A partnership between the Internet Watch Foundation (IWF) and ExpressVPN has been the catalyst for a new tool that restricts access to websites containing ‘pernicious’ child sexual abuse images and videos across the entirety of ExpressVPN’s network.
ExpressVPN, a leading consumer privacy and security company, says the tech solution demonstrates that a balance between encryption, online safety and online privacy is possible, as it does not compromise its no-logs policy, which keeps the activity and connection logs of its users private.
This comes after the IWF published a paper explaining how platforms can prevent the upload of child sexual abuse imagery in end-to-end encrypted environments in a privacy preserving way.
The IWF, which is dedicated to finding, assessing and removing images and videos of child sexual abuse from the internet, has long affirmed that all platforms have a duty to make sure they do not provide protected spaces for criminals to share child sexual abuse material.
Express VPN is now preventing access to all websites known to the IWF that are set up solely for the purposes of hosting child sexual abuse material. Often, these domains are commercialised, meaning that offenders profit from the sale of the content.
The domain list from the IWF is derived from the full URL List available to IWF Members – a comprehensive catalogue of sites containing verified criminal imagery that is updated regularly as analysts add new URLs and remove those that no longer contain child sexual abuse material.
The tech tool, named OpenBoundary by Express VPN, allows any VPN, ISP or cloud provider to implement the blocking of child sexual abuse material safely and transparently. It operates at the server level and has been integrated with the core principles of a VPN in mind.
OpenBoundary does not employ deep-packet inspection or user logging, and everything is verifiable, auditable and open to scrutiny.
ExpressVPN will open-source the underlying technology behind OpenShield as part of its Not on My Network initiative.
Dr Peter Membrey, Chief Research Officer at ExpressVPN, said: “For too long, the privacy debate has been framed as an either-or choice: protect encryption at all costs, or weaken it in the name of safety. That framing is too limiting.
“OpenBoundary isn't a breakthrough in cryptography. It's a simple, well-scoped DNS control used to block access to known child sexual abuse material sites. No broken encryption. No traffic inspection. No monitoring. It's deliberately straightforward, because privacy systems lose trust when they become opaque.
“We're not claiming to solve online exploitation. That's far bigger than any single technical measure. What we are saying is that privacy infrastructure does not have to carry everything indiscriminately. With clear boundaries and careful engineering, it's possible to act without weakening the protections millions of people rely on. That's what I mean by a Not On My Network approach.
“We're open-sourcing OpenBoundary because this shouldn't sit with a single provider. Privacy and protection are not mutually exclusive. If we implement them properly, they reinforce one another.”
Kerry Smith, Chief Executive Officer of the IWF, said: “The IWF is dedicated to tackling the pernicious and pervasive spread of child sexual abuse online and we rely on strong partnerships with the tech industry to help us do so.
“By coming onboard as an IWF Member, ExpressVPN now has access to our world-leading datasets and technology, allowing the organisation to better protect users across its entire VPN network.
“We applaud ExpressVPN’s innovative approach that balances its commitment to online child safety and online privacy.
“We know that users can have both; IWF’s recent paper explains how existing technology can be used to prevent the spread of child sexual abuse material in end-to-end encrypted environments while upholding privacy - a method known as upload prevention.”
Find out more about becoming an IWF Member and the services we can provide.
