We take user security and privacy very seriously and we are always happy to see that a VPN service we have reviewed is guided by the same principles, offering absolute protection to its customers. In this post, we explore the security measures NordVPN has taken in order to provide you with the highest possible level of safety.
NordVPN operates under the jurisdiction of Panama, which does not have any mandatory data retention laws. In other words, the company does not have to track and record your personal data and Internet traffic. Furthermore, the official website features warrant canary updates on a daily basis, showing the company has received zero warrants from government organizations, gag orders, and National Security Letters.
On top of this, NordVPN is extremely committed to its zero-logging policy, so you do not have to worry about your data ending up in the hands of hackers, cybercriminals, spy networks, government organizations, ISPs, and other online entities. The company has been audited by four independent auditors and they all confirmed its no-logging claims.
When it comes to collected data, NordVPN will store your email address in order to communicate with you and provide you with the requested services. If you are using conventional payment methods like credit cards, Nord will also record your payment data. You can avoid this by paying with cryptocurrencies. In order to enforce its limit of 6 simultaneous connections, Nord also has to monitor the timestamp of your last session status, but this data is deleted 15 minutes after you disconnect. Finally, your communication with the customer support staff will also be recorded and logged.
Apart from this, Nord utilizes affiliate cookies, cookies in charge content personalization (for example, setting your default language), and Google Analytics.
NordVPN is famous for its server chaining feature that allows you to route your Internet traffic through not one but two VPN servers, covering it with two layers of encryption. Given that this service greatly affects the overall speed, it is only recommended if you handle sensitive data on a regular basis (journalists, political activists…). One layer of encryption is more than enough for your day-to-day browsing and online activities.
NordVPN supports OpenVPN and IKEv2/IPsec connection protocols and has abandoned outdated, easily breakable protocols like PPTP and L2TP. By default, OpenVPN is used on Windows and Android clients and it comes with AES-256-GCM encryption with a 2048-bit DH key. IKEv2/IPsec is used on iOS and macOS devices and it comes with NGE. Support for IPv6 is scheduled later in 2019.
Apart from solid encryption, Nord offers protection against malware in the form of its CyberSec functionality. The service also blocks tedious ads. Finally, there is a reliable auto killswitch feature.
NordVPN does not only allow P2P filesharing on its servers but provides its customers with dedicated high-speed P2P servers at most locations, excluding countries like Indonesia, Taiwan, South Korea, Vietnam, Malaysia, and Argentina. Note that the company does not support downloading copyrighted content, but it does not actually have any means of checking what you download due to its no-logging policy.
During our latest testing circuit, we did not discover any IP, WebRTS or DNS leaks whatsoever. This means NordVPN will never put you in danger of your real IP address leaking out during your private sessions, so online snoopers will not be able to intercept your traffic and/or affect it in any way.