ExpressVPN review: Just as speedy now with its own open-source protocol

ExpressVPN in brief:

P2P allowed: Yes

Number of servers: 3,000+

Number of country locations: 95

Business location: British Virgin Islands

Cost: $99.95

VPN protocol: Lightway

Data encryption: AES256-GCM

Data authentication: SHA384

Handshake: ECDHE-RSA

Paying more than $60 for a VPN service is too much. Unless that company is offering a ton of extra features and device compatibility to justify the cost. One company making that gamble is ExpressVPN, which charges nearly $100 per year.

On top of the usual VPN connections, ExpressVPN says it works with Netflix, and you can use its smart DNS service to make an Apple TV or gaming console access U.S. media from overseas.


ExpressVPN with an active connection.

The last time we looked at ExpressVPN it was in the process of switching its server configuration to what it calls TrustedServer. That work is now complete. A TrustedServer means it doesn’t have a hard drive and runs entirely on RAM. This has become quite a trend, with many other VPNs following suite. ExpressVPN, however, was one of the first, along with OVPN.

Running everything in RAM avoids the possibility of any data logging since there’s nowhere to write the data to permanently. It also means that data is frequently overwritten and all data is lost when the server reboots. Authorities could employ some forensic techniques to pull limited data off RAM, but it wouldn’t be easy.

Features and services

When you first start up ExpressVPN, it looks about the same as it has for a few iterations now. It has a simple single-panel interface with a connected/not connected button, and the country selection below it. Then below that it shows the best smart location based on your geo data. When connected, ExpressVPN shows a selection of quick links to websites and internet-connected apps such as Google, Edge, and Mail. You can edit these shortcuts to customize them for your uses.

Click the hamburger menu in the upper-right corner, and you can get to the options where you can choose your VPN protocol. By default, ExpressVPN uses its own homegrown protocol called Lightway. The company created the new protocol to serve its needs as a public VPN provider.

The Lightway protocol is open source, and you can find it on GitHub. It’s also had a security audit by the penetration testing firm Cure53. One thing the company didn’t create from the ground up, thankfully, is the encryption. For that, Lightway uses wolfSSL, an open source SSL/TLS library.

If you don’t want to use Lightway, you can specify OpenVPN, IKEv2, or L2TP/IPSec. The easiest thing to do is let ExpressVPN choose the protocol automatically, which is what we did for our tests.

Other features in the Options section include a VPN kill switch, which is enabled by default, and a split tunneling feature where you can specify which apps will use the VPN when connected.

You can get to the country options in a number of ways. You can click the Selected Location ellipse on the main dashboard. Alternatively, you can click the “hamburger” menu icon and then select VPN Locations.

The country list itself has two tabs: Recommended and All locations. Under All locations you can find all 95 country locations, while Recommended is a list of good country connections based on your location.


ExpressVPN’s built-in speed test.

By default, ExpressVPN doesn’t show ping times or server load, but you can use the built-in speed test under the “hamburger” menu icon to see ping times and estimated download speeds for each country. These speed tests happen in a separate window and don’t show up in the main country list. You can, however, connect to the VPN from the speed test window.

As we mentioned earlier, ExpressVPN is $99.95 per year, which covers up to five simultaneous device connections and is available on Android, iOS, Kindle Fire, macOS, routers, and Windows 10. There is also the MediaStream service for Apple TV, Fire TV, PlayStation, and Xbox that lets you view U.S. streaming media from overseas.

Browser extensions from Chrome and Firefox let you control the app from the browser instead of acting as simple browser-only proxy connections.


In our tests, ExpressVPN was very fast, making it one of the top 10 fastest VPNs in our tests. ExpressVPN maintained 53.45 percent of the base speed across five locations worldwide during three separate days of testing. That’s a little bit slower than the last time we reviewed it, but not in any noticeable way. It’s still a lot faster than most services we’ve evaluated and is more than sufficient to accommodate a home user’s online activities.

Privacy, anonymity, and trust


ExpressVPN asks if you want to contribute to crash reports during initial setup.

ExpressVPN promises not to log any of your browsing history, or other personal data such as DNS queries, IP addresses, connection timestamps, or session duration. It does keep diagnostic and crash reports, but one thing that I really like is that ExpressVPN’s app on Windows asks you up front if you want to contribute this data. That’s an excellent approach, which should be standard for all VPNs.

While ExpressVPN doesn’t keep logs on your activity, it does save some data. It logs the version of the ExpressVPN app you’re using, successful connection attempts, the VPN location you connected to and from which country.

That’s a lot of information; however ExpressVPN says it does not log any IP addresses, neither your original or the one the VPN assigns to you. ExpressVPN also logs the total amount of data transferred in order to kick data hogs off its platform.

ExpressVPN explains how its privacy policy works with this simple example, “We may know, for example, that our customer John had connected to our New York VPN location on Tuesday and had transferred an aggregate of 823MB of data across a 24-hour period.” Despite that information, however, it says an individual users’ actions can’t be identified since it all blends in with the actions of other users.

That’s all okay, but not great for anyone trying to maximize privacy. Logging aggregate data, for example, would be enough to suggest high-bandwidth activities such as torrenting. One major improvement for ExpressVPN is that it has revealed the names of its co-founders who include Dan Pomerantz and Peter Burchhardt. We can also see a number of other executives and leaders on LinkedIn. This is a huge step forward from previous years where the only person who put a public face on ExpressVPN was Harold Li, company vice president. ExpressVPN is based in the British Virgin Islands, but the company’s workforce is located throughout the world, working from company offices as well as remotely.

The company also works with the Center for Democracy and Technology to define trustworthy signals for VPNs. It also publishes its security practices on its site. ExpressVPN also uses a build verification system to prevent malware from slipping in to its apps, and the company itself if funding its own privacy and security research with a full-time researcher at the ExpressVPN Digital Security Lab.


ExpressVPN has a great service. The speeds are phenomenal, the device support is off the charts, and the country locations and number of servers are vast. It’s also gone a long way to improving transparency about the company, and auditing its products. There is no question in my mind that you get more than enough value for your money with this service.

Editor’s note: Because online services are often iterative, gaining new features and performance improvements over time, this review is subject to change in order to accurately reflect the current state of the service. Any changes to text or our final review verdict will be noted at the top of this article.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *