Privacy and security are the most important aspects of any given VPN. Whether it collects sensitive data or not, what encryption it uses, what security measures it has in place, and the overall defense mechanisms.
It feels good to say that ExpressVPN trumps this category from the very start. It has a zero-logging policy that shines bright like a diamond. To make sure they don’t collect any important logs, we took our time using the live chat and asking them.
Here’s what they said:
Even the privacy policy itself says the exact same thing, that they only retain the email address and the payment information, while also clearly stating that they don’t collect anything else.
What they do collect is this:
- Information related to your account (personal information)
- Aggregate apps and VPN connection summary statistics (no IP addresses, no DNS queries, nothing related to the contents or destinations of VPN traffic)
- Anonymous VPN connection diagnostics and crash reports (you can opt out of this one)
- IP addresses authorized to use MediaStreamer, if you chose to use this service
Moving on to the encryption, ExpressVPN uses the state-of-the-art AES-256-bit encryption protocol used by government agencies and other cyber-security specialists around the world.
It’s practically a walking impenetrable tank of epic proportions that only a Gamma-ray burst would dent. Fortunately, they aren’t that common.
Just like the official website says, 256-bit keys means –
“2256 or 1.1 x 1077 possible combinations. That’s 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,560,000,000,000,000,000,000,000,000 combinations! A brute-force attack on a 256-bit keyspace is simply infeasible, even if all the world’s most powerful supercomputers ran for as long as the universe has existed so far, billions and billions of times over.”
The VPN protocols used are OpenVPN (TCP and UDP), L2TP-IPsec, and PPTP. The last two are weaker than OpenVPN, so you should have a pretty good reason to use them.
ExpressVPN employs HMAC authentication, the control-channel encryption is regulated by the AES-256-CBC, the data-channel encryption functions based on a “symmetric encryption scheme”, with the Diffie-Hellman key exchange.
It also uses Perfect Forward Secrecy, in which a new encryption key for each session is renegotiated every 60 minutes.
At the very most, if a hacker manages to intrude on your device, the most he would be able to obtain is “60 minutes of data”. Everything else is protected by a different key.
Moreover, the zero-knowledgeable DNS is a brand-new feature employed by ExpressVPN that makes sure your DNS doesn’t leak any personal or important information to anyone.