I’m the best would be the opening sentence of every VPN website if they could talk. But things aren’t the same if others say the same about you. Apparently, ExpressVPN lies in that territory. Most influencers talk positively about this, so we thought to test the truth.
ExpressVPN: Background
ExpressVPN is based in the British Virgin Islands, an ideal location for less-invasive, consumer privacy-centric operations. The local laws don’t force VPN companies to retain user data, a must-have for no-logs VPN. However, following September 2021, ExpressVPN is being owned by Kape Technologies. And many cybersecurity experts don’t trust Kape because of its shady past. So, there are better options for high-profile personnel looking just for privacy, like Mullvad VPN, Surfshark VPN, PureVPN, etc. But since there are many other things a standard user opts for any VPN, including entertainment, p2p, and gaming, we’ll continue this ExpressVPN review unbiased. Take a look at some of their features:
No-logs AES-256 bit encryption Servers in 94 Countries Split Tunneling RAM-only servers Kill-switch Private DNS 5 Devices per subscription 24/7 Support
Some key things missing are multihop, server obfuscation, Tor over VPN, adblocker, etc. Given the price point, ExpressVPN should at least have some of those features. And that looks especially bad when more economical (yet effective) options like ProtonVPN and Surfshark are loaded with them. So, what kept us going? The promise of blazing fast speeds and geo unblocking, which we’ll test shortly after the hands-on.
ExpressVPN: Getting Started
I subscribed to the one-month plan costing $12.95. In addition, ExpressVPN offers six-month and one-year plans. The annual plan is the most pocket-friendly, billing just (🙄) $8.32 per month. The good thing is all plans come with a 30-day money-back guarantee. There are plenty of payment options with cards, PayPal, Bitcoin, and others. You’ll be asked about your name, email address, and pin code (optional). Finally, you get this activation code to use with the applications: I downloaded the Windows client and activated it using the given code.
User Interface
The UI is clean and pleasant, with a single button asking to connect to the selected location. The hamburger icon on the top left is where all the settings hide. You can check all the server locations by clicking anywhere in the Selected Location tab. This will also mention the suggested and the favorite marked servers. Overall, I liked the minimal look. But it would be excellent had ExpressVPN managed to show server loads alongside. This is an arrangement I’ve seen in ProtonVPN, and it helped me in choosing the less crowded (and fast) server. Not a big thing, though. However, we’ve all the rights to expect this from the priciest VPN recommended across the industry.
Split Tunnelling
Since we are reviewing ExpressVPN as an entertainment-heavy tool, split tunneling makes the most sense. In brief, split tunneling helps you choose which applications to use VPN encryption. The left-out ones are routed normally, enjoying the standard connecting speeds. This is helpful since VPNs are known to slow down internet connections, owing to the heavy encryptions. You can turn this on by clicking the hamburger icon, tapping Options>General, and checking the Manage connection on a per-app basis. Subsequently, click Settings: As the image shows, you can manage this in two ways: apps using or avoiding a VPN connection. The +- symbol helps you select the applications accordingly. Finally, press OK to set this up.
Kill Switch
A kill switch saves the user’s anonymity if the VPN encryption goes down. This setting is under the Network Lock section in the General settings tab. ExpressVPN protects you from server-side issues, and you can rest assured your IP address will remain concealed. However, we have seen proactive versions of kill switches with other VPNs like HideMyAss, Proton, etc. They also block the internet if you forget to turn on the VPN or turn it off intentionally. So, ExpressVPN’s kill switch is mild because it’s about the server glitches and not the user-side interactions.
Protocols
VPN clients use specific algorithms to connect to the servers known as VPN protocols. There are many, with the top and the most used ones to date being OpenVPN and WireGuard. ExpressVPN has a long list of protocols, including a few (IKEv2 and L2TP/IPsec) which don’t find a place with other VPNs. Surprisingly, it gives WireGuard a pass citing an outdated status when it was indeed in progress. However, WireGuard is now complete, and most VPN providers are using its modified version, sealing a lone static IP vulnerability. So it’s about time ExpressVPN started supporting WireGuard. The exciting thing about the protocol list is Lightway–ExpressVPN’s homegrown protocol. Its code base is open-source and has been audited by an independent security firm Cure53. The audit found 14 non-critical shortcomings, fixed in the following updates. Ergo, thumbs up to ExpressVPN for developing Lightway, but the protocol list will look better with WireGuard’s inclusion. Winding up this session, we’ll jump into some testing.
IP, WebRTC, & DNS leak
Hiding one’s IP address is the primary step toward digital anonymity. One can use your IP address to locate you, launch personalized attacks, and do more harm than good. In addition, the IP address can leak through the WebRTC, a web browser-based vulnerability. To check ExpressVPN’s protection, I logged on to BrowserLeaks. This disguised my IPv4 address, including via WebRTC. In addition, the IPv6 address was also hidden. Then came the DNS leak test. This evaluates if the VPN server sends the DNS queries to the ISP instead of its servers. In that case, the ISP can check your IP address and log all your web activity. So, I ran a DNS leak test and found ExpressVPN performing optimally. All queries went through the intended servers, and no query leaked to the ISP.
Encryption Test
Information travels as data packets you can intercept and decode via free but sophisticated tools like Wireshark. Take a look: This is among the thousands revealing the browser, operating system, IP addresses of source and destination, etc. Such information can be dangerous in the wrong hands. Besides, one can easily check the significant chunk of web activity by analyzing DNS queries: The primary task of any VPN is to encrypt these packets and make information illegible to snoopers. I switched to ExpressVPN’s Lightway protocol and checked for any information leaks. And unfortunately, my IPv6 address was visible in one of the packets via the ICMPv6 protocol. This was even when I turned on the IPv6 leak protection in the Advanced settings tab. So that was a major turn-off. The solution is either to turn off the IPv6 address in your device or risk revealing it while using ExpressVPN. And if it makes it any better, this was the same problem I discovered with ProtonVPN. The same issue also plagued Surfshark, although they mentioned not supporting IPv6, unlike ExpressVPN and ProtonVPN. Ergo, you’re safe to use ExpressVPN if you don’t want an active IPv6 address and can turn it off, which is a simple enough process. However, it successfully encrypted the rest of the packets, including the revealing DNS queries.
Speed Test
This is the feat ExpressVPN is praised for everywhere. You also get an inbuilt speed test telling the fastest servers for your locations. Here, the download speed is a server indicator, which is different from what you’ll get. You can choose from the recommended locations and continents or run it through every server. Next, I ran a speed test with Ookla’s tool twice on selected locations. Here are the averages: The download speeds were exceptional, and I rarely felt the speed throttling. The latency, however, was high owing to the distance and countless factors beyond a VPN’s influence. Finally, the only area in which ExpressVPN can improve is upload speeds.
Geo-Unblocking Test
Access to global entertainment is one of the most significant factors pushing VPN subscriptions. And I have heard excellent things about ExpressVPN unblocking streaming platforms with ease. This will be interesting to see because there aren’t any servers marked as streaming optimized. However, I was able to unblock US Netflix only NCIS with the second server I tried: Finally, ExpressVPN helped me log on to BBC iPlayer with a UK server: Conclusively, ExpressVPN passed this short streaming unlocking test with flying colors.
ExpressVPN: Wrap Up
ExpressVPN has an excellent user interface, offers incredible download speeds, and allows seamless entertainment. That said, it’ll be good to see it with more privacy-focused features like network obfuscation, multi-hop, fool-proof IPv6 protection, advanced kill switch, etc. And given its price, I would recommend trying ProtonVPN and Surfshark first. PS: Confused about selecting the perfect VPN? Try this guide covering the VPN features to look out for.