Does NordVPN Keep Logs?

NordVPN is a VPN service with a clear stance regarding its data-logging policy. They claim to have a strict “zero logs” policy.

The company guarantees it will keep no logs of users, whether they use the NordVPN software to download torrents or to browse the web.

The question that arises is: “how do we know NordVPN holds its promise”? Well, they had an audit conducted by a neutral company to determine whether they logged data.

NordVPN’s Logging Policy

The NordVPN website states that absolutely no logs are kept. According to NordVPN’s privacy policy:

“However, it is important to note that the laws of the Republic of Panama do not oblige us to store logs of users’ online activity. Accordingly, we do not log users’ browsing history, traffic information, or IP addresses used to access the internet via our services. This means that we are not able to link shared IP addresses of VPN services to an individual user or otherwise individual users based on data that we do not process.”

This statement explains why they are able to avoid keeping traffic logs. They are referring to the fact that NordVPN is based outside the US and EU jurisdictions. They have no legal obligation to save logs or deliver any info to government agencies from those jurisdictions.

The Independent Auditing of NordVPN

Relying on a VPN provider’s claims isn’t a good security practice. One of the few ways a VPN can prove it does not log users’ activities is through an independent audit. Due to the reasonable suspicions of its users, NordVPN commissioned an audit.

NordVPN hired PricewaterhouseCoopers (PwC) AG of Zurich, Switzerland, to conduct a full privacy audit. This company is internationally known as one of the “Big Four” auditing companies, so its results are credible.

In short, PwC had 11 days in late 2019 with full access to everything NordVPN uses. The company was able to view source code, have full access to servers, and see what data goes in and out. Because PwC’s reputation is the main factor behind their annual gross income of more than $40 billion, they had to remain neutral during the audit.

When the audit was completed, PwC announced that no IP addresses or logs of browsing activity were created or stored by NordVPN. 

Conclusion

NordVPN’s competition had been spreading rumors that the service logged. In a move that no other VPN company has been bold enough to do to date, NordVPN had a giant audit firm tell the world they weren’t lying.

At the end of the audit, the security experts at PwC are confident that NordVPN has done what it promised: Not to save any logs that can identify users.

Unfortunately, most VPN companies don’t offer such an audit. They may have flashy websites and big promises, but there will always be a suspicion that they are logging your activity. In the future, more well-established VPN companies will likely have to follow this trend to stay competitive.