In May 2020, ExpressVPN announced that it was rolling out a beta of its new Lightway protocol which was built from the ground up to be a ‘modern’ VPN.
It’s now out of beta and available to all ExpressVPN users in all of the apps it offers. To try it out you just need to make sure the protocol selection is set to ‘Automatic’ or just chose Lightway specifically in the app settings.
Peter Membrey, chief architect at ExpressVPN, spoke to Tech Advisor about the protocol’s development. “What we wanted to do with Lightway was to go back to basics and think: given all that we know about VPNs… what would we want a VPN to look like. If we had a magic wand, what could we create? And that was Lightway.”
Why not just use WireGuard like everyone else? Membrey explained that, “The use case for WireGuard is quite different from the use case that a VPN platform has. WireGuard has no interest in privacy concerns. It’s not meant to be used for privacy. You’re creating a peer-to-peer network. The assumption is that you can trust the people you’re talking to, so you don’t need to hide your IP from someone who’s trusted.”
This means that, to use WireGuard for a VPN, lots of work needs to be done to ensure that encryption keys are created and managed properly for millions of users. This is why NordVPN, for example, calls its protocol NordLynx and not WireGuard, because it has adapted and tweaked the protocol to meet the needs of a VPN.
Instead of doing this, ExpressVPN decided to build Lightway from scratch to be the the best of both worlds: inspired by WireGuard but grounded by OpenVPN. OpenVPN itself was designed for VPN use around 20 years ago, which means it’s not really adequate for modern needs.
By contrast, Lightway is designed to be mobile first. It has no problem hopping between networks such as Wi-Fi, 4G and 5G. It’s optimised for the things VPN users care about and nothing they don’t, so any unneeded features were taken out.
In terms of the encryption, Membrey explained that Lightway uses WolfSSL. “To be clear, we didn’t roll any of our own crypto. It’s something we – as a principle – keep well away from. It’s extremely easy to get that wrong so we outsourced it, effectively, to a library that’s open source and has been audited.”
WolfSSL is used on millions of devices already and is the library that powers Pokémon GO. It’s designed for embedded devices, so it’s fast on Apple M1 chip, on routers, iPhones and more.
Because the optimisation work is already done, ExpressVPN gets that speed benefit for free.
Unlike WireGuard, Lightway can’t run in the operating system’s Kernel. However, at only 2000 lines of code, it’s around half the size of WireGuard. This makes it quick to audit but, more importantly, its lightweight nature isn’t too demanding on processors and therefore doesn’t put much drain on your laptop or phone battery.
Lightway also supports TCP in addition to UDP, while WireGuard only works on UDP so has no fallback if UDP is banned on a network.
How fast is Lightway?
ExpressVPN says Lightway isn’t yet optimised, but it’s still twice as fast as OpenVPN. The company is still being cagey about mentioning any specific figures, but says that in lab tests, 2.5-3x the current speeds can be achieved “with some tweaks”.
The aim, though, isn’t to beat WireGuard. It’s to give better performance on a Skype call or when you’re streaming Netflix. During the beta phase around 50% of users connected in under 0.5 seconds. That would be an even higher figure if the other half weren’t connecting to servers the other side of the world where the speed of light is the limiting factor.
It’s also designed to be stable. So far, users running Lightway stay connected for 40% longer, indicating that’s how much more reliable it is than OpenVPN.
Open source
As promised last year, ExpressVPN is making the source code for Lightway public. It has already been audited by Cure53, who found no significant issues, but you can inspect the code yourself, or even use it for your own VPN, even if you’re not an ExpressVPN subscriber.
Is Lightway a reason to choose ExpressVPN?
The ultimate aim for Lightway is that you forget the VPN is even connected, so you use it all the time. If you use a VPN a lot, you’ll notice the tell-tale signs: web pages load slowly or your internet connection drops or pauses while the VPN re-establishes a dropped connection.
For some, this could well justify the higher monthly cost of ExpressVPN compared to its rivals.
Related articles for further reading
Author: Jim Martin, Executive Editor
Jim has been testing and reviewing products for over 20 years. His main beats include VPN services and antivirus. He also covers smart home tech, mesh Wi-Fi and electric bikes.