When choosing a VPN there are several factors that are important. The price, for example, and the speed of the various servers.
What perhaps even more crucial is now a VPN handles your anonymity. That’s what our yearly review focuses on. In addition, we ask whether torrenting is permitted and what the best security settings are.
This page updates yearly. We’re not here to pick the best VPN, we just want to give people as much info they need to they can make an informed choice. Here’s the 2019 overview of all VPN providers.
Here’s what we asked NordVPN and how the company answered.
1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a current or former user of your service? If so, exactly what information do you hold and for how long?
NordVPN: We do not keep any logs nor timestamps that could allow our customers to be identified.
2. What is the name under which your company is incorporated, and under which jurisdiction does your company operate?
NordVPN: Tefincom S.A., operated under the jurisdiction of Panama.
3. What tools are used to monitor and mitigate abuse of your service, including limits on concurrent connections if these are enforced?
NordVPN: We are only able to see the server load, which helps us optimize our service and provide the best possible Internet speed to our users. We also have developed and implemented an automated tool that limits the maximum number of concurrent connections to six. Apart from that, we do not use any other tools.
4. Do you use any external email providers (e.g. Google Apps), analytics, or support tools ( e.g Live support, Zendesk) that hold information provided by users?
NordVPN: NordVPN uses third-party data processors for emailing services and to collect basic website and app analytics. We use Iterable for correspondence, Zendesk to provide customer support, Google Analytics to monitor website and app data, as well as Crashlytics, Firebase Analytics and Appsflyer to monitor application data.
All third-party services we use are bound by a contract with us to never use the information of our users for their own purposes and not to disclose the information to any third parties unrelated to the service.
5. In the event you receive a DMCA takedown notice or a non-US equivalent, how are these handled?
NordVPN: We operate under Panama’s jurisdiction, where DMCA and similar orders have no legal bearing. Therefore, they do not apply to us.
6. What steps would be taken in the event a court orders your company to identify an active or former user of your service? How would your company respond to a court order that requires you to log activity for a user going forward? Have these scenarios ever played out in the past?
NordVPN: If the order or subpoena is issued by a Panamanian court, we would have to provide the information if we had any. However, our zero-log policy means that we do not store any information about our users’ online activity – only their email address and basic payment info. So far, we haven’t had any such cases.
7. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why? Do you provide port forwarding services? Are any ports blocked?
NordVPN: We do not restrict any BitTorrent or other file-sharing applications on most of our servers. We have optimized a number of our servers specifically for file-sharing. At the moment, we do not offer port forwarding and block outgoing ports SMTP25 and NetBIOS.
8. Which payment systems/providers do you use? Do you take any measures to ensure that payment details can’t be linked to account usage or IP-assignments?
NordVPN: Our customers are able to pay via all major credit cards, regionally localized payment solutions (e.g. AliPay, Yandex, etc.) and cryptocurrencies. Our payment processing partners collect basic billing information for payment processing and refund requests, but it cannot be related to any Internet activity of a particular customer. Bitcoin is the most anonymous option, as it does not link the payment details to the user identity or other personal information.
9. What is the most secure VPN connection and encryption algorithm you would recommend to your users?
NordVPN: For OpenVPN connection, we use the AES 256 GCM algorithm. For IKEv2/IPSec, the ciphers used to generate Phase1 keys are AES-256-GCM for encryption, coupled with SHA2-384 to ensure integrity, combined with PFS (Perfect Forward Secrecy) using 3072-bit Diffie Hellmann keys.
10. Do you provide tools such as “kill switches” if a connection drops and DNS/IPv6 leak protection? Do you support Dual Stack IPv4/IPv6 functionality?
NordVPN: Yes, we provide both an automatic kill switch and a feature for DNS leak protection. Dual Stack IPv4/IPv6 functionality is not yet supported with our service; however, all NordVPN apps offer an integrated IPv6 Leak Protection.
11. Are any of your VPN servers hosted by third parties? If so, what measures do you take to prevent those partners from snooping on any inbound and/or outbound traffic? Do you use your own DNS servers?
We use a hybrid model, whereby we own some of our servers ourselves but also partner with premium data centers with strong security practices.
Due to our special server configuration, no one is able to collect or retain any data, ensuring compliance with our no-logs policy. We also have specific requirements for network providers to ensure the highest service quality for our customers. We do have our own DNS servers, and all DNS requests go through those. Also, our customers can use any DNS server they like.
12. In which countries are your servers physically located? Do you offer virtual locations?
NordVPN: All of our servers are physically located in the stated countries. We do not offer virtual locations. At the moment, NordVPN provides more than 5,000 servers in 61 countries, and the full location list can be found here.