ExpressVPN is a virtual private network service offered by the British Virgin Islands-registered company Express VPN International Ltd. The software is marketed as a privacy and security tool that encrypts users’ web traffic and masks their IP addresses.
In 2018, both TechRadar and Comparitech named the service their Editors’ Choice.
TorrentFreak has interviewed ExpressVPN in their annual comparison of VPN providers since 2015.
On 14 January 2016, ExpressVPN was criticized by former Google information security engineer Marc Bevand for using weak encryption. Bevand had discovered that only a 1024-bit RSA key was used to encrypt the service’s connections after using it to test the strength of the Great Firewall of China. Bevand described ExpressVPN as “one of the top three commercial VPN providers in China” and asserted that the Chinese government would be able to factor the RSA keys to potentially spy on users. On January 25, ExpressVPN announced that it would soon roll out an upgraded CA certificate. On February 15, Bevand wrote in an update that ExpressVPN had reported to him that they had now switched to 4096-bit RSA keys.
In a review done by PCMag UK editor Max Eddy in May 2017, the service scored 4 out of 5 with the bottom-line being that although the service wasn’t the fastest, it “certainly protects your data from thieves and spies.” In October 2017, TechRadar gave the service 4½ out of 5 stars, calling it “a premium service with well-crafted clients, an ample choice of locations and reliable performance.” PCWorld rated the service 3½ out of 5 in their September 2017 review, commending it for its easy-to-use software while criticizing “the secrecy behind who runs the company.” The service received 4.5 out of 5 stars from VPNSelector in their July 2019 review putting it to the first place among VPN providers.
In December 2017, ExpressVPN announced a “Privacy Research Lab” project, including open source leak testing tools released on GitHub. The tools enable users to determine if their VPN provider is leaking network traffic, DNS, or true IP addresses while connected to the VPN, such as when switching from a wireless to a wired internet connection. Comparitech tested the tools with 11 popular VPN services and found leaks across every VPN provider, with the exception of ExpressVPN. However, they clarified, “To be fair, ExpressVPN built the test tools and applied them to its own VPN app prior to publication of this article, so it has already patched leaks that it initially detected.“