Topic Terms

What are RAM-Only VPN Servers?

RAM-only servers are VPN servers that run entirely from volatile memory (RAM) rather than persistent hard drives, meaning all data is permanently wiped every time the server reboots — making it impossible to recover logs even if a server is physically seized.

RAM-only servers (sometimes called diskless servers or volatile storage infrastructure) are VPN servers that operate entirely from RAM rather than traditional hard drives or SSDs. Because RAM is volatile memory — it loses all contents the moment power is removed — a RAM-only server stores no persistent data between sessions.

This architecture is a hardware-level enforcement of no-log policy claims. Even if law enforcement seizes a server, there are no persistent files, no logs, and nothing to recover.

How Traditional Servers Work (The Problem)

Standard server infrastructure writes data to persistent storage — hard drives or SSDs. Even if a VPN provider configures their software not to log activity, data can still persist on disk through:

  • Operating system swap files
  • Temporary files and caches
  • Error logs and system logs
  • Failed software patches leaving partial configuration data

These artifacts could theoretically be extracted and used to reconstruct activity, even if the VPN operator genuinely didn't intend to keep logs.

How RAM-Only Servers Solve This

In a RAM-only setup:

  • The entire operating system boots from an image loaded into RAM at startup
  • No data is written to persistent storage during operation
  • Every time the server is rebooted, all in-memory data is gone permanently
  • Configuration updates are deployed via new disk images — reinstalling the entire OS, not patching a running system

There is physically no disk to seize and analyze.

Who Uses RAM-Only Infrastructure?

ExpressVPN launched TrustedServer technology in 2019, making its entire server network RAM-only. NordVPN and Surfshark have also fully transitioned to diskless servers. ProtonVPN uses Secure Core infrastructure with similar hardening principles.

This is now considered a baseline expectation for premium VPN providers rather than a differentiating feature — though not all providers have implemented it.

RAM-Only and Server Location Seizure

The practical significance: several VPN providers have had servers physically seized by authorities over the years. In cases where RAM-only infrastructure was in place, the seizure yielded nothing useful. This is a real-world test that goes beyond audits and marketing claims.

RAM-Only Servers and Updates

One operational challenge: software updates require fully rebuilding and redeploying server images, rather than simply running update commands on a running system. Providers with RAM-only networks must maintain rigorous image management pipelines. The upside is a more consistent, controllable environment — every server always runs an identical, known-good configuration.

What RAM-Only Doesn't Protect Against

RAM-only architecture prevents persistent data storage. It doesn't prevent:

  • DNS leaks if the client is misconfigured
  • IP leaks if you're not using a kill switch
  • Provider-level logging at the network level (upstream of the individual server)
  • Attacks on the user's device itself

Related Terms