KPMG's independent auditors confirmed that ExpressVPN never logs your identifiable information as stated in its Privacy Policy.
This is the 18th time ExpressVPN has put its service under scrutiny with a third-party audit since 2018, once again establishing itself as one of the best VPN services on the market.
The audit delves into the provider's VPN server infrastructure and ensures that, starting December 12, 2023, privacy systems are working as promised.
ExpressVPN Log-Free Audit 2024
Developed in 2019, ExpressVPN TrustedServer is its own technology based on its no-logging claims.
For example, all servers run entirely on RAM, which requires power to store data. This means that nothing is stored on the server after reboot. ExpressVPN servers also come with an updated code stack. Therefore, each time the server is restarted, the latest version of the stack (which includes the operating system (OS) and the VPN infrastructure on top of it) is loaded as a single block to minimize the risks of errors, other vulnerabilities and misconfigurations.
KPMG extensively tested the description, design, and implementation of controls over ExpressVPN's TrustedServer services. As of December 12, 2023, auditors were able to confirm that ExpressVPN's system successfully prevented the collection of user activity logs.
“We are pleased to have KPMG analyze our systems and TrustedServer technology and validate our compliance with our no-logs policy,” said Aaron Engel, Chief Information Security Officer at ExpressVPN. “Regular assessments and audits by independent third parties help validate the robustness of our security measures, reinforcing our confidence in protecting our users.”
As mentioned, ExpressVPN is very active on the independent VPN auditing front. The provider has undergone 18 third-party audits since 2018 in a bid to increase the transparency and assurance of its security and privacy systems.
You can access and read the full KPMG audit report here.
The benefits of no-logs VPNs
Since ExpressVPN is confirmed as a reliable no-logs VPN, you might be wondering: why should you care whether or not my VPN logs user data? Well, you should if you care about your privacy.
This is mainly because a no-logs VPN is your guarantee that no personal data or usage information will ever be logged. However, it is worth mentioning that some basic data records are unavoidable. This includes the number of users connecting to the same server and the email address associated with a user's account, for example.
For example, if a malicious hacker or government manages to acquire this data, no sensitive information will be leaked because the details simply won't exist.
The importance of this feature was already demonstrated in real life when Swedish authorities were left empty-handed after an inconclusive police raid on Mullvad servers last year. Another provider, Private Internet Access, also proved its no-registration claims in court, not once but twice.
At TechRadar we firmly believe that a strict no-logging policy should be among your top priorities when signing up for a new VPN service. Even better, if independent auditors periodically verify that this is correct, as in this case.
We test and review VPN services in the context of legal recreational uses. For example:
1. Access a service from another country (subject to the terms and conditions of that service).
2. Protecting your online security and strengthening your online privacy when abroad.
We do not support or tolerate illegal or malicious use of VPN services. Future Publishing does not endorse or approve the consumption of paid pirated content.
