How Reliable is the NordVPN No Logs Policy?

One of the critical features of VPNs is their no-logs policy, which promises not to collect or store any user data. NordVPN is one of the most popular VPN providers in the market, and we often get questions about NordVPN Logs policies.

This article will examine the NordVPN no-logs policy in detail and assess its reliability. We will also explore the potential risks and benefits of using NordVPN based on logging policies and if it remains a good choice for online privacy and security.

What is a Zero Logging Policy?

NordVPN logs policy
The NordVPN logs policy is one of the best in the industry.

A no-logs policy means a VPN provider does not store information about a user's online activity. This data typically includes IP addresses, browsing history, and the websites a user visits. The idea is to protect your privacy and prevent your online activity from being tracked or monitored.

However, It is essential to understand that any service provider's no-logs policy is always subject to some terms and conditions. These aren't due to cover-ups or malicious objectives but primarily for operational reasons.

What Makes The NordVPN No Logs Policy Reliable?

NordVPN Banner Ad

The NordVPN No Logs policy is reliable and known as one of the industry's best. The primary reasons behind this are the three independent audits to reassure customers of its integrity. Reputable companies, including PriceWaterhouseCoopers (PwC) and Deloitte, conducted the NordVPN audits in 2018, 2020, and 2022.

Yet those audits are only a part of a broader picture. NordVPN also underwent a Cure53 security audit in 2022. This audit primarily checked for security weaknesses in multiple areas, including servers, infrastructure, and applications.

Understanding the Fine Print About NordVPN Logs

NordVPN's no-logs policy is one of the most comprehensive and strict policies in the VPN industry. The company explicitly states that it does not store usage logs of your online activities. These logs pertain to the websites you visit and when you visit them.

Using a blanket term for marketing is often easier since most consumers will only read brief explanations. That's the primary reason the NordVPN logs policy appears simply describing it as a “No-log VPN service.”

The most crucial thing in that statement is to understand the difference between the terms “collect” or “process” and “store.”

Collect or Process – These terms mean that NordVPN does take in some data about your connection but discards the data as possible once it serves its purpose. 

Store – This specific term means that NordVPN keeps a record of the data for some purpose. It is precisely the avoidance of this term through which we know NordVPN protects your privacy.

What NordVPN Does Not Store

In its Privacy Policy, NordVPN explicitly states that it does not store the following information;

  • Bandwidth
  • Traffic logs
  • IP addresses
  • Browsing data

Why NordVPN Needs to Process Some Data

NordVPN clearly explains what it does or does not process

Now that we know what NordVPN does not store, let's examine the information it processes and why it needs it. NordVPN processes data differently depending on the platform – for example, in-app, on their website, or via social media.

NordVPN processes three main data types if you're using its service: Server load information, username and timestamp, and connectivity. 

Server Load Information

Server load information isn't about your data on their servers but is the data about NordVPN servers. This data helps NordVPN adjust its server and infrastructure load for long-term performance balancing. 

Username and Timestamps

We are more concerned about usernames and timestamps since they could tie us to a specific activity. However, NordVPN only holds this information for 15 minutes once you close your VPN connection.

Important: Because of this, you should not keep your NordVPN connection active 24/7 but close it occasionally to ensure the data gets discarded.

Connectivity Information

Having data about when you last used the service is more relevant to billing than anything else. NordVPN simply checks if you've used your service in the last month. It helps them resolve potential billing disputes and isn't relevant to what you've done when the connection was on.

What May Affect the NordVPN Logs Policy?

Although NordVPN has undergone audits and penetration testing, some things may affect your decision to try their service. We love NordVPN, but there remain two minor points of concern.

It is essential to understand that these concerns are not unique to NordVPN but to almost all VPN service providers.

Proprietary Code

First, NordVPN is not a completely open-source VPN provider. While the company does provide some open-source software, not all of its software is open-source. This closed-loop means it's difficult for independent security researchers to verify that the software contains no backdoors or vulnerabilities that could compromise a user's privacy.

However, it's also laudable here that NordVPN claims to have allowed auditors access to their code during the assessments.

Worldwide Server Farm

Second, NordVPN operates servers worldwide. While the company states that it does not store logs, local laws in certain countries could require NordVPN to collect and store user data. However, NordVPN's policy says it will shut down any servers in a country if it believes that local laws conflict with its no-logs policy.

Another reason why this factor is less important is that NordVPN operates an entire array of RAM-only servers. RAM is volatile, meaning NordVPN can quickly wipe server data out instantaneously if necessary. Of course, whether it will do so when necessary, is another matter altogether.

Past Issues With NordVPN Logging and Privacy

NordVPN suffered a security incident in March 2018. According to NordVPN, one of its data centers in Finland was accessed by an unauthorized party. The intruder could access the server by exploiting a vulnerability in a remote management system provided by the data center.

The server in question was used as a “jump server” to access other NordVPN servers that did not have direct internet access. NordVPN stated that the attacker could only view the server's traffic and did not have access to any other servers or user data. There was also no overt proof that user data was compromised.

Following the incident, NordVPN took several steps to improve its security practices. The company conducted a full security audit, hired a third-party cybersecurity firm to perform penetration testing, and implemented additional security measures such as disk encryption and two-factor authentication for its servers.

What Happens if a VPN Logs Your Data

Regarding online privacy and security, VPN logs can play a significant role. VPN logs refer to records of user activity that a VPN provider may keep. This data can include your IP address, browsing history, timestamps, and session information. 

Authorities Can Use Logs to Track Your Activity

If a VPN provider keeps logs of your activity, anyone with the data can track your online behavior. That includes the websites you visit and what you search for when online. The information means you can be targeted for ads or surveillance by government agencies.

Hackers Can Steal Logs

Even if a VPN provider has robust security measures to protect user logs, they are still vulnerable to hacking. If attackers gain access to a VPN provider's servers, they could steal user logs and use the information for malicious purposes.

Government Agencies Can Subpoena Logs

Government agencies sometimes try to subpoena VPN providers to obtain user logs for surveillance. This can occur even if the VPN provider claims to have a strict no-logs policy. In some countries, VPN providers may be required by law to keep logs of user activity.

Service Providers May Sell Logs

Sometimes, VPN providers may sell user logs to third parties, such as advertisers or data brokers. This can compromise user privacy and lead to identity theft or malicious activities. You're generally at higher risk of this happening on “Free” VPN services of dubious background.

Verdict: Is The NordVPN Logs Policy Sound?

Despite one hiccup in an otherwise unblemished past, NordVPN remains among the best choices in a highly competitive industry. The company's quick reaction to the single incident and ongoing efforts to maintain customer confidence is highly laudable.

We remain committed to recommending NordVPN as one of the best choices around if you're looking for a VPN service. 

Also Read:

Timothy Shim

Tim is a former tech journalist turned web technology junkie. He spends his time exploring the best in digital privacy and security tools. Meanwhile, experiments with SEO continue to increase his blood pressure. ( Contact Tim on Linkedin )

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.