cover image

Three rules for choosing a VPN that takes your privacy seriously

The lesser-known risks of ISPs and why I chose ExpressVPN.


Most people know that a VPN is meant to protect your privacy on public or open Wi-Fi. A lesser-known purpose is to protect your privacy right in your own home, from your own internet service provider (ISP).

A set of Federal Communications Commission (FCC) rules entitled “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” were unfortunately struck down in 2017. These rules would have prevented ISPs from using and selling your sensitive personal data, such as precise geographic location, health and financial information, web browsing history, and even the content of the messages you send.

I’m not comfortable having that data stored anywhere. Handing it over to my ISP makes me even less comfortable, since these treasure troves of sensitive personal data are a frequent and profitable target for ill-intentioned hackers as well.

Your online activities shouldn’t be anyone’s business, and certainly not in a literal money-making sense. Using a VPN helps to keep your private information where it belongs: between you and the person you’re sending it to.

Of course, if you type any flavor of “VPN vs VPN” into a search you’ll get a smorgasbord of comparison blogs and providers vying for your attention. How do you know what makes a VPN “good”? (Answer: lots of research.)

If you’re a regular reader, you know I’m big on security and privacy. (If you’re not yet, welcome! Hi!) Since I’ve built my career in the cybersecurity industry, I take my VPN fairly seriously. Here are the top three things I look for when choosing my own VPN provider:

  1. No DNS leaks
  2. A real commitment to privacy, with no logs
  3. Ease of use across all operating systems

I’ve written about why a VPN is important and even how to deal with the challenges of DNS leaks when using OpenVPN to set up my own. The response I often get to articles like these includes the question, “Which VPN do you use?”

The answer is ExpressVPN. Here’s how my privacy philosophy got me there, and why these three points matter so much.

In a previous Linux-flavored adventure, I created my own VPN using OpenVPN and AWS EC2. While I’ve been told my post was helpful, this was definitely not a plug-and-play solution. After reinstalling a new OS, I once failed to follow my own guide to the letter. It took a few months before I discovered I had a DNS leak.

A diagram of a DNS leak

Using a VPN prevents your ISP from collecting your sensitive personal data, including your web browsing history, but only as long as you don’t have a DNS leak. A DNS leak means that your ISP still sees all the URLs that you visit: their servers resolve them for you. This is plenty of information to build a picture of who you are, what your interests might be, any health issues you might have, what you like to spend money on, and much more.

Protocols like DNS over HTTPS will help, but they rely on co-operation between many entities that is still in its early stages. In the meantime, I want my VPN to do everything it can to avoid using DNS servers that could collect or sell my browsing history.

At time of writing, there’s really only one fool-proof solution to ensuring that your browsing records aren’t accidentally shared: run your own private DNS server. So ExpressVPN did just that.

Of course, this only works in my favor when the VPN itself doesn’t keep a record of my activities. Which is why…

VPN providers do not all value your privacy, and some are no better than your ISP. Many VPN providers, especially free ones, elect to log your personal data and sell it to data brokers and marketers. Using a VPN that does any kind of logging simply transfers the risk from your ISP to the VPN provider.

At a minimum, you want a VPN provider to clearly state a strict no-logs policy. Of course, this still means you’ll have to trust that they aren’t being cagey with their definition of “logs,” and still writing your personal data to disk under a pretense.

A more trustworthy solution would be to remove the possibility of writing any personal data to disk in the first place. So ExpressVPN got rid of the disks.

A cartoon of a ram eating logs. Text reads: Hey look, data! Nom. What am I eating again? Eh nvm.

Dad joke. I know.

I was pretty thrilled to learn about what ExpressVPN calls TrustedServer, which runs only on random-access memory, or RAM, and not on hard drives. Unlike a disk meant for long-term, fault-tolerant storage, RAM is volatile memory. It requires constant power to operate, which guarantees that all data is lost when the server is rebooted.

While you wouldn’t want a laptop that runs entirely on RAM, volatile memory is perfectly suited to an ephemeral, no-logs VPN server. The entire software stack including the OS must be re-installed from a central, signed image each time the server boots. This also means it’s always installing the most up-to-date security patches and configuration. That’s clever.

This post goes into more technical detail on TrustedServer, which was independently audited by PricewaterhouseCoopers.

As a Director of Engineering myself, I have a deep appreciation for a company that builds its technology on its philosophy.

That said, the technology only works if you actually use it.

None of what I’ve said so far would matter one iota if my chosen VPN was even just a little bit inconvenient to use.

My preferred platforms are Linux and iOS. I’ve had my fair share of struggles finding all kinds of software that works equally well on just these two. ExpressVPN seems to offer one of the few applications I’ve come across that isn’t trapped in an ecosystem.

There’s a dedicated app for every major platform, including even smart TVs and game consoles. Unlike my experiences with other VPNs, ExpressVPN's Linux app just works, out-of-the-box, the way they said it would.

ExpressVPN on all your devices image

All the devices!

I especially appreciate the Network Lock kill switch feature, which prevents me from accidentally sending unprotected network traffic when I first open up my laptop and it reconnects to Wi-Fi. It prevents my ISP from seeing anything I do, and only takes a few seconds to reconnect.

ExpressVPN connects fast and then gets out of my way. I haven’t noticed any reduced speeds or blocked sites. I gave a lot of thought to choosing my VPN so I wouldn’t have to think about it on a day-to-day basis. I use ExpressVPN constantly, and it just works.

When you protect yourself and your family with a VPN, you improve more than your own personal cybersecurity. The less data your ISP can collect, the less they have to lose, sell, or profit from. One day, the risk and cost for ISPs will outweigh the payoff. When you take action to prevent ISPs from scooping up your family’s sensitive personal data, everyone’s privacy can benefit.

If you found this article helpful, I invite you to sign up for ExpressVPN. It only takes a few minutes (assuming you remember where you left your credit card) and will give you the best possible set-it-and-forget-it privacy protection that I can recommend.