ExpressVPN Unveils Industry’s First Suite of Open-Source Tools to Test for Privacy and Security Leaks

New leak testing tools find most VPN providers may be leaking user data

TORTOLA, British Virgin Islands--()--ExpressVPN, a leading international consumer VPN provider, today unveiled a suite of leak testing tools that enable users to test their virtual private network (VPN) provider’s software for potential leaks that could impact their privacy or security during everyday use.

Developed by the company’s Privacy Research Lab, the ExpressVPN Leak Testing Tools are now available open source under the MIT License. They are the first-ever public tools that enable the automated leak testing of VPNs.

Privacy and security are leading reasons that internet users are increasingly turning to VPNs. In a recent GlobalWebIndex study of 34 countries, 1 in 4 internet users said they use a VPN. A November 2017 study of over 1,000 U.S. adults conducted by Propeller Insights on behalf of ExpressVPN found that more than a third of Americans cited cybersecurity protection when using public Wi-Fi as a top reason they'd use a VPN; almost a quarter would use a VPN to prevent their internet service provider (ISP) from seeing their browsing activity, and another 15 percent would use a VPN to protect against government surveillance.

“With cyberattacks and hacks, government surveillance, and big data mining all on the rise, internet users are relying on VPNs to protect their privacy and security. But is their VPN really protecting them? Our internal research suggests that most VPN providers are falling short,” said Harold Li, vice president of ExpressVPN. “That’s why we’ve released the ExpressVPN Leak Testing Tools—to empower users to evaluate providers and assess their own risks, as well as to help the entire VPN industry raise its privacy and security standards.”

VPNs protect users from privacy and security risks by sending their online traffic through a secure, encrypted tunnel and hiding their IP address. This prevents hackers, ISPs, and others from seeing what sites and apps they are using, viewing their personal data, compromising their online accounts, and tracking their activity across the web. Leaks occur when a VPN application fails to fully secure a user’s traffic, sending some or all of it outside the secure tunnel.

"While people are increasingly using the internet in all aspects of their lives, they are also, as a result of the ongoing publicity, becoming more aware of the risks to their privacy. People have reasonably assumed that the use of a VPN was offering some degree of protection to their online privacy, however, this research has shown that there are significant potential weaknesses in a number of the tools that we use and as a result, they are not as well protected as they believe,” noted Professor Andrew Jones, Director of the Cyber Security Centre at the University of Hertfordshire. “Users, rightly or wrongly, trust products that are designed to help them protect their information and when these are shown to have weaknesses, the impact can be significant.”

The ExpressVPN Leak Testing Tools cover a wide range of potential leaks a user may encounter, including:

  • Having their IP address, which can often be linked to a user’s real identity, revealed through a WebRTC leak
  • Having their browsing activity or data exposed when they change network connections, e.g., switching between Wi-Fi and a wired connection
  • Leaking unencrypted data when the VPN software crashes or can’t reach its server

The tools were initially built to be used internally for manual and automated regression testing of ExpressVPN’s own apps, as part of the company’s ongoing investment into user privacy and security. The company decided to publicly release and open-source them when it realized that many popular VPNs were vulnerable to leaks, and users were unaware of these shortcomings.

To learn more about scenarios where leaks could be affecting user privacy and security, as well as how the tools help test for them, visit the ExpressVPN Privacy Research Lab website.

About ExpressVPN

One of the world’s largest providers of VPN services, ExpressVPN enables users worldwide to protect their privacy and security online with just a few clicks. The company's award-winning apps for Windows, Mac, iOS, Android, Linux, routers, and browsers secure user information and identities with best-in-class encryption and leak-proofing. With 1,800+ servers across 94 countries and new servers added each week, ExpressVPN provides a fast connection wherever you are and offers uncensored access to sites and services from across the globe. Based in the British Virgin Islands, ExpressVPN has been operating since 2009.

A vocal advocate for internet freedom and privacy, ExpressVPN is a proud financial supporter of non-profit organizations fighting to protect our digital rights, including the Electronic Frontier Foundation, the Internet Defense League, OpenMedia, and others.

To learn more about ExpressVPN’s privacy and security solutions, visit


Harold Li


Harold Li