We look forward to publishing more audits, tools, and insights that enable you to hold us to that commitment. They complement our other trust and transparency efforts, including providing open-source leak testing tools, publicly detailing our security practices, and working with the Center for Democracy and Technology on responsible disclosure in the VPN industry.Īt ExpressVPN, we’re committed to doing our part to keep pushing the industry forward to better protect online privacy and security, through both technology and transparency. That’s why it’s crucial that we have high standards for trust and transparency in the industry.Īudits by trusted third parties, including our recent security assessment by Cure53, provide independent verification of the privacy and security commitments we make to customers. Online privacy and security have never been more important, and VPNs provide vital protections. Independent verification of privacy and security protections We can unequivocally say, however, that we’ve been pleased with the entire process from start to finish. As such, we’re unable to provide specifics about the results in this blog post, but we encourage customers to read the full report. Given the scope and extensive nature of the audit, PwC does not allow excerpts to be shared in order to ensure none of the audit results are taken out of context and misunderstood. Over the course of a month, PwC interviewed staff responsible for managing our VPN servers inspected source code, configurations, and technical log files and observed our server configuration and deployment processes. To enable PwC to thoroughly audit our servers, we gave them extensive access to our team and system information. Customers can do so by logging in and visiting the Privacy and Security Audits page, and members of the media can email What process did the auditors follow, and what were the results? The audit was conducted under the International Standard on Assurance Engagements (ISAE) 3000 (Revised), and in line with PwC’s standards for such reports, those seeking to view the report must acknowledge PwC’s terms and conditions before accessing it. Today, we’re releasing the independent audit report in full, available to customers, journalists, reviewers, and partners. To learn more, see full details of what was covered by the audit (PDF). The audit also checked that TrustedServer technology operates as we’ve described. Independent audit professionals from PwC exhaustively examined our code and interviewed our team members in order to confirm whether our VPN servers were in compliance with our privacy policy, including our policy of not collecting activity logs or connection logs. So that’s exactly who we called in: the experts at the “Big Four” auditing firm PwC (PricewaterhouseCoopers). It would take a team of security audit experts with access to our servers’ codebase to verify our claims. How can you be confident ExpressVPN’s claims are accurate? We’re so committed to ensuring we never store any sensitive data that we developed a new technology in-house, TrustedServer, to ensure that all data is wiped every time a server is rebooted. That means not knowing what you do online when connected to our service-no activity logs, no connection logs, no sensitive information. ![]() ![]() To best protect our customers, we follow a central principle of never storing any data that could compromise a user’s privacy or security. At ExpressVPN, we take your privacy and security extremely seriously.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |