TrustedServer security: Only with ExpressVPN

The most advanced VPN server technology, independently audited to confirm essential privacy protections. It’s ExpressVPN TrustedServer.

  • All data wiped with every reboot, as VPN servers run on RAM only
  • Servers never write to the hard drive, further minimizing data risk
  • The entire software stack is reinstalled on every server at startup
  • We know what’s running on every server, with no inconsistencies
ExpressVPN TrustedServer technology loaded onto servers.

TrustedServer explained

This video highlights how ExpressVPN TrustedServer’s key innovations work together to deliver a more secure internet experience for you.

ExpressVPN TrustedServer: Raising the bar

Can’t see the video?  Download the transcript (PDF, 84kb)

Removing the risk of hard drives

Hard drive with yellow background.

The problem with traditional servers

The typical way of running servers relies on hard drives, which retain all data until they are erased and written over. This raises the risk that servers could inadvertently contain sensitive information. That data could be at risk if a third party were to hack or seize the server. Worse, hackers who overcome the server’s defenses might be able to install a backdoor that remains indefinitely.

Trusted Server diagram showing data in RAM, but nothing written to the hard drive.

Solved by running on RAM only

With TrustedServer, ExpressVPN prevents the operating system and apps from ever writing to the hard drive. Instead, the server is run entirely on volatile memory, or RAM. Since RAM requires power to store data, all information on a server is wiped every time it is powered off and on again—stopping both data and potential intruders from persisting on the machine.

TrustedServer increases consistency, and security

Tetris-like blocks showing how piecemeal software updates can lead to inconsistencies among servers that are not using Trusted Server technology.

Traditionally, server administrators install the operating system (OS) and software when the server is first set up, then add updates over time. Every change applied is an opportunity for differences to arise among servers, decreasing confidence that each one is using the exact same code. A server set up years ago might be running in a way that’s dangerously different from what the administrators are auditing today.

A grid of identical blocks, showing how Trusted Server ensures that software and configurations are consistent across all ExpressVPN servers.

TrustedServer ensures that every one of ExpressVPN’s servers runs the most up-to-date software. Each time a server starts up, it loads the latest read-only image containing the entire software stack, OS and all. That means ExpressVPN knows exactly what’s running on each and every server—minimizing the risk of vulnerabilities or misconfiguration and dramatically improving VPN security.

TrustedServer: Raising the security bar

A VPN TrustedServer diagram showing the hard drive containing only a read-only image, cryptographically signed by ExpressVPN.

TrustedServer technology represents a major leap in protecting user privacy and security, addressing key risks inherent in how VPN servers are traditionally run. And you don’t just have to take our word for it—TrustedServer technology has been independently audited twice, once by PwC and then more recently by Cure53. We have also introduced a one-time bonus award of US$100,000 in our bug bounty program specifically for the discovery of security issues within TrustedServer.

Want a more detailed look at the many ways TrustedServer protects users? Read our deep dive into the tech, written by the engineer who designed the system.

The groundbreaking security of TrustedServer: Only available on ExpressVPN.

30
DAY
MONEY-BACK GUARANTEE

Get the only VPN with TrustedServer technology

Try it risk-free.

We’re so confident in our product, we’re offering a 30-day money-back guarantee.