Tech Friend: My VPN location seems to be wrong

Tech Friend Edition 2

Tech Friend is our advice column covering cybersecurity, privacy, and everyday technology. Email your question to techfriend@expressvpn.com. If you have questions about your ExpressVPN subscription or need troubleshooting help, please contact Support.


Location, location, location

My actual location is in the southeastern U.S., and I use ExpressVPN’s Atlanta server location. Frequently, when I log in to my Amazon account, I receive an email from Amazon telling me that someone located in Texas just signed in to my account, and they want to be sure it is me. Also, there have been instances where I could not log in to the Thunderbird email client because it thought someone from Kiev was trying to log in to my account.

Is this because the IP address you assign appears to be in Texas, Ukraine, etc.? Does my virtual IP address differ every time I connect? Is there a way to have my PC connected to ExpressVPN while excluding an app, like Thunderbird?

Thanks for your help in clarifying my understanding.

Submitted by: George

To increase your privacy, a VPN gives you a new IP address, one that is meant to be associated with a location of your choice. And for any given VPN location, we use multiple IP addresses, so you may very well be assigned a different one each time you connect to that location.

The reason websites or other online services might interpret an IP address as a location that does not match the one you selected is they are using information that doesn’t match our own.

Read more: How does a VPN work?

IP addresses themselves do not contain location information. Companies and websites use various methods to determine where an IP address is located. One major method is the use of GeoIP databases—which are not always accurate. This data is usually put together through several sources such as regional internet registries like the American Registry for Internet Numbers (ARIN), data contributed by internet service providers, and sometimes from user-submitted geographic location data (for example, when you enter your city location for a weather app).

The accuracy of these GeoIP databases is also reliant on how often the data is updated. At ExpressVPN, we maintain and update our IP address locations on major GeoIP databases such as maxmind.com and ipinfo.io. We also run automated checks to ensure our IP addresses in the databases are up to date.

However, a website might use a less common database that isn’t part of our updates. Meanwhile, some websites, like Amazon, run their own private GeoIP database that we cannot update.

However, a website might use a less common database that isn’t part of our updates. Meanwhile, some websites, like Amazon, run their own private GeoIP database that we cannot update.

Rest assured that despite a mismatch in location, your traffic is encrypted and your real IP is masked, increasing your online privacy and security. Read our post on what a VPN does and does not hide.

If you notice a mismatch between our server locations and what’s shown in a GeoIP database, it would be helpful to us if you could let our Support Team know.

If for any reason you would like to use ExpressVPN on your device while excluding certain apps, you can do so with our split tunneling feature. Available on Windows, Mac, Android, and routers, split tunneling lets you route some of your device or app traffic through the encrypted VPN tunnel while other devices or apps access the internet directly. Learn how to use it on our app for Windows.


Before you hit send

How can I submit information while maintaining confidentiality, integrity, and availability?

Submitted by: Optimus Prime

Confidentiality, integrity, and availability, also known as the CIA triad, are the three pillars of information security. The data we provide or receive must be properly managed and protected, and understanding each component of the CIA triad will help you protect the data you give:

  • Confidentiality refers to the set of rules that limits information access to authorized persons only.
  • Integrity refers to the assurance that information is accurate and not tampered with.
  • Availability refers to reliable access to information by authorized persons.

When you submit your information to a company, government organization, or individual, it is impossible to ensure your information remains secure. You can never be 100% sure that the company you submit information to doesn’t sell your data or has their security system fully updated. The best way to protect your information is to simply not share it at all. Unfortunately, that’s often not a feasible solution. But there are some steps you can take to protect your information security:

  • Rely on encrypted services. Encryption is a great way to protect your information from unauthorized third parties. Using services that offer end-to-end encryption, like ProtonMail for email or Signal for messaging, you can protect the confidentiality and integrity of your communications.
  • Use Tor. Tor Browser is also a great tool for journalists or whistle-blowers who need to maintain confidentiality while still being reachable.
  • Use a VPN. With a VPN, your internet traffic and data are passed through an encrypted VPN tunnel that keeps it safe from people intercepting, monitoring, or altering your communications. A VPN also masks your real IP address by giving you a different IP address shared by numerous users, anonymizing you.
  • Use password protection. One of the easiest ways to add a layer of security while sharing files is by locking them with a strong password. This way, you ensure that only the intended recipient can unlock the file—as long as they don’t share the password with others.
  • Use a burner email and phone. There are a lot of things people can find out about you through your email address and phone number. A simple search could reveal all your linked social media accounts and hence, your identity. A “burner” or fake email account and phone is a great way to keep your identity confidential as you communicate. Just ensure that it’s not linked to any other accounts, and don’t use your real name.
  • Consider service availability and reliability. You’ll come across a boatload of options when looking for alternatives to mainstream services like Gmail. Aside from vetting their security, make sure that the service is active and regularly updated. You wouldn’t want to sign up for a cloud service that only has one server that was last updated two years ago, for example.

Read more: Should you get a burner phone?

Phone protected by ExpressVPN.
Protect your online privacy and security

30-day money-back guarantee

A phone with a padlock.
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
Answering your online privacy, cybersecurity, and other everyday technology questions.