In the second of what I hope will be a long-running series of interviews with leading figures in the VPN and security community, I tracked down David Lang, Communications Manager at ExpressVPN.
How did ExpressVPN come about?
ExpressVPN’s founders are the paranoid type who take every possible precaution to keep themselves safe online.
Having traveled to many countries with questionable censorship laws coupled with increasing mass surveillance by governments worldwide, they decided to do something to help. That’s how our core mission statement was formed: “Make it easy for everyone to use the internet with security, privacy, and freedom.”
That same principle holds as true today as it was back in 2009 when our service was launched.
ExpressVPN is a very popular VPN provider. What aspects of the service do you consider key to this success?
1. 24/7 support, including live chat – We are regularly praised as the VPN provider with the best customer service. Our support agents are knowledgeable, efficient, friendly, and available around the clock to assist our customers instantly with any issues they may have.
2. 145 server locations in 94 countries (and counting). Having so many locations to connect to is important for two reasons:
- It generally allows for better and faster connections for users who simply want to protect their internet data with a VPN, as they can connect to a physically close location for optimal speed. We also have a VPN location recommendation feature that automatically picks the fastest location for our users. In general we buy premium bandwidth from top-tier data centers. We don’t cut corners when it comes to our VPN server network.
- For users that want access to specific content from their home country, we offer more choice, hands down. Want to watch British TV or bypass baseball blackouts in the US? No problem! Need to connect to watch South African rugby? We’ve got you covered.
3. Our no-hassle 30-day money back guarantee. What sets us apart here is that we fully honor the refund request. Even if a customer is unhappy on day 29, we refund 100%. No prorated amounts.
How important is privacy to you, and why does it matter?
The right to privacy may not always be the most convenient choice, but we believe it’s a fundamental human right that must be preserved. Your private information belongs to you and you alone. This is why ExpressVPN has a strict zero logging policy for all browsing data. We’ve built our reputation on having our customers trust us to keep their data private.
What do you consider to be the main threats to privacy for ordinary internet users at this moment?
I think, clearly, the legal situation in many countries related to privacy, bulk data collection, and ISP monitoring is very worrying.
What role do you think VPN companies such as ExpressVPN can (and cannot) play in improving users’ privacy?
We provide services that allow our customers to take control of their online life. This includes preventing mass surveillance and tracking by your Internet Service Provider (ISP).
VPNs also offer a means to combat local censorship by giving people the freedom to geo-locate their IP address to any of 94+ countries around the world. Additionally, a VPN wraps all of your communications inside a secure tunnel preventing eavesdroppers from analyzing what you’re transmitting.
Another important privacy aspect is a zero log policy which ensures that browsing habits remain private, even from the VPN company. This is something that we take very seriously.
Conversely, VPNs cannot protect you from what happens inside your device itself. If you download a virus, your browser is compromised, or if you’re downloading apps and software that collect information on your device, then your privacy is still at risk.
In addition to using a VPN, what other measures would you recommend internet users take to protect their privacy?
In addition to using a VPN, I’d recommend users consider the following:
- Connect to a VPN, then connect to Tor
- Always use strong passwords and 2FA
- Pay with bitcoin
- Use Pidgin or Tails to keep your chats private
- Use PGP
- Set all social media accounts to private
ExpressVPN is incorporated in the British Virgin Islands (BVI). I understand that the legal situation is very murky (at best!), and that the BVI regulates its own internal affairs and has no mandatory data retention laws. But it is a British overseas territory and therefore operates under the jurisdiction and sovereignty of the UK government. It seems reasonable to me, then, to assume that the UK government, which is extremely hostile to privacy and is a key member of the NSA-led Five Eyes spying alliance, can put pressure on the BVI government and businesses. What are your thoughts on this?
I would say the situation is very clear: Although BVI has the word “British” in it, the government of the BVI effectively operates with full sovereign powers and little oversight from the UK. BVI legislators are democratically elected by BVI citizens, and the judicial system is also independent from the UK.
Unlike many countries which infringe on individuals’ right to privacy, the BVI is an offshore jurisdiction renowned for data protection laws.
We carefully took our users’ privacy into consideration when we chose this jurisdiction.
There are no data retention laws in the BVI and for us to consider a court order legally binding, it would need to come from a BVI court. The British Virgin Islands don’t have any foreign intelligence operations and therefore are also not part of the Five Eyes spying alliance.
We also are aware of zero incidents of the UK government directly pressuring BVI companies to cough up data on their customers, as they simply lack jurisdiction for making such requests. A BVI company can produce records or evidence about its customers only if ordered to do so by the BVI High Court. And fortunately, because we don’t log or monitor traffic data on our VPN servers, we don’t possess information that would be useful for us to produce were such an order to be made.
Governments all over the world appear to be developing a “collect it all” mentality. Do you think this is true, and if so, what do you think can be done about it?
Governments have always been willing to spend resources on gathering information from their citizens, only bound by technological ability and the size of their budget. Modern technology has made it possible to collect more and more information at a cheaper cost. What we can do is use technology to limit the available information, and make it more expensive to obtain.
I think it fair to say that many observers in the digital privacy space are rather alarmed at recent political events in the United States and across the globe generally. Would you care to speculate on how threats to privacy and personal security might play out in the near future?
I agree, and the public-at-large have every right to be alarmed. I think as threats to privacy and personal security become more well-known, VPNs and other privacy tools will become mainstream household items.
For the average user who wants to protect himself from digital surveillance and other threats, one thing will become critically important: trust. As VPNs gain widespread usage, attempts by governments to regulate them and their users will intensify. Choosing a VPN provider that has a proven track record of safeguarding users’ privacy, and which does not bow to outside pressure will become paramount.
Do you see any positive trends in the world of online privacy and security?
Absolutely. Usable privacy-enhancing technology has become easy and cheap to use and is developing rapidly. There is a strong demand for online privacy, and both software and hardware manufacturers are realizing that. Eventually, it all depends on whether people demand and use technology that respects their privacy and upholds their rights.
Has ExpressVPN any exciting new developments in the works that you would like to share?
You heard it here first: we’ll soon support a brand new router for the ExpressVPN App for Routers. This model will be the most affordable yet. With a price range of only $40-65, we hope to make whole-home privacy accessible to everyone.
We’re hoping for a release in May 2017.
Thank you for taking the time to talk with me.
Thanks for taking the time to interview us!