What are RAM-based servers, and why should you care?

For a VPN server network to work, it needs memory. Memory is where everything happens in a network — it is how the server remembers who is connected to what, through which protocol, and through which settings. Traditionally, VPN servers were just regular servers purpose-built to handle all those bandwidth and encryption needs. That also means they are outfitted with traditional hard disk drives, which provide much needed memory. Because what can go wrong with HDDs — they’re ubiquitous, affordable, and pretty much the industry standard.

But VPNs aren’t really like any other servers, given their paramount need for privacy (“P” means “Private”, after all). And that soon became apparent as governments and other well-funded actors started placing VPNs in their sights. Hard disks were meant not just to hold data as needed, but to store them over the long term. If a VPN company were to be true to its stated goal of safeguarding user privacy, then it should wipe its drives regularly. But not every VPN takes the time to do that, no matter what their log policies say — and the users of such VPNs are especially vulnerable to prying eyes.

So what’s a VPN company to do? The answer lies in that other memory module that we use daily, but we don’t usually think about (unless you're a gamer, designer, or a productivity-oriented person) — RAM.

The Future of VPNs?

RAM (Random Access Memory) is that memory that, in a computer or a phone, holds active processes as they’re being used (and often even as they lie in the background). The bigger the RAM, the faster a device can multitask, as the more it can store concurrent processes. But in a regular computer, RAM isn’t mean to hold anything permanent — when the computer powers off, anything that’s in the RAM gets erased.

Somewhere along the line, VPN companies noticed that this particular quality of RAMs could be beneficial to the industry. Imagine — each time a use disconnects from the VPN client, all the data he left on the network vaporizes. It’s important to note that even when a VPN company has a strict no-logs policy, some sort of user information will still remain in its hard disk servers. Maybe not your IP, but your device ID. Maybe not your name, but an aspect of your connection details. Scrape enough of these and you can get pretty close to identifying a VPN user.

But with a RAM server, nothing remains, so that even if a hacker (or a pesky subpoena from a court) manages to get in they won’t find anything useful. All it takes to clear the entire network at once is a simple reboot. And there’s also the fact that RAMs are orders of magnitude zippier than a traditional hard disk, so the entire network’s performance gets a boost.

But of course, not everything is rainbows and roses now that RAM-based serves have been “discovered”. As you’d see in our reviews, VPN companies operate lots of servers — anywhere from 2,000 to 6,000, all scattered in different locations across the globe. To take advantage of the advantages that a RAM-based server has, the company would have to change all the HDDs in those servers to RAM modules. That requires a significant investment, and that’s not something that all VPNs are willing to make at this point.

This is why, despite RAM-based servers appearing as the gold standard for VPN companies, only a few of them have made the total transition. One of the first companies that rolled out a 100% RAM-based server network was ExpressVPN, and that was in 2019. A few others have followed suit, and today more and more companies are starting the transition. You’d find that a few VPN companies have hybrid systems, as they slowly but surely try to take HDDs out of the equation.

Even more possibilities

But innovation doesn’t stop there. Some VPN companies have not only rolled out RAM servers, but have also complemented the increased privacy it provides with their own brand of security gimmicks. Some have, for example, set up their RAM servers to load from a single “master” image file, which allows the entire server network to be homogeneous and consistent. This used to be extremely difficult in the time of HDDs, since you need to clear out the whole server and load things anew at the exact same time — an arduous task made easy by the instant memory clearing that RAM modules are capable of. It is well-known in the computing world that a consistent system is a safer system, with fewer chinks in its armor for malicious actors to exploit.

Of course that opens up other business possibilities for these VPN companies, for better or for worse. Some companies still early in their RAM server rollout have resorted to selling RAM’s advantages as an add-on package or a premium subscription. It’s not for this site to comment on such practice, but it’ll be interesting to see where this leads as RAM-based servers become more and more common.

Towards a more private world

VPN usage is still increasing year on year, as more and more netizens become concerned about their privacy. Thanks to various threats we all encounter in cyberspace, the internet remains to have a strong undercurrent of distrust against the big corporations and the governments that poke their noses into everything. Even VPN companies themselves are met with a measure of distrust, with many seeking proof of their commitment to privacy aside from just their no-logs policies.

This is why we’re probably going to see an increasing trend in two important privacy aspects of VPNs: independent audits on one hand, and RAM-based servers on the other. These two aren’t exactly the most important elements of a VPN, but as more and more companies see it fit to invest in them (largely because the competitor is doing so and they’re getting left behind), we’re likely to see the online world take a turn towards more privacy — and it’s about time it does.