ExpressVPN's Lightway protocol goes open-source alongside fresh security audit

ExpressVPN'due south Lightway protocol goes open up-source alongside fresh security audit

ExpressVPN open-source protocol Lightway code on a PC

(Image credit: ExpressVPN)

For the last twelvemonth or and then, ExpressVPN has been beta testing its in-business firm Lightway protocol, and today it released the core code on GitHub, making it fully open-source. When it comes to proprietary protocols, this is unusual (but more than than welcome) as it allows everyone to sympathize the underlying mechanics and any special sauce used. Furthermore, the total public release is paired with an independent audit of the code.

Equally a demonstration of transparency to its users this is a big proclamation, simply for the manufacture as a whole, it'due south a argument of intent from ExpressVPN that it's looking to shore up its status as the all-time VPN, and is a leader when it comes to protecting its users and their information.

Check out the virtually secure VPN services
Contained inspect confirms NordVPN's no-logs status for the 2nd time
Plus: Your router could tell everyone where you live — here'south what to practise

Why open up source?

'Open up-source lawmaking allows the global tech community to exam and inspect the lawmaking, identify potential vulnerabilities, and improve overall security. Open-sourcing besides enables anyone to assess for themselves whether the claims we make about Lightway and its compages are true,' claims ExpressVPN in this web log post.

'Speed, performance, privacy, security, reliability—no one protocol had them all,' continues ExpressVPN vice president Harold Li. 'That'due south why we invested resources to build Lightway from the ground upward for modern VPN needs. The ii latest trust and transparency initiatives give usa even more confidence to fully launch Lightway at scale, and we are thrilled for more people to enjoy the benefits of Lightway,'

Independent audit

Independent audits mean that consumers don't accept to take a VPN provider'south claims on face up value, and as such they are key tools in demonstrating a service's security.

Cybersecurity house Cure53 undertook the audit of Lightway's code (see the full study here), and in the procedure institute 14 issues, none of which were considered 'critical'. While that might sound alarming, identifying these issues is one of the most important reasons for undertaking an inspect – and as of July 2021, each of these findings has been addressed.

'The outcomes of this Cure53 assessment…are more often than not positive,' claims Cure53. 'The scope of the ExpressVPN Lightway protocol assessed by Cure53 in this project makes a relatively robust impression. This holds despite the number of findings listed in this report. Information technology is crucial to observe that the fixes are rather trivial to implement.'

More: iPhone 13 – 5 features Apple tree needs to steal from Pixel phones

What does this hateful for you?

In short, it means that Lightway has go more than than a proprietary protocol, and ExpressVPN has taken these deportment to cement itself as non only one of the most popular VPN services on the market place, but also an innovator in the field.

Only time will tell if Lightway is adopted by other mainstream providers – something tells the states that pride might get in the mode in some cases – only as an practise in transparency, the open-sourcing of the code and accompanying contained audit is certainly a step in the correct direction.

Mo is VPN Editor at Tom's Guide. 24-hour interval-to-24-hour interval he oversees VPN, privacy, and cybersecurity content, and besides undertakes independent testing of VPN services to ensure his recommendations are accurate and up to date. When he's not getting stuck into the nitty-gritty settings of a VPN you've never heard of, you'll find him working on his Peugeot 205 GTi or watching Peep Prove instead of finally putting upwards those shelves.