How Good is NordVPN?

Thursday, March 5, 2020
No items found.

With many governments working to restrict individual freedom and many more increasingly taking the liberty to perform Internet surveillance on citizens, virtual private network (VPN) services have become something of a necessity.

For those who travel and/or live in countries such as Russia, China, Vietnam, Syria or Saudi Arabia, a VPN is often the only way to ensure one’s safety when researching, reporting, or discussing censored topics.

Enter NordVPN, an innovator and industry leader in the cybersecurity niche with nearly a decade of experience behind it. Nord is the biggest VPN company by server count, boasting over 5,600 dedicated machines in 58 countries.

In light of several security liabilities, however, some have started to question Nord’s effectiveness as a VPN provider. Are they actually trustworthy?

The short answer is yes, but for the full story, you’ll have to read on.

The Elephant in the Room

To clear away any shadow of doubt, I’ll begin by tackling the elephant in the room (which is really more of an elephant shrew): namely the 2018 breach of one Finnish server in the NordVPN network and the 2019 credential stuffing attacks.

So, what happened?

On March 5 2018, evidence of a security breach appeared in one of NordVPN’s servers located in Finland. The hack was made possible with the help of an insecure remote management service, which the data center provider had unknowingly left active. Nord was unaware that such a utility even existed.

To be crystal clear, NordVPN did not undergo a security breach anywhere near the magnitude of the Equifax scandal. Technically, the people behind this exploit could have gained access to any traffic that passed through that specific server, which, according to company estimates, was anywhere between 20 and 70 sessions. They could not tell, however, who was connected.

As soon as Nord became aware of the breach, they terminated their contractual relationship with the data center provider and set about the daunting task of auditing every single one of their 5,000 servers. The internal audit revealed that no real-time activity had been recorded or leaked.

What’s more, no user information was ever acquired from NordVPN’s server, meaning that the anonymity of the people using it was maintained at all times.

In contrast, the 2019 credential stuffing attack involved a number of Nord usernames and passwords being leaked. This was possible due to (1) user credentials being made available by attacks on third-party websites where Nord customers had previously shared their information, and (2) the customers’ extremely unsafe passwords which were variations of their credentials.

The leak did not include one password that showed even a modicum of complexity or unrelatedness to customer data. Technically, this cannot be qualified as a breach of NordVPN’s security service, since the information did not come from them.

Few VPNs can say they’ve been through a hack attempt and survived unscathed. Ever since, Nord has taken additional software, hardware, and policy measures to increase their security. They also set-up a fairly popular bug bounty program.

What Do You Get with NordVPN?

Now that I’ve shed some light on the alleged NordVPN hack, which was more of a limited vulnerability than an actual breach, it’s high time we understand the security potential of this service.

As I’ve mentioned before, no other VPN has more servers than Nord and the service keeps expanding its immense infrastructure of private servers. At this point, the goal has become to offer private Internet connections that perform as well as their non-private gateways. Tests show that the service offers, on average, 0 latency and roughly 75-80% of your upload and download.

The second argument for NordVPN is their feature-rich software. Whether you’re seeking Netflix unblocking, P2P downloading (torrents), a high-level kill switch, or malware blocking, they’ve got it. And more.

The third reason is the continued, undeterred security and privacy that NordVPN offers clients from all over the world. They’ve been independently audited by no less than two reputable third-parties, namely PricewaterhouseCoopers and VerSprite.

Here are the highlights of NordVPN’s service:

  • CyberSec tool that prevents malicious software and advertisements from collecting your data. In terms of effectiveness, it really stands out in the VPN market.
  • Application-based kill switch. Aside from being able to add a kill switch to particular apps, Nord’s software makes it possible for you to appear invisible to other devices that may be connected to the same network as you are.
  • Specialty servers that optimize downloading/uploading files through P2P infrastructures, Double VPN connections that re-route your data through two sets of encrypted machines, connecting securely to the Tor network, dedicated IP, and obfuscated connections. The latter is particularly useful at by-passing strict regional censorship.

Their cons are modest – no possibility for split-tunneling and a limit of 6 simultaneous connections per account. NordVPN may not be the cheapest out there, but their offer is still highly competitive given the value you get. I don’t see it as a good trade-off to give up on any of their features for a couple of extra dollars.

Why NordVPN Is Still the Best

NordVPN continues to market a trustworthy, simple and straightforward security tool for keeping your Internet connections private. They have one of the most feature-rich software, own the largest global infrastructure in the industry, and operate out of a legal jurisdiction that does not require them to keep any customer information.

NordVPN survived a hacking attempt without exposing their clients to any loss of personal data or information. Now, it is even more pro-active in terms of securing their network. If there ever was a service deserving of the title best VPN in show, it’s them.