NordVPN is a VPN service with a clear stance when it comes to data-logging policy. The VPN provider claims to have a strict “zero logs” policy.
The company guarantees that they will keep no logs when their customers use NordVPN to download torrents, browse the web, and other online activities.
The question that arises is: “how do we know NordVPN holds its promise”? Well, they went ahead and had a neutral audit company verifying if they log or not.
NordVPN’s Logging Policy
Being based in Panama allows us to keep no logs of users’ online activity (no IP addresses, browsing data, traffic information, etc.). This means that we are unable to link an individual user to a specific IP address, connection timestamp or other information that we do not collect.
This statement also explains why they are able to avoid keeping traffic logs. They are referring to the fact that NordVPN is based outside the US and EU jurisdictions. They have no legal obligation to save logs or to deliver any info whatsoever to government agencies from those jurisdictions.
Relying on a VPN provider’s claims isn’t a good security practice. It’s likely to end up with you signing up for a service that logs your activity. One of the few ways a VPN can prove it does not log users’ activities is through an independent audit. Due to the rightful cynicism of its users, NordVPN commissioned an audit.
NordVPN hired PricewaterhouseCoopers (PwC) AG of Zurich, Switzerland, to conduct a full privacy audit. This company is internationally known as one of the “Big Four” auditing companies, so its results are credible.
In short, PwC had 11 days in late 2019 with full access to everything NordVPN uses. The company was able to view source code, have full access to servers, and see what data goes in and out. Because PwC’s reputation is the main factor behind their annual gross income of more than $40 billion, they had to remain neutral during the audit.
When the audit was completed, PwC announced that no IP addresses or logs of browsing activity were created or stored by NordVPN.
Even though it was proven that NordVPN doesn’t save usage logs, you should not get too comfortable and use the service blindly. You still have to make sure that you configure NordVPN correctly to avoid leaks.
It may be surprising to you, but one of the main causes of leakage for VPN users is simply forgetting to turn the VPN on. Fortunately, it’s easy to set NordVPN to start automatically when you turn your computer on and avoid that kind of trouble.
Failing to follow good practices may result in exposing your real IP address to your Internet Service Provider, monitoring entities, and the websites you visit, which is the last thing you want. In such scenarios, the no-logging policy of NordVPN wouldn’t be able to do anything for you.
Payment methods can help you hide
Not saving your session details is half of the journey. If you don’t want any record of being a VPN user, and hide your identity from your own VPN provider, then you have to look at the payment method you choose when getting the VPN.
NordVPN allows you to hide your user identity by providing anonymous payment options. Users with a crypto wallet can pay with cryptocurrencies, which will enable them to subscribe without revealing any information.
The Key Takeaways
NordVPN’s competition had been spreading rumors that the service logged. In a move that no other VPN company has been bold enough to do to date, NordVPN had a giant audit firm tell the world they weren’t lying.
At the end of the audit, the security experts at PwC are confident that NordVPN has done what it promised: Not to save any logs that can identify users.
Unfortunately, most VPN companies don’t offer such an audit. They may have flashy websites and big promises, but there will always be a lingering suspicion that they are logging your activity. In the future, more of the established VPN companies will likely follow this trend to stay competitive.