Earlier this year the damaging news shook the VPN industry when a data-leak revealed that seven Hong Kong-based free VPN service providers have been logging data on their servers, even though promising a no-logs service - you can read more on the issue here.
For a long time, VPNs functioned on a trust basis. Users put faith in their chosen VPN service provider to not store any logs, and transparent providers did their best to live up to the promise of online privacy. However, this is not the case anymore. Over time numerous procedures were developed to ensure the users their service is genuinely logs-free.
At NordVPN user trust and privacy is our paramount mission, and in this article, we'd like to outline the exact steps we've taken to ensure our servers are secure, fast, and keep no-logs.
Jurisdiction matters
When talking about user privacy and server security, there's always a lot of configuration involved. It will be discussed later in the article. But there's one crucial aspect that has little to do with technology - it's the jurisdiction that a VPN service provider operates in.
Depending on its geographical location, a VPN service provider can be forced to log data by request of the authorities. Moreover, the 14-eyes countries alliance collects and shares information, and any VPN located in one of those can be requested to log and provide logs.
That's why NordVPN chose Panama as its base of operations. This country is not a member of the 14-eyes alliance and is known as an Eden's garden for privacy related companies. Which means we are not obliged by any laws to store user-data on our servers and can guarantee user privacy that a no-logs VPN service provides.
RAM-only servers
One way to secure user privacy is to ensure no data can be stored on the servers in the first place. And one way to do it is to change server infrastructure to RAM-only servers. In simple words, RAM is short-term device memory, it's much faster than solid-state or hard-disk drives and doesn't hold data for so long.
In this particular case, it was a perfect solution for our users. Not only do they get a server infrastructure that is unable to log any data by design, but RAM-only servers are also faster than the regular ones, so we moved all of our servers to this structure. Therefore, even if a server got seized, there wouldn't be any information to extract from it in the first place.
Colocated servers
When you're handling infrastructure of 5400+ servers, the job of administering each and every one of them is no easy task. Providing servers all around the world are necessary to guarantee such important VPN features as access to restricted content, freedom of speech, and right to privacy. However, it poses a challenge of having to deal with numerous server renting companies in various countries, which we carefully selected to provide the service of sufficient quality.
Colocated servers, on the other hand, bypass the need to interact with other business units, and prevent possible third-party failures from happening. Colocated NordVPN servers are owned and managed solely by NordVPN, and we have already launched our first colocated servers in Finland. In the future, we're planning to move all our servers to colocated ones, which will be secured and cared for by our trusted team of cybersecurity specialists.
Server variety
VPNs let you bypass geographical restrictions, avoid ISP speed throttling, assure more private browsing, among other use cases. Any one-type of server can't excel in all of these things, that's why we have separated and reconfigured some of them to be good at one thing upon users requests.
Right now, users can choose between 5 different types of servers:
P2P servers for fast and private peer-to-peer traffic;
How NordVPN servers work
NordVPN servers have been designed to assure user privacy, good connection speeds, and to function with the bare minimum of user data. That’s why authentication servers verify bare minimum user information, such as user’ credentials - that’s how we identify our valid users.
First of all, authentication servers verify the user credentials, check their subscription status, and whether the user has reached the limit of concurrent simultaneous connections. After verification is done the user can connect to one of our servers - both of these processes and communication between devices are encrypted. From this point on, we do not see any online activities, and after the session is done, the data is wiped clean because of RAM-only server structure.
Upon leaving NordVPN server to its destination, the data-flow is decrypted and routed to the Internet through the NAT/Firewall for a secure connection. Furthermore, once the traffic is sent to its target destination, it has an assigned shared IP address, which makes the possibility to trace online activities back to a specific user an extremely difficult task.
Last but not least, we have also cooperated with an independent auditing firm, who audited our servers twice - once in November 2018, once in May 2020 - and verified that NordVPN is a genuinely no-logs VPN service provider.
We hope this clarifies the steps we took to ensure our user privacy.
NordVPN was developed by Nord Security, a multinational company offering everyday cybersecurity solutions. With a growing global user base of 14 million, NordVPN is a leader among VPN providers. To protect user privacy, NordVPN operates out of Panama — a jurisdiction without data retention laws.
The company has recently been taking big steps towards becoming “more than just a VPN,” with the launch of several features beyond your regular virtual private network.
One such feature is Threat Protection, offering ad and tracker blocking and protection against malware.
Nord Security offers several other cybersecurity products:
NordPass — an encrypted password manager
NordLocker — file encryption and storage
NordLayer — a VPN for businesses
NordVPN has three pricing plans: 2-year, 1-year, and monthly. The 2-year plan offers the best value at $3.29/month for two years (taken as one payment of $78.96).
The 1-year plan is the second-best option for value, offering 39% off right now. You’ll pay $59.88, amounting to $4.99 per month.
You can also pay monthly, but the cost increases to $11.99/month. NordVPN often has special deals and discounts, especially with the 2-year subscription plans.
All plans come with a 30-day money-back guarantee that’ll guarantee a full refund if you’re unhappy with the service.
NordVPN offers 24/7 customer support that helps users solve any issues and make the most of their cybersecurity products. You can reach the support team via chat or email.
For more information about NordVPN’s products and services and cybersecurity news, visit the NordVPN blog. You’ll find answers to your technical questions on how to use NordVPN in the FAQ section.