Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I conduct my reviews, my methodology, etc – here. More information on review badges here.
This review’s roll was #81 (at the time of the roll, NordVPN)
Written Sep 3, 2016
Signing up for the service: Upon signing up for NordVPN service, I was sent an email containing my username, but not my password. After payment, CloudFlare redirected me to another page and at no point was I able to create a password afterwards either. I had to use reset password feature to have one emailed to me – this will come back later, so keep it in mind. When paying with paypal, you are not given the option to make a one time payment, and instead, you are automatically subscribed to recurring payments. I’ve mentioned before that this is an annoyance every time I see it.
Configuring the service: The first thing I did after logging in was visit the download area. This area is divided by platform, which at this point in the searching process is well structured. I was able to quickly download a full ovpn config file package zip for Linux, but when it came to Android, the website only allows downloading one file at a time. This means that you are forced to select the file you want from a list of thousands of files, each taking one line in the list. The files have a 2 character country code, from which you’re supposed to figure out the country being connected to. The easiest way to do this is have both the server list and the android config file download list open side by side. It’s a very clunky way to choose. There are many, many better ways to allow a customer to choose their config files. You are also never shown which PART of a country a given server is in. ca certs and tls files are separately downloaded and individually given by server – so the annoying step above of choosing your ovpn config file just got tripled, because now you have to hunt for the corresponding ca cert and tls files to boot. The process was very cumbersome overall. After setting up the connections, a VPN tunnel wouldn’t establish on any server I tried. I double and triple checked that there were no quirks (extra characters that needed added to the username, additional files that weren’t given, etc. I even checked against their official tutorial just in case, but couldn’t make a connection). I used their live chat support to resolve – from which you can read details below of how it was fixed. Suffice to say, the default configuration was borked for me. There is apparently a link buried in the Android setup tutorial where these files are available together in a package, but it’s not convenient or obvious.
Speed & Stability tests: A few things were off with these speed tests. Firstly, because NordVPN doesn’t tell you where a server is located, I wasn’t able to test the “closest” one to me, as I usually try to for the US server test to get a best case scenario. It’s very possible that they may have a faster server somewhere along the way, but because it looks like they focus on quantity over quality of servers, it’s impossible to know without trying all 300+ US exit nodes one at a time.
I rarely see speeds this slow across the board on desktop. For mobile, speeds were all over the place, but never really very impressive.
|Speed Tests – NordVPN – Desktop|
|No VPN||Trial 1||8||ms||97.28||mbps||11.24||mbps|
|Comp to Bench||+131||ms||5.36%||23.30%|
|Comp to Bench||+308||ms||2.10%||6.99%|
|Hong Kong||Trial 1||400||ms||0.00||mbps||0.00||mbps|
|Comp to Bench||+369||ms||1.39%||2.88%|
|Comp to Bench||+426||ms||1.02%||1.91%|
|Speed Tests – NordVPN – Mobile|
|No VPN||Trial 1||12||ms||74.99||mbps||14.52||mbps|
|Comp to Bench||+120||ms||14.05%||49.64%|
|Comp to Bench||+339||ms||4.30%||20.68%|
|Hong Kong||Trial 1||369||ms||1.63||mbps||2.14||mbps|
|Comp to Bench||+355||ms||9.07%||17.22%|
|Comp to Bench||+457||ms||2.77%||10.82%|
The Hong Kong and Australia servers were very hit and miss, as the tests would often hang up and never complete. Speeds being slow could be partially because of the strong, and often demanding level of encryption used (AES-256), as well as the protocol (TCP) – however, I wouldn’t expect ANYTHING like the slowness seen above. Note that this ISN’T an indictment on server performance necessarily, but on the low degree of informing the user of server detail when connecting manually.
After a few minutes, I was connected to “Ethan”, who asked if I had special characters in my password, which I did (as this was what NordVPN assigned to me automatically after a “forgot password – reset). He told me that I would have to change my password because special characters may not work. When I asked why I’d be assigned an invalid password, I got a canned, “Our team is working hard on fixing this issue right now. I’m sorry for your inconvenience.” response. Not impressed. The only reason I’m not doling out a stamp of shame here is because they were still able to resolve the issue (that they caused).
Getting a refund: I got back on live chat and spoke to “David”, to whom I requested a refund. After some typical due diligence type back and forth (offering to help troubleshoot, giving some suggestions, etc), David obliged and granted my refund request.
Final thoughts: As many other services do, NordVPN relies too heavily on affiliate marketing (native advertising/paid reviews, etc). Their resellers appear to refuse to provide full and prominent disclosure of their financial relationship with NordVPN (as most affiliates do unfortunately) and I couldn’t find evidence that they expect anything more from them. This is encouraging unethical behavior and is not in the best interest of their customers. Most commercial services do this – and it’s not okay.
NordVPN is an interesting case. On one hand, they have a very clear “no logs” policy, spelling out exactly what is NOT being logged, they only require an email address at most, offer anonymous payment methods, they do take many needed steps to be transparent and accommodating for user privacy. However, they fall just short of earning a “Privacy” badge due to using CloudFlare (although their main site SSL Cert is not signed to CF it’s involved somewhere as indicated by the browser scan and redirect), 3rd party non-private helpdesk/live chat systems, cookies, and a number of proprietary APIs.
Their service was very clunky to get started, and not user friendly or descriptive when it came to giving detail about the servers, their locations, or requirements to connect. The site was a mess when it came to downloading Android config. files as well. I wouldn’t recommend the service based on what I saw, despite the hype I usually see online. It’s not the worst service I’ve used, but given their love of affiliate marketing – you might think twice the next time you see someone recommend NordVPN.
|FROM THE VPN COMPARISON CHART|
|JURISDICTION||Based In (Country)||Panama|
|Enemy of the Internet||No|
|Logs DNS Requests|
|Logs IP Address||No|
|ACTIVISM||Anonymous Payment Method|
|PGP Key Available||Yes|
|Meets PrivacyTools IO Criteria||Yes|
|LEAK PROTECTION||1st Party DNS Servers||Yes|
|IPv6 Supported / Blocked||No|
|Supports TCP Port 443|
|Supports SSL Tunnel||Yes|
|Supports SSH Tunnel|
|Other Proprietary Protocols|
|PORT BLOCKING||Auth SMTP||No|
|SPEEDS||US Server Average %||5.36|
|Int’l Server Average %||1.5|
|SERVERS||Dedicated or Virtual|
|SECURITY||Default Data Encryption||AES-256|
|Strongest Data Encryption||AES-256|
|Weakest Handshake Encryption|
|Strongest Handshake Encryption||RSA-2048|
|AVAILABILITY||# of Connections||6|
|# of Countries||41|
|# of Servers||475|
|Linux Support (Manual)||Yes|
|WEBSITE||# of Persistent Cookies||5|
|# of External Trackers||1|
|# of Proprietary APIs||3|
|Server SSL Rating||A|
|SSL Cert issued to||Self|
|PRICING||$ / Month (Annual Pricing)||$4.00|
|$ / Connection / Month||$0.67|
|Refund Period (Days)||30|
|ETHICS||Contradictory Logging Policies|
|Falsely Claims 100% Effective||Yes|
|Incentivizes Social Media Spam|
|Requires Ethical Copy||No|
|Requires Full Disclosure||No|
|AFFILIATES||Practice Ethical Copy|
|Give Full Disclosure||No|
If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.