ExpressVPN announces Independent Security Audit
Bernard Hastings | Last Updated:
On the 28th of January, ExpressVPN announced that their browser service extension was publicly audited by Cure53. The VPN provider made it clear that they are, ‘committed to equipping [ExpressVPN users] with the information needed to see’ that ExpressVPN is as secure as it claims to be.
Touted as ‘two new trust and transparency initiatives’ ExpressVPN hopes to show users first-hand that they’re safe using one of the world’s largest VPN services and potentially the best VPN in Australia. The ExpressVPN browser extension for both Chrome and Firefox has also been completely open-sourced which means the code is entirely open to the public for review.
This is particularly fantastic news for Australian VPN users as the government’s crackdown on online anonymity and expansion of illegal downloading laws continues. Any comprehensively secure, audited VPN is certainly praised in the era of false claims and accidental exposures by VPN providers.
The ExpressVPN Feature Set
When you consider that ExpressVPN is one of the most feature-packed, well-rounded and powerful VPN services available, this audit is simply the icing on the cake. It transparently shows the company’s commitment to security and showcases ExpressVPN’s ability to keep all Australians safe online.
The audit gives the company the power to pair their NBN-friendly fibre optic network, high-speed servers and unrestricted browsing with unmatched security. This level of security is found in just a handful of other VPN services.
Browsing from more than 148 countries is possible on the service and complex, smart masking technology even unblock websites in a secure, anonymous way.
Added services like the Chrome and Firefox browser extensions provide further security that is even easier to take advantage of the desktop VPN program.
You can find some more information on the extensive ExpressVPN feature set here:
Cure53’s Independent Browser Extension Audit
As ExpressVPN’s service promotes some of the tightest internet security in the world, through their own high-speed fibre network and off-shore servers, the company wants to be transparent in showing all of their claims are factual.
The Cure53 auditing team was invited by ExpressVPN to sift through the company’s browser extension with the intention of spotting security weaknesses and other vulnerabilities. The October 2018 audit took seven days and was finalised a month later in November when Cure53 returned to ensure all vulnerabilities were removed. Thankfully, there were just eight mild issues which were immediately amended.
Cure53 and ExpressVPN both highlighted that, of the eight issues, there were no vulnerabilities serious enough to enable hackers or other parties to access any web data through a web page. Generally speaking, this means all Australian users of ExpressVPN’s browser extension are entirely protected from outside threats, including government monitoring.
ExpressVPN made it clear that the company is, ‘pleased that this audit reaffirms and strengthens the security of our browser extension,’ whilst outlining that future audits will be accessible by the public.
Open-sourcing The Browser Extension Code
To complement the browser extension audit, the ExpressVPN team also made it a priority to open-source and publicly share their browser extension code. What this means is that anyone is able to access the code, sift through it and determine how safe it is. A great step forward for transparency in the internet security industry.
ExpressVPN outlined that their reason for sharing this code was to allow users to see exactly what the browser extension was doing. Due to the fact that all browser extensions request a whole suite of information, ExpressVPN wanted to show their users exactly what the browser extension requested and assure them that no personal, identifiable data was being collected.
One main focal point of allowing public access to ExpressVPN’s browser extension code was to give all users an in-depth understanding and look into what the extension collects. The company also outlined each reason for all individual permission requests. This is great news for Australian VPN users as our government’s metadata retention laws will collect just about all data available.
If you’d like to access the code for your own assessment you can find it at ExpressVPN’s GitHub page. You can also view the full list of ExpressVPN security features by following the link below:
Fighting For Industry Transparency
As one of the VPN industry’s biggest players, ExpressVPN has the power to fight for change and push others to follow suit. A little over three months ago, ExpressVPN took the initiative to launch the CDT or Centre for Democracy and Technology with the intention of pushing all VPNs to simply do better.
In the coming months and over the next year, ExpressVPN is touting that they’re looking forward to releasing even more security-focused tools and insights for users. This solidly supports their belief that all internet users should have access to an open, secure internet.
As the world becomes increasingly more digital and governments continue to peep and spy on users, a VPN service that you can trust becomes essential. Audits and publicly shared code make trusting services like ExpressVPN a whole lot easier and keep us all safe online, the way it should be.
If you like the idea of a reputable vpn service provider being open and upfront with regards to their security policy and implementation, click on the link below to head directly over to the ExpressVPN website: