Warning: contains spoilers for Doctor Who episode “The Reality War.” In Doctor Who’s frankly mind-boggling season finale, the Doctor’s epic battle with the two Ranis, Omega, Conrad and a herd of skyscraper-sized bone creatures ultimately comes down to the restoration of a single life – and will require a sacrifice nobody expected. Spoilers ahead. It’s honestly difficult to know where to start with this episode. There are so many potential jumping-off points for discussion – though, somewhat tellingly, very few of them relate to the actual story that kicked off in earnest last week, which the episode itself seems positively impatient to get out of the way. It takes about 15 minutes for the Doctor to stop hugging every member of the extended supporting cast so the titular war can kick off, then by the halfway mark it’s over. Audacious? Yes, though that’s not to say it actually works. Do we start with Billie Piper? Or the unexpected and quite charming Jodie Whittaker cameo? Or the fact that they somehow snuck Ncuti Gatwa’s regeneration onto the screen without anybody knowing? No, because this season didn’t start with Billie Piper, or Jodie Whittaker, or the Rani, or Ruby Sunday. It didn’t even start with the Doctor. It started with Belinda Chandra. A character with so much potential – compassionate, uncertain, a little bit spiky, competent in a new and interesting way, compellingly distrustful of the Doctor. Potential that has, at this point, been mostly wasted. There is a point in “The Reality War” where Belinda basically tells the Doctor “OK I think I’m done contributing to this episode, good luck tho” and is left holding the baby in a soundproofed box where she can neither affect or be affected by the story happening outside. We even have an unintentionally comical cut back to her standing in there, doing nothing, saying nothing. It’s hard to think of a more literal way to sideline a key player. This is the co-lead of the show! The companion! And instead of having any real agency, instead of contributing to the plot in any meaningful way whatsoever, she functionally stops existing as a narrative presence. She doesn’t even get to go with the Doctor when he rushes off to save what turns out to be her child. And for what? So that the companion who supposedly left the show last season can have all the big dramatic moments instead? There were no advanced screeners available for this episode – given what happens at the end, it’s easy to see what they were scared might leak – so I’m writing with less distance than usual, reacting fairly rapidly to a first watch. But even with several days to digest, it’s difficult to imagine feeling anything other than bafflement at this storytelling choice. This is what Belinda’s whole story arc was leading to? This is the big twist? It’s truly one of the most bewildering decisions that Russell T Davies has made. It already kind of felt like he’d run out of meaningful stuff for Belinda to do after “The Well”, and there have been plenty of complaints about her sidelining in “Wish World”, but nobody could have predicted this. Sorry Belinda. And sorry Varada Sethu. You both deserved better. Now to Ncuti Gatwa. It’s pointless getting into behind-the-scenes gossip, or speculating on the actor’s motivations – if he only ever wanted to do two seasons, of course that’s his choice. But what are we to take away from his brief tenure in storytelling and character terms? A Doctor defined by his joy, his exuberance, his love for people (frustratingly, a point this episode hammers until it becomes tedious). A smile as powerful as a billion supernovas. A killer wardrobe. Even in lesser episodes, Gatwa’s energy has carried us along, infectious and delightful. It’s a genuine shock and a shame to see him go. Join our mailing list Get the best of Den of Geek delivered right to your inbox! Not least because, as with Belinda, it feels like his Doctor had unfulfilled potential. Was this episode truly a satisfying conclusion to Fifteen’s story? He gets plenty of good moments, big and small, and of course he plays the hell out of all of them. You could argue that sacrificing their life to save one child is about the most Doctor-ish thing possible. I wouldn’t necessarily argue with you. But that’s broad strokes stuff, generally applicable to any incarnation. What about this Doctor makes this specific set of circumstances a fitting send-off? Is it satisfying for this Doctor, a Doctor representing a particular streak of joyful hedonism, a Doctor who releases UNIT from their stifling roles in Conrad’s reactionary wish world via an explicit and triumphant assertion of his queerness, to go out in this way, for these reasons? It just doesn’t feel like that’s what these past two seasons – the bi-generation, his relationship with Rogue, his torturing of Kid, the seemingly forgotten Susan stuff – have been leading to. It’s a shame that the episode also feels so messy on a minute-to-minute level. There are individually effective moments – Dark Souls boss Omega is a fantastic visual, and him casually munching The Rani is enjoyably WTF (though I can’t help wishing they’d offed the other one and kept Archie Panjabi around). The moment with the Doctor and Belinda passing Poppy’s jacket back and forth and folding it until it vanishes is kind of jaw-dropping in how understated and upsetting it is. Anita’s first joke about being in hospitality is funny (the second and third iterations not so much). Millie Gibson does a great job, even if it feels like a misstep to give Ruby so much heavy lifting to do instead of Belinda. But the whole thing feels so all over the place that not even Gatwa’s megastar energy can hold it together. And now he’s gone, regenerated into Billie Piper. At this point, we have no idea when the show will be back. It’s impossible to know where this is going. And it’s hard not to feel torn – on the one hand, Billie Piper is a fantastic actor, and it’s fascinating to consider what her take on the role will be (though it should be noted that the credits pointedly don’t say “Billie Piper as The Doctor”, whatever that could mean). On the other hand, didn’t we just do this? We had the second Tennant Doctor, it was a lovely gift for fans that wrapped up some loose ends and gave everyone a big warm glow for the anniversary, and then we flew off with Ncuti Gatwa, an actor who couldn’t have screamed more loudly that things were going to be different. But now we’re looking backwards again. And as fun a surprise as Piper’s appearance is, as fully as she will no doubt own the role… it feels like another retrograde move. It’s Doctor Who celebrating itself, getting lost in its own mythos, turning inward. And so we end this oh-so promising season in a strange, unsettling place. An episode that doesn’t really seem to care that much about the story it claimed to be telling, which makes discussing it seem weirdly beside the point. A show in limbo. A whole incarnation of the Doctor gone, when we’d barely started to get to know him. A promising companion wasted. A showrunner everyone expected to be a safe pair of hands making some utterly confounding choices. Where do we go from here? Doctor Who series 15 is available to stream now on BBC iPlayer in the UK and on Disney+ around the world.

ExpressVPN is good at its job. It's easy to be skeptical of any service with a knack for self-promotion, but don't let ExpressVPN's hype distract you from the fact that it keeps its front-page promise of "just working." Outside of solid security, the two best things ExpressVPN offers are fast speeds and a simple interface. Our tests showed only a 7% average drop in download speed and a 2% loss of upload speed, worldwide. And while the lack of extra features may frustrate experienced users, it makes for a true set-and-forget VPN on any platform. This isn't to say ExpressVPN is without flaws — it's nearly bereft of customization options and it's notably more expensive than its competition — but it beats most VPNs in a head-to-head matchup. For this review, we followed our rigorous 10-step VPN testing process, exploring ExpressVPN's security, privacy, speed, interfaces and more. Whether you read straight through or skip to the sections that are most important for you, you should come away with all the information you need to decide whether to subscribe. Editors' note: We're in the process of rebooting all of our VPN reviews from scratch. Once we do a fresh pass on the top services, we'll be updating each review with a rating and additional comparative information. Table of contents Findings at a glance Installing, configuring and using ExpressVPN ExpressVPN speed test: Very fast averages ExpressVPN security test: Checking for leaks How much does ExpressVPN cost? ExpressVPN side apps and bundles Close-reading ExpressVPN's privacy policy Can ExpressVPN change your virtual location? Investigating ExpressVPN's server network Extra features of ExpressVPN ExpressVPN customer support options ExpressVPN background check: From founding to Kape Technologies Final verdict Findings at a glance Category Notes Installation and UI All interfaces are clean and minimalist, with no glitches and not enough depth to get lost in Windows and Mac clients are similar in both setup and general user experience Android and iOS are likewise almost identical, but Android has a nice-looking dark mode Speed Retains a worldwide average of 93% of starting download speeds Upload speeds average 98% of starting speeds Latency rises with distance, but global average stayed under 300 ms in tests Security OpenVPN, IKEv2 and Lightway VPN protocols all use secure ciphers Packet-sniffing test showed working encryption We detected no IP leaks Blocks IPv6 and WebRTC by default to prevent leaks Pricing Base price: $12.95 per month or $99.95 per year Lowest prepaid rate: $4.99 per month Can save money by paying for 28 months in advance, but only once per account 30-day money-back guarantee Bundles ExpressVPN Keys password manager and ID alerts included on all plans Dedicated IP addresses come at an extra price ID theft insurance, data removal and credit scanning available to new one-year and two-year subscribers for free 1GB eSIM deal included through holiday.com Privacy policy No storage of connection logs or device logs permitted The only risky exceptions are personal account data (which doesn't leave the ExpressVPN website) and marketing data (which the policy says should be anonymized) An independent audit found that ExpressVPN's RAM-only server infrastructure makes it impossible to keep logs Virtual location change Successfully unblocked five international Netflix libraries, succeeding on 14 out of 15 attempts Server network 164 server locations in 105 countries 38% of servers are virtual, though most virtual locations are accessed through physical servers within 1,000 miles A large number of locations in South America, Africa and central Asia Features Simple but effective kill switch Can block ads, trackers, adult sites and/or malware sites but blocklists can't be customized Split tunneling is convenient but unavailable on iOS and modern Macs Aircove is the best VPN router, albeit expensive Customer support Setup and troubleshooting guides are organized and useful, with lots of screenshots and videos Live chat starts with a bot but you can get to a person within a couple minutes Email tickets are only accessible from the mobile apps or after live chat has failed Background check Founded in 2009; based in the British Virgin Islands Has never been caught selling or mishandling user data Turkish police seized servers in 2017 but couldn't find any logs of user activity Owned by Kape Technologies, which also owns CyberGhost and Private Internet Access A previous CIO formerly worked on surveillance in the United Arab Emirates; no evidence of shady behavior during his time at ExpressVPN Windows Version 12 leaked some DNS requests when Split Tunneling was active Installing, configuring and using ExpressVPN This section focuses on how it feels to use ExpressVPN on each of the major platforms where it's available. The first step for any setup process is to make an account on expressvpn.com and buy a subscription. Windows Once subscribed, download the Windows VPN from either expressvpn.com or the Microsoft Store, then open the .exe file. Click "Yes" to let it make changes, wait for the install, then let your computer reboot. Including the reboot, the whole process takes 5-10 minutes, most of it idle. To finish, you'll need your activation code, which you can find by going to expressvpn.com and clicking "Setup" in the top-right corner. You can install ExpressVPN's Windows app from the Microsoft store, but we found the website more convenient. Sam Chapman for Engadget Extreme simplicity is the watchword for all ExpressVPN's designs. The Windows client's launch panel consists of three buttons and less than ten words. You can change your location or let the app pick a location for you — the "Smart Location" is the server with the best combination of being nearby and unburdened. Everything else is crammed into the hamburger menu at the top left. Here, in seven tabs, you'll find the Network Lock kill switch, the four types of content blockers, the split tunneling menu and the option to change your VPN protocol. You can also add shortcuts to various websites, useful if you regularly use your VPN for the same online destinations. To sum up, there's almost nothing here to get in the way: no delays, no snags, no nested menus to get lost in. It may be the world's most ignorable VPN client. That's not a bad thing at all. Mac ExpressVPN's app for macOS is almost identical in design to its Windows app. The process for downloading and setting it up is nearly the same too. As on Windows, it can be downloaded from the App Store or sideloaded directly from the expressvpn.com download center. Only a few features are missing and a couple others have been added. Split tunneling is gone (unless you're still on a macOS lower than 11), and you won't see the Lightway Turbo setting. ExpressVPN recommends some servers, but it's easy to search the whole list. Sam Chapman for Engadget Mac users do gain access to the IKEv2 protocol, along with the option to turn off automatic IPv6 blocking — Windows users have to leave it blocked at all times. Almost every website is still accessible via IPv4, but it's useful if you do need to access a specific IPv6 address while the VPN is active. Android Android users can download ExpressVPN through the Google Play Store. Open the app, sign in and you're ready to go. The Android app has a very nice dark-colored design, only slightly marred by an unnecessary information box about how long you've used the VPN this week. ExpressVPN's Android app puts a little more information on the screen than it needs to, but still runs well. Sam Chapman for Engadget There's a large button for connecting. Clicking on the server name takes you to a list of locations. On this list, you can either search or scroll and can choose individual locations within a country that has more than one. We connected to as many far-flung server locations as we could, but not a single one took longer than a few seconds. The options menu is organized sensibly, with no option located more than two clicks deep. You will see a couple of options here that aren't available on desktop, the best of which is the ability to automatically connect to your last-used ExpressVPN server whenever your phone connects to a non-trusted wifi network. There are also a few general security tools: an IP address checker, DNS and WebRTC leak testers and a password generator. These are also available on the website, but here, they're built into the app. With the exception of the latter, we'd recommend using third-party testing tools instead — even a VPN with integrity has an incentive to make its own app look like it's working. iPhone and iPad You can only install ExpressVPN's iOS app through the app store. During setup, you may need to enter your password to allow your phone to use VPN configurations. Otherwise, there are no major differences from the Android process. ExpressVPN looks good on iPhone and iPad. Sam Chapman for Engadget The interface is not quite as pleasing as the dark-mode Android app, but it makes up for that by cutting out some of the clutter. The tabs and features are similar, though split tunneling and shortcuts are absent. Also, both mobile apps make customer support a lot more accessible than their desktop counterparts — plus, mobile is the only way to send email support tickets. Browser extension ExpressVPN also includes browser extensions for Firefox and Chrome. These let you connect, disconnect and change server locations without leaving your browser window. It's nice, but not essential unless you have a very specific web browser flow you like. ExpressVPN speed test: Very fast averages Connecting to a VPN almost always decreases your speed, but the best VPNs mitigate the drop as much as possible. We used Ookla's speed testing app to see how much of your internet speed ExpressVPN preserves. For this test, we emphasized the locations ExpressVPN uses for most of its virtual servers, including the Netherlands, Brazil, Germany and Singapore. Some terms before we start: Latency, measured in milliseconds (ms), is the time it takes one data packet to travel between your device and a web server through the VPN. Latency increases with distance. It's most important for real-time tasks like video chatting and online gaming. Download speed, measured in megabits per second (Mbps), is the amount of information that can download onto your device at one time — such as when loading a web page or streaming a video. Upload speed, also measured in Mbps, is the amount of information your device can send to the web at once. It's most important for torrenting, since the amount of data you can seed determines how fast you can download in exchange. The table below shows our results. We conducted this on Windows, using the automatic protocol setting with the Lightway Turbo feature active — a recent ExpressVPN addition that keeps speed more consistent by processing connections in parallel. Server location Latency (ms) Increase factor Download speed (Mbps) Percentage dropoff Upload speed (Mbps) Percentage dropoff Portland, Oregon, USA (unprotected) 18 -- 58.77 -- 5.70 -- Seattle, Washington, USA (best server) 26 1.4x 54.86 6.7% 5.52 3.2% New York, NY, USA 156 8.7x 57.25 2.6% 5.57 2.3% Amsterdam, Netherlands 306 17x 53.83 8.4% 5.58 2.1% São Paulo, Brazil 371 20.6x 53.82 8.4% 5.65 0.9% Frankfurt, Germany 404 22.4x 55.71 5.2% 5.67 0.5% Singapore, Singapore 381 21.2x 52.76 10.2% 5.64 1.0% Average 274 15.2x 54.71 6.9% 5.61 1.6% These are extremely good results. ExpressVPN is a winner on both download and upload speed. No matter where we went in the world, we never lost more than about 7% of our download speeds, and upload lost an astoundingly low average of 2%. This suggests that ExpressVPN deftly distributes its user load between servers to eliminate bottlenecks. This Ookla speedtest shows you can still get fast internet while connected to ExpressVPN -- our unprotected speeds are around 58 Mbps. Sam Chapman for Engadget The latency numbers look worse, but the rise in the table is less sharp than we projected. Ping length depends far more on distance than download speed does, so we expect it to shoot up on servers more than 1,000 miles from our location. Keeping the average below 300 ms, as ExpressVPN does here, is a strong showing. ExpressVPN security test: Checking for leaks A VPN's core mission is to hide your IP address and make you untraceable online. Our task in this section is to figure out if ExpressVPN can carry out this mission every time you connect. While we can't be 100% certain, the tests we'll run through below have led us to believe that ExpressVPN is currently leak-proof. Available VPN protocols A VPN protocol is like a common language that a VPN server can use to mediate between your devices and the web servers you visit. If a VPN uses outdated or insecure protocols, or relies on unique protocols with no visible specs or source code, that's a bad sign. Not all protocols are available on all apps, but Mac has the full range. Sam Chapman for Engadget ExpressVPN gives you a selection of three protocols: IKEv2, OpenVPN and Lightway. The first two are solid choices that support the latest encryption algorithms. OpenVPN has been fully open-source for years and is the best choice if privacy is your goal. While IKEv2 started life as a closed project by Microsoft and Cisco, ExpressVPN uses an open-source reverse-engineering, which is both better for privacy and quite fast. Lightway is the odd one out, a protocol you'll only find on ExpressVPN, though its source code is available on Github. It's similar to WireGuard, in that both reach for faster speeds and lower processing demands by keeping their codebases slim. However, Lightway was recently rewritten in Rust to better protect the keys stored in its memory. Ultimately, you can't go wrong with any of ExpressVPN's protocol options. 99% of the time, your best choice will be to set the controls to Automatic and let the VPN decide which runs best. Testing for leaks ExpressVPN is one of the best services, but it's not leak-proof (as you can read in the Background Check below). Luckily, checking for DNS leaks is a simple matter of checking your IP address before and after connecting to a VPN server. If the new address matches the VPN server, you're good; if not, your VPN is leaking. First, we checked the Windows app with split tunneling active to ensure the flaw really had been patched. We tested several servers and didn't find any leaks, which suggests the patch worked, though leaks were rare even before ExpressVPN fixed the vulnerability. We checked our IP while connected to the virtual India location, which is run from a physical server in Singapore. Don't worry -- it still looks like India to streaming services. Sam Chapman for Engadget In fact, we didn't find any leaks on any ExpressVPN server we tested on any platform. Though questions remain about iOS, as you'll see later in this section, that's a problem on Apple's end that even the best VPNs can do very little about for now. The most common cause of VPN leaks is the use of public DNS servers to connect users to websites, which can mistakenly send browsing activity outside the VPN's encrypted tunnel. ExpressVPN avoids the risks of the public system by installing its own DNS resolvers on every server. This is the key factor behind its clean bill of health in our leak testing. Two other common flaws can lead to VPN leaks: WebRTC traffic and IPv6. The former is a communication protocol used in live streaming and the latter is a new IP standard designed to expand domain availability. Both are nice, but currently optional, so ExpressVPN automatically blocks both to ensure there's no opportunity for leaks to arise. One note about VPN security on iOS: it's a known and continuing problem that iOS VPNs do not prevent many online apps from communicating with Apple directly, outside the VPN tunnel. This risks leaking sensitive data, even with Lockdown Mode active in iOS 16. A blog post by Proton VPN shares a workaround: connect to a VPN server, then turn Airplane Mode on and off again to end all connections that were active before you connected to the VPN. Testing encryption We finished up our battery of security tests by checking out ExpressVPN's encryption directly. Using WireShark, a free packet sniffer, we inspected what it looks like when ExpressVPN transmits data from one of its servers to the internet. The screenshot below shows a data stream encrypted with Lightway UDP. After connecting to ExpressVPN, HTTP packets were rendered unreadable while in transit. Sam Chapman for Engadget That lack of any identifiable information, or even readable information, means encryption is working as intended. We repeated the test several times, always getting the same result. This left us satisfied that ExpressVPN's core features are working as intended. How much does ExpressVPN cost? ExpressVPN subscriptions cost $12.95 per month. Long-term subscriptions can bring the monthly cost down, but the great deals they offer tend to only last for the first billing period. A 12-month subscription costs $99.95 and includes three months for free with your first payment, costing a total of $6.67 per month. The bonus disappears for all subsequent years, raising the monthly cost to $8.33. You can also sign up for 28 months at a cost of $139.72, but this is also once-only — ExpressVPN can only be renewed at the $99.95 per year level. There are two ways to test ExpressVPN for free before making a financial commitment. Users on iOS and Android can download the ExpressVPN app without entering any payment details and use it free for seven days. On any platform, there's a 30-day money-back guarantee, which ExpressVPN has historically honored with no questions asked. You will have to pay before you can use it, though. In our opinion, ExpressVPN's service is solid enough that it's worth paying extra. Perhaps not this much extra, but that depends on what you get out of it. We recommend using the 30-day refund period and seeing how well ExpressVPN works for you. If it's a VPN you can enjoy using, that runs fast and unblocks everything you need, that's worth a server's weight in gold. ExpressVPN side apps and bundles ExpressVPN includes some special features that work mostly or wholly separate from its VPN apps. Some of these come free with a subscription, while others add an extra cost. Every subscription includes the ExpressVPN keys password manager. This is available under its own tab on the Android and iOS apps. On desktop, you'll need to download a separate extension from your browser's store, then sign in using your account activation code. It's available on all Chromium browsers, but not Firefox. Starting in 2025, new subscribers get an eSIM plan through holiday.com, a separate service linked to ExpressVPN. The baseline 1GB holiday eSIM plans last for 5 days and can apply to countries, regions, or the entire world (though it's not clear whether the package deal applies to the regional and global plans). Longer-term plans include larger eSIM plans. You can add a dedicated IP address to your ExpressVPN subscription for an additional cost per month. A dedicated IP lets you use the same IP address every time you connect to ExpressVPN. You can add the address to whitelists on restricted networks, and you're assured to never be blocked because of someone else's bad activity on a shared IP. Unlike many of its competitors, ExpressVPN doesn't currently offer antivirus or online storage services, but there is a comprehensive bundle of ID protection tools called Identity Defender. We haven't reviewed any of these products in detail, but here's a list for reference: ID Alerts will inform you if any of your sensitive information is leaked or misused online. It's free with all plans, but you'll have to enter your personal information on your ExpressVPN account page or a mobile app. ID Theft Insurance grants up to $1 million in identity theft reimbursement and comes free with new ExpressVPN one-year or two-year subscriptions. It's not yet available to those who subscribed before it launched in October 2024. Data Removal scans for your information in data brokerages and automatically requests that it be deleted. It's also free with one-year and two-year plans. Credit Scanner is only available for United States users. It monitors your activity on the three credit bureaus so you can quickly spot any suspicious transactions. The Identity Defender features are currently only available to new ExpressVPN customers in the US. Close-reading ExpressVPN's privacy policy Although we worry that the consolidation of VPN brands under the umbrella of Kape Technologies (ExpressVPN's parent company) will make the industry less competitive, we don't believe it's influencing ExpressVPN to take advantage of its users' privacy. To confirm, and get a full sense of what sort of privacy ExpressVPN promises its users, we set out to read ExpressVPN's privacy policy in detail. It's long, but thankfully aimed at casual users instead of lawyers. You can see it for yourself here. In the introduction, ExpressVPN states that it does not keep either activity logs (such as a user's browsing history while connected to the VPN) or connection logs (such as the duration of a user's session and their IP address, which can be used to extrapolate browsing activity). It then specifies the seven types of data it's legally allowed to collect: Data used to sign up for an account, such as names, emails and payment methods. VPN usage data which is aggregated and can't be traced to any individual. Credentials stored in the ExpressVPN Keys password manager. Diagnostic data such as crash reports, which are only shared upon user request. IP addresses authorized for MediaStreamer, which is only for streaming devices that don't otherwise support VPN apps. Marketing data collected directly from the app — a "limited amount" that's kept anonymous. Data voluntarily submitted for identity theft protection apps. Of those seven exceptions, the only ones that count as red flags are account data and marketing data. Both categories are highly personal and could be damaging if mishandled. Fortunately, complying with subpoenas is not one of the allowed uses listed for either data category, nor does the policy let ExpressVPN sell the data to other private parties. The only really annoying thing here is that if you ask ExpressVPN to delete your personal data, you won't be able to use your account from then on. You aren't even eligible for a refund in this case, unless you're within 30 days of your initial subscription. As for marketing data, ExpressVPN collects device fingerprints and location data when you sign up for an account on its website. The privacy policy also claims this is anonymized, as its "systems are engineered to decouple such data from personally identifiable information." Audits corroborate this, as we'll see in the next section. So, while it would be better if ExpressVPN didn't collect any personal data at all, its practices don't appear to pose a risk to anything you do while using the VPN — just the ExpressVPN website. Privacy audits VPN providers often get third-party accounting firms to audit their privacy policies. The idea is that a well-known firm won't mortgage its reputation to lie on behalf of a VPN, so their results can be trusted. For the last several years, ExpressVPN has had KPMG look over its privacy policy and relevant infrastructure (see "TrustedServer" below). KPMG's most recent report, completed in December 2023 and released in May 2024, found that ExpressVPN had enough internal controls in place that users could trust its privacy policy. The report is freely available to read. This is a very good sign, though we're looking out for a more up-to-date audit soon. TrustedServer "TrustedServer" is a marketing term ExpressVPN uses for its RAM-only server infrastructure. RAM-only servers have no hard drives for long-term storage and return to a standard disk image with every reboot. This makes it theoretically impossible to store user activity logs on them, even if ExpressVPN wanted to do that. The KPMG audit, linked above, reports that TrustedServer works as advertised. Between its many clean privacy audits and the Turkish server incident in 2017, we're prepared to say ExpressVPN is a private VPN, in spite of its aggravating exception for marketing. Can ExpressVPN change your virtual location? Next, we tested whether ExpressVPN can actually convince websites that you're somewhere other than your real location. Our security tests have already proven it can hide your IP address, but it takes more than leak-proofing to fool streaming sites these days — Netflix and the others have gotten very good at combing through metadata to sniff out proxy users. The process for testing this is a lot like how we handled the DNS leak tests: try several different servers and see if we get caught. We checked five sample locations outside the U.S. to see if we a) got into Netflix and b) saw different titles in the library. The results are below. Server Location Unblocked Netflix? Library changed? Canada Y Y United Kingdom Y (second try; Docklands failed) Y Slovakia Y Y India Y Y (different from UK library) Australia Y Y In fifteen tests, ExpressVPN slipped up only once. Docklands, the UK server it chose as the fastest, wasn't able to access Netflix. We switched to a server labeled simply "London" and unblocked it without issue. ExpressVPN can change your virtual location so you can explore the wonderful world of K-drama. Sam Chapman for Engadget All the other locations got us access to an alternate Netflix library on the first try. We even checked whether the India server, which is physically located in the UK, showed us different videos than the UK servers. It did, which makes us even more confident that ExpressVPN's virtual locations are airtight. Investigating ExpressVPN's server network ExpressVPN users can connect to a total of 164 server locations in 105 countries and territories. These locations are reasonably well distributed across the globe, but as with all VPNs, there's a bias toward the northern hemisphere. There are 24 locations in the U.S. alone and a further 66 in Europe. That isn't to say users in the Global South get nothing. ExpressVPN has IP addresses from nine nations in South America (Argentina, Brazil, Bolivia, Chile, Colombia, Ecuador, Peru, Uruguay and Venezuela) and six in Africa (Algeria, Egypt, Ghana, Kenya, Morocco and South Africa). The network even includes Kazakhstan, Uzbekistan and Mongolia, impressive since central Asia may be the region most often shafted by VPNs. However, many of these servers have virtual locations different from their real ones. For those of you choosing a server based on performance instead of a particular IP address, ExpressVPN's website has a helpful list of which servers are virtual. The bad news is that it's a big chunk of the list. A total of 63 ExpressVPN locations are virtual, or 38% of its entire network. To reduce the sting, ExpressVPN takes care to locate virtual servers as close to their real locations as possible. Its virtual locations in Indonesia and India are physically based in Singapore. This isn't always practical, leading to some awkwardness like operating a Ghana IP address out of Germany. But it helps ExpressVPN perform better in the southern hemisphere. Extra features of ExpressVPN Compared to direct competitors like NordVPN and Surfshark, ExpressVPN doesn't have many special features. It's aimed squarely at the casual market and will probably disappoint power users. Having said that, what they do include works well. In this section, we'll run through ExpressVPN's four substantial features outside its VPN servers themselves. Network Lock kill switch "Network Lock" is the name ExpressVPN gives to its kill switch (though it's called "Network Protection" on mobile). A VPN kill switch is a safety feature that keeps you from broadcasting outside the VPN tunnel. If it ever detects that you aren't connected to a legitimate ExpressVPN server, it cuts off your internet access. You won't be able to get back online until you either reconnect to the VPN or disable Network Lock. ExpressVPN's kill switch is called Network Lock on desktop, and Network Protection on mobile (Android pictured) Sam Chapman for Engadget This is important for everyone, not just users who need to hide sensitive traffic. The recently discovered TunnelVision bug theoretically allows hackers to set up fake public wi-fi networks through which they redirect you to equally fake VPN servers, which then harvest your personal information. It's unlikely, but not impossible, and a kill switch is the best way to prevent it — the switch always triggers unless you're connected to a real server in the VPN's network. Like most of ExpressVPN's features, all you can do with Network Lock is turn it on and off. You can also toggle whether you'll still be able to access local devices while the kill switch is blocking your internet — this is allowed by default. Threat manager, ad blocker and parental controls ExpressVPN groups three tools under the heading of "advanced protection" — Threat Manager, an ad blocker and parental controls. Threat Manager consists of two checkboxes: one that blocks your browser from communicating with activity tracking software and one that blocks a list of websites known to be used for malware. Check any of these boxes to use the pre-set blocklists whenever you're connected to ExpressVPN. Sam Chapman for Engadget You can't customize the lists, so you're limited to what ExpressVPN considers worthy of blocking. They share their sources on the website. While the lists are extensive and open-source, they rely on after-the-fact reporting and can't detect and block unknown threats like a proper antivirus. The adblock and parental control options work the same way: check a box to block everything on the list, uncheck it to allow everything through. In tests, the ad blocker was nearly 100% effective against banner ads, but failed to block any video ads on YouTube or Netflix. The parental control option blocks a list of porn sites. It's an easy option for concerned parents, but only works while ExpressVPN is connected. As such, it's meant to be used in conjunction with device-level parental controls that prevent the child from turning off or uninstalling the VPN client. Split tunneling Sometimes, you'll find it helpful to have your device getting online through two different IP addresses at once — one for your home services and one for a location you're trying to spoof. That's where split tunneling is helpful: it runs some apps through the VPN while leaving others unprotected. This can also improve your speeds, since the VPN needs to encrypt less in total. You can configure split tunneling through either a blocklist or an allowlist. Sam Chapman for Engadget ExpressVPN includes split tunneling on Windows, Android and Mac (though only on versions 10 and below). You can only split by app, not by website, but it's still pretty useful. For example, you can have BitTorrent handling a heavy download in the background while you use your browser for innocuous activities that don't need protecting. ExpressVPN Aircove router By now, it should be clear that we find ExpressVPN to be a highly reliable but often unexceptional VPN service. However, there's one area in which it's a clear industry leader: VPN routers. ExpressVPN Aircove is, to our knowledge, the only router with a built-in commercial VPN that comes with its own dashboard interface. Usually, installing a VPN on your router requires tinkering with the router control panel, which turns off all but the most experienced users — not to mention making it a massive pain to switch to a new server location. Aircove's dashboard, by contrast, will be instantly familiar to anyone who already knows how to use an ExpressVPN client. It even allows different devices in your home to connect to different locations through the router VPN. Aircove's biggest drawback is its price. Currently retailing at $189 (not including an ExpressVPN subscription), it's around three times more expensive than an aftermarket router fitted with free VPN firmware. Some of you might still find the convenience worth the one-time payment. ExpressVPN customer support options ExpressVPN's written help pages are some of the best on the market. Its live chat is more of a mixed bag, and complex questions may cause delays. However, it is at least staffed with human agents who aim to reply accurately, rather than resolve your ticket as quickly as possible. You can directly access both live chat and email from ExpressVPN's mobile apps (on desktop, you'll have to go to the website). Sam Chapman for Engadget We approached ExpressVPN's support features with a simple question: "If I requested that ExpressVPN delete all my personal data, would I be able to get a refund for my unused subscription time?" (Remember from the Privacy Policy section that submitting a full deletion request also cancels your ExpressVPN account.) Our first stop was expressvpn.com/support, the written support center and FAQ page. It's divided into setup guides, troubleshooting, account management and information on each of ExpressVPN's products. The setup guides are excellent, including screenshots and clearly written steps; each one includes a video guide for those who learn better that way. Troubleshooting is just as good — no videos, but the same standards of clarity and usefulness prevail. The section starts with general problems, then delves into specific issues you might face on each operating system. Each article clearly derives from a real customer need. The live support experience To get answers on our refund question, we visited the account management FAQs. This section stated that the refund policy only applies within 30 days of purchase. Pretty clear-cut, but we still wanted an answer on our special case, so we contacted live chat by clicking the button at the bottom-right of every FAQ page. Live chat is in the bottom-right corner of every page of expressvpn.com. Sam Chapman for Engadget Live chat starts with an AI assistant, which is not too hard to get past — just ask it a question it can't answer, then click "Transfer to an Agent." We got online with (what claimed to be) a human in less than a minute. Answering the question took longer and involved an uncomfortable 10-minute silence, but we did get a clear verdict from a real person: refunds are within 30 days only, no matter what. If the live chat agent can't answer your question, you'll be redirected to open an email support ticket. Annoyingly, there's no way to go directly to email support through the website or desktop apps, though mobile users have the option to skip directly there. ExpressVPN background check: From founding to Kape Technologies ExpressVPN launched in 2009, which makes it one of the oldest consumer VPNs in continual operation. In more than 15 years of operation, it's never been caught violating its own privacy policy, though its record isn't free of more minor blemishes. Headquarters in the British Virgin Islands Founders Dan Pomerantz and Peter Burchhardt registered the company in the British Virgin Islands from the start to take advantage of that territory's favorable legal environment for online privacy. The BVIs have no law requiring businesses to retain data on their users, and the process for extraditing data is famously difficult, requiring a direct order from the highest court. In 2021, the BVI implemented the Data Protection Act (DPA) [PDF link], which prevents companies based in the territory from accessing data on their users anywhere in the world. It's a great privacy law in theory, modeled on best-in-class legislation in the EU. However, we couldn't find any evidence that its supervising authority — the Office of the Information Commissioner — has a leader or staff. In other words, while ExpressVPN is not legally required to log any data on its users, there's technically nobody stopping them from doing so. Whether you trust the jurisdiction depends on whether you trust the company itself. Let's see what the other evidence says. Security and privacy incidents Two significant incidents stand out from ExpressVPN's 16-year history. In 2017, when Andrei Karlov, Russia's ambassador to Turkey, was shot to death at an art show. Turkish police suspected someone had used ExpressVPN to mask their identity while they deleted information from social media accounts belonging to the alleged assassin. To investigate, they confiscated an ExpressVPN server to comb for evidence. They didn't find anything. A police seizure is the best possible test of a VPN's approach to privacy. The provider can't prepare beforehand, fake anything, or collude with investigators. The Turkey incident is still one of the best reasons to recommend ExpressVPN, though eight years is a long time for policy to change. The second incident began in March 2024, when a researcher at CNET informed ExpressVPN that its version 12 for Windows occasionally leaked DNS requests when users enabled the split tunneling feature. While these users remained connected to an ExpressVPN server, their browsing activity was often going directly to their ISP, unmasked. The bug only impacted a few users, and to their credit, ExpressVPN sprang into action as soon as they learned about it. The team had it patched by April, as confirmed by the researcher who initially discovered the vulnerability. But while their quick and effective response deserves praise, it's still a mark against them that a journalist noticed the bug before they did. Kape Technologies ownership and management questions In 2021, an Israeli-owned, UK-based firm called Kape Technologies purchased a controlling interest in ExpressVPN. In addition to ExpressVPN, privately held Kape owns CyberGhost, Private Internet Access, and Zenmate (before it merged into CyberGhost). As shown on its website, it also owns Webselenese, publisher of VPN review websites WizCase and vpnMentor, which poses an apparent conflict of interest. When reached for comment, a representative for ExpressVPN said that "ExpressVPN does not directly engage with, nor seek to influence, the content on any Webselenese site," and pointed us to disclosure statements on the websites in question — here's one example. Even so, it's a good reminder not to take VPN reviews at face value without knowing who's behind them (Engadget is owned by Yahoo, which does not own any VPNs). Diving deeper into the background of Kape's ownership will lead you to owner Teddy Sagi. Go back far enough, and you'll see he did prison time in Israel and was mentioned in the Pandora Papers, among other things. More recently, headlines about the billionaire have focused more his businesses in the online gambling and fintech arenas, as well as his real estate ventures. An ExpressVPN representative told us that "Kape's brands continue to operate independently," and our investigation bore that out — we couldn't find any proof that Kape or Sagi have directly attempted to influence ExpressVPN's software or daily operations. Closer to the immediate day-to-day operations of ExpressVPN was the company's employment of Daniel Gericke as CTO from 2019 through 2023. During that time, the US Justice Department announced it had fined Gericke and two others for their previous employment on a surveillance operation called Project Raven, which the United Arab Emirates (UAE) used to spy on its own citizens. The revelation prompted a public response from ExpressVPN defending its decision to hire Gericke, arguing that "[t]he best goalkeepers are the ones trained by the best strikers." ExpressVPN's representative confirmed that the company still stands by that linked statement. Gericke parted ways with ExpressVPN in October 2023, per his LinkedIn profile. While we don't know what we don't know, we can say that ExpressVPN has not notably changed its public-facing security and privacy policies during the time it's been connected to Kape, Sagi, or Gericke. In the end, how much ExpressVPN's history matters to you is a personal choice. If you object to any current or past actions by Kape Technologies or Teddy Sagi, there are other premium VPN options you might prefer. If you need more information to make up your mind, we recommend reading through CNET's 2022 deep dive on ExpressVPN's corporate history. Final verdict ExpressVPN is the VPN we most often recommend to beginners. It takes zero training to use, and consistently gets past filters on streaming sites. It also runs in the background with virtually no impact. If anything is worth the high price of admission, it's the excellent speeds distributed evenly across the worldwide server network. However, for certain specific cases, ExpressVPN may not be the best choice. There's no way to set up your own server locations, like NordVPN offers, and no double VPN connections, like you can build for yourself on Surfshark. Its corporate background is more suspect than the entities backing Proton VPN, and unlike Mullvad, ExpressVPN doesn't work in China — it's so well-known that the government targets its servers specifically. We suggest going with ExpressVPN for general online privacy, for spoofing locations in your home country while traveling, or if you regularly need to unblock sites in other countries. That encompasses 19 of every 20 users, which is fine by us, as ExpressVPN is a great service. It's just more of a reliable old screwdriver than a multi-tool. This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/vpn/expressvpn-review-2025-fast-speeds-and-a-low-learning-curve-160052884.html?src=rss

Gironda Residence | © Simone Bossi Located just steps from Piazza del Popolo in Ravenna, the Renaissance-era Casa Guaccimanni holds centuries of architectural and historical weight. Constructed in the fifteenth century for the Venetian podestà Nicolò Giustinian, the building evolved through noble ownership and later became home to Vittorio and Alessandro Guaccimanni, sons of Risorgimento figure Luigi Guaccimanni. Architecturally, the structure is characterized by a tripartite plan with a central corridor flanked by large rooms, an interior courtyard with a double loggia, and decorative elements spanning Renaissance to Neoclassical periods. Once concealed beneath plaster, its frescoed veranda and exposed wooden ceilings speak to a layered history of intervention, concealment, and rediscovery. Gironda Residence in Casa Guaccimanni Technical Information Architects1-13: Giovanni Mecozzi Architetti Location: Casa Guaccimanni, Via Armando Diaz, Ravenna, Italy Client: Emanuela Docimo Project Years: 2022 – 2024 Original Structure: 15th Century Photographs: © Andrea Sestito, © Simone Bossi, © Omar Sartor The new and the old never touch, but gently brush against each other, maintaining a distance capable of generating tension. – Giovanni Mecozzi Gironda Residence in Casa Guaccimanni Photographs © Omar Sartor © Andrea Sestito © Andrea Sestito © Andrea Sestito © Omar Sartor © Simone Bossi © Simone Bossi © Simone Bossi © Omar Sartor © Omar Sartor © Omar Sartor © Andrea Sestito © Omar Sartor Design Intent: Reversibility and Temporal Tension The recent architectural project by Giovanni Mecozzi Architetti centers on the noble floor of the palazzo, reinterpreted as a contemporary residence named Gironda. Rather than imposing a new visual regime onto the historic shell, the intervention operates with restraint, foregrounding the building’s original character while establishing new spatial and material conditions. At the core of the project lies a design philosophy rooted in reversibility. Mecozzi’s intervention resists permanence. The furnishings and spatial devices introduced into the historic rooms are self-supporting and detached from the structure. No new element makes physical contact with the floors, ceilings, or walls, preserving the integrity of the original surfaces. This strategy avoids irreversible alterations and allows the architecture to remain temporally flexible. Architect Giovanni Mecozzi articulates this approach succinctly: “The new and the old never touch, but gently brush against each other, maintaining a distance capable of generating tension.” This spatial tension is not decorative but conceptual, prompting occupants to consider the relationship between historical continuity and contemporary transformation. The design does not attempt to erase time but rather exposes its layers through careful juxtaposition. The project draws conceptual and chromatic inspiration from Ravenna’s early Christian and Byzantine mosaics. Rather than replicate ornamental motifs, Mecozzi extracts abstract qualities such as color, luminosity, and surface texture, integrating them as subtle spatial references throughout the residence. Gironda Residence Material Strategy Access to the residence is organized through a longitudinal hallway that bisects the plan, connecting a balcony on the north façade with a loggia overlooking the garden to the south. This corridor becomes a spine for circulation and orientation, punctuated by entries into five main rooms: the kitchen, veranda, and three independent suites. Each suite functions as a self-contained spatial environment. The original large rooms have been reimagined with integrated volumes housing diverse domestic functions: bathrooms, saunas, walk-in closets, reading nooks, and home cinemas. These new programmatic layers are embedded within freestanding furniture structures, which operate more as inhabitable objects than architectural partitions. Color becomes an operative tool for spatial differentiation. The three principal suites, the Gold Room, the Blue Room, and the Green Room, are introduced chromatically through thresholds that face the main corridor. This prelude of color sets the tone for each room’s unique interior experience. Within, glossy glass tiles, gilded surfaces, and a reduced palette of materials establish a scenographic yet restrained environment. The flooring, a Venetian terrazzo installed during earlier restoration work in the 2000s, has been retained. Its beveled borders and rounded corners respond to the proportions of each room, reinforcing a visual continuity that binds the new interventions with the inherited context. In contrast to the historical envelope, the furniture and spatial devices employ a language of monochromatic forms and minimal detailing, occasionally verging on neoplastic abstraction. This tension between old ornament and new abstraction is one of the project’s defining features. Furnishings curated by Atelier Biagetti, known for their theatrical and ironic sensibility, further enrich the atmosphere. These pieces do not mimic the historical setting but create moments of visual friction and playful ambiguity, enhancing the multi-temporal character of the interiors. Architectural Significance and Cultural Dialogue The Gironda residence exemplifies a growing discourse in contemporary architecture around adaptive reuse that neither mimics nor erases the past. Rather than treating heritage as a constraint or an aesthetic to be curated, Mecozzi engages it as an active agent in spatial transformation. The project is a case study in reversible architecture, where temporality is embedded in the design, not just its historical references. This intervention prompts broader questions about the role of preservation in contemporary practice. Can architectural interventions occupy historic contexts without becoming parasitic or nostalgic? Mecozzi’s project suggests that they can adopt a posture of critical distance and conceptual clarity. Gironda does not attempt to restore Casa Guaccimanni to a previous state or impose a singular vision of modernity. Instead, it crafts a dialogue between past and present, structured through spatial strategies, material choices, and chromatic cues. In doing so, it opens a new chapter in the building’s ongoing life, one that is fully contemporary yet deeply rooted in architectural memory. Gironda Residence in Casa Guaccimanni Plans Floor Plan | © Giovanni Mecozzi Architetti Golden Room Layout | © Giovanni Mecozzi Architetti Door Detail | © Giovanni Mecozzi Architetti Gironda Residence in Casa Guaccimanni Image Gallery About Giovanni Mecozzi Giovanni Mecozzi is an Italian architect based in Ravenna, Italy, and the founder of Giovanni Mecozzi Architetti (GMA), a multidisciplinary studio specializing in architecture, interior design, and landscape projects. After graduating from the University of Ferrara with an architecture degree, Mecozzi gained international experience working in Spain, including collaborating with Mendaro Arquitectos in Madrid. Upon returning to Italy, he co-founded GMA, focusing on projects emphasizing the relationship between architecture, the client, and the context, with a particular interest in renovating and transforming historical buildings.  Credits and Additional Notes Design Team: Giovanni Mecozzi, Cecilia Verdini, Filippo Minghetti Construction: Edilcostruzioni (Leoni Andrea) Electrical Systems: Elektra Service (Andrea Baiardi) Mechanical and Hydraulic Systems: Nuova OLP Structural Alterations: Not applicable (intervention is fully reversible) Custom Furniture: Idea Legno (Paolo Berdondini) Curtains and Fabrics: Selezione Arredamenti, Ravenna Lighting: Viabizzuno (via Tutto Luce, Cesena) Resin Coatings and Flooring: Kerakoll Rugs and Carpeting: Centro Moquette, Rimini Bathroom Furnishings: Salaroli, Ravenna Furniture, Artwork, and Design Objects Selected by: Atelier Biagetti (Milan) Furniture Designers: Alberto Biagetti and Laura Baldassarri

In early 2004, after defeating Krona, the Justice League and the Avengers said their goodbyes as each team returned to their proper universe. It was the last time that Marvel and DC would cross paths in any official capacity for decades. Well, unless you count the roundabout way of having them duke it out with Fortnite skins. In terms of comics, the two industry giants would keep separate, especially once Marvel was scooped up by Disney. After 21 years, the two worlds will collide once again. In September, Marvel is releasing Deadpool/Batman, written by Zeb Wells with art by Greg Capullo (including backup stories featuring talent like Kevin Smith, Chip Zdarsky, Adam Kubert, and more). Then in November, DC is doing Batman/Deadpool, written by Grant Morrison with art by Dan Mora. On top of that, this is apparently only the beginning, as there will be Marvel/DC crossovers happening on an annual basis. That does bring into question some choice narration from Doctor Manhattan in 2017’s Doomsday Clock. In the DC Universe/Watchmen event, the omnipotent, blue-donged god noted that in 2030 there would be an event known as “The Secret Crisis,” which would involve Superman fighting Thor across the universe and the heroic sacrifice of one unnamed green behemoth. A hopeful joke or something more? Regardless of what the future brings, starting things off with dual meetings between the Dark Knight and the Merc with a Mouth is a brilliant choice. They could have had Superman team up with Spider-Man all over again or something just as on the nose, but this is fresh and has tons of potential. Here are some reasons why. Deadpool Missed Out The first crossover between the companies was 1976’s Superman vs. The Amazing Spider-Man. While there had been a few other attempts in the ‘70s and ‘80s, it wasn’t until the mid-’90s that they went absolutely ham with it. Over a six-year stretch starting in 1994, there were fifteen different team-ups and cross-company battles. This includes the memorable and oh-so-dated Marvel vs. DC event and its dip into Amalgam, the merged reality where Dark Claw (Wolverine/Batman) and his sidekick Sparrow (Jubilee/Robin) fight Hyena (Sabretooth/Joker). Meanwhile, though Deadpool was introduced in 1990, he wasn’t really cared about among comic fans until the 1997 solo run by Joe Kelly and Ed McGuinness. By the time Deadpool really picked up steam in popularity (Deadpool actually won a fight based on reader votes against Daredevil in 1999’s Contest of Champions II), the DC alliance was on its way out. The poor guy didn’t even get to be in Amalgam. They merged Deathstroke the Terminator with Daredevil instead. Centering this Batman story on a mainstream hero who wasn’t mainstream enough back in the ‘90s only adds a new coat of paint onto this novelty. The Previous Batman and Deadpool Crossover Then again, this wouldn’t exactly be the first time Batman and Deadpool have crossed paths. In an unofficial way, they have met. Sort of. As mentioned, the Kelly/McGuinness run of Deadpool was iconic and character-defining. That same creative team worked on Superman/Batman Annual #1 back in 2006. In a modern retelling of the pre-Crisis storyline where Bruce and Clark discovered each other’s secret identities on a cruise, the two had to deal with both Deathstroke and Deathstroke’s heroic Earth-3 doppelganger. Outside of the blue and orange color scheme, Earth-3 Deathstroke was Deadpool in as many ways as they could legally get away with. This included constantly getting interrupted with extreme violence whenever he was about to say his actual name. Still, even being in a separate company never stopped Deadpool from razzing on Batman. In his movies alone, he’s made fun of how dark the DC Universe is, crapped on the ending of Batman v Superman: Dawn of Justice, and joked about how Wolverine’s mask is like Batman’s with actual neck mobility. Speaking of… The Writers Understand the Assignment Zeb Wells might not be the most popular comic writer right now due to reasons involving Ms. Marvel’s death and… Paul. Still, he was one of the writers of Deadpool & Wolverine. People seemed to like that one. The guy knows a thing or two about putting Deadpool with a gruff, brooding superhero with reluctant father issues. This one will probably have less mutual bludgeoning… er, at least I hope it will. Join our mailing list Get the best of Den of Geek delivered right to your inbox! On the other side of things, we have Grant Morrison. Morrison is no stranger to the X-Men corner of Marvel, but he’s strangely never touched Deadpool before. Considering how much Morrison loves playing with the fourth wall and the boundaries between reality and fiction (Animal Man, Flex Mentallo, Seven Soldiers: Zatanna), it’s a real surprise that they never got to write for Marvel’s most self-aware antihero. Letting Deadpool Loose in Gotham On paper, the idea of having Deadpool specifically mixing things up with Harley Quinn might have made for a more fitting crossover. Unfortunately, DC kind of beat that into the ground with their “we can rip off your guy more blatantly than you can rip off ours” creation Red Tool, a regular in Harley’s comics. Regardless, having Deadpool mix it up with the worst of Gotham has legs. If anything, the very idea of Deadpool antagonizing the Joker is enough to sell issues. We could see him make Bane look nearly useless by recovering from a broken spine in seconds. We could find out what happens when Wade huffs fear gas. He could brutalize a confused Penguin for what happened to Victor in the HBO Max season finale. An official Deadpool vs. Deathstroke showdown is on the table. The possibilities are endless! As for Batman, he could… um… He… could fight… huh. Is T-Ray still a thing? Deadpool/Batman #1 will be released on September 17, 2025. Batman/Deadpool #1 is set to arrive in November.

Fifteen Iranian students and researchers sued the Trump administration for completely halting student visa interviews while it determines whether to vet all visa applicants’ social media accounts.The suit, filed against Secretary of State Marco Rubio in a Virginia federal court, claims that the pause on student visa interviews violates the Administrative Procedures Act, a law prohibiting capricious rule-making. The complaint is currently sealed. In an email, Curtis Morrison and Hamdi Masri, lawyers for the students, noted that the State Department has required visa applicants to disclose their social media handles since May 2019. Visa applicants from certain Muslim-majority countries, including Iran, are already subject to “extensive social media vetting,” Masri said, adding that Trump seemed to want to “ensure students entering align with his political values.”The students and researchers who brought the suit against Rubio were admitted to universities across the country — including Yale, Ohio State, and the University of South Florida — for graduate programs in computer science, engineering, finance, and other disciplines. Per their attorneys, each of the students had already attended visa interviews, but all of their applications are currently “awaiting national security vetting.” Some of the students were interviewed over a year ago.The pause on student visa interviews is part of the Trump administration’s multi-pronged attack on universities and international students. On Wednesday, Rubio said the State Department would start working with the Department of Homeland Security (DHS) to “aggressively revoke visas for Chinese Students, including those with connections to the Chinese Communist Party or studying in critical fields.” On May 22nd, DHS rescinded Harvard’s access to a federal database used to track foreign students’ enrollment, putting nearly 6,800 people enrolled at Harvard at risk of immediate deportation until a federal judge intervened.Rubio has also suspended the visas of international students involved in pro-Palestine protests on campus. More recently, the State Department restricted visas of “foreign nationals who are responsible for censorship of protected speech in the United States,” i.e., regulators who enforce the European Union’s Digital Services Act.See More:

Gratis sees you twisting what people want when they come to your shop, selling them unsettling horrors under the guise of helping them. You’ve set up shop in a new town. I’m not quite sure who or what you are, but you definitely excel at having just the right thing your customer thinks they need. Or at least something that seems like what they need. Each day, a series of unique, colorful people will walk through your doors. Jesters, knights, children, guardians, workers – every person thinks they need something, don’t they? And they all eventually make their way to your shop to see what you have for them. Especially as word of mouth spreads early on. You will have an array of items to offer each day, although there is a specific item for each person. This narrative horror game won’t let you giving that cackling skull to just anyone. Still, you can practically feel who each item is meant for, so you won’t take long finding what they need. As the days progress, the items will gain more sinister abilities (although even the more-innocent ones on the early days feel like the have a darker side to them), but you’ll pluck them from your shelf and offer them all the same. As the Jester’s laughter spreads, you almost can’t help to hand them something else that will make the mirth more and more uncontrollable. Whether you do it from compulsion, malice, or cruel curiosity, you’ll keep giving these folks what they want if they dare to step through your door. Gratis offers a handful of different storylines based on the random people you serve each time you play it, giving you an array of grim stories each time you work through it’s fifteen to twenty minute play time. It’s worth coming back to feel out how these various stories play out, although you might not feel too good about yourself once you close up shop on the final day. Gratis is available now (for whatever you wish to pay for it) on itch.io. About The Author

Hard as it is to believe, there was a time when using any personal technology at work was such a radical concept that most people wouldn’t even consider it an option. IT departments went to great lengths to prevent workers from using their own devices, computers, apps/subscriptions, email, and cloud services. The release of the iPhone in 2007 began to change that. Suddenly people were discovering that the smartphone they bought for their personal use could make them more efficient and productive at work as well. But it was Apple’s launch of its mobile device management framework in 2010 that truly created the bring your own device movement. MDM meant that users could bring their personal devices to work, and IT departments could secure those devices as needed. Almost instantly, BYOD was something that companies began to support in industries across the board. Fifteen years later, BYOD is fully mainstream, and a majority of businesses actively support it. But advances in technology, changing user expectations, and the fallout from Covid’s remote work mandates (and subsequent return to office mandates) have shifted the landscape, sometimes without being overtly visible. With that in mind, I decided to reexamine the assumptions and realities of BYOD and see what has and hasn’t changed in the past decade and a half. BYOD is everywhere but device management isn’t The exact numbers on BYOD adoption vary depending on the source you look to and how it’s being measured. A 2022 paper from HPE claims that 90% of employees use a mix of work and personal devices on the job, while Cybersecurity Insiders says that 82% of organizations have a BYOD program. However you look at it, BYOD is now massively entrenched in our work culture and extends beyond just employees and managers. According to data from Samsung (cited by JumpCloud), 61% of organizations support BYOD for non-employees including contractors, partners, and suppliers to varying degrees. But overtly or tacitly accepting BYOD doesn’t mean that companies actively manage BYOD devices. Cybersecurity Insiders data (also via JumpCloud) also indicates that as many as 70% of BYOD devices used in the workplace aren’t managed — a number that may seem shocking, but that figure includes personal devices used by non-employees such as contractors. About those cost savings… In the early days, there was an assumption that BYOD would lower hardware and service costs, but that wasn’t certain. Today there’s data. In the early 2010s, Cisco estimated a $900+ annual savings per employee, though more recent data from Samsung (cited by JumpCloud) pegs the savings as significantly lower at $341. Despite that disparity, it’s obvious that there are savings to be had, and with significantly climbing smartphone prices, those savings are is poised to grow rather than shrink. Of course, the cost of managing devices needs to be factored in. That cost can vary widely depending on the vendor, specific products, and adopted features, but some MDM vendors charge as little as $1 per user per month (not including staff resources). The cost of providing employees company-purchased apps is also worth noting, though that falls more in line with traditional software procurement. Productivity gains are real, but so are distractions The data is clear that there can be significant gains in productivity attached to BYOD. Samsung estimates that workers using their own devices can gain about an hour of productive worktime per day and Cybersecurity Insiders says that 68% of businesses see some degree of productivity increases. Although the gains are significant, personal devices can also distract workers more than company-owned devices, with personal notifications, social media accounts, news, and games being the major time-sink culprits. This has the potential to be a real issue, as these apps can become addictive and their use compulsive. Tools of the trade When I think back to the first five to ten years after Apple introduced MDM, it reminds me of the later stages of the birth of the solar system, with dozens of companies offering discrete tools that solved part of the mobility and BYOD puzzle, many colliding into each other or being flung out of existence. Some focused on just supporting the MDM server spec sheet, others on cloud storage, securing and managing access to corporate content, corporate app purchasing and management, secure connectivity, user and identity management, Office alternatives (Microsoft waited nearly five years releasing an iOS version of Office), and more. Along the way, major enterprise vendors began dominating the market, some by acquisition and others by building out existing capabilities, although there were also businesses that came out of mergers of some of the new players as well. As the market matured, it became easy to pick a single vendor to provide all enterprise mobility and BYOD needs rather than relying on multiple companies focusing on one particular requirement. Multiplatform support has morphed into something very different The iPhone was the clear early standard for supporting personal devices at work, in part because the hardware, operating system, and MDM mechanics were all created by a single vendor. Going multiplatform was typically assumed to mean iOS and Android — and Android was a fragmented mess of different hardware makers with sometimes widely varying devices and customized Android variants (built to spec by the manufacturers and the demands of wireless carriers) that resulted in no coherent OS update strategy. The gap in management capabilities has narrowed significantly since then, with Google taking a much more active role in courting and supporting enterprise customers and providing a clear and coherent enterprise strategy across a wide swath of major Android phone makers and other vendors. But that isn’t the only massive shift in what it means to be multiplatform. Today the personal devices used in the workplace (and able to be managed using MDM) include non-phone entries including Macs, Apple TVs, Chromebooks, and Windows PCs — with Macs and PCs making up a significant number of BYOD devices. Most MDM suites support this full range of devices to one degree or another, but support costs can rise as more and more platforms (and thus complexity) are implemented — and those costs vary by platform, with general agreement that Apple devices provide the greatest savings when it comes to technical support. How Covid changed the BYOD equation I’m pretty sure that in 2010, not one person on the planet was predicting a global pandemic that would lead to the vast majority of knowledge workers working from home within a decade. Yet, as we all remember, that’s exactly what happened. The need to work from home encouraged broader adoption of personal devices as well as ancillary technologies ranging from peripherals/accessories to connectivity. Despite a litany of return-to-office mandates in recent years, remote work is here to stay, whether that’s full-time, hybrid, or just working outside traditional office hours or location. Samsung notes that 61% of businesses expect employees to work remotely to some degree, while Robert Half reports that only 61% of new job postings in 2024 had full in-office requirements. And data from WFH Research shows that at the start of 2025, employees are working remotely 28% of the time. Passing support to new generations One challenge for BYOD has always been user support and education. With two generations of digital natives now comprsing more than half the workforce, support and education needs have changed. Both millennials and Gen Z have grown up with the internet and mobile devices, which makes them more comfortable making technology decisions and troubleshooting problems than baby boomers and Gen X. This doesn’t mean that they don’t need tech support, but they do tend to need less hand-holding and don’t instinctively reach for the phone to access that support. Thus, there’s an ongoing shift to self-support resources and other, less time-intensive, models with text chat being the most common — be it with a person or a bot. They also have different expectations in areas like privacy, processes and policies, and work-life balance. Those expectations make it more important for companies to delineate their BYOD and other tech policies as well as to explain the rationale for them. This means that user education remains important, particularly in a rapidly changing landscape. It also means that policies should be communicated in more concise and easily digestible forms than large monolithic pages of legalese. Users actually want to update (and repair or replace) their devices Twenty years ago, the idea of updating workplace technology was typically met with a groan from users who didn’t appreciate downtime or changes in the way things looked and worked. Even as BYOD gained traction, getting users to update their devices wasn’t always easy and required a certain amount of prompting or policing. While resistance to change will never truly die out, most smartphone (and other device) users actively update on their own because of the new features that come with OS updates and new hardware. Upgrades are something to get excited about. BYOD users also tend to be more careful with their devices just because they are their own devices. Likewise, they’re more on point with repairs or replacements and are keen to handle those issues on their own. Security is ever evolving Security has always been (and always will be) a major concern when it comes to BYOD, and the threats will always be evolving. The biggest concerns stem from user behavior, with users losing devices being one big concern. Verizon reports that more than 90% of security incidents involving lost or stolen devices resulted in an unauthorized data breach, and 42% involved the leaking of internal data. Another big concern is users falling prey to malicious actors: falling for phishing schemes, downloading malware, allowing corporate data to be placed in public spaces, or letting others use their devices. Devices themselves can be major targets, with attacks coming from different directions like public Wi-Fi, malicious apps or apps that are not designed to safeguard data properly, OS and network vulnerabilities, and so on. Supporting infrastructure can also be a weak point. These threats are real. Research by JumpCloud indicates that 20% of businesses have seen malware as a result of unmanaged devices, and nearly half aren’t able to tell if unmanaged devices have compromised their security. Cybersecurity Insiders research shows a similar statistic of 22%, while also noting that 22% of BYOD devices have connected to malicious wireless networks. Shadow IT will always exist Shadow IT is a phenomenon that has existed for decades but grew rapidly alongside BYOD, when users began leveraging their personal devices, apps, and services for work without IT’s involvement, knowledge, or consent. Almost every company has some degree of shadow IT, and thus unmanaged devices or other technologies. Organizations need to educate users (even digital natives) about security and keeping their devices safe. They also need to engage users involved in shadow IT and make allies out of them, because shadow IT often stems from unmet technological needs. Then there’s the trust component. Many users remain uncomfortable letting IT manage their devices, because they don’t understand what IT will be able to see on them. This is a user education problem that all companies need to address clearly and unequivocally. Still the same goals Although much has changed about BYOD, the basic goal remains the same: allowing workers to use the devices and other tools they are comfortable with and already own… and are likely to use whether sanctioned to or not.

Click to enlarge Housing build-ups in Dhaka. Image: Jeremy Smith 1 of 11 Marina Tabassum Architects’ Bait Ur Rouf Jame Mosque. Image: Jeremy Smith 2 of 11 Marina Tabassum Architects’ Bait Ur Rouf Jame Mosque. Image: Jeremy Smith 3 of 11 Marina Tabassum Architects’ Bait Ur Rouf Jame Mosque. Image: Jeremy Smith 4 of 11 Marina Tabassum Architects’ Bait Ur Rouf Jame Mosque. Image: Jeremy Smith 5 of 11 Old Dhaka and 45,000 people per square kilometre. Image: Jeremy Smith 6 of 11 Buses collage life on the roads. Image: Jeremy Smith 7 of 11 Lattice-work roofing of the informal settlements, viewed from Salauddin Ahmed’s Atelier Robin Architects studio. Image: Jeremy Smith 8 of 11 The colour and vibrancy of Dhaka life. Image: Jeremy Smith 9 of 11 The colour and vibrancy of Dhaka life. Image: Jeremy Smith 10 of 11 The colour and vibrancy of Dhaka life. Image: Jeremy Smith 11 of 11 Architects Jeremy Smith and Murali Bhaskar go looking for water and hard-to-find buildings in what is already one of the world’s most populous mega-cities, Dhaka. Architecture here is rarely properly lost. Even now, as we navigate a way to higher-density living, we tend not to misplace buildings. There’s still the space to eye-spy our most wayward elevations. At worst, we might GPS a tricky driveway or pull out an Andrew Barrie map to pinpoint some retiring architecture. But what happens if you really diamond-up the density. At our country-wide 19-people-per-square-kilometre or even downtown Auckland’s sky-high 2500, you can see what’s coming and cities mostly plan out as planned. Teleport forward though to 45,000-people-per-square-kilometre and cities accelerate lives of their own. Here, anything and everything can be lost in the crowd, even buildings. So, on a 2024 invitation from the Bengal Institute for Architecture, Landscape and Settlements to share some Unfinished & Far Far Away adventures in “the toughest city in the world”,1 I pack some extra compassing in architect buddy Murali Bhaskar and go architectural orienteering in Dhaka. It’s hot hot; architecture can wait. We start by looking for water. This, after all, is the land of rivers. Following on from Aotearoa in 2017 being the first to give a specific river, Te Awa Tupua, legal rights, Bangladesh in 2019 became the first country to grant all of its some 700 rivers the same legal status that humans have.2 But the count varies. Protections readily miss smaller tributaries and, with all that water pouring out of the Himalayas and delta-ing into the Bay of Bengal, the land is accretional. The colour and vibrancy of Dhaka life. Image:  Jeremy Smith From the million or so starters in a newly independent 1971 Dhaka, today, it is the fourth-most-populated city in the world with somewhere near 25 million people. Whether for disaster relief, economics or just the bright lights, urbanisation draws more than 400,000 new residents annually to the city. Throw in some family time and, with Tokyo and Shanghai shrinking, Dhaka’s population is predicted to be an eyewatering 35 million by 2050 (and outnumbered only by Delhi and, in some books, Mumbai). When every possible place looks inhabited, it’s not just water that can quickly go to ground. Kazi Khaleed Ashraf, who heads the Bengal Institute, has some learned thinkers in tow in trying to keep pace architecturally. Throw in societal and climatic concerns, and questions about how contextualisation might operate at such speed and the inquiry takes global precedence. Kenneth Frampton, Rounaq Jahan, Suha Özkan, Shamsul Wares and, formerly, BV Doshi, sit on the advisory panel and have drawn other such worldly thinkers as Juhani Pallasmaa, David Leatherbarrow and, even, Peter Stutchbury from down our way to come experience an urban existence “symptomatic of the gravest environmental challenges”.3 It’s serious stuff. Ashraf researches “hydraulic flow in which horizontal and vertical movements of water may direct architectural and landscape formations”.4 This ‘form follows water’ mantra isn’t just free planning Le Corbusier’s ‘form follows function’ with some Charles Correa’s ‘form follows climate’ to connect to life outside, it’s a watery warning to the navigations quickly necessitating within our collective future. Ashraf’s timely prompt that “Embankment is a barrier. How can we deconstruct it”5 can be seen in the way we increasingly plan the separation of wet and dry in our cities. Main streets like Queen Street and Cambridge Terrace already run down streams and our remaining water edges risk becoming increasingly marginalised by infrastructure rising with the water. But the steering is different at density and Dhaka’s rapid growth has meant letting go of the controls with which we still understand cities to flow. As Ashraf puts it, “Dhaka builds furiously”. While we dutifully plan buildings as if crawling a length or two at the aquatic centre, architecture in Dhaka must high-dive into a torrent. Its buildings must learn to surface and really start kicking. Anything trying to hold ground risks being swept away. Dhaka has become a river. As if to university-entrance the swimming lesson to densification, we’ve arrived only a few months after an Indian helicopter plucked Bangladesh’s president from a student-led flood of unrest amongst civil rights and corruption demonstrations. We might think of universities as offering time for trying things on but, sink or swim, the students here now run the country. With the parliament dissolved, there’s no chance of us seeing inside Louis Kahn’s 1982 National Assembly Building, which, like many of Dhaka’s institutional buildings, took on something of a freshening in the coup. Remembering our government’s pre-departure, bold-italic travel advisory, we head out to practise avoiding street demonstrations and are rewarded with a fenced-off view of Kahn’s epic, which brought global architectural discourse to post-independent Bangladesh. No such authoritative access issues back at the university, where, amongst the student political murals, we visit Muzharul Islam’s 1953–1956 Fine Arts Institute. Islam introduced modernism to the then East Pakistan6 and, in testament, the school still functions as a school, with its external verandah circulation and louvred ventilating classrooms. The rallying extends to getting around with cars sporting dodgem bumpers. Travelling 10 kilometres takes an hour, a million beeps and some financial socialising out the windows. Public transport may be working hard to keep pace with the kinetic city but it starts at the back of the grid, as the panelwork to the buses visibly collage. Getting to where we want to go takes some effort. An above-ground subway system has been started but not finished and the folk enticingly riding on top of trains typically aren’t off looking for architecture. There’s the three-wheeled rickshaw option, of course: formerly pedalled but, in recent months, souped-up with the allowance of car batteries to the back axle. Even so, manoeuvring further than nearby takes more than any rider is up for. So, as we head out for lunch with architect Marina Tabassum and then beep beep beep out further to her extraordinary Bait Ur Rouf Jame Mosque in Dhaka’s northern expansion, we learn that having everything close helps. Neighbourhoods remain important in megacities. Marina Tabassum Architects’ Bait Ur Rouf Jame Mosque. Image:  Jeremy Smith The mosque deserves the full medley and gently uplifts as all great architecture does, be it for the community or off-the-street visitors like us. Marina Tabassum Architects is, of course, internationally renowned for its architectural stand against globalised buildings that are out of place and context, notably winning an Aga Khan Award for Architecture in 2016 and being selected to undertake the 2025 Serpentine Pavilion in London. With the site at 13 degrees to the axis of qibla in Mecca, Tabassum sits the mosque on a five-step plinth with a squared, ventilating brick jali and a circular ceilinged prayer space rotated off centre. In a lesson to building only what you need, the spaces between remain unroofed and the perimeter daylight illumination provides a diminished and equalling light to the prayer space. It needs no explanation: look up and there are constellations in the sky; look outwards and find community; look to the mihrab notching the outside wall and orientate to Mecca. Tabassum’s dive is splashless, for the mosque has self-navigated being enveloped by the city. The entry pond may have gone and the mihrab now reveals buildings rather than fields but the light still shines the way. Four hundred people take prayer several times a day within the inner circle, and the weekend Friday crowd spreads outwards to the borders and plinth. We are two days in at this point and our not-getting-lost-practice is going well. We meet architect Salauddin Ahmed whose Atelier Robin Architects studio and gallery in a former tannery building is so hidden away that it feels both lost and right at home. It’s surrounded by the latticing roofs of informal settlements and, remarkably, feels quiet and yet, genuinely, part of the city. No mean feat in a city, “living”, as Ahmed puts it, “as if this is the last day on earth”. Noise is life in Dhaka; Ahmed’s windows are open and the river is flowing. We talk the same language of architecture understanding existing context and needing to accommodate change in shorter and shorter time frames. Where I say “participate”, Ahmed terms “navigate” and without any sense of overseeing for there is just so much life in Dhaka. We mean the same thing and get there from very different landscapes. The next morning, we go where transport can’t. Old Dhaka’s alleyways require some extra eyes, so Ahmed calls in his friend, photographer Khademul Insan, who has lived this labyrinth. This is the densest part of Dhaka and there’s a lot in the air. “Wear this,” says Ahmed, passing a mask. “Otherwise, you’ll cough for four weeks.” It is deep. There’s so much WiFi that it strands like some kind of underworld sun-shading. Our service provider isn’t expecting this kind of roaming and we have no connection. If our collective Kiwi wayfinding skills might have fluked a way in, we certainly need leading out. As the lanes narrow, the industry broadens into some kind of Mad Max circular economy where everything of anything has value and the fires that keep these people afloat run continuously. Mercifully, it’s not raining or there’d be a different type of river afoot. Fifteen kilometres and all day later, we’ve walked to search for culturally significant mosques, houses, courtyards and schools. Some we locate; others, there’s just no finding. Maybe they are there, maybe they aren’t. Occasionally, there are scripts cautioning against graffiti or carving a name into the stonework at the risk of imprisonment, but there are few clues to any architectural history. In the pinch, buildings jostle to just about every possible place a building might go: on top, under, in front, behind. They infill courtyards, hang over laneways, squeeze into gaps, even penalising what’s left of a football field. Every seat is taken, literally. Whenever we find public space off the street, there are couples dating. There’s a lot of romance in 25 million. Eventually, we exit and finally see a river. I remember the swimming lessons are strictly metaphoric and look but don’t touch. You don’t need to get wet to learn how to swim. As Ahmed guides, and he speaks with Ashraf, Tabassum, Insan and experience to what we must remember in densifying our own cities. “I belong to one of the last generations that truly understand what it means to have neighbours.”7 Context counts no matter the size. Our rivers are not yet streams. REFERENCES 1 Kazi Khaleed Ashraf, ‘Note from the Director General: Land, Water and Settlements’. bengal.institute/about Accessed 29.12.2024. 2 Ashley Westerman, 2019, “Should rivers have same legal rights as humans? A growing number of voices say yes”, National Public Radio. npr.org/2019/08/03/740604142 3 August 2019. 3 Kazi Khaleed Ashraf, ‘Note from the Director General: Land, Water and Settlements’. bengal.institute/about Accessed 29.12.2024. 4 Kazi Khaleed Ashraf, ‘Wet Narratives: Architecture Must Recognise that the Future is Fluid’ in The Mother Tongue of Architecture: Selected writings of Kazi Khaleed Ashraf. ORO Editions and Bengal Institute for Architecture, Landscape and Settlements, China: p. 251. 5 Ibid. 6 Adnan Morshed, 2017, ‘Modernism as Postnationalist Politics: Muzharul Islam’s Faculty ofFine Arts (1953–1956)’, Journal of the Society of Architectural Historians, 2017. 7 Salauddin Ahmed, 2024, “Design must not be a superimposed idea, but a logical one”, The Daily Star, Dhaka, 25 December 2024.