Excellent privacy practices, including regular audits and bug bounty program
30-day money-back guarantee
24/7 support via email and live chat
Kill switch ("Network Lock")
Up to 8 simultaneous connections
Geographically diverse server network
Built-in tracker blocker ("Threat Manager") for all platforms
No multi-hop connections
Split tunneling only available on Windows and older Macs
Parent company has a shady past
UPDATE: Sep. 12, 2023, 5:00 a.m. EDT This story has been updated to clarify the history of ExpressVPN's parent company and reflect the fact that its Threat Manager tool is now available on all platforms.
But its sky-high price, coupled with a limited suite of features compared to other premium VPNs and a parent company with a sketchy background, may give some users pause.
How much does ExpressVPN cost?
ExpressVPN subscriptions start at $6.67 a month for a year's worth of coverage, which comes with an extra three free months. Six-month subscriptions cost $9.99 per month, and monthly plans go for $12.95. Both longer-term subscriptions let users connect up to eight devices per account, while the monthly option supports up to five simultaneous connections.
All plans are covered by a 30-day money-back guarantee and can be purchased via credit card, PayPal, cryptocurrencies (including Bitcoin), and online transfer payments.
Hands-on with ExpressVPN
Clap on, clap off.
Credit: Screenshot: ExpressVPN
Credit: Screenshot: ExpressVPN
ExpressVPN works on iOS, Android, Windows, Mac (which we tested), Linux, Chrome, smart TVs, Kindle Fire, and gaming consoles (via routers and hotspots). It also sells a VPN-enabled WiFi 6 router called the Aircove, which retails for $189.90 on Amazon and includes a 30-day trial.
Once installed, ExpressVPN starts up in a fraction of a second with a single button-click in a small window; its background is red when the VPN is off and lime green when it's on. Users are automatically connected to the fastest nearby server — for me, it was a local one in Chicago — but can choose from a list of others in 94 countries across the globe.
The world, your oyster, etcetera, etcetera.Credit: Screenshot: ExpressVPN
Clicking the drop-down menu in the top left corner of the app pulls up some options to see a list of server locations, adjust user preferences, view support tools (including DNS leak and IP address checkers), set up other devices, and refer a friend for 30 days of free service.
That preferences tab opens another window where you can tweak your startup settings, enable a "Network Lock" kill switch, customize the shortcuts you see on the app, install an ExpressVPN browser extension, activate a "Threat Manager" tracker blocker, and pick a protocol. ExpressVPN automatically selects an unspecified protocol for you that it deems "most appropriate for your network," but you can manually opt for OpenVPN, IKEv2, or its in-house Lightway protocol, which is open-source and audited.
"Network Lock" is ExpressVPN's name for a kill switch; you should always have it on.Credit: Screenshot: ExpressVPN
ExpressVPN offers a split tunneling tool that lets you choose what traffic it encrypts — a good way to optimize speeds white streaming — but the catch is that it's only available for Windows and Macs running a version of macOS earlier than Big Sur, which came out in 2020. It also doesn't offer multi-hop connections that let you run your traffic through multiple servers for extra protection, unlike some of its more competitively priced peers. On the plus side, several DNS leak tests proved that ExpressVPN was consistently concealing my actual IP address.
Browsing with ExpressVPN was a breeze, and I honestly forgot it was running unless a site I visited flagged my connection. The only ones I encountered during two weeks of steady use were Ticketmaster, which thought I was a bot; the ExpressVPN website itself, which prompted me to sign in when it detected its own service; and AZLyrics, which noticed "unusual activity" from my network when I was using a server outside the U.S. (I needed to memorize the "Heated" outro before my Renaissance World Tour show, OK?)
Turn off ExpressVPN before you try to snag "Eras Tour" tickets.Credit: Screenshot: Ticketmaster
Skirting geo-restrictions and playing shows on ITVX was a cinch when I connected to one of ExpressVPN's British servers. (Netflix UK and the BBC iPlayer were also easily unblocked.) Load times felt a little slow, but they were never so bad to the point of unusability, and I didn't experience any buffering or lagging once shows starting playing.
On the flip side, domestic streaming content wasn't impacted by ExpressVPN at all: Movies on Max and Disney+ loaded fast and played smoothly while I was connected to my local VPN server.
Ookla Speedtests I ran did show a slight drop in my download speed and higher ping when ExpressVPN was on (compared to my regular internet connection), especially when I chose a server abroad. That explained the longer load times when I was accessing international streaming content and is to be expected, since my data had to travel farther.
Regular internet connection versus nearby ExpressVPN server
Credit: Screenshot: Ookla
Credit: Screenshot: Ookla
Regular internet connection versus French ExpressVPN server
Credit: Screenshot: Ookla
Credit: Screenshot: Ookla
Is ExpressVPN trustworthy?
ExpressVPN is an industry leader in privacy with one notable asterisk.
This held up in 2017 when Turkish authorities seized an ExpressVPN server in an attempt to find logs in connection with an investigation, and came up empty.
Furthermore, ExpressVPN shut down its servers in India in 2022 after the country introduced a new data law requiring all VPN providers to store users' real names and usage patterns (among other identifying data) for at least five years.
ExpressVPN has also offered a bug bounty program since 2020 and upped its bonus award to $100,000 in 2022.
In terms of reputation, the only ding against ExpressVPN is its parent company's past: Kape Technologies, which acquired it in 2021, was once a development platform called CrossRider that made software used for adware injection. A joint study between Google and the University of California, Berkeley in 2015 flagged it as part of a "network of affiliates" that allegedly drove and made money off clicks to injected ads. But Kape maintains that CrossRider itself wasn't an adware distributor, only that its products were abused by third parties.
Is ExpressVPN worth it?
A well-established VPN with a global server network and a stylish, user-friendly app is worth a pretty penny (especially in this crowded market), but ExpressVPN might just be a tad too expensive when you factor in its lack of support for multi-hop connections and limited split tunneling tool.
Kape Technologies' history is also nonideal for a company that's now in the business of cybersecurity, and I won't fault users who side-eye it.
We put the VPNs we review through a series of hands-on stress tests for a few weeks at a time. For my latest round of testing, I had ExpressVPN running for two weeks while I browsed, participated in video calls, shopped, and streamed (both domestic and international content). I performed several DNS leak tests to determine whether the VPN was actually concealing my public IP address. I also ran Ookla Speedtests to get a feel for how it affected my connection. I performed all of my testing on a Mac but will try ExpressVPN on other platforms for future updates.
The main purpose of this testing is to give potential users a general sense of how a VPN works as part of an everyday workflow (not in a lab). That said, our overall scores also hinge heavily on guidance from cybersecurity experts about the things consumers should look for in VPNs. Much of what separates the good from the bad, they told us in interviews, can be gleaned before anything is installed.
When you surf the internet freely without a VPN, you're being tracked online constantly by multiple third parties, including your Internet Service Provider (ISP), search engines like Google, and possibly even your employer or school. Connecting to a VPN means taking your traffic away from them and putting it in the hands of one lone entity instead, conceding exclusive, unfettered access to all of your browsing data. It's a privilege that needs to be earned, and the true caliber of a VPN ultimately comes down to whether you can wholly trust it to keep you safe.
The big issue is that the VPN industry is notorious for hyperbolic marketing, especially when it comes to privacy practices. This can "give VPN users a false sense of security if they don’t realize that the protections offered are not comprehensive," according to a Consumer Reports investigation into 16 providers. (Many popular VPNs shout about offering "military-grade" encryption, for example, which isn't a thing.) It's unwise to take a provider's claims at face value.
So how do you know for sure if a VPN is trustworthy? A single Google search can be enlightening; a good provider won't have a long rap sheet for mishandling users' personal data or succumbing to server breaches, and bad headlines should raise a red flag — including those about a VPN's ownership or parent company. A swift, effective response to crises and a healthy dose of corporate accountability can offset these concerns in some cases, but we tend to place a high value on a pristine reputation.
After trustworthiness, we base our VPN reviews on a combination of the following factors (listed in no particular order):
DNS leak tests
A DNS (domain name service) leak test is basically a lookup of your active IP (internet protocol) address. That's the unique number identifying your general location and the name of your internet service provider that's assigned to your device when it's connected to the internet. By running several DNS tests with a VPN off and on, we can determine whether it's actually encrypting our IP address. Some VPN apps have built-in DNS leak tests; otherwise, you can perform them via DNSleaktest.com.
Most premium VPNs come with similar sets of privacy tools, so we don't encounter major provider-to-provider discrepancies in this regard. Still, it's worth noting some of the important ones we look out for:
A kill switch will immediately disconnect your device from the internet if your VPN drops. (This one's non-negotiable.)
Support for multi-hop connections that route your traffic through two or more of the VPN's servers adds an extra layer of protection.
Split tunneling, a tool that sends some of your traffic through the VPN and some outside it to conserve bandwidth, can be useful for streaming and gaming.
Oftentimes, providers will also bundle their VPN with additional security features like malware/adware blockers, data breach detectors, and cloud storage. These won't make the VPN itself any better or more successful, but they're good to have alongside your go-to antivirus software and password manager. (If you have to choose between a reputable VPN and one that comes with a bunch of add-ons, always go with the former.)
A VPN's protocol is the set of instructions that determines how data gets communicated between its servers and your device(s). Many VPN providers have developed proprietary protocols within the past few years, but OpenVPN remains the most popular and widely respected option: It's stable, secure, and open-source, meaning anyone can inspect its code for vulnerabilities. WireGuard is another good pick that's newer than OpenVPN and similar but supposedly faster.
A VPN protects your data by encrypting it, or scrambling it up into unreadable "ciphertext" that can only be decoded by authorized parties with access to a secret key or password. Virtually all premium VPNs use Advanced Encryption Standard (AES) 256-bit encryption, which is pretty much uncrackable to third parties.
Different use cases
The No. 1 purpose of VPNs is to make it difficult for anyone other than the provider to identify and track your online activity, but they're also widely used as location-spoofing tools to skirt geo-restrictions on streaming services. (Platforms like Netflix limit their libraries abroad because of region-specific distribution rights.) While we don't put a ton of weight on their ability to succeed in this secondary use case, it's great if they do and we still test them for it.
Server network size and distribution
Picking a VPN with a large server network means there's a lower likelihood of you sharing one with a bunch of other users, which is especially valuable for streaming (since there's more bandwidth to go around).
Relatedly, a VPN with a geographically diverse network of servers in many different parts of the world will make it easier for you to spoof specific locations and find one close to you to optimize speeds. (More on that below.) Most premium VPNs maintain servers throughout the Americas, Europe, Asia, and Australia; few have a big presence in Africa.
Number of simultaneous connections
Most VPNs can be used on five to 10 devices per account (depending on the provider), which should be plenty for individual users. A handful of them support unlimited simultaneous connections to better serve bigger households.
Every premium provider we've encountered offers VPN clients for Windows, Mac, Android, and iOS at minimum, though some restrict certain features to certain platforms. Some VPNs also work on Linux, Chrome, smart TVs, and even gamingconsoles (via router or hotspot).
The speed of a VPN depends on a lot of different variables, but it will almost always be slower than your regular internet connection, so it's not a huge factor in our final ratings. That said, we try to get an idea of how well a VPN performs by using it for a lengthy period of time and running it through some quick Ookla Speedtests. If a VPN is noticeably sluggish to the point where it affects usability, we'll call it out.
A general rule of thumb for any given VPN is that your speeds will be fastest when you're connected to a server geographically close to your actual location.
Customer support options
Users should have access to some kind of help around the clock in case an issue arises with their VPN connection or account, whether it's by phone, email, or live chat. (Online help forums and tutorials are nice, but not enough on their own.) We also give preference to VPNs that offer some kind of money-back guarantee; in most cases, it's 30 days long.
Premium VPN providers typically charge anywhere from $2 to $12 per month for access to their clients, depending on the subscription length. It's easier to justify the higher end of that spectrum if it gets you a reliable and responsible VPN with some useful extra security features.
Overall ease of use
Some VPNs are more intuitive and beginner-friendly than others.
It's important to note that many popular VPN providers posit their jurisdiction, or the location of their headquarters, as something that can have serious privacy implications based on local surveillance laws (such as the Five, Nine, and 14 Eyes alliances). Without getting too in the weeds, the experts we spoke to said the average consumer shouldn't put a big stake in these claims, and that authorities will get access to user data one way or another if the need is great enough. What's more concerning, they added — to bring things full circle — is whether any data is being retained by a VPN provider in the first place.
Finally, we generally don't recommend using any free VPNs. Such providers often sneakily log and sell user data, and sometimes even bundle their clients with malware. (If they're not making money off subscriptions, they have to get paid somehow — it's a classic "no free lunch" situation.) The best way to get a VPN "for free" without putting yourself at risk is by signing up for a paid plan through a reputable provider, then making use of its money-back guarantee.
Note: Ookla is owned by Mashable's publisher, Ziff Davis.
Haley is a Mashable shopping reporter based in Chicago. Before joining the team, she covered politics for The Milwaukee Journal Sentinel, wrote about exotic pet ownership for the Wisconsin Center for Investigative Journalism, and blogged for several Jersey Shore stars. In her free time, she enjoys playing video games and hanging out with her parrot (Melon) and dog (Pierogi). You can follow her on Twitter at @haleyhenschel or reach her via email at [email protected].
The biggest stories of the day delivered to your inbox.