ExpressVPN Introduces TrustServer- With Better Protection Than Ever
ExpressVPN’s Pursuit of Perfect Privacy
To say that ExpressVPN is innovative and a driving force in the pursuit of user privacy and complete online anonymity is something of an understatement and there truly seems to be no limit to their quest for excellence.
If you’re as old as me, you’ll remember the days of floppy discs and, maybe even the introduction of diskettes which, at the time, seemed both daring and innovative. Of course, these days, even CDs are obsolete when it comes to storing data and most of us rely on those clever little devices known as flash drives or USB sticks. With secure cloud storage on offer as well, even these may become redundant in a couple of years.
For ExpressVPN, however, any form of hard drive storage presents a number of security risks that this leading cybersecurity company considers unacceptable. Agreeing with IBM security advisor Brian Schneier’s assertion that “data is toxic… [and] continues to be toxic as long as it sits in company’s computers and networks”, ExpressVPN has decided to do away with all physical storage facilities on its servers and move its data into RAM instead.
The Importance of Physical Network Security
ExpressVPN has already dealt with basic issues concerning anonymous payments and has introduced exemplary no-logging and privacy policies. In addition to providing its users with access to a huge global server network and impressively fast connection speeds, its encryption algorithms are second to none. Taking things to the next level, ExpressVPN is now tackling issues relating to the physical security of its network.
While most VPN servers rely on some form of hard drive for storage purposes, these compromise the physical security of user data. The highest level of security within your VPN software is virtually useless if the physical side of things isn’t also completely secure. Think of a computer in terms of a building: its architecture needs to have the same level of security built into it like a bank vault.
Unfortunately, even the most secure bank vault can be compromised, as can the most well-protected and encrypted hard drive. The easiest way to prevent things from being stolen is to not have them in storage in the first place which is why ExpressVPN has introduced the TrustedServer initiative.
RAM stands for Random Access Memory and, unlike a hard drive, means that anything held within it is obliterated without a trace each time the server is rebooted. A hard drive, on the other hand, has to be erased and written over if the information stored on it is to be removed. Not only is this process time-consuming, but it also exposes whatever is stored on the hard drive to potential threats and interception.
According to research conducted at the Radboud University in the Netherlands last year, even self-encrypting hard drives contain certain vulnerabilities that could leave the data stored on them exposed. ExpressVPN’s obsolete hard drive storage utilized mainly HDD storage components from which data can be removed only through multiple overwrites. This, according to ExpressVPN, is an “error-prone” process that left their servers vulnerable to hacking and other cyber threats. If a hacker managed to get a backdoor in place on a server, they would be able to access thousands of users’ data and sensitive information.
By shifting all that data to the RAM, all ExpressVPN now has to do is reboot the server and, voila, all data and logs have disappeared! While ExpressVPN isn’t the only VPN provider to shift from hard drive storage to RAM, it is one of the few. Lesser known cybersecurity provider, OVPN is similarly relentless in its pursuit of perfect privacy and made a similar move some years ago but simply doesn’t have the server network to make it a viable cybersecurity solution. ExpressVPN, on the other hand, has thousands of servers situated in over 90 countries worldwide so is already providing one of the best VPN services around. The switch to RAM data storage simply underlines its position as the best VPN in the world and makes life even tougher for the competition.
TrustedServer Safeguards Software
Not only does ExpressVPN’s TrustedServer technology combat issues and vulnerabilities associated with hard drive storage, but it also tackles issues relating to software consistency. If you think of a network of VPN servers as being a barn full of horses, if each horse requires a different daily diet, the likelihood of your yard manager making a mistake or mixing up different elements is far more probable than if all the horses eat the same thing. Similarly, if each VPN server behaves differently with different encryption codes, configurations, and patches, maintaining, testing and auditing them becomes extremely challenging.
When ExpressVPN announced its TrustedServer initiative, it said that software consistency would make misconfigurations and vulnerabilities less likely and ensure that the software they are testing and auditing is the same across all servers. In this way, the technical department can ensure a consistent level of security across all the ExpressVPN connections, regardless of which server is being utilized.
Keeping it Contained
Although ExpressVPN has been leading the VPN industry for years, it never stops striving to improve its customer experience, security, and privacy. Unlike some of its rivals, who appear to be in the business of cybersecurity purely to make a profit, ExpressVPN invests a lot of time and money into research and development, the results of which are evident in its superior performance.
With the introduction of TrustedServer, ExpressVPN has brought in the concept of containerization which involves the bundling of an application together with its related libraries, configuration files, and dependencies to ensure optimal, bug-free operation. For this to work effectively, it needs to be consistent and continuous, ensuring the protection of the container, its pipeline, and application, while integrating seamlessly with other security tools.
What this means for ExpressVPN is that, basically, when a server starts up, it loads read-only images that contain everything from the software operating system to its pathways and configuration files. As there are no virtual machines or container engines left outside the container, the data is impervious to potential misconfigurations and vulnerabilities.
ExpressVPN’s Tails of Cybersecurity
While ExpressVPN won’t tell you any tall tales about its prowess in the field of cybersecurity, it has clearly listened intently to stories of the impressive standards of privacy, security, and anonymity provided by a Tails operating system.
Tails, or The Amnesiac Incognito Live System, was first released a decade ago in an effort to protect user anonymity and privacy. By using RAM, Tails can ensure your digital footprint disappears minutes after you restart your device. ExpressVPN’s TrustedServer technology works in a similar manner, using a read-only image to load containers into the RAM. This security is boosted further by the use of a cryptographic signature without which the server simply won’t operate.
The read-only image loads the container as the server boots up and then runs it on bare metal. While you would be forgiven for thinking this is some kind of new motorcycle, bare metal actually refers to an environment in which there is only one tenant. In other words, there are no noisy neighbors causing a negative impact on the server’s stability and performance.
Why it Matters
For years, ExpressVPN has been spearheading the concepts of trustworthiness and user privacy and anonymity in the operation of VPNs but these mean nothing if the physical security of the network isn’t up to scratch. For example, a VPN that proudly announces its new no-logging policy but that can’t guarantee the physical security of the data they do retain is basically wasting its time. In fact, promising privacy and security without physical protection in place is a little like saying you’ll keep something a secret by locking it in a transparent box.
Any network or operating system needs to be able to defend itself against physical attacks and, by ensuring no traces of your online activities or traffic data are left on the server’s hard drive, ExpressVPN is taking your anonymity and security to a whole new level. If my understanding is correct, vulnerabilities exploited in NordVPN’s services last year could have been prevented had these VPN providers implemented a similar strategy to ExpressVPN.
At the end of the day, a VPN is only as good as its physical security and that makes ExpressVPN virtually unbeatable both in terms of performance and security.
As cybersecurity threats continue to evolve and become increasingly sophisticated, so VPNs and other software solutions need to up their game to maintain effective user and data protection. Regular maintenance and patching of servers is as essential as leak protection and zero logging and ExpressVPN’s recent innovations reflect the level of its dedication to the consumer.
Not only does ExpressVPN offer one of the most efficient and secure VPNs in the business, but it is also an advocate for privacy and internet freedom, supporting the works of nonprofit organizations like the Electronic Frontier Foundation in its efforts to defend “digital privacy, free speech, and innovation”.
ExpressVPN has its finger on the virtual pulse and uses cutting-edge technology to remedy vulnerabilities and improve its already impressive level of security. In addition to its recent audit and other initiatives, ExpressVPN’s latest overhaul of its apps has also seen the introduction of improved physical security for its servers. The latest version of this impressive piece of cybersecurity software offers more user-friendly interface, making its latest technological innovations available to everyone, regardless of their level of technical prowess.
Even if you prefer another VPN provider for whatever reason, you can’t deny that ExpressVPN’s relentless pursuit of cybersecurity excellence is both laudable and welcome as it spurs its rivals to ever greater heights of privacy, anonymity, transparency, and security.