These questions include some details that are not a part of ExpressVPN’s in-depth review mentioned earlier. So, take a look the Q&A here (the answers are mentioned as they were conveyed to Fossbytes):
1. What is the registered name of your business? Provide other details like jurisdiction and office location?
We’re registered as Express VPN International Limited, based in the jurisdiction of the British Virgin Islands (BVI). The BVI has no data retention laws and is not party to any 14 Eyes intelligence sharing agreements.
2. What type of user information do you store on ExpressVPN servers? And for how long?
ExpressVPN collects only the information required for administering subscriptions and troubleshooting technical issues. For administering subscriptions, we store the user’s provided name, email address, and payment information. For the purposes of technical support and troubleshooting, minimal information is collected, namely: apps and app versions successfully activated, dates (not times) when connected to the VPN service, choice of VPN server location, and total amount (in MB) of data transferred per day.
Users can also opt to share anonymized analytics data such as speed test data, connection failures, and crash reports. These diagnostic reports do not tie back to individual users, because we’ve engineered our apps to never know which user sends which data. You can specify in the settings menu of any ExpressVPN app whether you wish to send these data to us.
None of these data enable ExpressVPN or anyone else to match an individual to specific network activity or behavior. We are unable to answer questions related to data that we do not possess, such as how a customer has utilized our VPN service.
ExpressVPN does not keep any activity logs or connection logs. We never log the destination or contents of your traffic, connection timestamps, session duration, your source IP address, or the ExpressVPN IP address that your computer assumes when connected to the VPN.
To learn more about how we protect customer privacy and security by not storing activity logs or connection logs, see our page detailing ExpressVPN’s policies.
3. What innovative steps does ExpressVPN to take to protect the identity and privacy of person using the VPN service?
ExpressVPN’s systems and policies are specifically engineered to protect user privacy and security. Some examples include:
ExpressVPN not only does not store any information that could link an individual with specific network activity (such as end-user IP addresses and identifiable usernames), we also ensure that such information never even hits a disk on any server. This is harder to do in practice than it sounds. Many DNS and VPN software packages write some data to disk by default. The VPN provider needs to go to extra lengths to ensure they’re never written. Writing, then deleting isn’t good enough, as deleted data could still be recoverable.
ExpressVPN runs its own private, zero-knowledge DNS on every server.
ExpressVPN is a leader in identifying and fixing leaks. For example, we were the first provider to raise the issue of DNS leaks that occur when a user switches network connections, which ExpressVPN apps protect you from.
ExpressVPN uses Perfect Forward Secrecy to ensure that in the unlikely scenario that encryption keys are compromised or stolen, this does not affect the security of past or future communications.
ExpressVPN has a Tor onion service to provide a more private and anonymous way to access our website.
ExpressVPN systems are designed so that no single system has access to the CA key. It’s stored encrypted at rest, with the decryption keys stored elsewhere, and only used on rare occasions as needed, on systems that are behind multiple layers of protection.
4. If a federal or private body requests user information, what procedure does ExpressVPN follow? Is the concerned user informed? Has such incident taken place in the past?
Because ExpressVPN is registered in the BVI, an order to produce evidence and records (pursuant to an investigation) must come from the BVI High Court. If a foreign government, such as that of the US or UK, wishes to petition the BVI High Court to make such an order, there are stringent conditions that need to be met, including a requirement for “dual criminality,” meaning that for the request to be upheld the same crime must be punishable by at least a one-year prison sentence under BVI law, had it taken place in the BVI.
Of course, as ExpressVPN has built its network around not knowing the internet activity of its users, even if there were a court order, we would not be able to provide any data that could be used to correlate specific activity to any given individual.
5. Does ExpressVPN put a data bandwidth cap or throttle connection speeds on your VPN service? Do you have specialized servers for P2P, torrent, and onion services?
ExpressVPN does not cap or restrict bandwidth. Users can access P2P and onion services on any of our servers.
6. What options do the users have while paying for ExpressVPN service and do you store the payment details on your servers? Is there any option that lets a user pay anonymously?
Payment options for ExpressVPN include credit cards, PayPal, and Bitcoin. Users seeking to enhance their anonymity can select Bitcoin as their payment method and provide a name and email address that preserves their anonymity.
For the purpose of administering subscriptions, we store the user’s provided name, email address, and payment information.
7. Are you aware of the details, at any point in time, that could be used to identify a person using your VPN service in real-time?
VPNs protect against specific vulnerabilities relating to privacy and anonymity, such as DNS requests, IP addresses, and unencrypted traffic.
Of course, there are a number of threat vectors that no VPN can eliminate – including social engineering, tracking cookies, spyware and malware, and physical tampering – which could lead to someone being tracked or hacked even while using a VPN.
8. If your VPN service faces a cyber attack, what measures would follow? Has such event happened earlier?
We would immediately work to stop the attack and mitigate the impact, then assess the impact and communicate with any and all affected users.
9. Your online portal features an option called “IP address registration” under DNS Settings? How does it work? Don’t you think it would affect users’ privacy?
Separately from VPN services, we also provide our optional MediaStreamer service for devices such as Apple TV that do not support VPNs. Users who opt into using MediaStreamer can choose to register specific IP addresses that should be authorized to use the service; these IP addresses are only used by ExpressVPN to provide the optional MediaStreamer service and not for any other purpose. Because the services don’t run on an app, there is no way to do username/password authentication.
Using MediaStreamer is completely optional, and users who don’t specifically register for it would not have their IP address recorded. For privacy-conscious users, we recommend they set up ExpressVPN on a router and connect their media streaming devices through the router rather than use our MediaStreamer service.
10. How many numbers of VPN servers and locations to does ExpressVPN have? What are your future expansion plans?
ExpressVPN has over 1,800 servers, covering 145 locations in 94 countries, with new ones added weekly to ensure adequate bandwidth even during peak hours and to respond to user requests for specific locations.
11. What makes ExpressVPN service better than other available solutions? What’s your standout feature?
It just works. We have an easy-to-use service that is usable on virtually every major device and OS – including Mac, Windows, Linux, iOS, Android, browsers, routers, Apple TV, PlayStation, Xbox, and more. Our VPN works with popular streaming services and in countries with notoriously strict censorship. And when you need help, you can get it in seconds, not days thanks to our 24/7 live chat customer service.
We innovate on privacy and security. We are leaders in identifying and fixing leaks. Our BVI jurisdiction, policies, and engineering solutions ensure that no one can ever link specific activity on our VPN service to specific users.
Built for speed and stability. We are constantly investing in premium bandwidth and servers on every continent to ensure industry-leading speeds no matter where in the world you’re connecting from or to, with no caps on bandwidth.
12. What options does your customer support include? Do you offer live assistance?
Yes, ExpressVPN offers 24/7 customer service via live chat or email. We also have extensive self-service support content available on ExpressVPN.com, including detailed step-by-step set-up tutorials in both text and video form for a wide range of devices and operating systems.
Did you like our review of ExpressVPN? If you have any questions, drop them in the comments.