One of the biggest players in the virtual private network industry, NordVPN appears to hit all the right notes in providing a service that offers everything a customer would want. NordVPN is super fast, packed with useful features, and it’s a breeze to use. It’s based in a privacy-friendly jurisdiction and offers all the standard security and privacy features users should expect from a quality VPN, plus a handful of extras like double-hop VPN and Onion over VPN. And it’s pretty affordable for how much it can do, even if it’s not the cheapest VPN out there.
From a distance, NordVPN almost looks like the perfect VPN. But with a little digging, we uncovered some pretty major cracks in the facade, particularly when it comes to privacy and transparency. Most notably, we found that NordVPN routes some user traffic through residential IP addresses supplied by a company with a questionable history. The company’s overall efforts at transparency also leave quite a lot to be desired.
There’s a lot that’s good about this VPN, and it really is a great option for casual VPN users who just want to unblock content or hide their activity from their ISPs. But for VPN users whose online privacy is absolutely critical, there’s too much uncertainty and obscurity surrounding NordVPN to warrant an enthusiastic recommendation.
When you sign on with a VPN provider, you’re putting a lot of faith in that VPN’s promise to protect your data and keep you safe and secure online. NordVPN’s no-logs claims and multiple security audits are a good start but aren’t enough when the company offers nothing in the way of an annual transparency report and is cagey about its partnerships and corporate structure. If NordVPN expects to remain a top player in the VPN industry and in the online privacy space in general, the company should reassess how it approaches transparency.
Read more: How we review VPNs
Speed: The second-fastest VPN we’ve tested
- Average speed loss of 13% in summer 2022 speed tests
- Number of servers: 5,400-plus
- Number of server locations: 59
We conducted our latest round of NordVPN speed tests over the course of three days in July and August and were thoroughly impressed with how the VPN provider’s speeds improved over previous tests conducted in 2020. During those tests, NordVPN registered an average 53% loss in speeds — which is on par with what VPN users can generally expect to lose through a VPN connection. However, NordVPN only slowed our regular internet speeds down by 13% in our latest round of tests. That makes it one of the fastest VPNs we’ve tested so far, and puts it into second place behind ExpressVPN, which registered a miniscule 2% speed loss in April.
We tested NordVPN’s speeds while connected to the VPN’s servers via OpenVPN in New York, the UK, Australia, France, Germany and Singapore. Our average internet speed without the VPN clocked in at 368.07 Mbps and averaged 321.28 Mbps across our tests when connected to NordVPN servers.
When connecting to New York — the closest server we tested to our physical location — NordVPN averaged 343.12 Mbps, which was somewhat surprising considering we achieved faster average results when connecting to servers much farther away in the UK (351.41 Mbps) and Europe (345.70 Mbps). However, New York is a location that consistently sees heavy VPN traffic, so server load may have had a bit of a hand in the slightly slower speeds there. Unlike with some other VPNs, like IPVanish, NordVPN doesn’t provide a real-time view of the current load on each server, so there’s no way to manually connect to the server with the lightest load if you want to try to improve your VPN speeds. Our speeds through NordVPN’s servers in Australia and Singapore — as expected — averaged the slowest at 260.81 Mbps and 305.34 Mbps, respectively.
Overall, we found NordVPN’s speed performance to be remarkably consistent throughout our testing. We didn’t experience any erratic speed fluctuations you might experience with other providers.
It would be nice to see NordVPN expand its relatively meager network of 59 server locations. While it’s not the smallest network, it falls short of other top players in the space like ExpressVPN (94 countries) and Surfshark (95 countries). Having more servers in more locations can ensure users have servers close to their physical locations and can help ensure lighter load on the servers — both of which can help improve overall speeds.
We also tested speeds through NordLynx — NordVPN’s proprietary WireGuard-based protocol — which the company says is the fastest protocol it offers, to see how those speeds stacked up against speeds we achieved through OpenVPN. But when connecting through the NordLynx protocol, speeds were approximately 50 Mbps less across the board than what we got through OpenVPN. We recommend OpenVPN anyway because it’s the current standard-bearer of VPN protocols, and it offers an excellent balance of speed and security, so seeing higher speeds on the OpenVPN protocol was a convenient surprise.
Cost: Decent introductory prices spike after initial term
- Price: $79 for the first two years or $60 for the first year (then $100 per year afterwards) or $12 a month
- Available payment options: Credit/Debit Card, AmazonPay, Google Pay, ACH Transfer, Cryptocurrency, Cash (via retail store)
- Money-back guarantee: 30 days
- Apps available on: Windows, MacOS, Linux, Android, iOS, Android TV, Fire TV
VPN pricing has gotten increasingly complicated in the past few years, and NordVPN is no exception. The VPN has jumped on the bandwagon with its lower introductory prices that increase sharply after the first term of the subscription.
NordVPN has three different pricing options available. You can sign up for a two-year plan that costs $79 for the first two years of service, a yearly plan that costs $60 for the first year of service or a monthly plan that costs $12 a month. But after the first two years of service on the two-year plan and the first year of service on the yearly plan, those introductory prices jump to $100 annually for any subsequent years of service. We don’t recommend locking in with a single provider for more than a year at a time, though, given the rapidly changing landscape that is the VPN industry. The monthly plan remains $12 per month for the first and any additional months of service you remain on that plan, which adds up to $144 annually.
NordVPN doesn’t accept PayPal payments, but you can purchase a subscription with any major credit or debit card, AmazonPay, Google Pay or ACH transfer. If you’d rather pay anonymously, you can pay with a variety of cryptocurrencies including bitcoin, ethereum, tether and dogecoin. NordVPN has also partnered with a handful of retail stores like Staples, BestBuy and Walmart where you can even purchase your VPN with cash.
Platforms, streaming and customer service
Apps are available on Windows, MacOS, Linux, Android, iOS, Android TV and Fire TV — and you can also connect to the VPN via browser extensions for Chrome, Firefox and Edge. You’ll be able to connect up to six different devices at once with a single NordVPN subscription — which is more than the three to five simultaneous connections offered by most other VPN providers. If you’d like to protect your entire home network with a single connection or use the VPN on your smart TV or gaming console, you can install NordVPN on a compatible router by following Nord’s router tutorial.
We had no issues unblocking streaming sites like Netflix, Disney Plus and Amazon Prime Video when connected to NordVPN’s US servers.
Customer support is available 24/7 via live chat or an email ticketing system. NordVPN’s live chat bot will be able to help you with general questions, but for anything beyond that, you’ll need to speak with a customer service representative. If you’re a paying customer, you’ll have access to priority chat support. If you’d rather investigate on your own, NordVPN’s Support Center is filled with all sorts of FAQs, setup and troubleshooting guides and general info.
And if you’re not happy with the service for whatever reason, NordVPN offers a 30-day money-back guarantee.
Security and privacy: Excellent encryption, but red flags abound
- Jurisdiction: Panama (potentially others)
- Encryption: AES 256-bit, Perfect Forward Secrecy, RAM-only server infrastructure
- No annual transparency reports
- Significant transparency problems with ownership structure
A big part of NordVPN’s pitch to users is the breadth of security and privacy features it offers. On top of standard features like DNS leak protection and a kill switch, NordVPN offers double-hop VPN connections, obfuscated servers and Tor-over-VPN. And with additional perks like Dark Web Monitoring and Threat Protection, NordVPN is joining a wider trend among VPNs by offering more non-VPN privacy tools.
NordVPN’s new Threat Protection feature for Mac and Windows machines aims to be an all-in-one protection tool against malware and malicious sites, while blocking ads and trackers.
“Basically, what we do is we scan each and every file on your device,” NordVPN developer Vykintas Maknickas told us in an interview. “We trained our algorithm currently on like 5 million different files in order to understand if we see some patterns where malicious files are a bit different in how they look from the outside.”
In our initial interview with Nord and an earlier version of this review, the Threat Protection feature was described as functioning by scanning your entire device when enabled — much like an antivirus — and then using the data it gathers to train its AI algorithm. In the previous version of this review, we said this function constitutes an enormous privacy-trust ask by Nord and couldn’t recommend the feature without further testing.
Following the publication of this article, however, Nord reached out to clarify that Threat Protection doesn’t actually scan the contents of your entire device.
“The scanning is done only on files that are downloading from the internet while the feature is on, and currently the function to scan other locally stored files neither exists nor is planned,” NordVPN said in an email. “Moreover, we do not inspect any files that could potentially reveal any personal information.”
Nord said all document and picture files are automatically excluded from the scan and not uploaded to the cloud, leaving executable files as the focus of the scan. And even then, Nord said, only the file hashes are checked — not the file contents themselves — which Nord cross-references against a database of known malware.
As far as encryption goes, NordVPN’s is solid and in line with other top VPNs. NordVPN employs AES 256-bit encryption with Perfect Forward Secrecy and a 4,096-bit key for OpenVPN and IKEv2 connections. The company’s proprietary WireGuard-based NordLynx encryption protocol adds a double NAT system on top of its WireGuard foundation to solve WireGuard’s widely known, out-of-the-box privacy issue — collecting temporary IP addresses.
Following a 2018 data breach of one of its servers in Finland, NordVPN made several moves to shore up its security, including transitioning to diskless RAM-only servers. Theoretically, Nord’s server fleet would yield nothing should any of them be seized.
NordVPN says it doesn’t log any of the traffic that passes through its servers, though VPN companies’ no-logs claims are also virtually impossible to verify with 100% certainty. However, NordVPN has completed several third-party no-logs and security audits in the past few years and tells us that a new audit from Cure 53 that began in July is set to be released in October.
Unlike other VPNs, however, Nord’s full audit reports are available only to registered NordVPN users, which the company says is because of legal and contractual limitations. You don’t actually have to pay for a subscription to view the full audit reports, but NordVPN expects you to drop your email address for the privilege — a prospect made riskier by Nord’s tangled ownership web.
NordVPN’s corporate structure is more opaque and convoluted than many other VPN companies in the VPN space that have gotten caught up in a recent wave of consolidation in the industry. And after NordVPN and Surfshark merged in February, the waters got even murkier. NordVPN assures us it’s liable only to Panamanian jurisdiction, which would be excellent from a privacy standpoint since the country doesn’t have any mandatory data retention laws and it’s not a member of Five Eyes or other international intelligence rings. However, this privacy is questionable since Nord operates its main offices physically out of Lithuania, processes payments through the US, maintains legal entities in the UK and Germany, and is owned by a holding company based in the Netherlands.
From records available online across a number of government and archival services, the structure apparently looks like this. A data-mining company called Tesonet has had partial control over certain operations of at least eight companies: Datasec Holdings, Tefincom (or Tefinkom), ProtonMail (and ProtonVPN‘s two apps), NordVPN, CloudVPN, Symposium Limited, Oxylabs and Oxydata.
In 2008, NordVPN co-founder Tom Okmanas also co-founded Tesonet, and Darius Bereikais was named Tesonet’s CEO. Datasec Holdings (registered in Belize) filed ownership for Tesonet’s Lithuanian website, registered a now-defunct site for Tefincom — a Panamanian company managed by a registration agent in Cyprus — and then signed NordVPN’s app. Under its Tefincom label, Tesonet’s Datasec Holdings entity redirected Tefincom’s site to NordVPN — then registered the NordVPN trademark and listed itself as the developer of Nord’s iOS app.
Nord’s payment processing is handled by Tesonet’s CloudVPN, based in Wyoming, and it’s currently unclear what amount of customer payment data may be subject to US observation. According to records from the Wyoming Secretary of State, Bereikais and Okmanas were both directors of CloudVPN In 2017. However, Nord users have also previously reported seeing Tesonet’s name on their Nord billing statements, along with Symposium Limited (of New Zealand).
For more than a decade, Bereikais has also been listed on the official filings of a number of other companies affiliated with Nord and its one-time parent Tesonet. Along with being a director of ProtonVPN (and its parent, Cyber Alliance), Bereikais was the director of Symposium Limited and Oxydata.
Flash forward to 2018. Scandal-scarred browser proxy HolaVPN took Tesonet’s Oxydata to court in Texas, claiming Tesonet and Okmanas were violating Hola’s patent rights with the Oxydata product. Oxydata is a residential proxy service. When you install it on your device you can use it to bypass geoblocks, but the service also uses a portion of your device’s resources and may also let another Oxydata user appear to have your personal IP address. That could be a serious liability if your IP address is ever used by someone visiting criminally unsavory sites.
This exceptionally dense thicket of corporate crossover makes it almost impossible to determine which user data may be accessed by which countries’ government entities or third-party companies. And it’s why NordVPN needs to start posting the transparency reports it already has — detailing how many subpoenas for user information it has received from each country — immediately. But some at Nord are worried it may make the VPN look bad.
“We’ve got it internally, and we just don’t publish it just yet. So there are some discussions and two opposing sides there, you know, because the one side is basically about transparency and the other side is about how it looks from the outside,” Maknickas said.
“At the same time, we have some obligations for our investors as well — you know, to not look like a shady company who gets lots of different requests from the FBI, et cetera.”
But transparency reports are only going to become more critical as Nord expands its offerings.
Observations regarding NordVPN’s kill switch
NordVPN offers a kill switch when connecting through OpenVPN or its NordLynx protocol. We tested the kill switch using both OpenVPN and NordLynx and were concerned when it appeared as though the kill switch didn’t activate when we jumped from one server to another using the NordVPN MacOS clients.
NordVPN has two MacOS clients — one that can be sideloaded from the website and another that can be downloaded from Apple’s App Store. The sideloaded MacOS client has a per-app kill switch where you can designate specific apps to kill if your VPN connection is interrupted. For our tests, we set the Chrome browser to be killed but, as we jumped from server to server and the VPN connection broke, our Chrome browsing session continued to chug along uninterrupted. It was only after the client timed out when we attempted to jump to a seventh consecutive server that NordVPN killed Chrome.
The App Store version of the MacOS client has an automatic internet kill switch rather than an app-based kill switch. This means that your entire internet connection should be killed automatically when the VPN connection drops out. It appeared as though the App Store version also failed to kill our internet connection as we jumped from server to server — even when we had the “advanced” kill switch enabled, which NordVPN says adds “an additional security layer for protection against rare and very specific IP leaks when you’re connected to VPN.”
We sent the logs we generated from those sessions over to Nord to see if they could offer an explanation as to why that appeared to be happening during our tests. Maknickas assured us that traffic is indeed halted while jumping between servers in both versions of the app. He added that a new VPN tunnel isn’t opened during a server switch; rather, the existing tunnel is reconfigured. That, in addition to the quick reconnection times between server switches, can make it difficult to spot any obvious interruptions in the browsing experience. Maknickas also said that the tunnel closed on our seventh consecutive attempt to switch servers because we reached NordVPN’s limit of six active sessions by making multiple reconnections in a short timeframe.
“In-house, we test the operation of the killswitch by creating a MitM [man in the middle] network and connecting a device with VPN enabled to it,” Maknickas said in an emailed response. “We are then generating network traffic on the test device with tools like IPerf3 and perform VPN server switching to see if any packets are not going through the tunnel (and can confirm they are not).”
It’s unclear at this time whether the seeming failure to fully sever an internet connection is entirely in Nord’s hands, or if it may relate to a recently discovered vulnerability which allows some versions of iOS to maintain a connection outside of a VPN tunnel. Nord is aware of the problem, however, and said that Apple’s connectivity controls are preventing the app from fully halting the device.
“We cannot control the ‘killing the internet’ part. What we can do is set up your DNS incorrectly so that it wouldn’t leak your IP address because your requests don’t go to the internet but instead go to some thing we set up incorrectly,” Maknickas said, adding that Nord will be pushing users toward the VPN’s sideloaded app and away from the App Store.
“Over the years we came up with these workarounds, but at the same time, what we are looking to do is to basically build the system from the ground up in order for us to be in control.”
NordVPN offers a ton of features designed to keep you secure and protect your privacy online, but when we noticed some rather significant faults in the service it became clear that the VPN still has a lot of work to do to improve in terms of security and overall transparency.
Update, Sept. 8: A previous version of this review accurately reported the content of an interview with NordVPN regarding the service’s Threat Protection feature. This article has been updated with additional clarifying comments from NordVPN.
