Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Encryption Programming

ExpressVPN Gets Faster and More Secure, Thanks To Rust (zdnet.com) 50

Posted by BeauHD from the new-and-improved dept.
ZDNet's Steven Vaughan-Nichols shares some of the latest improvements to ExpressVPN following its codebase transition from C to Rust. An anonymous reader quotes an excerpt from the report: ExpressVPN is one of ZDNET's favorite Virtual Private Networks (VPNs). The popular VPN's transformation of its Lightway codebase from C to Rust promises to make the service faster and more secure. For now, the updated Lightway 2.0 is only available via ExpressVPN's Aircove router with the February 4 AircoveOS v5 update. The Aircove, which we rate as the best VPN router, costs $189. With this device, you can protect your tech from unwanted snoopers without installing a VPN on each gadget. So, how much faster is the updated ExpressVPN? In my tests, I connected to the internet via my updated router over my 2 Gigabit per second (Gbps) AT&T Internet using a 2.5 Gbps Ethernet-connected Linux Mint desktop with a Wi-Fi 6 connection over my Samsung Galaxy 25 Plus smartphone.

Without the VPN engaged, I saw 1.6 Gbps speeds, which is about par. With the VPN switched on and using Lightway 2.0, I saw speeds in the 290 to 330 Megabit per second (Mbps) range to Toronto and London, England. Farther afield, I saw speeds around 250 to 280Mbps to Hong Kong and Seoul. That's about 20% faster than I had seen with earlier Lightway versions. I was impressed. This version of the VPN should also be more secure. As Pete Membrey, ExpressVPN's chief research officer, said in a statement: "At ExpressVPN, we innovate to solve the challenges of tomorrow. Upgrading Lightway from its previous C code to Rust was a strategic and straightforward decision to enhance performance and security while ensuring longevity."

The updated Lightway VPN protocol also uses ML-KEM, the newly finalized NIST standard for post-quantum encryption. This feature, wrote Membray in a blog post, "ensures your connection is secured by encryption designed not just for today's threats but for the quantum-powered challenges of the future." To ensure the integrity of the recoded Lightway protocol, ExpressVPN commissioned two independent security audits from cybersecurity firms Cure53 and Praetorian. Both audits yielded positive results, with only minor vulnerabilities identified and promptly addressed by ExpressVPN. In short, ExpressVPN is technically about as safe a VPN as they come.

ExpressVPN Gets Faster and More Secure, Thanks To Rust More | Reply

ExpressVPN Gets Faster and More Secure, Thanks To Rust

Comments Filter:

  • When can I get it on my iPhone and AppleTV?

  • I drank a glass of water last night and today my VPN is 63% faster. Do you think my VPN speed is related to by water consumption?

    There is no way that Rust had ANY fucking impact on the VPN speed, let alone making it faster than a C language implementation.

    I can push a 1.6Gbps VPN written in Python.

    The Rust horseshit is getting deep on Slashdot. Deeper than the crypto-crap of yesteryear.

    • Re: You Think That's Anything? (Score:4, Insightful)

      by ArmoredDragon ( 3450605 ) on Wednesday February 26, 2025 @05:19PM (#65197551)

      There are a lot of reasons really. C doesn't include higher level data structures or concepts out of the box, by design. So you have to implement everything on your own by hand. This is especially true if you're using concurrency, which is something rust really shines at.

      Could you do it as fast in C? Without a doubt. But you're also going to spend a lot more time on it both writing custom code and then hand optimizing all of it, and in return for all of that hard work you don't even get any memory safety guarantees. So why? C is a good tool to have in your belt, but this seems like the wrong one to use.

      • Some common patterns are practically impossible to implement efficiently in C. For example, polymorphism. In C this is usually done by calling through function pointers whereas a properly polymorphic language can do the same with a tiny fraction of the call frames. Sometimes macros are used to try to get a similar effect in C and what you end up with is an ungodly steaming pile that will likely never be 100% reliable.

    • Re: (Score:2)

      by dfghjk ( 711126 )

      "There is no way that Rust had ANY fucking impact on the VPN speed, let alone making it faster than a C language implementation."

      Sometimes you have to compile it several times to see the speed benefits.

      "I can push a 1.6Gbps VPN written in Python."

      Don't be ridiculous. Python can only implement a VPN by calling a VPN library written in C.

  • At this point one of the following must be true:
    a. Rust is significantly better than all other alternatives. Which is unlikely the case in my unfamiliar with Rust opinion.
    b. This push to adopt Rust is inorganic, there is a serious issue with it like compiler backdoor. This situation reminds me of Dual_EC_DRBG, where nobody could explain why there was so much push to switch to it from known and proven alternatives.

    • or

      c. Slashdot is being paid/played by rust-lang.org to try to manufacture relevance.

    • At this point one of the following must be true: a. Rust is significantly better than all other alternatives. Which is unlikely the case in my unfamiliar with Rust opinion. b. This push to adopt Rust is inorganic, there is a serious issue with it like compiler backdoor. This situation reminds me of Dual_EC_DRBG, where nobody could explain why there was so much push to switch to it from known and proven alternatives.

      I'd vote, with my conspiracy theorist segments, for option B. Since the modus operandi of most big movers and shakers in society these days is projection, saying that others are doing what you want to do, all the whining and teeth gnashing about how insecure all other languages are and always have been, Rust is in fact backdoored to hell and back and will ultimately be proven to be the least secure language ever used in such big pushes.

      It does strike me as odd that there's not much more to back up Rust bein

    • Re: (Score:3)

      by SirSlud ( 67381 )

      I dunno where you work or what you do, but this is the real deal and in many "serious" environments I'm professionally a part of or adjacent to, Rust is being taken quite seriously and starting to be used for some very core systems purposes. It's not a fad. My impression of the resistance here is a lot of hobbyists, a lot of old people, or both. I don't know what more you need. Every large software vendor who owns a platform has decided on merit that Rust is really quite decent, addresses a lot of the thing

    • Well, every time "Rust" gets a mention anywhere, there is a tremendous social media pile on, often full of comments from people unfamiliar with Rust. So that leaves one of the following as true:

      a. Rust is not better than any alternatives and people unfamiliar with the technologies in question have managed to work that out
      b. The push against Rust is inorganic, to maintain the serious and well known issues with C that regularly allow exploits.

      Which is the problem with conspiracy theories. You can cut it and d

  • Secure from Whom? (Score:3)

    by bill_mcgonigle ( 4333 ) * on Wednesday February 26, 2025 @05:00PM (#65197507) Homepage Journal

    Probably OK if you want to keep your local ISP from selling your data but Snowden does not approve [x.com].

  • And still no IPv6 support, hard pass.

    Forcing all the traffic through CGNAT so the performance will suck, and cutting users off from thousands of sites - eg https://www.ev6.net/v6sites.ph... [ev6.net]

    • Oh no, what will I do without being able to access shisharpi.wbran2tqjgt9veac.myfritz.net?

      • Re: (Score:2)

        by Bert64 ( 520050 )

        Do you know what myfritz.net does? It's a dynamic dns service provided with fritzbox routers (https://en.avm.de/products/fritzbox/) which provides a user friendly way to setup dyndns for your home devices. This service is not enabled by default and is opt-in if you choose to make your router and/or devices accessible externally, it also gets a valid ssl cert for the hostname which is good for security.

        The fact that there are so many myfritz.net hosts on the ipv6-only list shows two things:
        1) there are lots

  • We have seen many initiatives pass through here.
  • https://github.com/expressvpn/lightway-core

    Languages
    C 87.7%
    CMake 6.8%
    CSS 3.4%
    Shell 1.3%
    Earthly 0.4%
    Python 0.3%
    Other 0.1%

    HELLO?? Does anyone see Rust on that list?
  • I read TFA. This is misdirection and obfuscation. Express VPN with collaboration from SVN present their SERVICE OFFERING and proprietary software as open source. It is not. The core protocol is open source but contains no Rust. This is the same bullshit as crypto exchanges do... skill testing question: is a wallet from an exchange a wallet? Answer: No, with an explanation. A wallet from a crypto exchange is a SERVICE and transaction ecosystem that looks like a wallet. This so called Express VPN is a SERVICE

Slashdot Top Deals

"The Amiga is the only personal computer where you can run a multitasking operating system and get realtime performance, out of the box." -- Peter da Silva

Close