Developer(s) | NordVPN s.a. [1] [2] |
---|---|
Initial release | February 13, 2012[3] |
Stable release | Android 7.10 (October 22, 2024 [4] ) [±] iOS 8.34 (October 15, 2024 [5] ) [±] ContentstvOS 1.5 (June 13, 2024 [7] ) [±] |
Operating system | |
Platform | |
Type | Virtual Private Network |
License | Linux client: GPLv3 only github |
Website | nordvpn |
NordVPN is a Lithuanian VPN service with applications for Microsoft Windows, macOS, Linux, Android, iOS, Android TV, and tvOS. [8] [9] [10] Manual setup is available for wireless routers, NAS devices, and other platforms. [11] [12]
NordVPN is developed by Nord Security (formerly Nordsec Ltd), [13] a company that creates cybersecurity software and was initially supported by the Lithuanian startup accelerator and business incubator Tesonet. NordVPN states it operates in Panama, but Nord Security is incorporated in Amsterdam, the Netherlands. [14] Its offices are located in Lithuania, the United Kingdom, Panama, and the Netherlands. [13]
NordVPN was established in 2012 by a group of childhood friends, which included Tomas Okmanas. It presented an Android app in late May 2016, followed by an iOS app in June the same year. [15] In October 2017, it launched a browser extension for Google Chrome. [16] The service launched applications for Android TV in 2018 [17] and tvOS in 2023. [18] As of September 2023, [update] NordVPN was operating 5,600 servers in 59 countries. [19]
In March 2019, it was reported that NordVPN received a directive from Russian authorities to join a state-sponsored registry of banned websites, which would prevent Russian NordVPN users from circumventing state censorship. NordVPN was reportedly given one month to comply, or face blocking by Russian authorities. [20] The provider declined to comply with the request and shut down its Russian servers on April 1. As a result, NordVPN still operates in Russia, but its Russian users have no access to local servers.
In September 2019, NordVPN announced NordVPN Teams, a VPN solution aimed at small and medium businesses, remote teams, and freelancers, who need secure access to work resources. [21] Two years later, NordVPN Teams rebranded as NordLayer and moved toward SASE business solutions. [22] The press sources quoted the market rise in SASE technology as one of the key factors in the rebrand. [23] [24]
On October 29, 2019, NordVPN announced additional audits and a public bug bounty program. [25] The bug bounty was launched in December 2019, offering researchers monetary rewards for reporting critical flaws in the service. [26]
In December 2019, NordVPN became one of the five founding members of the newly formed VPN Trust Initiative, promising to promote online security as well as more self-regulation and transparency in the industry. [27] In 2020, the initiative announced five key areas of focus: security, privacy, advertising practices, disclosure and transparency, and social responsibility. [28]
In August 2020, Troy Hunt, an Australian web security expert and founder of Have I Been Pwned?, announced a partnership with NordVPN as a strategic advisor. On his blog, Hunt described this role as "work with NordVPN on their tools and messaging with a view to helping them make a great product even better." [29]
In 2022, NordVPN closed its physical servers in India in response to the CERT-In's order for VPN companies to store consumers' personal data for a period of five years. [30]
In April 2022, NordVPN's parent company Nord Security raised $100 million in a round of funding led by Novator. The company's valuation reached $1.6 billion. [31] In September 2023, the company grew and raised more funding, making it valued at $3 billion. [32]
In 2022, Surfshark and Nord Security merged under one holding company. [33]
NordVPN routes users' internet traffic through a remote server run by the service, thereby hiding their IP address and encrypting all incoming and outgoing data. [34] For encryption, NordVPN has been using the OpenVPN and Internet Key Exchange v2/IPsec technologies in its applications [35] and also introduced its proprietary NordLynx technology in 2019. [36] NordLynx is a VPN tool based on the WireGuard protocol, which aims for better performance than the IPsec and OpenVPN tunneling protocols. [37] According to tests performed by Wired UK, NordLynx produces "speed boosts of hundreds of MB/s under some conditions." [38]
In April 2020, NordVPN announced the gradual roll-out of the WireGuard-based NordLynx protocol on all its platforms. [39] The wider implementation was preceded by a total of 256,886 tests, which included 47 virtual machines on nine different providers, in 19 cities, and eight countries. The tests showed higher average download and upload speeds than both OpenVPN and IKEv2.
NordVPN once used L2TP/IPSec and Point-to-Point Tunneling Protocol (PPTP) connections for routers, but these were later removed, as they were largely outdated and insecure.
NordVPN has desktop applications for Windows, macOS, and Linux, as well as mobile apps for Android and iOS and Android TV app. Subscribers also get access to encrypted proxy extensions for Chrome and Firefox browsers. [40] Subscribers can connect up to six devices simultaneously. [41] NordVPN has released their Linux client under the terms of the GPLv3 only. [42]
In November 2018, NordVPN claimed that its no-log policy was verified through an audit by PricewaterhouseCoopers AG. [43] [44]
In 2020, NordVPN underwent a second security audit by PricewaterhouseCoopers AG. The testing focused on NordVPN's Standard VPN, Double VPN, Obfuscated (XOR) VPN, P2P servers, and the product's central infrastructure. The audit confirmed that the company's privacy policy was upheld and the no-logging policy was followed. [45]
In 2021, NordVPN completed an application security audit, carried out by a security research group VerSprite. VerSprite performed penetration testing and, according to the company, found no critical vulnerabilities. One flaw and a few bugs that were found in the audit have since been patched. [46]
In October 2020, NordVPN started rolling out its first colocated servers in Finland to secure the hardware perimeter. The RAM-based servers are fully owned and operated by NordVPN in an attempt to keep full control. [47] [48]
In December 2020, NordVPN initiated a network-wide rollout of 10 Gbit/s servers, upgrading from the earlier 1 Gbit/s standard. The company's servers in Amsterdam and Tokyo were the first to support 10 Gbit/s, and by December 21, 2020, over 20% of the company's network had been upgraded. [49] [50]
In January 2022, NordVPN released an open-source VPN speed testing tool, available for download from GitHub. [51]
Besides general-use VPN servers, the provider offers servers for specific purposes, including P2P sharing, double encryption, and connection to the Tor anonymity network. [52] NordVPN offers three subscription plans: monthly, yearly and bi-yearly.
In November 2020, NordVPN launched a feature that scans the dark web to determine if a user's personal credentials have been exposed. When the Dark Web Monitor feature finds any leaked credentials, it sends a real-time alert, prompting the user to change the affected passwords. [53]
In February 2022, NordVPN introduced an antivirus functionality available as part of the regular VPN license. The opt-in Threat Protection feature blocks web trackers, warns users about malicious websites, and blocks downloaded files that contain malware. [54] As of March 2022, the feature is available on the Windows and macOS apps and works without connecting to a VPN server. [55]
In June 2022, NordVPN launched the Meshnet feature that allows users to create their own private network by linking up to 60 devices. Some of the promoted use cases include file sharing between different devices, multiplayer gaming, and virtual routing. [56]
Several publications, including Tom's Guide , [57] PC Magazine , [52] CNET, [58] and TechRadar [59] have reviewed NordVPN. Most noted that NordVPN's features such as choosing server location, and speed are good. They also noted the service's high price compared to others in the category.
On October 21, 2019, a security researcher disclosed on Twitter a server breach of NordVPN involving a leaked private key. [60] [61] [62] The cyberattack granted the attackers root access, which was used to generate an HTTPS certificate that enabled the attackers to perform man-in-the-middle attacks to intercept the communications of NordVPN users. [63] In response, NordVPN confirmed that one of its servers based in Finland was breached in March 2018, but there was no evidence of an actual man-in-the-middle attack ever taking place. [64] [65] The exploit was the result of a vulnerability in a contracted data center's remote administration system that affected the Finland server between January 31 and March 20, 2018. [64] Evidence suggests that when the data center became aware of the intrusion, all accounts that had caused the vulnerabilities were deleted and NordVPN was not notified about the mistake. [66] [67]
According to NordVPN, the data center disclosed the breach to NordVPN on April 13, 2019, and NordVPN ended its relationship with the data center. [65] In addition, experts state that there are no indications of any user’s private information such as user credentials, billing details, or any other profile-related information being compromised during that event. [68] [69] [70] Security researchers and media outlets criticized NordVPN for failing to promptly disclose the breach after the company became aware of it. [62] [61] [71] NordVPN stated that the company initially planned to disclose the breach after it completed the audit of its 5,000 servers for any similar risks [62] and later put regular updates on its blog. [72]
On November 1, 2019, in a separate incident, it was reported that approximately 2,000 usernames and passwords of NordVPN accounts were exposed through credential stuffing. [73] [74]
In 2019, the Advertising Standards Authority (United Kingdom) (ASA) advised NordVPN not to repeat claims that public WiFi is so insecure it is equivalent to handing out your personal information to the people around you. [75] The ASA ruled that HTTPS already provides "a significant layer of security" and that the impression the ad gave that users were at a significant risk from data theft was erroneous. [76] In 2023, the ASA again ruled against NordVPN, this time over an advertisement which claimed NordVPN could "switch off... malware", holding that, in context, listeners were "likely to understand" it to mean the product would stop all malware, which NordVPN did not substantiate in response to the ASA. [77]
In January 2022, NordVPN updated its policy regarding law enforcement cooperation, [78] according to statements from PCMag [79] and TechRadar. [80] Previously, NordVPN had maintained a strict no-logs policy, preventing any user-identifying data from being stored. The 2023 update clarified that, while the no-logs policy continued, NordVPN would comply with law enforcement requests when required by local legal authorities. This change reflected increased regulatory pressures on VPN providers to support investigations related to cybersecurity and criminal activities. [78]
Privacy advocates, including VPN.com, expressed concern that this cooperation might compromise user privacy and set a precedent for other VPN services. Critics argued that any law enforcement compliance could challenge NordVPN’s commitment to anonymity, while NordVPN, as cited by TechRadar, asserted its dedication to privacy by only responding to legal requests and maintaining minimal data retention. [80] Transparency statements from the company outlined strict compliance conditions, aiming to reassure users about privacy safeguards under the revised policy. [81]
Private Internet Access (PIA) is a personal VPN service that allows users to connect to multiple locations. In 2018, former Mt. Gox CEO Mark Karpelès was named chief technology officer of PIA's parent company, London Trust Media. In November 2019, Private Internet Access was acquired by UK-based Kape Technologies.
Proton Mail is a Swiss end-to-end encrypted email service founded in 2013 and headquartered in Plan-les-Ouates, in the Canton of Geneva of Switzerland. Proton Mail is now run by Proton AG, which also operates Proton VPN, Proton Drive, Proton Calendar, Proton Pass and Proton Wallet. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com.
Norton is a brand name used by the American company Gen Digital for some of its software.
Mullvad is a commercial VPN service based in Sweden. Launched in March 2009, Mullvad operates using the WireGuard and OpenVPN protocols. It also supports Shadowsocks as a bridge protocol for censorship circumvention. Mullvad's VPN client software is released under the GPLv3, a free and open-source software license.
ExpressVPN is a company providing online privacy and security solutions, including a virtual private network (VPN) service and a password manager. Since September 2021, ExpressVPN has been a subsidiary of Kape Technologies, a company wholly owned by Israeli billionaire Teddy Sagi.
Proton VPN is a VPN service launched in 2017 and operated by the Swiss company Proton AG, the company behind the email service Proton Mail. According to its official website, Proton VPN and Proton Mail share the same management team, offices, and technical resources, and are operated from Proton's headquarters in Plan-les-Ouates, Switzerland. On June 17, 2024 the company announced that it will be transitioning to a non-profit structure under the Proton Foundation.
HMA is a VPN service founded in 2005 in the United Kingdom. It has been a subsidiary of the Czech cybersecurity company Avast since 2016.
AdGuard is an ad blocking service for Microsoft Windows, Linux, MacOS, Android and iOS. AdGuard is also available as a browser extension.
KeepSolid VPN Unlimited is a personal virtual private network software product available for iOS, macOS, Android, Windows, and Linux.
Mozilla VPN is an open-source virtual private network developed by Mozilla. It launched in beta as Firefox Private Network on September 10, 2019, and officially launched on July 15, 2020, as Mozilla VPN.
NordPass is a proprietary password manager launched in 2019. It allows its users to organize their passwords and secure notes by keeping them in a single encrypted vault. NordPass, which operates on a freemium business model, was developed by the VPN service NordVPN.
Surfshark VPN service is a digital privacy tool provided by the cybersecurity company, Surfshark. It also offers a data leak detection system, a private search tool, an antivirus and an automated personal data removal system.
NordLocker is a file encryption software integrated with end-to-end encrypted cloud storage. It is available on Windows and macOS. NordLocker is developed by Nord Security, the Lithuania-based company behind the NordVPN virtual private network.
A virtual private network (VPN) service provides a proxy server to help users bypass Internet censorship such as geo-blocking and users who want to protect their communications against data profiling or MitM attacks on hostile networks.
NordLayer, formerly known as NordVPN Teams, is a network access security service with applications for Microsoft Windows, macOS, Linux, Android and iOS and Browser extension. The software is marketed as a privacy and security tool that enables the implementation of Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and Firewall-as-a-Service (FWaaS) in hybrid and multi-cloud cloud environments.
PrivadoVPN is a VPN service provider with applications for Windows, macOS, Android, iOS, AndroidTV and Amazon Fire TV along with custom configuration support for routers and Linux. PrivadoVPN is based in Switzerland and operates under Swiss privacy laws.
Proton Drive is an end-to-end encrypted, cloud-based file storage and synchronization service developed by Proton AG. Proton Drive enables storing files in the cloud, synchronizing files across devices, and sharing files securely. It is accessible through a web application, desktop applications for Windows and macOS, and mobile applications for Android and iOS.
Atlas VPN was a freemium VPN service provider, launched in 2019 with applications for Microsoft Windows, macOS, Linux, Android, iOS, Android TV, Apple TV, and Amazon Fire TV. It was discontinued in April 2024 and merged with NordVPN
Surfshark B.V. is a cybersecurity company that was established in 2018. It launched its first product, a Surfshark VPN, in the same year. Currently, Surfshark offers a range of cybersecurity tools: a VPN, a data leak detection system called Surfshark Alert, a private search tool known as Surfshark Search, and an antivirus named Surfshark Antivirus. The company also provides a personal data removal service called Incogni, an alternative credential generator called Alternative ID, and a Dedicated IP service.
Surfshark Antivirus is a cybersecurity software developed by a company known for Surfshark VPN and internet security services. Surfshark Antivirus provides protection against malware, viruses, and other cyber threats.