ExpressVPN recently released a blog post informing users of its new TrustedServer feature, a proprietary technology that removes the need for local storage such as hard disks or solid state drives.
This means that ExpressVPN’s servers would run completely on volatile memory (RAM), which requires power to store any sort of data. This would then guarantee that all of the information on a server would be wiped every time it is powered off and on again.
The traditional way of running VPN servers is reliant on hard drives, which retain all data until they are erased and written over. This is a lengthy process that’s very prone to errors, increasing the risk that servers could inadvertently retain confidential user information.
This means that if a third party were able to hack or seize the server, they would be able to gain access to all of the data left on there. Even worse, it would be possible for hackers to install a backdoor that would allow them to poach any information left on the server for the foreseeable future.
TrustedServer will also ensure that all of ExpressVPN’s servers run the same, most up-to-date software and configuration. Every time a server is powered on, it will only load “the latest read-only image containing the entire software stack, operating system (OS) and all”. If a server cannot source the most up-to-date software, it will not operate.
The point of this is to ensure that all of ExpressVPN’s worldwide servers are running the exact same code, which will enable the highest possible levels of security and performance. It will also reduce the chances or any vulnerabilities or misconfigurations, whilst also making sure that ExpressVPN is auditing and testing the correct software.
The VPN provider believes TrustedServer will give it “a high level of confidence” that user data is kept as safe and secure as it can be. As the operating system is effectively reinstalled with every reboot, any security risks associated with the traditional hard drive method are dramatically minimized.
ExpressVPN developed this technology completely in-house, and believes it is the first company (even in the VPN industry) that is beginning to adopt this approach.
While there is still some work to do, it’s planning on sharing more information with users in the coming weeks. It’s also hoping to share some implementation details in the hope that this encourages other industries to re-think their own data storage methods.