Developer(s) | NordVPN s.a. [1] [2] |
---|---|
Initial release | February 13, 2012[3] |
Stable release | Android 7.5 (August 12, 2024 [4] ) [±] iOS 8.32 (July 25, 2024 [5] ) [±] ContentstvOS 1.5 (June 13, 2024 [7] ) [±] |
Operating system | |
Platform | |
Type | Virtual Private Network |
License | Linux client: GPLv3 only github |
Website | nordvpn |
NordVPN is a Lithuanian VPN service with applications for Microsoft Windows, macOS, Linux, Android, iOS, Android TV, and tvOS. [8] [9] [10] Manual setup is available for wireless routers, NAS devices, and other platforms. [11] [12]
NordVPN is developed by Nord Security (formerly Nordsec Ltd), [13] a company that creates cybersecurity software and was initially supported by the Lithuanian startup accelerator and business incubator Tesonet. NordVPN operates under the jurisdiction of Panama, as the country has no mandatory data retention laws and does not participate in the Five Eyes or Fourteen Eyes intelligence sharing alliances. Its offices are located in Lithuania, the United Kingdom, Panama, and the Netherlands. [13]
NordVPN was established in 2012 by a group of childhood friends, which included Tomas Okmanas. It presented an Android app in late May 2016, followed by an iOS app in June the same year. [14] In October 2017, it launched a browser extension for Google Chrome. [15] The service launched applications for Android TV in 2018 [16] and tvOS in 2023. [17] As of September 2023, [update] NordVPN was operating 5,600 servers in 59 countries. [18]
In March 2019, it was reported that NordVPN received a directive from Russian authorities to join a state-sponsored registry of banned websites, which would prevent Russian NordVPN users from circumventing state censorship. NordVPN was reportedly given one month to comply, or face blocking by Russian authorities. [19] The provider declined to comply with the request and shut down its Russian servers on April 1. As a result, NordVPN still operates in Russia, but its Russian users have no access to local servers.
In September 2019, NordVPN announced NordVPN Teams, a VPN solution aimed at small and medium businesses, remote teams, and freelancers, who need secure access to work resources. [20] Two years later, NordVPN Teams rebranded as NordLayer and moved towards SASE business solutions. [21] The press sources quoted the market rise in SASE technology as one of the key factors in the rebrand. [22]
On October 29, 2019, NordVPN announced additional audits and a public bug bounty program. [23] The bug bounty was launched in December 2019, offering researchers monetary rewards for reporting critical flaws in the service. [24]
In December 2019, NordVPN became one of the five founding members of the newly formed VPN Trust Initiative, promising to promote online security as well as more self-regulation and transparency in the industry. [25] In 2020, the initiative announced five key areas of focus: security, privacy, advertising practices, disclosure and transparency, and social responsibility. [26]
In August 2020, Troy Hunt, an Australian web security expert and founder of Have I Been Pwned?, announced a partnership with NordVPN as a strategic advisor. On his blog, Hunt described this role as "work with NordVPN on their tools and messaging with a view to helping them make a great product even better." [27]
In 2022, NordVPN closed its physical servers in India in response to the CERT-In's order for VPN companies to store consumers' personal data for a period of five years. [28]
In April 2022, NordVPN's parent company Nord Security raised $100 million in a round of funding led by Novator. The company's valuation reached $1.6 billion. [29] In September 2023, the company grew and raised more funding, making it valued at $3 billion. [30]
In 2022, Surfshark and Nord Security merged under one holding company. [31]
NordVPN routes users' internet traffic through a remote server run by the service, thereby hiding their IP address and encrypting all incoming and outgoing data. [32] For encryption, NordVPN has been using the OpenVPN and Internet Key Exchange v2/IPsec technologies in its applications [33] and also introduced its proprietary NordLynx technology in 2019. [34] NordLynx is a VPN tool based on the WireGuard protocol, which aims for better performance than the IPsec and OpenVPN tunneling protocols. [35] According to tests performed by Wired UK, NordLynx produces "speed boosts of hundreds of MB/s under some conditions." [36]
In April 2020, NordVPN announced the gradual roll-out of the WireGuard-based NordLynx protocol on all its platforms. [37] The wider implementation was preceded by a total of 256,886 tests, which included 47 virtual machines on nine different providers, in 19 cities, and eight countries. The tests showed higher average download and upload speeds than both OpenVPN and IKEv2.
NordVPN once used L2TP/IPSec and Point-to-Point Tunneling Protocol (PPTP) connections for routers, but these were later removed, as they were largely outdated and insecure.
NordVPN has desktop applications for Windows, macOS, and Linux, as well as mobile apps for Android and iOS and Android TV app. Subscribers also get access to encrypted proxy extensions for Chrome and Firefox browsers. [38] Subscribers can connect up to six devices simultaneously. [39] NordVPN has released their Linux client under the terms of the GPLv3 only. [40]
In November 2018, NordVPN claimed that its no-log policy was verified through an audit by PricewaterhouseCoopers AG. [41] [42]
In 2020, NordVPN underwent a second security audit by PricewaterhouseCoopers AG. The testing focused on NordVPN's Standard VPN, Double VPN, Obfuscated (XOR) VPN, P2P servers, and the product's central infrastructure. The audit confirmed that the company's privacy policy was upheld and the no-logging policy was followed. [43]
In 2021, NordVPN completed an application security audit, carried out by a security research group VerSprite. VerSprite performed penetration testing and, according to the company, found no critical vulnerabilities. One flaw and a few bugs that were found in the audit have since been patched. [44]
In October 2020, NordVPN started rolling out its first colocated servers in Finland to secure the hardware perimeter. The RAM-based servers are fully owned and operated by NordVPN in an attempt to keep full control. [45] [46]
In December 2020, NordVPN initiated a network-wide rollout of 10 Gbit/s servers, upgrading from the earlier 1 Gbit/s standard. The company's servers in Amsterdam and Tokyo were the first to support 10 Gbit/s, and by December 21, 2020, over 20% of the company's network had been upgraded. [47] [48]
In January 2022, NordVPN released an open-source VPN speed testing tool, available for download from GitHub. [49]
Besides general-use VPN servers, the provider offers servers for specific purposes, including P2P sharing, double encryption, and connection to the Tor anonymity network. [50] NordVPN offers three subscription plans: monthly, yearly and bi-yearly.
In November 2020, NordVPN launched a feature that scans the dark web to determine if a user's personal credentials have been exposed. When the Dark Web Monitor feature finds any leaked credentials, it sends a real-time alert, prompting the user to change the affected passwords. [51]
In February 2022, NordVPN introduced an antivirus functionality available as part of the regular VPN license. The opt-in Threat Protection feature blocks web trackers, warns users about malicious websites, and blocks downloaded files that contain malware. [52] As of March 2022, the feature is available on the Windows and macOS apps and works without connecting to a VPN server. [53]
In June 2022, NordVPN launched the Meshnet feature that allows users to create their own private network by linking up to 60 devices. Some of the promoted use cases include file sharing between different devices, multiplayer gaming, and virtual routing. [54]
Several publications, including Tom's Guide , [55] PC Magazine , [50] CNET, [56] and TechRadar [57] have reviewed NordVPN. Most noted that NordVPN's features such as choosing server location, and speed are good. They also noted the service's high price compared to others in the category.
On October 21, 2019, a security researcher disclosed on Twitter a server breach of NordVPN involving a leaked private key. [58] [59] [60] The cyberattack granted the attackers root access, which was used to generate an HTTPS certificate that enabled the attackers to perform man-in-the-middle attacks to intercept the communications of NordVPN users. [61] In response, NordVPN confirmed that one of its servers based in Finland was breached in March 2018, but there was no evidence of an actual man-in-the-middle attack ever taking place. [62] [63] The exploit was the result of a vulnerability in a contracted data center's remote administration system that affected the Finland server between January 31 and March 20, 2018. [62] Evidence suggests that when the data center became aware of the intrusion, all accounts that had caused the vulnerabilities were deleted and NordVPN was not notified about the mistake. [64] [65]
According to NordVPN, the data center disclosed the breach to NordVPN on April 13, 2019, and NordVPN ended its relationship with the data center. [63] In addition, experts state that there are no indications of any user’s private information such as user credentials, billing details or any other profile-related information being compromised during that event. [66] [67] [68] Security researchers and media outlets criticized NordVPN for failing to promptly disclose the breach after the company became aware of it. [60] [59] [69] NordVPN stated that the company initially planned to disclose the breach after it completed the audit of its 5,000 servers for any similar risks [60] and later put regular updates on its blog. [70]
On November 1, 2019, in a separate incident, it was reported that approximately 2,000 usernames and passwords of NordVPN accounts were exposed through credential stuffing. [71] [72]
In 2019, the Advertising Standards Authority (United Kingdom) (ASA) advised NordVPN not to repeat claims that public WiFi is so insecure it is equivalent to handing out your personal information to the people around you. [73] The ASA ruled that HTTPS already provides "a significant layer of security" and that the impression the ad gave that users were at a significant risk from data theft was erroneous. [74] In 2023, the ASA again ruled against NordVPN, this time over an advertisement which claimed NordVPN could "switch off... malware", holding that, in context, listeners were "likely to understand" it to mean the product would stop all malware, which NordVPN did not substantiate in response to the ASA. [75]
Private Internet Access (PIA) is a personal VPN service that allows users to connect to multiple locations. In 2018, former Mt. Gox CEO Mark Karpelès was named chief technology officer of PIA's parent company, London Trust Media. In November 2019, Private Internet Access was acquired by UK-based Kape Technologies.
Proton Mail is a Swiss end-to-end encrypted email service founded in 2013 headquartered in Plan-les-Ouates, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, Windows, macOS and Linux (beta) desktop apps and iOS and Android apps.
Onavo, Inc. was an Israeli mobile web analytics company that was purchased by Facebook, Inc., who changed the company's name to Facebook Israel. The company primarily performed its activities via consumer mobile apps, including the virtual private network (VPN) service Onavo Protect, which analysed web traffic sent through the VPN to provide statistics on the usage of other apps.
Norton, formerly known as Norton by Symantec, is a brand of Gen Digital co-headquartered in Tempe, Arizona and Prague, Czech Republic. Norton originally provided utility software for DOS, and currently offers a variety of products and services related to digital security, identity protection, and online privacy and utilities.
Mullvad is a commercial VPN service based in Sweden. Launched in March 2009, Mullvad operates using the WireGuard and OpenVPN protocols. It also supports Shadowsocks as a bridge protocol for censorship circumvention. Mullvad's VPN client software is released under the GPLv3, a free and open-source software license.
ExpressVPN is a prominent virtual private network (VPN) service designed to enhance users' online privacy and security. It provides encryption for web traffic and masks users' IP addresses to protect their personal information and browsing activities from potential surveillance and cyber threats.
Proton VPN is a VPN service launched in 2017 and operated by the Swiss company Proton AG, the company behind the email service Proton Mail. According to its official website, Proton VPN and Proton Mail share the same management team, offices, and technical resources, and are operated from Proton's headquarters in Plan-les-Ouates, Switzerland. On June 17, 2024 the company announced that it will be transitioning to a non-profit structure under the Proton Foundation.
HMA is a VPN service founded in 2005 in the United Kingdom. It has been a subsidiary of the Czech cybersecurity company Avast since 2016.
AdGuard is an ad blocking service for Microsoft Windows, Linux, MacOS, Android and iOS. AdGuard is also available as a browser extension.
KeepSolid VPN Unlimited is a personal virtual private network software product available for iOS, macOS, Android, Windows, and Linux.
PureVPN is a commercial VPN service owned by GZ Systems Ltd. Founded in 2007, the company is based in the British Virgin Islands.
Mozilla VPN is an open-source virtual private network developed by Mozilla. It launched in beta as Firefox Private Network on September 10, 2019, and officially launched on July 15, 2020, as Mozilla VPN.
NordPass is a proprietary password manager launched in 2019. It allows its users to organize their passwords and secure notes by keeping them in a single encrypted vault. NordPass, which operates on a freemium business model, was developed by the VPN service NordVPN.
Surfshark is a brand of VPN services offered by the Netherlands-based company Surfshark B.V.
Windscribe is a commercial, cross-platform virtual private network (VPN) service provider based in Canada.
A virtual private network (VPN) service provides a proxy server to help users bypass Internet censorship such as geo-blocking and users who want to protect their communications against data profiling or MitM attacks on hostile networks.
NordLayer, formerly known as NordVPN Teams, is a network access security service with applications for Microsoft Windows, macOS, Linux, Android and iOS. The software is marketed as a privacy and security tool running on zero trust architecture providing protection on hybrid and multi-cloud cloud environments.
PrivadoVPN is a VPN service provider with applications for Windows, macOS, Android, iOS, AndroidTV and Amazon Fire TV along with custom configuration support for routers and Linux. PrivadoVPN is based in Switzerland and operates under Swiss privacy laws.
Atlas VPN was a freemium VPN service provider, launched in 2019 with applications for Microsoft Windows, macOS, Linux, Android, iOS, Android TV, Apple TV, and Amazon Fire TV. It was discontinued in April 2024 and merged with NordVPN
Surfshark B.V. is a cybersecurity company established in 2018. It launched its first product, a Surfshark VPN in the same year. Surfshark also has various cybersecurity tools: a data leak detection system Surfshark Alert, a private search tool known Surfshark Search, and an antivirus named Surfshark Antivirus, a personal data removal service Incogni, a credential generator Alternative ID, and a Dedicated IP service.