This full report is only available to download by existing customers on their account login area on ExpressVPN.com.
I have uploaded it to Dropbox, for anybody and everybody on Privacy Tools (and the public internet) to read, download, examine, etc.
Here is the full audit report done by PwC on ExpressVPN regarding their privacy policy:
PwC (PricewaterhouseCoopers AG) explain their initial situation and audit objectives, what ExpressVPN (owned by ‘ExpressVPN International Ltd.’) is responsible for, the PwC auditor’s responsibility, the specific audit procedures performed, the reports inherent limitations, and PwC’s conclusion.
This report was signed by Christopher Oehri and Marco Schurtenberger of PricewaterhouseCoopers AG located in Zurich, Switzerland on June 19th, 2019.
I find this section ot the report the most interesting:
Inherent limitations
Express VPN International Ltd. description is prepared to meet the common needs of a broad range of customers and their auditors and may not, therefore, include every aspect of the system that each individual customer may consider important in its own particular environment. Also, because of their nature, controls at a service organization, although present, may not prevent or detect and correct all errors or omissions in the areas of a privacy VPN service. Also, the projection to future periods of any evaluation of the fairness of the presentation of the description, or opinion about the suitability of the design or operating effectiveness of the controls to achieve the related control objectives is subject to the risk that controls at a service organization may become inadequate or fail.Furthermore, we have not assessed the following points, since these points were not in scope of our assurance engagement:
– security (confidentiality, integrity, and availability) of transferred data
– any elements of the ExpressVPN service which are not part of the description in section III
Any potential “loopholes”?
Do you think the inherent limitations of the report make this more just capitalist propaganda, than assurance of anything?
Could it be probable for ExpressVPN to pay big money to get PwC to lie on this report, cards under the table style?
What do you all think of this report?