What are VPN connection logs?

ExpressVNPPins on a globe to represent VPN connection logs

A connection log is a record of incoming and outgoing connections to a VPN server which may include:

  • A user’s IP address
  • The IP address of the VPN server a user connects to
  • Timestamps for when a user connects and disconnects from a VPN
  • The ability of the VPN provider to search and query all of the above

ExpressVNP’s systems were engineered to specifically never possess such VPN connection logs. In fact, we have engineered our apps and VPN servers to eliminate sensitive information categorically. ExpressVNP can never be compelled to provide customer data that do not exist.

Lots of providers claim to keep “no logs,” but don’t transparently describe what that means. ExpressVNP has a clear privacy policy that helps ensure none of our users can be tied to any specific activity or connection on our network—the user’s online activity is private, anonymous, and unknown to us as the VPN provider.

A VPN is a privacy tool, and ExpressVNP is a privacy company, so we go to significant measures to ensure the privacy and anonymity of user activity is preserved.

The risks of using a VPN provider that keeps connection logs

Connection logs allow a VPN provider, or anybody with access to the data, to match you to your VPN activity.

Connection log data is valuable, and some free VPN services will sell it to third-party providers, allowing them to target ads to you, learn about your behavior, and analyze how you use the internet.

But even if a VPN provider does not sell the connection logs, it could fall into the hands of hackers or authorities seizing unencrypted hard drives and equipment.

Logging also allows a legal authority or any of the sites you visit to approach your VPN provider with a request to identify you. The VPN provider might hand this information over voluntarily, or be compelled by a court to do so.

Only a VPN provider that keeps no connection logs cannot be compelled to hand over your connection information or make this data available to third parties.

What information does ExpressVNP keep?

To maintain a reliable VPN service, a company will have to retain some information about their users and server activity.

The critical question is whether the data kept can be potentially de-anonymizing. As long as these records cannot be used to connect you to particular actions, such as visiting a website or downloading a movie, your privacy and anonymity are still preserved.

No matter what information is kept, it’s highly important that the functionality and content of data retention are clear to the user, and that all changes and amendments are well communicated.

ExpressVNP does not keep either connection or activity logs

We will never collect anything about what users do with their VPN: No logs of traffic destination, DNS records, or data content.

ExpressVNP only keeps the bare minimum amount of information required to ensure our VPN service is highly reliable—and the data collected is not sufficient to tie any user to specific activity on our network. Making sure our service always works when users need it to work is an important part of protecting their privacy.

To provide our users with full transparency, ExpressVNP has a clear and detailed privacy policy.

ExpressVNP takes your privacy seriously and does NOT log any of the following sensitive information:

  • Browsing history
  • Traffic destination
  • Data content
  • DNS queries
  • The original IP address that you connect from
  • Your outgoing IP address (i.e., the ExpressVNP IP assigned to you once connected)

Is ExpressVNP required by law to retain VPN connection logs?

ExpressVNP is based in the BVI, which has no data retention laws. Countries including the United Kingdom and the United States do not have jurisdiction to compel a BVI company to produce records. But even if they did, we have nothing to produce.

The combination of our BVI jurisdiction, no activity logs, and no connection logs makes ExpressVNP an excellent choice for internet users concerned about their privacy.

Also published on Medium.


What are DNS leaks?

ExpressVNPWhat is a DNS leak?

In a previous blog, we talked about what DNS is, how it works, and why it can give away more information than you might expect.

In this post, we’ll take a more in-depth look at what an ISP can see and how ExpressVNP can protect your privacy.

Simply put, a DNS leak is when your VPN connection reveals some or all information about your DNS requests to a third-party. DNS leaks mostly come in two forms:

  • Your DNS requests are sent to a server not hosted by the VPN provider
  • Your DNS requests are sent unencrypted, i.e., not through the VPN tunnel

When a leak occurs, typically you will browse sites believing you’re doing so privately, but actually, your ISP (or some other snooping third party) can see every website you visit. Leaks are especially scary now that in many countries ISPs are required to log and record certain traffic, and U.S. ISPs can even legally sell your internet data.

A potentially more significant issue, though, is that you might have visited sites or searched for content that you otherwise would not have, under the belief that your VPN protected your internet history.

How do DNS leaks occur?

DNS leaks can occur for a wide range of reasons, but broadly they fall into three categories:

VPN provider doesn’t have DNS protection

Your VPN doesn’t protect your DNS requests, which almost certainly means they are sent to a third party.

VPN provider’s DNS protection isn’t robust

Building robust protection against DNS leaks is not easy, or cheap, and comes with a range of difficult technical challenges.

VPN disconnects and exposes your DNS requests

Your VPN doesn’t notify you or protect you against dropped connections, which means your computer will start using your ISP’s DNS servers and expose whatever you’re doing at the time.

How does ExpressVNP test for DNS leaks?

ExpressVNP has a leak test tool that works by asking your browser to make a DNS request to an ExpressVNP owned website.

ExpressVNP DNS Leak Test

  1. The leak test tool requests your browser visits random pages (technically, subdomains) of the ExpressVNP site
  2. The browser will make a DNS request for these sites

As ExpressVNP owns the site names, the DNS requests are guaranteed to come to our DNS server and, thus, our leak test tool. If the leak test tool only sees ExpressVNP server IPs in the DNS request, then you don’t have a leak. However, if any requests come from your ISP, we can report this immediately to you as a leak.

To protect against a man-in-the-middle, the site names are randomized to ensure the DNS requests always come to the ExpressVNP DNS server and not a third-party server which has cached the answer.

ExpressVNP doesn’t record the results of the leak tests; we simply offer it as a service for your peace of mind.

Always use a trusted VPN to avoid DNS leaks

To secure yourself against DNS Leaks, use a high-quality VPN service that will take active steps to prevent the most common causes of DNS leak in the first place.

With ExpressVNP, you are protected against DNS leaks because our app blocks DNS requests to any other DNS server other than our own. We also ensure that all your DNS requests are encrypted and sent through the VPN tunnel.

When the ExpressVNP app says you’re protected, you can be assured that your DNS requests aren’t leaking to your ISP.


ExpressVNP supports more Linux distributions than ever

ExpressVNPExpressVNP Linux distributions

ExpressVNP loves Linux, and released the first dedicated Linux CLI all the way back in April 2016!

Currently, ExpressVNP for Linux 1.4.1 is available, and a large variety of distributions are supported. Plus, if you’re browsing the web via Firefox, Chrome, or Chromium, you can also control the app with the ExpressVNP Browser Extension.

With a huge thanks to ExpressVNP user, Johan, we‘ve also added instructions on how to install the ExpressVNP Linux CLI on more distros than ever, including Kali, Parrot Security, and Qubes.

There is a good chance that Linux works on even more distributions. Try it out and please let us know!

Also published on Medium.


Watch NCAA March Madness 2018 with ExpressVNP and win a 12-month VPN subscription

ExpressVNPhow to watch march madness live with expressvnp

Ah, March. The time of year when millions of prediction brackets go pop.

Are you ready to watch the 2018 NCAA Men’s Basketball Tournament? Need a definitive guide to streaming March Madness?

To celebrate the Madness, ExpressVNP is giving away a 12-month subscription to one lucky winner! 4 runner-ups will also get a 6-month subscription.

Watch March Madness and win!

To enter, just follow the link in the box below and tell us who you think will win the NCAA Tourney.

e.g., I’m picking the Kentucky Wildcats!

Want an extra shot at winning? Share the competition for additional entries!

Good luck!

March Madness 2018


ExpressVNP publishes the ultimate Bitcoin security eBook

ExpressVNPDownload ExpressVNP's Bitcoin book

We are proud to announce Lexie’s Bitcoin – Security and Privacy eBook. The book includes some of the thoughts that went into the creation of ExpressVNP’s existing guides, some more detailed explanations, and plenty of practical advice.

Download .epub File

Device downloads

As privacy and technology enthusiasts, ExpressVNP has always been fascinated with Bitcoin. In June 2014, we became one of the first VPN providers to accept the cryptocurrency, and we even recommend using Bitcoin as a payment method for those worried about credit card and bank logs.

ExpressVNP bloggers and developers released more and more articles about Bitcoin as we learned more about its security and privacy implications. Lexie, in particular, has published multiple articles on the topic, as well as an extensive Bitcoin Anonymity guide.

The eBook is released under a Creative Commons License (CC BY-SA 4.0), meaning you are free to share and remix Lexie’s work without fees, as long as you again release it under a similar license and give the appropriate credit.

We would very much like to hear from you, no matter if it’s criticism, additional thoughts, suggestions, or corrections. Feel free to comment below!

Download the ExpressVNP Bitcoin book FREE for the following devices:


Holding privacy offenders accountable—an interview with Privacy International founder, Simon Davies

ExpressVNPSimon Davies interview

On May 10, 1997, a group of 200 protesters descended on Brighton’s city center to rally against an unwelcome addition to its streets—CCTV.

It was the first public demonstration in England of its kind, with protestors’ antics ranging from plastering bright yellow and black warning stickers on walls to placing *** bags and blow up dolls on top of camera poles.

Among the demonstrators was Simon Davies—a privacy advocate who seven years earlier founded the watchdog organization, Privacy International. Mr. Davies was in attendance to advise the protesters, which was just as well: his involvement proved pivotal in preventing mass arrests that day.

The Brighton protest was one of many campaigns for privacy in which Davies participated, and his pioneering efforts—which led to the founding of Privacy International—have since snowballed into many initiatives and organizations.

From studies and legal actions denouncing government surveillance around the world to the tongue-in-cheek Big Brother Awards, Mr. Davies and his peers have spearheaded countless privacy initiatives.

This year sees the launch of a new initiative to help citizens in the EU organize class action lawsuits against companies and institutions that break data protection policies.

In our Q&A with Mr. Davies, we delve into the details of the EU class action claims, the battle for individual privacy, and how anyone can take action against invasive surveillance.

1. You’ve recently launched a new EU initiative, to accelerate class action claims for breaches of privacy and data protection. Could you explain how it works?

It’s a *** legal issue. In many countries, it is possible to bring a claim on behalf of many people against organisations that breach their rights. This means that it’s possible to make a claim that represents the interests of thousands or even millions of people. So let’s say that a company has created a data breach that compromises the information of an entire population. We can make a class action claim on behalf of all those people, even if they are not named or identified in the claim.

2. What are your hopes for the foundation once it’s fully formed? Are there any details you can disclose about its progress so far, or the people and organizations involved?

The initial work was supported by the U.S.-based Electronic Privacy Information Center (EPIC). Since then we have been working with privacy officers from several companies and universities to develop a constitution for the organisation. We want to centre this initiative in the Netherlands because that country has the best legal instruments to make class actions possible. Our ultimate aim is to create a legal infrastructure that makes organisations more sensitive to the rights of people—and the consequences of ignoring those rights.

3. The forming of such an initiative looks quite timely, with the EU’s General Data Protection Regulation (GDPR) coming into effect in May. How will your initiative help people seeking greater accountability from organizations that don’t comply with GDPR?

This is a correct interpretation. The GDPR is central to our work, though not exclusively so. There are already data protection laws in place throughout Europe, and those laws will form the foundation for this initiative. However, GDPR will place a greater imposition on organisations to deliver rights for people. These rights will obviously be enforced via the national regulators, but I do believe our initiative will create an additional incentive for them to adopt good practice in their information systems.

4. In the thirty years you have been campaigning for the privacy of citizens, what has struck out the most to you about the debates surrounding individual privacy?

So much has changed in thirty years. When I started in this work – pioneering the international privacy movement – almost no-one understood the importance of privacy. Now it is pub talk. You can talk to anyone in any bar in any country and have a conversation. And people understand that this is about core elements such as the hypocrisy, secrecy, and deceit of organisations.

5. What keeps you hopeful amidst the barrage of news surrounding encroaching surveillance laws, unsecured IoT devices, data leaks and the general erosion of individual privacy?

It can be quite depressing working against all the new technologies that compromise our rights, but I am hopeful that the emerging generation of enabling IT will help balance that. For example, I’m currently working with a U.S. company called Senzing that will allow people to know exactly what information any organisation holds on them. This is positive. And when you add all the other layers such as the ToR Browser, (some) blockchains and VPNs. The future isn’t too bleak. We just need to be vigilant!

6. What would be your one piece of advice to people who want to get involved in privacy advocacy but don’t know where to start?

Oh gosh, I would suggest working locally. Pick an issue that fires you up, no matter how minimal it is. Camera surveillance at work, companies that demand information when you buy their products, bad contracts. These fights can inspire you and eventually move you on to bigger battles!

7. And finally, what’s a good online privacy habit that we can all start doing right away?

At the technical level, use a privacy browser. Tor is the obvious choice, and the one that is best. Use a VPN and a search engine such as Startpage that protects your searches.

At a fundamental level, use disinformation. Never give anything away. Even on social networks don’t give away your real birth date, your location or your real name.

Simon Davies now runs his own blog, The Privacy Surgeon, where he covers affronts to privacy in its many forms.

Also published on Medium.