In 2017, a team of cybersecurity experts founded X-VPN, becoming the first VPN provider to introduce self-developed protocols. Launching mobile-first, X-VPN grew to 50 million users within two years, and have since added Double VPN, Tracker Blocker, Ad Blocker, and Dark Web Monitor to their security suite—all while maintaining a strict no-logs policy. Today, X-VPN operates from Singapore as a global, cross-platform service trusted by more than 100 million users. We caught up with Sandra Mitchell, tech writer at X-VPN, to discuss building for speed, establishing trust, and what happens when a VPN’s users are no longer human.
i2Coalition: Can you give us the elevator pitch for X-VPN?
Sandra Mitchell: Our mission is to make secure, private internet access simple and accessible for everyone, everywhere.
What sets us apart is how early we committed to lowering the barriers to privacy, both for users and at the technical layer. For users, we were among the first providers to offer a free version with no registration required, and premium users can sign up with an alias email. We were also early to simplify server selection through a “fastest server” approach, using intelligent routing so people don’t have to compare locations manually. On the technical side, we were one of the first in the industry to build our own proprietary protocol, and years of iteration on that work eventually became Everest, our answer to the connectivity problems users face in restrictive network environments.
Today, our priorities are clear: building transparency and trust, and strengthening the core VPN experience: speed, stability, and intelligent connectivity.
i2Coalition: How do you think launching mobile-first has affected your trajectory in the long run?
SM: Launching mobile-first shaped almost everything about how we build. Mobile users expect a VPN to work instantly, across unstable networks, different countries, and very different daily situations. That pushed us early toward one-tap connection, a free version that requires no registration, and a product experience that lowers the barrier to privacy protection from the very first use.
It also gave us a direct, large-scale feedback loop. X-VPN now has 150M+ downloads and over 1.6 million public reviews across Google Play and the App Store. Mobile users review the product through real daily use, not just media coverage or influencer recommendations.
That feedback loop has shaped how we build in two ways. Internally, it keeps us close to frontline problems, our engineers value that, because it means the work they do solves real issues for users. Externally, as we expanded to other platforms, the review made it clear that users on different platforms care about different things. That helped us move beyond a mobile-only mindset and gave us a more grounded view of what multi-platform development actually requires.
i2Coalition: What impact do you think recent geopolitical events have had on your more recent growth?
SM: Recent geopolitical events have raised awareness of VPNs across the industry, and yes, that has had some positive impact on X-VPN’s growth. When internet shutdowns, censorship, platform blocks, or political instability increase, people start thinking about secure access and privacy in much more urgent terms. That said, we see the growth as part of a wider global trend: people increasingly understand that private, reliable internet access is essential, not optional.
For users in regions directly affected by these crises, the stakes are personal. A VPN may help them stay in touch with family, protect communications, reach information, or simply use the internet more safely under difficult conditions. We are conscious that behind these numbers are people dealing with real pressure and uncertainty, and that shapes how we think about work.
So while these pressures may drive more demand for VPN services, our focus stays the same: in sensitive moments, users just need a service they can rely on.
i2Coalition: How has the AI explosion impacted your operations—and your roadmap?
SM: AI has affected us in two ways. Operationally, it has raised the bar on speed and automation across the team. We’re looking carefully at where AI can genuinely help, such as test automation and faster issue diagnosis.
Strategically, it has opened a new product question: what does a VPN look like when AI agents are the ones using it? Traditional VPN apps were built for human users clicking buttons, but AI agents are starting to become part of how real work gets done, and they may need controlled, authorized, programmatic network access: checking connection status, switching locations, or selecting protocols. That’s why we’ve been exploring an MCP-based VPN product designed specifically for AI agents, separate from our consumer app. The goal is to make privacy-preserving network control usable in the next generation of automated work.
Stepping back, the AI era reinforces why trust and transparency matter. As more decisions get automated, users need to know how their data is handled, what controls exist, and whether a provider’s privacy claims can actually be verified. We’re excited by what AI can unlock, but in our space, the first question is always how any AI adoption affects user privacy, data security, and human oversight. AI should strengthen privacy protection, not quietly erode it.
i2Coalition: Why did your team find it important to join the VPN Trust Initiative?
SM: We joined VTI because we believe the VPN industry needs more open dialogue and stronger self-discipline. For years, our team focused primarily on building the product itself, and we haven’t always been the loudest voice in the room. But as X-VPN has grown, we’ve come to see participating in the broader conversation about privacy, security, and where the internet is headed as part of our responsibility.
Joining VTI complements the work we’re already doing on our own: building privacy-preserving infrastructure, maintaining an audited no-logs policy, improving transparency, and undergoing independent review. What it does give us is a meaningful forum to participate in industry discussions about what responsible operation actually looks like. VTI’s principles closely reflect the areas where we think the industry needs clearer standards.
Beyond VTI, we’ve also been supporting organizations and communities like the Internet Society and the Electronic Frontier Foundation. It’s the same idea behind everything we do here: privacy, open infrastructure, and user rights aren’t things any single company can solve on its own, and we’d rather contribute to that work than stay on the outside of it.
i2Coalition: Which other i2Coalition initiatives connect most deeply with your team’s ethos?
SM: The Secure Hosting Alliance really speaks to us. VPN services depend on the same things responsible hosting does: reliable infrastructure, sensible abuse prevention, and clear operational standards. We’ve worked through these questions internally for years, so seeing them taken up as an industry-wide conversation matters to us.
i2Coalition: Where does government policy interface with your work on a daily basis?
SM: Given the nature of VPN products, government policy intersects with our work every day.
Policies around surveillance, censorship, app availability, and internet restrictions directly shape how people use VPNs and how much they need them. In some regions, users turn to VPNs for safer access to information, more private communication, or simply a more reliable connection. At the same time, regulations around privacy, data minimization, and lawful requests influence how we operate as a provider.
Our most important response isn’t to react to each policy change one by one. It’s to build strong protections into the foundation of our service. No matter how policies shift, what we can do is uphold our audited no-logs policy through technical architecture, infrastructure, and internal processes, and keep disclosing transparency reports on an ongoing basis. A concrete example: between 2017 and March 2026, we received law enforcement and DMCA-related data requests, and disclosed zero user data in response.