsider.com. 13 December 2017. Retrieved May 30, 2018.
  38. Corin Faife (December 16, 2021). "Log4j is patched, but the exploits are just getting started". Verge. Retrieved August 7, 2022.
  39. "ExpressVPN inches closer to a 100% secure server with TrustedServer initiative". TechRadar.com. Retrieved September 30, 2020.
  40. Bill Toulas (February 8, 2022). "ExpressVPN offering $100,000 to first person who hacks its servers". Bleeping Computer. Retrieved August 7, 2022.
  41. "How does ExpressVPN work? Plus how to set it up and use it". ZDNet.com. August 17, 2021. Retrieved September 25, 2021.
  42. "ExpressVPN's Lightway protocol out of beta and available to all". Tech Advisor . August 10, 2021. Retrieved September 25, 2021.
  43. 1 2 Mike Williams (August 10, 2021). "ExpressVPN open-sources Lightway protocol and unveils security audit results". TechRadar. Retrieved August 7, 2022.
  44. Anthony Spadafora (October 29, 2020). "ExpressVPN teams up with Yale researcher to kickstart new digital security initiative". Tech Radar. Retrieved September 3, 2022.
  45. Sara Morrison (July 12, 2021). "The struggle to make health apps truly private". Vox. Retrieved September 3, 2022.
  46. Carly Page (July 7, 2021). "Opioid addiction treatment apps found sharing sensitive data with third parties" . Retrieved September 3, 2022.
  47. Eileen Brown (February 12, 2021). "These dating apps are tracking your location". ZDNET. Retrieved September 3, 2022.
  48. Eileen Brown (December 15, 2021). "Most Americans feel lonelier than ever despite social networking platforms". ZDNET. Retrieved September 3, 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.