ExpressVPN's external auditors confirm no-logs policy as of February
The firm's audit put ExpressVPN's TrustedServer system under a microscope. That's the company's RAM-based system. In theory, this approach means user data is wiped with every server reboot. (Doing so would prevent even the possibility of long-term storage.) Some competitors, including NordVPN, also use RAM-based servers. Meanwhile, ProtonVPN counters that properly encrypted hard drives are just as secure.
Another counter-argument to RAM-based servers is that they're only as effective if they're rebooted. In theory, a company could run RAM servers for marketing purposes, but then never restart them. That's where audits can help.
KPMG has a high level of confidence that the no-logging system functioned as advertised in late February. "Controls provide reasonable assurance that the ExpressVPN TrustedServer does not collect logs of users' activity," KPMG's paper reads. That included "no logging of browsing history, traffic destination, data content, DNS queries or specific connection logs."
KPMG's assessment was an ISAE 3000 Type I audit. That means it focused on ExpressVPN's control design and implementation at a specific point in time. (Meanwhile, a Type II audit would have gone farther, testing the effectiveness of those controls over an extended period.) If you aren't familiar, KPMG is one of the Big Four accounting firms. It's a trusted name that corporations shell out big bucks to for audits like this.
The assessment looked at several factors. These included documentation reviews, observing the system at work and interviewing ExpressVPN personnel. The audit's conclusion applies "as of February 28, 2025." You can read KPMG's full paper for a more detailed breakdown.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Engadget
3 hours ago
- Engadget
Snapchat can automatically let a trusted friend know you got home safe
Snapchat can now let your friends know if you're back home from an outing safe and sound without you having to send a message. The app has launched a new feature called Home Safe, which sends one-time alerts to contacts of your choice. You can only send these alerts to people you already share your location with, and since that off by default, you'd have to activate it on Snap Maps for all your friends or for specific ones. Your friends will only get the notification once, and it will shut off afterward. Home Safe sounds especially useful if you and your friends typically check in on each other after meeting up, if you want to let your parents know you'd gotten back home after going out or if you're a woman who's asked a friend to make sure you got back safe after a first date. To switch the feature on, tap your Bitmoji on the Snap Map and then "My Home" to set your home location. After that, whenever you want to send someone a notification, just open your conversation with then, tap on the Map icon and then tap the "Home Safe" button. The app has had location sharing for a while now, but it has built up the safety feature over the years. It added live location sharing that allows you to share your exact whereabouts to friends in 2022. And last year, it introduced new location tracking abilities to its Family Center, allowing parents to get notifications if their child leaves school or home. Jim Lanzone, the CEO of Engadget's parent company Yahoo, joined the board of directors at Snap on September 12, 2024. No one outside of Engadget's editorial team has any say in our coverage of the company.
Forbes
4 hours ago
- Forbes
Spotlight: The Role Of Family Office Investment Committees
Do you know what an Investment Committee is? The Agreus and KPMG Private Enterprise 2023 Global Family Office Compensation Benchmark Report reveals that more than 60% of family offices cited wealth preservation and long-term growth as the primary purpose of their operations. For families focused on long-term success, one critical yet often underestimated enabler is the Investment Committee (IC). While many family offices have historically relied on informal decision-making, growing portfolio complexity, evolving family dynamics, and rising expectations for transparency are elevating the importance of structured governance. This has propelled ICs to the forefront of governance. Despite their growing importance, many families lack clarity around what these committees should do, who should sit on them, and how they can be leveraged most effectively. This article explores the evolving role of Investment Committees in family offices, including their structure, core responsibilities, and the types of expertise required to make them effective. Drawing on our experience advising and recruiting for family offices worldwide, Agreus offers a practical view on how to create committees that combine technical acumen with cultural is a Family Office Investment Committee? An Investment Committee is a formal governance structure responsible for overseeing a family office's investment activities. Its purpose is to ensure that investment decisions align with the family's financial objectives, risk tolerance, and long-term vision. We have previously discussed the importance of an Investment Committee on Forbes. In contrast to informal or ad-hoc investment decision-making, which is often led solely by principals or close advisors, a structured committee provides a level of oversight, accountability, and strategic direction. Its primary roles include: By embedding these practices into a formal committee, family offices can better navigate today's increasingly complex investment Responsibilities A well-structured IC plays a critical role aligning day-to-day decisions with the family's strategic investment goals. Key responsibilities typically include: Ultimately, the IC acts as a bridge between the family's values and the operational execution of their investment strategy, providing discipline, continuity, and Should Sit on an Investment Committee? While the structure of an Investment Committee varies by family office size and complexity, successful committees share common characteristics in terms of composition and expertise: Typical size: Suggested Composition: While there is no one-size-fits-all answer, we believe that the ideal composition should include a blend of: Success depends not just on credentials, but on the ability of members to collaborate, challenge constructively, and maintain trust. As family offices mature, informal or personality-led investment processes become harder to sustain. The move toward formal Investment Committees is no longer simply a best practice, it is fast becoming a necessity. As outlined in our Family Office Maturity Model, professionalising governance ensures not only operational resilience but also strategic foresight. A high-functioning IC can transform investment decision-making from reactive to visionary, supporting both current returns and multigenerational legacy. Process of identifying the IC members While agreeing on the type of individual who takes a seat at the IC, we must not ignore how this person was appointed for the role. We are currently in the process of collecting data for our family office governance report and we have been analysing how IC members, their selection process and its impact on the overall effectiveness of the IC. We found that the effectiveness of ICs shoots up dramatically when they have undergone a professional search process to identify the best person for the role. Our findings were interesting and indicate that the vast majority of family offices rely heavily on existing relationships or close contacts when appointing IC members. While this approach may seem convenient, it often lacks the objectivity necessary for good decision-making. You may not always be appointing the best person for the job. In contrast, the few family offices that undertake a professional and structured search process to identify and recruit IC members tend to have the most effective ICs, highlighting the value of a more deliberate and merit-based approach to committee composition.
Yahoo
21 hours ago
- Yahoo
ExpressVPN patches Windows bug that exposed remote desktop traffic
Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products. ExpressVPN has released a new patch for its Windows app to close a vulnerability that can leave remote desktop traffic unprotected. If you use ExpressVPN on Windows, download version 12.101.0.45 as soon as possible, especially if you use Remote Desktop Protocol (RDP) or any other traffic through TCP port 3389. ExpressVPN announced both the vulnerability and the fix in a blog post earlier this week. According to that post, an independent researcher going by Adam-X sent in a tip on April 25 to claim a reward from ExpressVPN's bug bounty program. Adam-X noticed that some internal debug code which left traffic on TCP port 3389 unprotected had mistakenly shipped to customers. ExpressVPN released the patch about five days later in version 12.101.0.45 for Windows. As ExpressVPN points out in its announcement of the patch, it's unlikely that the vulnerability was actually exploited. Any hypothetical hacker would not only have to be aware of the flaw, but would then have to trick their target into sending a web request over RDP or other traffic that uses port 3389. Even if all the dominos fell, the hacker could only see their target's real IP address, not any of the actual data they transmitted. Even if the danger was small, it's nice to see ExpressVPN responding proactively to flaws in its product — bug bounties are great, but a security product should protect its users with as many safeguards as possible. In addition to closing this vulnerability, they're also adding automated tests that check for debug code accidentally left in production builds. This, plus a successful independent privacy audit earlier in 2025, gives the strong impression of a provider that's on top of things.
