NordVPN is a ShitVPN

james

Jan 10, 2021 • 5 min read

Ever heard of the name, “NordVPN”? I’m sure you have because they advertise like crazy using YouTubers and real-life ads to gain exposure. They’re basically the most well-known VPN out there right now due to their huge marketing budget. What if I told you NordVPN isn’t who they claim to be?

Disclaimer: This post is not sponsored by any company or entity.

Reasons to look for an alternative

NordVPN Was Hacked

Not many people know about this, but NordVPN was compromised back in 2018. They didn’t announce this until the next year.

The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN.

Nord had inadequate security measures which lead to them exposing this internal private key. The exposure of this key meant that an attacker could have potentially gained access to sensitive user data, including internet traffic logs.

Despite being audited prior to the announcement of the breach, the auditors did not uncover the data leak. NordVPN has since taken down the full audit PDF, but a source provided a copy of the document that confirmed no vulnerabilities were discovered.

To make matters worse, NordVPN had not encrypted the hard disks of their VPN servers, a basic security measure that they only began implementing after the incident. They announced this in an official video.

NordVPN Leaked Account Details

A user submitted a bug report to NordVPN on December 4th, 2019, alerting them that user account information, including payment details, could be accessed using a simple POST request. This means that by sending a specific request to a NordVPN endpoint, users could potentially access another user’s email address, payment URL, currency, and other information.

NordVPN Has Ties With A Data Mining Company

In a ZDNet article, the author discusses the CEO of NordSec, the parent company of NordVPN, named Tom Okman. The article raises questions about Okman and NordSec's involvement with Tesonet, a large company that specializes in providing business solutions. Tesonet offers advisory support to partner companies in various fields, such as performance-based marketing, sales, technical support, recruitment, cybersecurity, machine learning, and business hosting.

A deleted post on Best10VPN.com, which is accessible via the Wayback Machine, provided evidence suggesting that NordVPN is owned by Tesonet. The post cited examples such as NordVPN processing payments on PayPal through a company called CloudVPN Inc. Upon researching Tesonet's IP addresses online, results showed that CloudVPN was affiliated with Tesonet.

Search Results Showing CloudVPN is Tesonet

Another point of evidence was that CloudVPN had control over NordVPN's development in 2017. Additionally, on the "Additional Information" section of the NordVPN app for Android available on Google Play, CloudVPN's office was listed as the official office address for NordVPN.

CloudVPN Office Listed On NordVPN's Site in 2017

They Conduct Price Discrimination

Another user and I conducted an investigation on the NordVPN website in the Windscribe Discord Server. We observed unusual behavior where the pricing and discounts on the front page would randomly fluctuate. At times, it would display a 68% discount, while other times it would show a lower discount rate. Upon examining the cookies on nordvpn.com, we discovered that altering a cookie would modify the discount shown on the site and the checkout page. This suggested that NordVPN was offering different prices to different users.

User Discovering NordVPN's Changing Discount

In addition, I made a recent discovery that NordVPN modifies plan details and pricing offers based on a cookie known as the "experiment" cookie. Changing the value of this cookie to a specific string grants access to "Nord Premium," which is a package bundle comprising NordVPN, NordLocker, and NordPass for $90/year. While this may appear to be a good deal, the catch is that other subscription lengths are stripped down. The 1-year and 1-month plan lengths are referred to as "Nord Essentials" and "Nord Standard," respectively, which are simplified versions of regular NordVPN. For instance, instead of allowing 6 connections, Essentials only permits 1 for the same price as normal NordVPN.

What's really unfortunate is that people use NordVPN to avoid price discriminations like this, but in reality, they're not escaping anything.

NordVPN Shares Your Information With Facebook

In August 2020, a Reddit user with the username GildedGrizzly posted screenshots to r/VPN from their Facebook "off-site activity" section. The screenshots revealed that Facebook had knowledge of the user's use of NordVPN.

One of the last things I expected to see there was Nord VPN, I service I started using because I wanted to take more control of my online privacy. In the linked screenshot there are 2 different mentions of Nord VPN, but there's a third farther down the list. I downloaded my data from Facebook's data downloader, and it looks like the activity that Nord shared with Facebook was limited to me going to their website and activating apps.

It appears that NordVPN shared this user's information with Facebook, despite the fact that users utilize NordVPN to evade tracking and protect their privacy from such abuses. However, NordVPN seems to have disregarded this concern.

Conclusion

After conducting thorough research into NordSec's history, it is evident that the company has a dubious past. As a service that markets itself as the leading VPN provider, this discovery is shocking. In my opinion, the evidence presented suggests that NordVPN is either a data-mining operation or grade A clowns who have no idea what they're doing.

I highly recommend using another provider and conducting your own research into the company's background. Additionally, it is crucial not to rely solely on advertisements or sponsored segments on YouTube. Trust must be verified.