Developer(s) | NordVPN s.a.[1][2] |
---|---|
Initial release | February 13, 2012[3] |
Stable release | Android 7.10 (October 22, 2024[4]) [±] iOS 8.34 (October 15, 2024[5]) [±] |
Operating system | |
Platform | |
Type | Virtual Private Network |
License | Linux client: GPLv3 only github |
Website | nordvpn |
NordVPN is a Lithuanian VPN service with applications for Microsoft Windows, macOS, Linux, Android, iOS, Android TV, and tvOS.[8][9][10] Manual setup is available for wireless routers, NAS devices, and other platforms.[11][12]
NordVPN is developed by Nord Security (formerly Nordsec Ltd),[13] a company that creates cybersecurity software and was initially supported by the Lithuanian startup accelerator and business incubator Tesonet. NordVPN states it operates in Panama, but Nord Security is incorporated in Amsterdam, the Netherlands.[14] Its offices are located in Lithuania, the United Kingdom, Panama, and the Netherlands.[13]
History
NordVPN was established in 2012 by a group of childhood friends, which included Tomas Okmanas. It presented an Android app in late May 2016, followed by an iOS app in June the same year.[15] In October 2017, it launched a browser extension for Google Chrome.[16] The service launched applications for Android TV in 2018[17] and tvOS in 2023.[18] As of September 2023,[update] NordVPN was operating 5,600 servers in 59 countries.[19]
In March 2019, it was reported that NordVPN received a directive from Russian authorities to join a state-sponsored registry of banned websites, which would prevent Russian NordVPN users from circumventing state censorship. NordVPN was reportedly given one month to comply, or face blocking by Russian authorities.[20] The provider declined to comply with the request and shut down its Russian servers on April 1. As a result, NordVPN still operates in Russia, but its Russian users have no access to local servers.
In September 2019, NordVPN announced NordVPN Teams, a VPN solution aimed at small and medium businesses, remote teams, and freelancers, who need secure access to work resources.[21] Two years later, NordVPN Teams rebranded as NordLayer and moved toward SASE business solutions.[22] The press sources quoted the market rise in SASE technology as one of the key factors in the rebrand.[23][24]
On October 29, 2019, NordVPN announced additional audits and a public bug bounty program.[25] The bug bounty was launched in December 2019, offering researchers monetary rewards for reporting critical flaws in the service.[26]
In December 2019, NordVPN became one of the five founding members of the newly formed VPN Trust Initiative, promising to promote online security as well as more self-regulation and transparency in the industry.[27] In 2020, the initiative announced five key areas of focus: security, privacy, advertising practices, disclosure and transparency, and social responsibility.[28]
In August 2020, Troy Hunt, an Australian web security expert and founder of Have I Been Pwned?, announced a partnership with NordVPN as a strategic advisor. On his blog, Hunt described this role as "work with NordVPN on their tools and messaging with a view to helping them make a great product even better."[29]
In 2022, NordVPN closed its physical servers in India in response to the CERT-In's order for VPN companies to store consumers' personal data for a period of five years.[30]
In April 2022, NordVPN's parent company Nord Security raised $100 million in a round of funding led by Novator. The company's valuation reached $1.6 billion.[31] In September 2023, the company grew and raised more funding, making it valued at $3 billion.[32]
In 2022, Surfshark and Nord Security merged under one holding company.[33]
Technology
NordVPN routes users' internet traffic through a remote server run by the service, thereby hiding their IP address and encrypting all incoming and outgoing data.[34] For encryption, NordVPN has been using the OpenVPN and Internet Key Exchange v2/IPsec technologies in its applications[35] and also introduced its proprietary NordLynx technology in 2019.[36] NordLynx is a VPN tool based on the WireGuard protocol, which aims for better performance than the IPsec and OpenVPN tunneling protocols.[37] According to tests performed by Wired UK, NordLynx produces "speed boosts of hundreds of MB/s under some conditions."[38]
In April 2020, NordVPN announced the gradual roll-out of the WireGuard-based NordLynx protocol on all its platforms.[39] The wider implementation was preceded by a total of 256,886 tests, which included 47 virtual machines on nine different providers, in 19 cities, and eight countries. The tests showed higher average download and upload speeds than both OpenVPN and IKEv2.
NordVPN once used L2TP/IPSec and Point-to-Point Tunneling Protocol (PPTP) connections for routers, but these were later removed, as they were largely outdated and insecure.
NordVPN has desktop applications for Windows, macOS, and Linux, as well as mobile apps for Android and iOS and Android TV app. Subscribers also get access to encrypted proxy extensions for Chrome and Firefox browsers.[40] Subscribers can connect up to six devices simultaneously.[41] NordVPN has released their Linux client under the terms of the GPLv3 only.[42]
In November 2018, NordVPN claimed that its no-log policy was verified through an audit by PricewaterhouseCoopers AG.[43][44]
In 2020, NordVPN underwent a second security audit by PricewaterhouseCoopers AG. The testing focused on NordVPN's Standard VPN, Double VPN, Obfuscated (XOR) VPN, P2P servers, and the product's central infrastructure. The audit confirmed that the company's privacy policy was upheld and the no-logging policy was followed.[45]
In 2021, NordVPN completed an application security audit, carried out by a security research group VerSprite. VerSprite performed penetration testing and, according to the company, found no critical vulnerabilities. One flaw and a few bugs that were found in the audit have since been patched.[46]
In October 2020, NordVPN started rolling out its first colocated servers in Finland to secure the hardware perimeter. The RAM-based servers are fully owned and operated by NordVPN in an attempt to keep full control.[47][48]
In December 2020, NordVPN initiated a network-wide rollout of 10 Gbit/s servers, upgrading from the earlier 1 Gbit/s standard. The company's servers in Amsterdam and Tokyo were the first to support 10 Gbit/s, and by December 21, 2020, over 20% of the company's network had been upgraded.[49][50]
In January 2022, NordVPN released an open-source VPN speed testing tool, available for download from GitHub.[51]
Additional features
Besides general-use VPN servers, the provider offers servers for specific purposes, including P2P sharing, double encryption, and connection to the Tor anonymity network.[52] NordVPN offers three subscription plans: monthly, yearly and bi-yearly.
In November 2020, NordVPN launched a feature that scans the dark web to determine if a user's personal credentials have been exposed. When the Dark Web Monitor feature finds any leaked credentials, it sends a real-time alert, prompting the user to change the affected passwords.[53]
In February 2022, NordVPN introduced an antivirus functionality available as part of the regular VPN license. The opt-in Threat Protection feature blocks web trackers, warns users about malicious websites, and blocks downloaded files that contain malware.[54] As of March 2022, the feature is available on the Windows and macOS apps and works without connecting to a VPN server.[55]
In June 2022, NordVPN launched the Meshnet feature that allows users to create their own private network by linking up to 60 devices. Some of the promoted use cases include file sharing between different devices, multiplayer gaming, and virtual routing.[56]
Reception
Several publications, including Tom's Guide,[57] PC Magazine,[52] CNET,[58] and TechRadar[59] have reviewed NordVPN. Most noted that NordVPN's features such as choosing server location, and speed are good. They also noted the service's high price compared to others in the category.
Criticism
On October 21, 2019, a security researcher disclosed on Twitter a server breach of NordVPN involving a leaked private key.[60][61][62] The cyberattack granted the attackers root access, which was used to generate an HTTPS certificate that enabled the attackers to perform man-in-the-middle attacks to intercept the communications of NordVPN users.[63] In response, NordVPN confirmed that one of its servers based in Finland was breached in March 2018, but there was no evidence of an actual man-in-the-middle attack ever taking place.[64][65] The exploit was the result of a vulnerability in a contracted data center's remote administration system that affected the Finland server between January 31 and March 20, 2018.[64] Evidence suggests that when the data center became aware of the intrusion, all accounts that had caused the vulnerabilities were deleted and NordVPN was not notified about the mistake.[66][67]
According to NordVPN, the data center disclosed the breach to NordVPN on April 13, 2019, and NordVPN ended its relationship with the data center.[65] In addition, experts state that there are no indications of any user’s private information such as user credentials, billing details, or any other profile-related information being compromised during that event.[68][69][70] Security researchers and media outlets criticized NordVPN for failing to promptly disclose the breach after the company became aware of it.[62][61][71] NordVPN stated that the company initially planned to disclose the breach after it completed the audit of its 5,000 servers for any similar risks[62] and later put regular updates on its blog.[72]
On November 1, 2019, in a separate incident, it was reported that approximately 2,000 usernames and passwords of NordVPN accounts were exposed through credential stuffing.[73][74]
In 2019, the Advertising Standards Authority (United Kingdom) (ASA) advised NordVPN not to repeat claims that public WiFi is so insecure it is equivalent to handing out your personal information to the people around you.[75] The ASA ruled that HTTPS already provides "a significant layer of security" and that the impression the ad gave that users were at a significant risk from data theft was erroneous.[76] In 2023, the ASA again ruled against NordVPN, this time over an advertisement which claimed NordVPN could "switch off... malware", holding that, in context, listeners were "likely to understand" it to mean the product would stop all malware, which NordVPN did not substantiate in response to the ASA.[77]
In January 2022, NordVPN updated its policy regarding law enforcement cooperation,[78] according to statements from PCMag[79] and TechRadar.[80] Previously, NordVPN had maintained a strict no-logs policy, preventing any user-identifying data from being stored. The 2023 update clarified that, while the no-logs policy continued, NordVPN would comply with law enforcement requests when required by local legal authorities. This change reflected increased regulatory pressures on VPN providers to support investigations related to cybersecurity and criminal activities.[78]
Privacy advocates, including VPN.com, expressed concern that this cooperation might compromise user privacy and set a precedent for other VPN services. Critics argued that any law enforcement compliance could challenge NordVPN’s commitment to anonymity, while NordVPN, as cited by TechRadar, asserted its dedication to privacy by only responding to legal requests and maintaining minimal data retention.[80] Transparency statements from the company outlined strict compliance conditions, aiming to reassure users about privacy safeguards under the revised policy.[81]
See also
- Comparison of virtual private network services
- Encryption
- Geo-blocking
- Internet freedom in Panama
- Internet privacy
- Secure communication
References
- ^ "General Terms of Service". nordaccount.com. Retrieved April 23, 2021.
- ^ "Nordvpn S.A." App Store. Retrieved April 23, 2021.
- ^ Nadel, Brian (April 10, 2018). "NordVPN Review: Easy But Slow". Tom's Guide. Retrieved May 4, 2019.
- ^ NordVPN (October 22, 2024). "NordVPN - Fast & Secure VPN". Google Play. Google. Retrieved October 22, 2024.
- ^ NordVPN (October 15, 2024). "VPN: Fast & Unlimited NordVPN". App Store. Apple. Retrieved October 15, 2024.
- ^ NordVPN (October 7, 2024). "NordVPN: VPN Fast & Secure". Mac App Store. Apple. Retrieved October 7, 2024.
- ^ NordVPN (June 13, 2024). "NordVPN: VPN Fast & Secure". Mac App Store. Apple. Retrieved June 13, 2024.
- ^ Schofield, Jack (November 24, 2016). "How can I protect myself from government snoopers?". The Guardian. Retrieved February 22, 2018.
- ^ Caruana, Anthony (June 19, 2018). "NordVPN Launches Android TV App". Lifehacker Australia. Retrieved June 19, 2018.
- ^ Bonk, Lawrence (December 18, 2023). "NordVPN arrives on Apple's tvOS". Engadget. Retrieved January 10, 2024.
- ^ Tiwari, Aditya (October 29, 2017). "NordVPN In-Depth Review: A Reliable VPN For Security And Performance". fossbytes.com. Retrieved February 19, 2018.
- ^ Gus (November 7, 2022). "How to Setup NordVPN on the Raspberry Pi". pimylifeup.com. Retrieved October 9, 2023.
- ^ a b David Gewirtz (May 22, 2020). "Meet NordSec: The company behind NordVPN wants to be your one-stop privacy suite". ZDNet. Retrieved April 9, 2021.
- ^ "Imprint (nordsecurity.com)". Nord Security. Retrieved 2024-11-04.
- ^ Vigliarolo, Brandon (July 1, 2016). "NordVPN offers powerful mobile VPN service and app, but there's Wi-Fi gotcha". TechRepublic. Retrieved May 4, 2019.
- ^ Real, Mark (October 3, 2017). "NordVPN Launches Extension For Google Chrome Browser". androidheadlines.com. Retrieved May 4, 2019.
- ^ Maxham, Alexander (June 19, 2018). "NordVPN Is Now Available On Android TV". androidheadlines.com. Retrieved May 4, 2019.
- ^ Bonk, Lawrence (December 18, 2023). "NordVPN arrives on Apple's tvOS". Engadget. Retrieved January 10, 2024.
- ^ Williams, Mike (September 4, 2023). "NordVPN review 2024". TechRadar. Retrieved January 10, 2024.
- ^ "Russia Threatens to Block Popular VPN Services to Prevent Website Access". Reuters. March 29, 2019. Retrieved May 4, 2019 – via The Moscow Times.
- ^ Spadafora, Anthony (September 12, 2019). "NordVPN Teams is a VPN solution for businesses". TechRadar. Retrieved November 20, 2019.
- ^ "Goodbye NordVPN Teams – Hello NordLayer!". NordLayer. Retrieved 2021-09-27.
- ^ Masiliauskas, Paulius (September 14, 2021). "NordVPN Teams rebrands as NordLayer, moves towards SASE business solutions". CyberNews. Archived from the original on September 17, 2021. Retrieved September 27, 2021.
- ^ "NordVPN Teams rebrands as NordLayer, moves towards SASE business solutions". CyberNews. 2021-09-14. Retrieved 2021-09-27.
- ^ Kan, Michael (October 29, 2019). "NordVPN Beefs Up Security With Audit, Bug Bounty Program". PC Magazine. Retrieved November 14, 2019.
- ^ Spadafora, Anthony (December 10, 2019). "NordVPN boosts security with new bug bounty program". TechRadar. Retrieved January 21, 2019.
- ^ Eddy, Max (December 19, 2019). "Can a New Alliance Help VPN Companies Prove Themselves Trustworthy". PCMag. Retrieved January 21, 2019.
- ^ "i2Coalition's VPN Trust Initiative (VTI) Unveils the VTI Principles". Yahoo! Finance. September 29, 2020. Retrieved September 28, 2021.
- ^ Troy, Hunt (August 7, 2020). "I'm Partnering with NordVPN as a Strategic Advisor". Retrieved August 7, 2020.
- ^ "After Surfshark and ExpressVPN, now NordVPN to shut down India servers". Gadgets Now. June 14, 2022. Retrieved October 16, 2022.
- ^ Lunden, Ingrid (April 7, 2022). "NordVPN raises its first money, $100M at a $1.6B valuation". TechCrunch. Retrieved April 7, 2022.
- ^ "Nord Security raised another $100M investment round". Nord Security. Retrieved 2024-08-14.
- ^ "Nord Security joins forces with Surfshark | NordVPN". nordvpn.com. 2022-02-02. Retrieved 2024-05-31.
- ^ TJ, McCue (June 20, 2019). "How Does A VPN Work?". Forbes. Retrieved November 21, 2019.
- ^ Athow, Desire (July 26, 2018). "How to choose a security protocol in the NordVPN Windows and Android apps". TechRadar. Retrieved July 15, 2019.
- ^ Eddy, Max (August 14, 2019). "The VPN Industry Is on the Cusp of a Major Breakthrough". PCMag. Retrieved November 15, 2019.
- ^ Preneel, Bart; Vercauteren, Frederik, eds. (11 June 2018). Applied Cryptography and Network Security. Springer. ISBN 978-3-319-93387-0. Archived from the original on 18 February 2019. Retrieved 15 November 2019.
- ^ Orphanides, K.G (October 19, 2019). "Cloudflare 1.1.1.1 with Warp review: faster browsing, but not a real VPN". Wired UK. Retrieved November 15, 2019.
- ^ Wagenseil, Paul (April 22, 2020). "NordVPN is about to get a lot faster — thanks to WireGuard". Tom's Guide. Retrieved November 17, 2020.
- ^ Paul, Ian (July 6, 2017). "NordVPN review: A great choice for Netflix fans, but who's running the show?". PC World. Retrieved May 4, 2019.
- ^ "NordVPN review: Still the best value for security and speed". CNET. Retrieved 3 February 2020.
- ^ NordVPN for Linux, Nord Security, 2023-03-21, retrieved 2023-03-22
- ^ Eddy, Max (October 23, 2019). "NordVPN". PCMag UK. Retrieved November 14, 2019.
- ^ Orphanides, K. G. (May 10, 2019). "The best VPNs to keep your browsing safe and secure". Wired UK. ISSN 1357-0978. Retrieved November 14, 2019.
- ^ Harber-Lamond, Mo (July 1, 2021). "Independent audit confirms NordVPN's no-log policy for the second time". Tom's Guide. Retrieved September 28, 2021.
- ^ Spadafora, Anthony (June 23, 2021). "NordVPN passes major security test". TechRadar. Retrieved September 28, 2021.
- ^ Athow, Desire (October 6, 2020). "NordVPN unleashes colocated servers for greater security". TechRadar. Retrieved November 17, 2020.
- ^ Nichols, Shaun (October 12, 2020). "One year after server hackers left NordVPN red-faced, firm's first colocated setup is online". The Register. Retrieved November 17, 2020.
- ^ Harber-Lamond, Mo (December 25, 2020). "NordVPN begins worldwide speed upgrade with 10 Gbit/s server rollout". Tom's Guide. Retrieved December 30, 2020.
- ^ Spadafora, Anthony (December 22, 2020). "This VPN giant is getting a major speed upgrade". TechRadar. Retrieved December 30, 2020.
- ^ Spadafora, Anthony (January 19, 2022). "NordVPN wants to help you test the speed of your VPN connection". TechRadar. Retrieved January 19, 2022.
- ^ a b Eddy, Max (February 28, 2019). "NordVPN". PC Magazine (British magazine). Retrieved May 4, 2019.
- ^ Ballard, Barclay (November 16, 2020). "NordVPN adds Dark Web credential monitor to protect your identity". TechRadar. Retrieved November 17, 2020.
- ^ Kan, Michael (February 9, 2022). "NordVPN to Offer Antivirus Through Built-In 'Threat Protection' Feature". PCMag. Retrieved March 10, 2022.
- ^ Castro, Chiara (March 9, 2022). "NordVPN Threat Protection: what is it and how to use it". TechRadar. Retrieved March 10, 2022.
- ^ Castro, Chiara (June 20, 2022). "NordVPN users can now create their own private network with new Meshnet feature". TechRadar. Retrieved June 28, 2022.
- ^ Nadel, Brian (April 10, 2018). "NordVPN Review: Easy But Slow". Tom's Guide. Archived from the original on April 14, 2018.
- ^ Hodge, Rae (September 8, 2021). "NordVPN review: An encryption powerhouse with the biggest VPN bang for your buck". CNET. Retrieved September 29, 2021.
- ^ Williams, Mike. "NordVPN review". TechRadar. Retrieved September 29, 2021.
- ^ Turton, William (October 21, 2019). "After Twitter Allegations, Nord VPN Discloses 2018 Breach". Bloomberg. Retrieved November 14, 2019.
- ^ a b Whittaker, Zack (October 21, 2019). "NordVPN confirms it was hacked". TechCrunch. Retrieved October 24, 2019.
- ^ a b c Hodge, Rae (November 1, 2019). "After the breach, Nord is asking people to trust its VPN again". CNET. Retrieved November 14, 2019.
- ^ Goodin, Dan (October 21, 2019). "Hackers steal secret crypto keys for NordVPN. Here's what we know so far". Ars Technica. Retrieved November 14, 2019.
- ^ a b Kastrenakes, Jacob (October 21, 2019). "NordVPN reveals server breach that could have let attacker monitor traffic". The Verge. Retrieved October 24, 2019.
- ^ a b "Why the NordVPN network is safe after a third-party provider breach". NordVPN. October 21, 2019. Retrieved October 24, 2019.
- ^ "NordVPN safe after a third-party provider breach | NordVPN". nordvpn.com (in German). 2019-10-21. Retrieved 2024-06-17.
- ^ updated, Mike Williams last (2019-11-18). "What's the truth about the NordVPN breach? Here's what we now know". TechRadar. Retrieved 2024-06-17.
- ^ "Was NordVPN Hacked? Get The Latest Updates Here". www.vpn.com. 2023-03-24. Retrieved 2024-06-17.
- ^ Markuson, Daniel (2019-10-21). "Why the NordVPN network is safe after a third-party provider breach".
- ^ updated, Mike Williams last (2019-11-18). "What's the truth about the NordVPN breach? Here's what we now know". TechRadar. Retrieved 2024-06-17.
- ^ Eddy, Max (October 23, 2019). "NordVPN and TorGuard VPN Breaches: What You Need to Know". PC Magazine. Retrieved November 14, 2019.
- ^ "Was NordVPN Hacked? Get The Latest Updates Here". www.vpn.com. 2023-03-24. Retrieved 2024-06-17.
- ^ Goodin, Dan (November 1, 2019). "NordVPN users' passwords exposed in mass credential-stuffing attacks". Ars Technica. Retrieved November 14, 2019.
- ^ Al-Heeti, Abrar (November 1, 2019). "NordVPN user accounts compromised and passwords exposed, report says". CNET. Retrieved November 14, 2019.
- ^ Corfield, Gareth (May 1, 2019). "NordVPN rapped by ad watchdog over insecure public Wi-Fi claims". The Register. Retrieved September 3, 2023.
- ^ "ASA Ruling on Tefincom SA t/a NordVPN". Advertising Standards Authority (United Kingdom). May 1, 2019. Retrieved September 3, 2023.
- ^ "ASA Ruling on NordVPN SA t/a NordVPN, Norton 360". Advertising Standards Authority (United Kingdom). January 11, 2023. Retrieved September 3, 2023.
- ^ a b Markuson, Daniel (January 20, 2022). "How NordVPN protects the privacy of its customers". NordVPN. Archived from the original on March 4, 2022. Retrieved October 31, 2024.
- ^ Kan, Michael (January 19, 2022). "NordVPN: Actually, We Do Comply With Law Enforcement Data Requests". PCMag. Archived from the original on January 27, 2022. Retrieved October 31, 2024.
- ^ a b Spadafora, Anthony (January 20, 2022). "NordVPN will now comply with law enforcement data requests". TechRadar. Archived from the original on January 20, 2022. Retrieved October 31, 2024.
- ^ Vienažindytė, Ilma (October 29, 2024). "NordVPN Introduces Transparency Reports". NordVPN. Archived from the original on October 31, 2024. Retrieved October 31, 2024.