Data security and users' privacy are the core elements that lie behind all the best VPN software. However, even the most top-notch security features can have some vulnerabilities at times.
Malicious actors can hack VPN servers to steal users' data, for example. Some governments are even passing invasive laws to force providers to hand over this information upon request - that's exactly what's happening in India at the moment.
It's in this context that our top-rated service ExpressVPN has developed its own TrustedServer technology to boost users' data protection. "Because of how it's engineered and the fact that it runs in RAM only, our VPN servers are built from the ground up to ensure no sensitive data is logged, even by accident, and thus not accessible by us or third parties,” said ExpressVPN vice president Harold Li.
Let's have a better look at how ExpressVPN's TrustedServer tech works and how it differs from traditional servers.
What is ExpressVPN TrustedServer?
ExpressVPN developed its own TrustedServer technology in 2019 with the aim of minimizing the risk of users' data being compromised. Not long after its release, independent audit professionals from PricewaterhouseCoopers (PwC) confirmed that the new platform works in compliance with ExpressVPN's Privacy Policy. This means that no connection logs nor activities logs are retained.
A VPN server - whether a physical or virtual one - is a combination of pieces of hardware and software that allow users to connect to a secure private network. It's the VPN server that masks your real IP address, replacing it with one of its own. It's the software running the server, together with the VPN protocol, that's responsible for encrypting your data and traffic.
An industry-first in the market, the top provider builds its very own secure VPN servers platform - all of its 3,000+ are developed upon this technology.
TrustedServer vs traditional servers
ExpressVPN TrustedServer technology has essentially brought two main important innovations that set them apart from traditional servers.
1. Servers running entirely on RAM: never keep logs
Traditional servers generally run via a hard-disk system. This means that the data is locally retained until it's erased and written over. If the servers are seized or hacked, there's a risk that third parties can access users' sensitive information.
In contrast, TrustedServer technology works on Random Access Memory (RAM). Also called volatile memory, RAM needs power to store data. This means that every time you shut down your device, all the information will vanish, and in the case of servers, nothing is stored on the server after a reboot.
2. Secure and up-to-date code stack: minimize risks of bugs
Another important innovation comes with the way TrustedServers are internally built. Normal servers have their operating system (OS) and software installed the first time these are set up. Every time there's a new update, this is added on top of the existing system. This creates opportunities for differences to arise among servers, meaning that developers cannot be 100% sure that all the servers run with the same secure code.
TrustedServer intends to fix these potential vulnerabilities by running its servers via a single cryptographically signed read-only image. So, every time the server is rebooted, the newest version of the stack (the OS and the VPN infrastructure above it) is loaded as a unique block. In this way, the risk of vulnerabilities and misconfiguration is eliminated. It also means that the server owner - in this case, ExpressVPN - knows exactly how each server is running at all times.
What about other providers?
ExpressVPN is the only provider in the market that developed its RAM-only servers in a way that the entire software stack is reinstalled at every connection. However, other services are now running their servers with volatile memory instead of a hard-disk.
It was in 2020 that NordVPN, Surfshark and Private Internet Access upgraded all their servers to be RAM-only. They took further security measures, too. NordVPN is now shipping its own hardware to data centres, for example, while PIA's staff is no longer handling the server setup.
CyberGhost is another big name that made the change from hard-disk to RAM servers. The provider went even further, though. It also offers a few NoSpy servers for extra security. These are built in their Romanian headquarters so that its team manages them internally end-to-end.
Learn how to boost your streaming experience with ExpressVPN MediaStreamer
