ExpressVPN has unveiled a complete redesign of its proprietary Lightway VPN protocol. Dubbed Lightway 2.0, it’s a total port of the original codebase from the C programming language to Rust. It’s a pretty exciting development, but you might not immediately appreciate what this means for ExpressVPN. After all, they’re already one of the mainstays on our Best VPN page. Why does it matter that they’re now using Rust?
Well, you'll feel a few tangible benefits while using ExpressVPN now, as well as some extra security features working behind the scenes to make the service safer. This is also a great sign for ExpressVPN's future as a product. Read on, and I’ll discuss the changes I’m excited about due to their redesign.
A faster Lightway
Want to find out more about Lightway? Check out our 'What is Lightway?' guide to learn everything you need to know.
Let’s get one thing established immediately: Rust is not de-facto faster than C. Both languages use the LLVM compiler to turn their human-readable language into assembly. However, in practice, support for Rust inside LLVM has reached the point that it’s possible to write code that’s both easier to read than C and faster.
For the Lightway project, this translates to better VPN performance, lower power consumption, and better multi-threading code. Where’s the proof? Well, look at the performance benefits they’re already claiming from implementing Lightway 2.0 into their Aircove router firmware, which now hits speeds of 330Mbps over TCP.
Rust is simply safer than C
On the other hand, Rust is built to be safer than C from the ground up. Without getting too deep into how it all works, there are some common mistakes programmers make in C regarding memory management which means hackers can subvert the program to their own ends. This simply isn’t possible in Rust because it enforces properties like type safety and memory safety within the compiler. The way the language is built means that if you want to write unsafe code, you have to explicitly declare that’s what you’re doing.
Don’t just take my word for it. Cybersecurity companies Cure43 and Praetorian have both conducted independent audits of Lightway’s new codebase on behalf of ExpressVPN and were particularly impressed by the relatively low number of security issues discovered, with Praetorian commenting that Lightway’s use of unsafe code blocks was “particularly beneficial and warrant special recognition”.
More time for new features
Rust makes it far easier to handle multi-threaded code and abstracts away a bunch of the memory management necessary to write good, safe C. Refactoring a whole code base like this isn’t cheap, but it’s obvious ExpressVPN thinks that doing so will allow them to concentrate on building more functionality into their apps without maintaining a low-level C codebase. This is already evident in the additions they’ve made to their Aircove router firmware, adding both the ability to create separate VPN-enabled guest networks as well as support for the quantum-resistant ML-KEM encryption algorithm.
A promising future for Rust's ecosystem
Frankly, more serious projects being built in Rust demonstrates that it’s a viable replacement for C. While C is fantastic for building highly-performant code, it’s also difficult to use and often results in nasty bugs lurking behind the scenes. Rust isn’t quite at the point where it’s able to completely take over the reins from C, but it’s getting there. More Rust projects mean more Rust developers, which means more interest in Rust, more projects built in Rust… and so on.
There are plenty of good use cases for Rust, but if nobody uses the language in practice, it’s just a vanity project. ExpressVPN's spending the time and effort to port one of their key products from C to Rust signals to other developers that it’s a mature language with real-world applications, which can only be good for the Rust project as a whole.
Raising the bar
Lightway 2.0 is a pretty clear sign that ExpressVPN is committed to raising the bar on the technical side of VPNs. Sure, code refactoring isn’t as immediately appealing to customers as a new VPN feature to play around with, but embracing modern programming practices will allow ExpressVPN to run rings around their competitors in the long term.
That said, if ExpressVPN wants Lightway to become the standard for domestic VPNs, continuing to support the open-source community is the only way to go. It’s reassuring that they’ve continued to license Lightway under GPL 2.0, but it remains to be seen how much interest there’ll be in extending Lightway outside of ExpressVPN’s offices.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
