Alternative VPN Choices for You
Allowing up to three simultaneous connections is fairly average these days, but in an increasingly competitive marketspace some providers are starting to become more generous. ExpressVPN pioneered the concept of expert 24/7 customer support within the industry, and continues to lead the way in this regard. Torrenting is permitted on all ExpressVPN's servers without any limits, although hardcore downloaders may miss the ability to port forward through the VPN NAT firewall.
As is common with larger providers who offer a great many server locations, ExpressVPN uses a mix of bare metal and virtual servers. For the vast majority of users, virtual servers are a non-issue, but we would prefer it if ExpressVPN clearly labeled which servers are which. This would allow customers serious about privacy to make an informed decision about which servers to use.
In addition to online support for a wide range of routers, ExpressVPN offers a range of pre-configured ExpressVPN routers via FlashRouters. These use custom firmware developed by ExpressVPN, and feature DNS leak protection and split tunneling for connected devices.
In addition to the above standard features, ExpressVPN offers some groovy non-standard ones that add great value to its already fully-featured package...
Smart DNS is a technology used for geo-spoofing your location. This very useful for accessing streaming services such as US Netflix and BBC iPlayer, which are geo-blocked. It works by resolving your DNS requests at a specified location, and has the following advantages over using a VPN:
- It is must faster, as no encryption/decryption is required. This means fewer buffering issues.
- It can be used with any internet-capable device, including many that cannot run VPN software. For example, smart TVs, games consoles, and Roku devices.
- It is less likely to be blocked by services that try to ban VPN users (although this cannot be guaranteed).
On the flip side, Smart DNS does nothing to improve your privacy or security.
All ExpressVPN customers gain full access to both its VPN and Smart DNS services.
ExpressVPN Smart DNS unblocked both US Netflix and BBC iPlayer for us when performing this review.
A .onion Tor Web Address
Sometimes the most difficult thing about defeating censorship with a VPN is actually getting onto a VPN provider’s website so you can sign up for the service and download its software. ExpressVPN has a solution for this!
Just type http://expressobutiolem.onion into the URL bar of the Tor Browser to visit a Tor Hidden Services dark web mirror of the ExpressVPN website. Using a .onion address makes it more or less impossible to censor the website.
Does ExpressVPN unblock Netflix?
ExpressVPN's Smart DNS feature has many advantages over using a VPN for streaming, and also makes a great backup if its regular VPN IPs are blocked by services. For most people, though, it is much easier to just turn on the regular VPN for this. It is therefore good to know that the VPN will unblock many major streaming platforms. This includes US Netflix and BBC iPlayer.
Unblocking such services is always a cat-and-mouse game, and readers occasionally report not being able access them using ExpressVPN. In this case, the Smart DNS service makes a great fallback, and ExpressVPN always resolves the issue within a day or two at most. If you experience issues, then the 24/7 live chat support will often be able to recommend a particular server that works.
Speed and performance
Please see VPN Speed Testing Done Right for an overview of our scientific speed test system. At the time of writing, ExpressVPN has the fastest average speed test results of any VPN we have tested (40.33 Mbit/s), and the second fastest Max Speed/Burst Result (115.28 Mbit/s).
DNS lookup time is a good measure of how fast users perceive their connection to be. Faster lookup time = faster web page loading. ExpressVPN does not break records, but scores perfectly well in this test.
ExpressVPN's connection times are well above average.
Overall, ExpressVPN scores very well in these tests. It is a fast VPN service with the fastest overall speed test results on the market. Color me impressed.
We detected no regular DNS leaks, but our IPv6 address was leaked via WebRTC in both Windows and macOS. If you are lucky enough to use an ISP that offers IPv6 connectivity then you should either disable IPv6 on your system (see the optional section for each OS listed in How to Change your DNS Settings) or disable WebRTC in your browser. Alternatively, the ExpressVPN browser add-ons for Chrome and Firefox also fix the problem.
Please note that Private Use RFC IPs are local IPs only. They cannot be used to identify an individual, and so do not constitute an IP leak.
ExpressVPN’s packages are listed above. The longer the package, the better the value. ExpressVPN does not offer a free trial*, as such, but it does offer a very generous 30-day money-back guarantee. And unlike with some companies out there, there are no catches to watch out for. Cancel any time within 30 days and you will get your money back. No explanation is required.
*A free trial is available for mobile users – seven days for the iOS app and one day for the Android app – as per standard Apple Store and Google Play Store policies.
It is also worth mentioning that ExpressVPN offers quite a groovy referral program. Convince a friend to sign up and you both get 30 days free.
ExpressVPN accepts payment via credit/debit card, PayPal and Bitcoin. It has also partnered with Paymentwall to accept a number of more obscure international payment options.
Ease of Use
Custom VPN apps are available for Windows, macOS, Android, and iOS. A custom Linux app is also available. This is terminal command-line only, but does include DNS leak protection.
The website features a ton of setup guides for a wide range of devices and platforms. In addition to this, pre-configured ExpressVPN routers are available from FlashRouters. These use custom firmware developed by ExpressVPN, and feature DNS leak protection and split tunneling for connected devices.
New additions to the ExpressVPN app lineup are browser add-ons for Chrome and Firefox (Windows and macOS only).
Registering with ExpressVPN is easy enough. Other than payment details, the only information you are asked for is a valid email address. There is nothing to prevent you from using a disposable email address. And because ExpressVPN accepts payment in bitcoins, if care is taken, it is possible to register anonymously. Do please remember, though, that however you register and pay, ExpressVPN will know your real IP address.
Once signed up, you will receive a welcome email which includes a number of useful links for setting up the service.
The ExpressVPN Windows Client
ExpressVPN specializes in making its service easy-to-use and as layman-friendly as possible. One wrinkle is that you need to enter a unique activation code. This is available via your subscriptions page on the ExpressVPN website.
Once installed, all you need do is select a location and hit the big friendly Connect button!
If you wish to delve deeper, however, the ExpressVPN client contains some powerful features. This includes a firewall-based kill switch and DNS leak protection. The basic client does not protect against IPv6 WebRTC leaks, however.
Various VPN protocols are available. I sort of wish that, given how insecure it is, PPTP wasn’t even offered, but at least ExpressVPN clearly warns you about the issue.
So the Windows client is very easy to use, but is packed with powerful features that are actually useful.
Mac OS X/Mac OS client
Recent changes to the Windows client mean that it now matches how the Mac client in looks.
Both clients offer the same functionality. This is great, as Mac users often get the short end of the stick when it comes to features.
The Android App
Available for Android 4.2+, this app can be installed from the Google Play store or downloaded directly as an .apk file. This is great news for anti-Google privacy heads.
The app has the same aesthetic as its desktop siblings, and is similarly easy to use.
This reviewer does not use iOS, but the app looks to be more or less identical to the Android one. And unlike many custom iOS VPN apps, OpenVPN is fully supported.
Unlike most such extensions, these are not browser-only proxies. They are instead a front-end to the full desktop software, which must also be installed.
This means that when the VPN is turned on with the browser extension, your entire computer is protected by the VPN. The primary advantages of using the browser extensions over just using the full VPN client are convenienceand that they provide full WebRTC protection.
ExpressVPN in large part built its reputation on the level of support it provides to customers. Instant 24/7/365 support is available via live chat or a ticketed email system.
As is to be expected, front-line staff are not all technical whizz-kids. However, even with more difficult questions they always managed to point me to relevant resources or answer my questions knowledgeably after a quick consultation with other staff members.
Privacy and security
ExpressVPN keeps no usage logs; however, it does keep some (fairly minimal) connection logs:
“For the purpose of improving network resource allocation, we record aggregate data-transfer amounts and choice of server location, neither of which are data points that can identify a specific user as part of an investigation. We may collect the following information: dates (not times) when connected to our service, choice of server location, and the total amount of data transferred per day.”
“Our software may send diagnostic data to a third party analytics provider for the purpose of identifying connection errors and possible bugs in our application. The information collected is generic in nature and does not contain personally identifying information.”
This last part is important. ExpressVPN only keeps logs in aggregate form. This means that the minimal amount of information collected for troubleshooting purposes is not associated with the IP addresses of individual customers.
Privacy purists may still not be entirely happy about even this level of logging, but it is unlikely to be of concern to most users.
Another potential issue is that ExpressVPN is based in the British Virgin Islands (BVI), which is a British overseas territory. The BVI regulates its own internal affairs and has no mandatory data retention laws.
However, since it lies under the jurisdiction and sovereignty of the UK government, it seems reasonable to assume that the UK could put pressure on the BVI government and businesses. So (and this is something of a guess, as the legal situation is very murky), being based in the BVI is probably safer than being based in a Fourteen Eyes country, but is not ideal.
Protocols and Encryption
ExpressVPN supports most VPN protocols, including OpenVPN (TCP and UDP), SSTP, L2TP/IPsec, and PPTP. For OpenVPN (our recomemded protocol) it uses the following encryption settings:
Data channel: An AES-256-CBC cipher with HMAC SHA-256 data authentication.
Control channel: An AES-256-GCM cipher with RSA-384 handshake encryption and HMAC SHA-256 data authentication. Perfect Forward secrecy is provided by a DH-2048 Diffie-Hellman key exchange.
This is a very strong OpenVPN setup. If the above is gobbledygook to you, we explain everything is as layperson-friendly terms as possible in VPN Encryption: The Complete Guide.
Or just take a look at this interesting graphic on the ExpressVPN review over at Comparitech.com which explains exactly how long it would take to break their encryption.
Both the Windows and macOS and clients feature IPv4 and IPv6 leak protection, although as we have seen, IPv6 users should take additional steps to prevent IPv6 WebRTC leaks. Such installing ExpessVPN's browser add-ons. DNS requests are handled by ExpressVPN's self-hosted servers for maximum privacy. The desktop clients also include a firewall-based kill switch to ensure your IP address is not exposed in the case of a VPN drop-out.
ExpressVPN offers "stealth-servers" located in Hong Kong. These are specially designed to defeat censorship in mainland China, but should be useful wherever VPNs are blocked. ExpressVPN is understandably cagey about how these servers actually work., but from the reports we receive they work well.
Just remember that nothing can be 100% guaranteed when a powerful government is actively working to counter technologies such as this.
ExpressVPN offers a fully featured and highly polished service that oozes professionalism. Its superb customer service, easy-to-use software, and generous 30-day money-back guarantee have always been big pulls.
I am glad to say that ExpressVPN’s technical security now matches the professionalism it shows in making the service as user-friendly as possible. Encryption is truly excellent, which makes ExpressVPN’s great speed performance all the more remarkable.
The minimal aggregated connection logs kept by ExpressVPN may concern privacy purists, but they really do present very little threat to your privacy.
Throw in an excellent, Smart DNS service, anti-censorship stealth servers, and a very generous referral program, and I think it fair to say that ExpressVPN is a market-leading VPN service that is at the very top of its game.