Ever heard of the name, “NordVPN”? I’m sure you have because they advertise like crazy using YouTubers and real-life ads to gain exposure. They’re basically the most well-known VPN out there right now due to their huge marketing budget. What if I told you NordVPN isn’t who they claim to be?
Disclaimer: This post is not sponsored by any company or entity.
Why You Should Stay The Fuck Away
NordVPN Was Hacked
Not many people know about this, but NordVPN was compromised back in 2018. They didn’t announce this until the next year.
The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN.
Nord had inadequate security measures which lead to them exposing this internal private key. The exposure of this key meant that a malicious entity could have accessed sensitive user data, such as internet traffic logs.
What's funny, however, is how NordVPN was audited before they announced the breach, yet the auditors did not find out about the data leak. Sadly, NordVPN took down the full audit PDF, which used to be available here, but a source was able to provide me the full audit. For their sake, I will not be mentioning the person who handed me the document, but I can confirm that the auditors did not find any vulnerabilities.
Moreover, adding to the dumpster fire this incident was, NordVPN didn't even encrypt the hard disks of their VPN servers. You'd think this is a basic practice that all providers should do, but for some odd reason, they didn't. Announced in this official NordVPN video, they "now encrypt the hard disk of each new server". Ironic because they promote encryption, lol.
NordVPN Leaked Account Details
On December 4th 2019, a user submitted a bug report alerting NordVPN that user account information, including payment details, could be accessed using a simple POST request. When sending a specific request to a NordVPN endpoint, users could find another user’s email address, currency, payment URL and among other information.
NordVPN Has Ties With A Data Mining Company
In a ZDNet article, the author discusses Tom Okman, the CEO of NordSec, the parent company of NordVPN. They talk about how Okman and the company have involvements with a company called Tesonet. Tesonet is a large company that specializes in business solutions. It provides its partner companies with advisory support in different fields, including performance-based marketing, sales, technical support, recruitment, cybersecurity, machine learning, and business hosting.
Mentioned in a deleted post by Best10VPN.com accessible via the Wayback Machine, the author goes in depth about evidence suggesting NordVPN is owned by Tesonet.
For example, one of the proofs provided was that NordVPN processed payments on PayPal through their company called CloudVPN Inc. When searching up Tesonet's IP addresses online, results would come up showing that CloudVPN is affiliated with Tesonet, which you can see below.
Another point was that CloudVPN controlled NordVPN's development in 2017. On the Google Play "Additional Information" section of the Nord app for Android, CloudVPN's office was listed as Nord's official office address.
There is some more evidence which you can go through yourself in the original article I hyperlinked above in this section.
They Conduct Price Discrimination
In the Windscribe Discord Server another user and I did some investigation on the NordVPN website. We were noticing weird behaviour where the pricing and discounts would change at random on the frontpage. Sometimes it would be 68% off while sometimes it would be less. Looking at the cookies on nordvpn.com, we uncovered that changing a cookie would also change the discount shown on the site and the checkout page. They were giving different users different prices.
Furthermore, a more recent discovery I made revealed that NordVPN changes plan details and pricing offers based on another cookie called the “experiment” cookie. Changing its value to a specific string will unlock “Nord Premium”. Nord Premium is a package bundle with NordVPN, NordLocker and NordPass for $90/yr. This might sound good to you, but the catch is the other subscription lengths are stripped down. The 1 year and 1 month plan lengths are called “Nord Essentials” and "Nord Standard" which are stripped down versions of regular NordVPN. For example, instead of allowing 6 connections, Essentials only allows 1 for the same price of normal NordVPN. This is basically a scam in my opinion.
What's really unfortunate is that people use NordVPN to avoid price discriminations like this, but in reality, they're not escaping anything.
NordVPN Shares Your Information With Facebook
In August 2020, a Reddit user by the name of GildedGrizzly posted to r/VPN/ screenshots from their Facebook "off-site activity" section. They shared screenshots showing that Facebook knew that they used NordVPN.
One of the last things I expected to see there was Nord VPN, I service I started using because I wanted to take more control of my online privacy. In the linked screenshot there are 2 different mentions of Nord VPN, but there's a third farther down the list. I downloaded my data from Facebook's data downloader, and it looks like the activity that Nord shared with Facebook was limited to me going to their website and activating apps.
It seems apparent that NordVPN shared this user's information to Facebook. Users use NordVPN to evade tracking and privacy abuses such as this one, but Nord doesn't care.
NordVPN’s Setup App Had Malware
Detected by 8 anti-malware solutions, including Microsoft Defender and ESET a few months ago in 2020, NordVPNSetup.exe contained Presenoker malware. VirusTotal highlights the detections of these 8 engines and demonstrates that the Windows installer could have had potential malware. This was an official program released by NordVPN themselves.
Here is another report on the infected NordVPN Installer.
Edit Nov 13, 2022: These engines often show false positives, so take this point with a grain of salt.
NordVPN Opted Out of Wayback Machine Crawling
When searching “nordvpn.com” in the Wayback Machine users will see an error saying the following:
This URL has been excluded from the Wayback Machine.
NordVPN asked Archive.org to not crawl its webpage for archival purposes. This is suspicious and could mean that they are trying to hide their past.
NordSec is a shady company with a lot of suspicious history. After doing thorough research about the company's past, I was shocked. A service that brands itself as the leading VPN provider was actually a fraud. To me, the above proof makes NordVPN either two things:
- A data-mining operation or a honeypot;
- Grade A clowns who have no idea what they're doing.
They're either too smart or too dumb for their own good. In any case, it is idiotic to use Nord's services if you care about privacy. I highly recommend using another provider and to do your own research about their company's background. As well, don't listen to advertisements or sponsored segments on YouTube. Don't trust, verify.
- NordVPN - Homepage
- YouTube - NordVPN Hacked? What Really Happened
- ZDNet - Meet NordSec: The company behind NordVPN wants to be your one-stop privacy suite
- Hybrid Analysis
- Tesonet - Homepage
- Tesonet - About
- VPN Mentor -
Is NordVPN Safe? 2 Examples That Would Answer That
- HackerOne #752402
- HackerOne #781238
- HackerOne #803141
- HackerOne #751577
- TechCrunch - NordVPN confirms it was hacked
- BestVPN.co - NordVPN Gets Audited by PwC Switzerland for the Second Time!
- Best10VPN.com -
Proof that NordVPN is Owned by Data Mining Company Tesonet
- r/VPN - Nord VPN shares information with Facebook