NordVPN: Difference between revisions

NordVPN
Basic information
Founded	2012
Legal structure	Subsidiary
Industry	Cybersecurity
Official website	https://nordvpn.com

← Older edit Newer edit →

VisualWikitext

Revision as of 12:59, 27 October 2025

❗Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

NordVPN is a Virtual Private Network service provider owned by Nord Security. NordVPN heavily advertises on popular tech YouTube channels. NordVPN operates worldwide, with offices in the United Kingdom, the Netherlands, Poland, Germany, the United States, Lithuania, Switzerland, and Panama.

Controversies

Subscription Renewal Practices

A class action lawsuit has been proposed on November 19, 2024 accusing NordVPN and its developer Nord Security of using deceptive and illegal subscription renewal practices.^[1]

Privacy concerns

Due to current laws, United States intelligence agencies are prohibited from spying on American citizens' communications, including internet traffic (with some expanding exceptions).^[2] However, internet traffic that exits the country is legally subject to interception and decryption. This includes VPN providers that route traffic outside the United States. As a result, using a VPN may inadvertently expose users to surveillance by U.S. intelligence agencies. No international VPN providers disclose this risk to their customers. It is entirely legal for U.S. intelligence agencies to break encryption, perform man-in-the-middle attacks, or employ other methods to weaken encryption on data crossing international borders.

If data passes international borders it is subject to "bulk collection" by the Intelligence Community because of Executive Order 12333.^[3]

Tracking inside App

An analysis by German privacy blogger and activist Mike Kuketz found third party tracking services embedded into the apps of five different VPN services, including three in NordVPN's app (AppsFlyer, Google Crashlytics, and Google Firebase Analytics).^[4]

When confronted with the allegations, NordVPN denied the allegations, answering with statements about the website instead of the smarphone app. Kuketz then conducted his own in-depth analysis of the app's traffic (his initial analysis was based on data from the Exodus Privacy Project), revealing that at least two of the trackers were indeed present.

Confronted with the results, the company spoke of a "misunderstanding", which Kuketz describes as "not very convincing".

He further notes that NordVPN's PR manager is using a NordVPN e-mail address which is hosted by Google, meaning any e-mail communication with the company over the same channels would be fully exposed to the advertising giant's data collection.^[5]

Consumer friendly alternatives

References

↑ Rizzi, C. (2024, November 20). NordVPN lawsuit filed over allegedly illegal automatic subscription renewal practices. ClassAction.org. Retrieved May 24, 2025, from https://www.classaction.org/news/nordvpn-lawsuit-filed-over-allegedly-illegal-automatic-subscription-renewal-practices
↑ "Electronic Communications Privacy Act of 1986 (ECPA)". Office of Justice Programs. Retrieved 25 Mar 2025.{{cite web}}: CS1 maint: url-status (link)
↑ Goitein, Elizabeth (15 Feb 2022). "How the CIA Is Acting Outside the Law to Spy on Americans". Brennan Center. Retrieved 26 Mar 2025.{{cite web}}: CS1 maint: url-status (link)
↑ Kuketz, Mike (2025-09-29). "VPN-Apps: Wenn »Sicherheits-Apps« selbst zum Risiko werden [VPN-Apps: When "Security-Apps" themselves become a risk]". Kuketz IT-Security. Retrieved 2025-10-27.
↑ Kuketz, Mike (2025-10-20). "NordVPN bestreitet den Einsatz von Trackern – Doch ein App-Mitschnitt zeigt ein anderes Bild [NordVPN denies use of trackers – but an analysis of the app's traffic paints a different picture]". Kuketz IT-Security. Retrieved 2025-10-27.

[1] Rizzi, C. (2024, November 20). NordVPN lawsuit filed over allegedly illegal automatic subscription renewal practices. ClassAction.org. Retrieved May 24, 2025, from https://www.classaction.org/news/nordvpn-lawsuit-filed-over-allegedly-illegal-automatic-subscription-renewal-practices

[2] "Electronic Communications Privacy Act of 1986 (ECPA)". Office of Justice Programs. Retrieved 25 Mar 2025.{{cite web}}: CS1 maint: url-status (link)

[3] Goitein, Elizabeth (15 Feb 2022). "How the CIA Is Acting Outside the Law to Spy on Americans". Brennan Center. Retrieved 26 Mar 2025.{{cite web}}: CS1 maint: url-status (link)

[4] Kuketz, Mike (2025-09-29). "VPN-Apps: Wenn »Sicherheits-Apps« selbst zum Risiko werden [VPN-Apps: When "Security-Apps" themselves become a risk]". Kuketz IT-Security. Retrieved 2025-10-27.

[5] Kuketz, Mike (2025-10-20). "NordVPN bestreitet den Einsatz von Trackern – Doch ein App-Mitschnitt zeigt ein anderes Bild [NordVPN denies use of trackers – but an analysis of the app's traffic paints a different picture]". Kuketz IT-Security. Retrieved 2025-10-27.

[1]

[2]

[3]

[4]

[5]

@@ Line 22: / Line 22: @@
 If data passes international borders it is subject to "bulk collection" by the Intelligence Community because of Executive Order 12333.<ref>{{Cite web |last=Goitein |first=Elizabeth |date=15 Feb 2022 |title=How the CIA Is Acting Outside the Law to Spy on Americans |url=https://www.brennancenter.org/our-work/analysis-opinion/how-cia-acting-outside-law-spy-americans |url-status=live |access-date=26 Mar 2025 |website=Brennan Center}}</ref>
+=== Tracking inside App ===
+An analysis by German privacy blogger and activist Mike Kuketz found third party tracking services embedded into the apps of five different VPN services, including three in NordVPN's app (AppsFlyer, Google Crashlytics, and Google Firebase Analytics).<ref>{{Cite web |last=Kuketz |first=Mike |date=2025-09-29 |title=VPN-Apps: Wenn »Sicherheits-Apps« selbst zum Risiko werden [VPN-Apps: When "Security-Apps" themselves become a risk] |url=https://www.kuketz-blog.de/vpn-apps-wenn-sicherheits-apps-selbst-zum-risiko-werden/ |access-date=2025-10-27 |website=Kuketz IT-Security}}</ref>
+When confronted with the allegations, NordVPN denied the allegations, answering with statements about the website instead of the smarphone app. Kuketz then conducted his own in-depth analysis of the app's traffic (his initial analysis was based on data from the [https://exodus-privacy.eu.org/en/ Exodus Privacy Project]), revealing that at least two of the trackers were indeed present.
+Confronted with the results, the company spoke of a "misunderstanding", which Kuketz describes as "not very convincing".
+He further notes that NordVPN's PR manager is using a NordVPN e-mail address which is hosted by Google, meaning any e-mail communication with the company over the same channels would be fully exposed to the advertising giant's data collection.<ref>{{Cite web |last=Kuketz |first=Mike |date=2025-10-20 |title=NordVPN bestreitet den Einsatz von Trackern – Doch ein App-Mitschnitt zeigt ein anderes Bild [NordVPN denies use of trackers – but an analysis of the app's traffic paints a different picture] |url=https://www.kuketz-blog.de/nordvpn-bestreitet-den-einsatz-von-trackern-doch-ein-app-mitschnitt-zeigt-ein-anderes-bild/ |access-date=2025-10-27 |website=Kuketz IT-Security}}</ref>
 ==Consumer friendly alternatives==
-* [https://mullvad.net/vpn Mullvad VPN]
+*[https://mullvad.net/vpn Mullvad VPN]
-* [https://protonvpn.com/ ProtonVPN]
+*[https://protonvpn.com/ ProtonVPN]
 ==References==