Independent auditors at KPMG confirmed that ExpressVPN never logs any of your identifiable information as stated in its Privacy Policy.

This is the 18th time ExpressVPN has put its service under scrutiny with a third-party audit since 2018, establishing itself once again as one of the best VPN services on the market.

The audit takes a deep dive into the provider’s VPN server infrastructure and ensures that, as of 12 December 2023, the privacy systems work as promised.

ExpressVPN 2024 no-log audit

Developed in 2019, ExpressVPN TrustedServer is its very own technology at the base of its no-log claims. 

For instance, all the servers run entirely on RAM which needs power to store data. This means that nothing is stored on the server after a reboot. ExpressVPN’s servers also come with an up-to-date code stack. So, every time the server is rebooted, the newest version of the stack (which includes the operating system (OS) and the VPN infrastructure above it) is loaded as a unique block to minimize the risks of bugs, other vulnerabilities, and misconfiguration.

KPMG thoroughly tested the description, design, and implementation of controls over ExpressVPN’s TrustedServer services. As of 12 December 2023, auditors could confirm that ExpressVPN’s system successfully prevented the collection of any user activity logs. 

“We’re delighted to have KPMG scrutinize our systems, TrustedServer technology, and validate our adherence to our no-logs policy,” said Aaron Engel, Chief Information Security Officer, ExpressVPN. “Regular assessments and audits by independent third parties help validate the strength of our security measures, bolstering our confidence in safeguarding our users.”

As mentioned, ExpressVPN is very active on the independent VPN audit front. The provider has undergone 18 third-party audits since 2018 in a bid to boost transparency and assurance over both its security and privacy systems.

You can access and read the full KPMG’s audit report here.

The benefits of no-log VPNs

As ExpressVPN confirms itself as a reliable no-log VPN, you might be wondering, why should you care whether or not my VPN logs user data? Well, you should if you care about your privacy.

This is mainly because a no-log VPN is your guarantee that no personal details or usage information is ever recorded. It is worth mentioning, though, that some logs of basic data are inevitable. This includes the number of users connecting to the same server and the email address associated with a user’s account, for example. 

For instance, if a malicious hacker or government manages to acquire this data, none of your sensitive information will be leaked because the details simply won’t exist. 

The importance of this feature has already been proved in real life when Swedish authorities were left empty-handed after an inconclusive police raid on Mullvad’s servers last year. Another provider, Private Internet Access, also proved its no-logs claims in court, not once but twice.

We at TechRadar firmly believe that a strict no-logs policy should be among your top priorities when signing up for a new VPN service. Better still, if this gets regularly verified as correct by independent auditors as in this case.

Disclaimer

We test and review VPN services in the context of legal recreational uses. For example:

1. Accessing a service from another country (subject to the terms and conditions of that service).

2. Protecting your online security and strengthening your online privacy when abroad.

We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Services MarketplaceListings, Bookings & Reviews

Entertainment blogs & Forums