NordVPN Review

Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support.  Readers can learn more about how I conduct my reviews, my methodology, etc – here.  More information on review badges here.

This review’s roll was #81 (at the time of the roll, NordVPN)

 

Written Sep 3, 2016

Signing up for the service: Upon signing up for NordVPN service, I was sent an email containing my username, but not my password.  After payment, CloudFlare redirected me to another page and at no point was I able to create a password afterwards either.  I had to use reset password feature to have one emailed to me – this will come back later, so keep it in mind.  When paying with paypal, you are not given the option to make a one time payment, and instead, you are automatically subscribed to recurring payments.  I’ve mentioned before that this is an annoyance every time I see it.

website-bad

 

Configuring the service: The first thing I did after logging in was visit the download area.  This area is divided by platform, which at this point in the searching process is well structured.  I was able to quickly download a full ovpn config file package zip for Linux, but when it came to Android, the website only allows downloading one file at a time.  This means that you are forced to select the file you want from a list of thousands of files, each taking one line in the list.  The files have a 2 character country code, from which you’re supposed to figure out the country being connected to.  The easiest way to do this is have both the server list and the android config file download list open side by side.  It’s a very clunky way to choose.  There are many, many better ways to allow a customer to choose their config files.  You are also never shown which PART of a country a given server is in.  ca certs and tls files are separately downloaded and individually given by server – so the annoying step above of choosing your ovpn config file just got tripled, because now you have to hunt for the corresponding ca cert and tls files to boot.  The process was very cumbersome overall.  After setting up the connections, a VPN tunnel wouldn’t establish on any server I tried.  I double and triple checked that there were no quirks (extra characters that needed added to the username, additional files that weren’t given, etc.  I even checked against their official tutorial just in case, but couldn’t make a connection).  I used their live chat support to resolve – from which you can read details below of how it was fixed.  Suffice to say, the default configuration was borked for me.  There is apparently a link buried in the Android setup tutorial where these files are available together in a package, but it’s not convenient or obvious.

broken

 

Speed & Stability tests: A few things were off with these speed tests.  Firstly, because NordVPN doesn’t tell you where a server is located, I wasn’t able to test the “closest” one to me, as I usually try to for the US server test to get a best case scenario.  It’s very possible that they may have a faster server somewhere along the way, but because it looks like they focus on quantity over quality of servers, it’s impossible to know without trying all 300+ US exit nodes one at a time.

I rarely see speeds this slow across the board on desktop.  For mobile, speeds were all over the place, but never really very impressive.

 

Speed Tests – NordVPN – Desktop
    Latency Download Upload
No VPN Trial 1 8 ms 97.28 mbps 11.24 mbps
Trial 2 9 ms 97.97 mbps 11.91 mbps
Trial 3 8 ms 97.53 mbps 11.91 mbps
Average 8 ms 97.59 mbps 11.69 mbps
               
US Trial 1 138 ms 5.33 mbps 2.77 mbps
Trial 2 144 ms 5.28 mbps 2.69 mbps
Trial 3 136 ms 5.07 mbps 2.71 mbps
Average 139 ms 5.23 mbps 2.72 mbps
Comp to Bench +131 ms 5.36% 23.30%
               
UK Trial 1 325 ms 2.33 mbps 0.91 mbps
Trial 2 312 ms 2.00 mbps 0.50 mbps
Trial 3 312 ms 1.81 mbps 1.04 mbps
Average 316 ms 2.05 mbps 0.82 mbps
Comp to Bench +308 ms 2.10% 6.99%
               
Hong Kong Trial 1 400 ms 0.00 mbps 0.00 mbps
Trial 2 368 ms 2.08 mbps 0.00 mbps
Trial 3 365 ms 1.99 mbps 1.01 mbps
Average 378 ms 1.36 mbps 0.34 mbps
Comp to Bench +369 ms 1.39% 2.88%
               
Australia Trial 1 422 ms 1.53 mbps 0.30 mbps
Trial 2 432 ms 0.00 mbps 0.00 mbps
Trial 3 449 ms 1.46 mbps 0.37 mbps
Average 434 ms 1.00 mbps 0.22 mbps
Comp to Bench +426 ms 1.02% 1.91%

 

Speed Tests – NordVPN – Mobile
    Latency Download Upload
No VPN Trial 1 12 ms 74.99 mbps 14.52 mbps
Trial 2 8 ms 75.30 mbps 14.32 mbps
Trial 3 12 ms 74.12 mbps 14.49 mbps
Average 11 ms 74.80 mbps 14.44 mbps
               
US Trial 1 128 ms 4.08 mbps 6.87 mbps
Trial 2 138 ms 4.15 mbps 7.63 mbps
Trial 3 126 ms 23.31 mbps 7.01 mbps
Average 131 ms 10.51 mbps 7.17 mbps
Comp to Bench +120 ms 14.05% 49.64%
               
UK Trial 1 299 ms 1.89 mbps 2.21 mbps
Trial 2 354 ms 5.99 mbps 3.72 mbps
Trial 3 395 ms 1.78 mbps 3.03 mbps
Average 349 ms 3.22 mbps 2.99 mbps
Comp to Bench +339 ms 4.30% 20.68%
               
Hong Kong Trial 1 369 ms 1.63 mbps 2.14 mbps
Trial 2 365 ms 10.32 mbps 2.76 mbps
Trial 3 364 ms 8.40 mbps 2.56 mbps
Average 366 ms 6.78 mbps 2.49 mbps
Comp to Bench +355 ms 9.07% 17.22%
               
Australia Trial 1 405 ms 1.41 mbps 1.86 mbps
Trial 2 407 ms 1.47 mbps 1.72 mbps
Trial 3 590 ms 3.34 mbps 1.11 mbps
Average 467 ms 2.07 mbps 1.56 mbps
Comp to Bench +457 ms 2.77% 10.82%

 

The Hong Kong and Australia servers were very hit and miss, as the tests would often hang up and never complete.  Speeds being slow could be partially because of the strong, and often demanding level of encryption used (AES-256), as well as the protocol (TCP) – however, I wouldn’t expect ANYTHING like the slowness seen above.  Note that this ISN’T an indictment on server performance necessarily, but on the low degree of informing the user of server detail when connecting manually.

 

Getting support:  After not being able to connect above, I contacted support via the site’s live chat feature.  I do like live chat when a service provides it – when it’s good.  Some services rely on third party ticketing/helpdesk systems that require the use of cookies and other widgets and so forth.  NordVPN uses one such service, in which you are forced to turn off privacy badger (or other cookie blocking browser plugins) in order to use the live chat.  I don’t appreciate this from a privacy standpoint at all.

After a few minutes, I was connected to “Ethan”, who asked if I had special characters in my password, which I did (as this was what NordVPN assigned to me automatically after a “forgot password – reset).  He told me that I would have to change my password because special characters may not work.  When I asked why I’d be assigned an invalid password, I got a canned, “Our team is working hard on fixing this issue right now. I’m sorry for your inconvenience.” response.  Not impressed.  The only reason I’m not doling out a stamp of shame here is because they were still able to resolve the issue (that they caused).

 

Getting a refund:  I got back on live chat and spoke to “David”, to whom I requested a refund.  After some typical due diligence type back and forth (offering to help troubleshoot, giving some suggestions, etc), David obliged and granted my refund request.

 

Concerns in Terms & Conditions / Privacy Policy: NordVPN’s terms aren’t exactly elegant, but neither are they obtuse.  Nothing offensive as far as I can see.  They do a pretty good job of explaining their privacy policies and exactly what is and isn’t retained from the user.  I’ve seen much much worse.  Overall, not bad.

 

Final thoughts: As many other services do, NordVPN relies too heavily on affiliate marketing (native advertising/paid reviews, etc).  Their resellers appear to refuse to provide full and prominent disclosure of their financial relationship with NordVPN (as most affiliates do unfortunately) and I couldn’t find evidence that they expect anything more from them.  This is encouraging unethical behavior and is not in the best interest of their customers.  Most commercial services do this – and it’s not okay.

shady

NordVPN is an interesting case.  On one hand, they have a very clear “no logs” policy, spelling out exactly what is NOT being logged, they only require an email address at most, offer anonymous payment methods, they do take many needed steps to be transparent and accommodating for user privacy.  However, they fall just short of earning a “Privacy” badge due to using CloudFlare (although their main site SSL Cert is not signed to CF it’s involved somewhere as indicated by the browser scan and redirect), 3rd party non-private helpdesk/live chat systems, cookies, and a number of proprietary APIs.

Their service was very clunky to get started, and not user friendly or descriptive when it came to giving detail about the servers, their locations, or requirements to connect.  The site was a mess when it came to downloading Android config. files as well.  I wouldn’t recommend the service based on what I saw, despite the hype I usually see online.  It’s not the worst service I’ve used, but given their love of affiliate marketing – you might think twice the next time you see someone recommend NordVPN.

 

FROM THE VPN COMPARISON CHART
CATEGORY VPN SERVICE NordVPN
JURISDICTION Based In (Country) Panama
Fourteen Eyes? No
Enemy of the Internet No
LOGGING Logs Traffic No
Logs DNS Requests
Logs Timestamps No
Logs Bandwidth No
Logs IP Address No
ACTIVISM Anonymous Payment Method Email
Accepts Bitcoin Yes
PGP Key Available Yes
Meets PrivacyTools IO Criteria Yes
LEAK PROTECTION 1st Party DNS Servers Yes
IPv6 Supported / Blocked No
  Offers OpenVPN Yes
OBFUSCATION Supports Multihop Yes
Supports TCP Port 443
Supports Obfsproxy Yes
Supports SOCKS Yes
Supports SSL Tunnel Yes
Supports SSH Tunnel
Other Proprietary Protocols
PORT BLOCKING Auth SMTP No
P2P Some
SPEEDS US Server Average % 5.36
Int’l Server Average % 1.5
SERVERS Dedicated or Virtual
SECURITY Default Data Encryption AES-256
Strongest Data Encryption AES-256
Weakest Handshake Encryption
Strongest Handshake Encryption RSA-2048
AVAILABILITY # of Connections 6
# of Countries 41
# of Servers 475
Linux Support (Manual) Yes
WEBSITE # of Persistent Cookies 5
# of External Trackers 1
# of Proprietary APIs 3
Server SSL Rating A
SSL Cert issued to Self
PRICING $ / Month (Annual Pricing) $4.00
$ / Connection / Month $0.67
Free Trial Yes
Refund Period (Days) 30
ETHICS Contradictory Logging Policies
Falsely Claims 100% Effective Yes
Incentivizes Social Media Spam
POLICIES Forbids Spam No
Requires Ethical Copy No
Requires Full Disclosure No
AFFILIATES Practice Ethical Copy
Give Full Disclosure No

 

If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.