NordVPN


NordVPN is a personal virtual private network service provider. It has desktop applications for Windows, macOS, and Linux, mobile apps for Android and iOS, as well as an application for Android TV. Manual setup is available for wireless routers, NAS devices and other platforms.
NordVPN is based in Panama, as the country has no mandatory data retention laws and does not participate in the Five Eyes or Fourteen Eyes alliances.

History

NordVPN was established in 2012 by "four childhood friends", as stated on its website. Late in May 2016, it presented an Android app, followed by an iOS app in June the same year. In October 2017, it launched a browser extension for Google Chrome. In June 2018, the service launched an application for Android TV. As of October 2019, NordVPN was operating more than 5,200 servers in 62 countries.
In March 2019, it was reported that NordVPN received a directive from Russian authorities to join a state sponsored registry of banned websites, which would prevent Russian NordVPN users from circumventing Russian state censorship. NordVPN was reportedly given one month to comply, or face blocking by Russian authorities. The provider declined to comply with the request and shut down its Russian servers on April 1. As a result, NordVPN still operates in Russia, but its Russian users have no access to local servers.
In September 2019, NordVPN announced a VPN solution for business, called NordVPN Teams. It is aimed at small and medium businesses, remote teams and freelancers, who need to access work resources securely.
In December 2019, NordVPN became one of the five founding members of the newly formed 'VPN Trust Initiative', promising to promote online security as well as more self-regulation and transparency in the industry.

Features

NordVPN routes all users' internet traffic through a remote server run by the service, thereby hiding their IP address and encrypting all incoming and outgoing data. For encryption, NordVPN uses the OpenVPN and Internet Key Exchange v2/IPsec technologies in its applications. Besides general-use VPN servers, the provider offers servers for specific purposes, including P2P sharing, double encryption, and connection to the Tor anonymity network.
At one time NordVPN used L2TP/IPSec and Point-to-Point Tunneling Protocol connections for routers, but these were later removed, as they were largely obsolete and insecure.
NordVPN has desktop applications for Windows, macOS, and Linux, as well as mobile apps for Android and iOS and Android TV app. Subscribers also get access to encrypted proxy extensions for Chrome and Firefox browsers. Subscribers can connect up to 6 devices simultaneously.
In November 2018, NordVPN claimed that its no-log policy was verified through an audit by PricewaterhouseCoopers AG.
In July 2019, NordVPN released NordLynx, a new VPN tool based on the experimental WireGuard protocol, which aims for better performance than the IPsec and OpenVPN tunneling protocols. NordLynx is available to Linux users and, according to tests performed by Wired UK, produces "speed boosts of hundreds of MB/s under some conditions."
In April 2020, NordVPN announced a gradual roll-out of the WireGuard-based NordLynx protocol on all its platforms. The wider implementation was preceded by a total of 256,886 tests, which included 47 virtual machines on nine different providers, in 19 cities, and eight countries. The tests showed higher average download and upload speeds than both OpenVPN and IKEv2.

Security issues and controversies

On October 21, 2019, a security researcher disclosed on Twitter a server breach of NordVPN involving a leaked private key. The cyberattack granted the attackers root access, which was used to generate an HTTPS certificate that enabled the attackers to perform man-in-the-middle attacks to intercept the communications of NordVPN users. In response, NordVPN confirmed that one of its servers based in Finland was breached in March 2018. The exploit was the result of a vulnerability in a contracted data center's remote administration system that affected the Finland server between January 31 and March 20, 2018. According to NordVPN, the data center disclosed the breach to NordVPN on April 13, 2019, and NordVPN ended its relationship with the data center. Security researchers and media outlets criticized NordVPN for failing to promptly disclose the breach after the company became aware of it. NordVPN stated that the company initially planned to disclose the breach after it completed its internal audits.
On October 29, 2019, NordVPN announced additional audits and a bug bounty program. The bug bounty was launched in December 2019, offering researchers monetary rewards for reporting critical flaws in the service.
On November 1, 2019, in a separate incident, it was reported that approximately 2,000 usernames and passwords of NordVPN accounts were exposed through credential stuffing.

Reception

In a February 2019 review by PC Magazine, NordVPN was praised for its strong security features and an "enormous network of servers", although its price tag was noted as expensive. CNET's March 2019 review favorably noted NordVPN's six simultaneous connections and dedicated IP option. In a positive review published by Tom's Guide in October 2019, the reviewer concluded that "NordVPN is affordable and offers all the features that even the hardcore VPN elitists will find suitable". The reviewer also noted that its terms of service mention no country of jurisdiction, writing that the company could be more transparent about its ownership. The company has since updated the Terms, explicitly mentioning Panama as its country of jurisdiction. TechRadar recommended NordVPN for bypassing state-level Internet censorship, including the Great Firewall in China.