Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I conduct my reviews, my methodology, etc – here. More information on review badges here.

This review’s roll was #81 (at the time of the roll, NordVPN)

Written Sep 3, 2016

Signing up for the service: Upon signing up for NordVPN service, I was sent an email containing my username, but not my password. After payment, CloudFlare redirected me to another page and at no point was I able to create a password afterwards either. I had to use reset password feature to have one emailed to me – this will come back later, so keep it in mind. When paying with paypal, you are not given the option to make a one time payment, and instead, you are automatically subscribed to recurring payments (NordVPN doesn’t offer partial refund). I’ve mentioned before that this is an annoyance every time I see it.

Configuring the service: The first thing I did after logging in was visit the download area. This area is divided by platform, which at this point in the searching process is well structured. I was able to quickly download a full ovpn config file package zip for Linux, but when it came to Android, the website only allows downloading one file at a time. This means that you are forced to select the file you want from a list of thousands of files, each taking one line in the list. The files have a 2 character country code, from which you’re supposed to figure out the country being connected to. The easiest way to do this is have both the server list and the android config file download list open side by side. It’s a very clunky way to choose. There are many, many better ways to allow a customer to choose their config files. You are also never shown which PART of a country a given server is in. ca certs and tls files are separately downloaded and individually given by server – so the annoying step above of choosing your ovpn config file just got tripled, because now you have to hunt for the corresponding ca cert and tls files to boot. The process was very cumbersome overall. After setting up the connections, a VPN tunnel wouldn’t establish on any server I tried. I double and triple checked that there were no quirks (extra characters that needed added to the username, additional files that weren’t given, etc. I even checked against their official tutorial just in case, but couldn’t make a connection). I used their live chat support to resolve – from which you can read details below of how it was fixed. Suffice to say, the default configuration was borked for me. There is apparently a link buried in the Android setup tutorial where these files are available together in a package, but it’s not convenient or obvious.

Speed & Stability tests: A few things were off with these speed tests. Firstly, because NordVPN doesn’t tell you where a server is located, I wasn’t able to test the “closest” one to me, as I usually try to for the US server test to get a best case scenario. It’s very possible that they may have a faster server somewhere along the way, but because it looks like they focus on quantity over quality of servers, it’s impossible to know without trying all 300+ US exit nodes one at a time.

I rarely see speeds this slow across the board on desktop. For mobile, speeds were all over the place, but never really very impressive.



Speed Tests – NordVPN – Desktop Latency Download Upload No VPN Trial 1 8 ms 97.28 mbps 11.24 mbps Trial 2 9 ms 97.97 mbps 11.91 mbps Trial 3 8 ms 97.53 mbps 11.91 mbps Average 8 ms 97.59 mbps 11.69 mbps US Trial 1 138 ms 5.33 mbps 2.77 mbps Trial 2 144 ms 5.28 mbps 2.69 mbps Trial 3 136 ms 5.07 mbps 2.71 mbps Average 139 ms 5.23 mbps 2.72 mbps Comp to Bench +131 ms 5.36% 23.30% UK Trial 1 325 ms 2.33 mbps 0.91 mbps Trial 2 312 ms 2.00 mbps 0.50 mbps Trial 3 312 ms 1.81 mbps 1.04 mbps Average 316 ms 2.05 mbps 0.82 mbps Comp to Bench +308 ms 2.10% 6.99% Hong Kong Trial 1 400 ms 0.00 mbps 0.00 mbps Trial 2 368 ms 2.08 mbps 0.00 mbps Trial 3 365 ms 1.99 mbps 1.01 mbps Average 378 ms 1.36 mbps 0.34 mbps Comp to Bench +369 ms 1.39% 2.88% Australia Trial 1 422 ms 1.53 mbps 0.30 mbps Trial 2 432 ms 0.00 mbps 0.00 mbps Trial 3 449 ms 1.46 mbps 0.37 mbps Average 434 ms 1.00 mbps 0.22 mbps Comp to Bench +426 ms 1.02% 1.91%

Speed Tests – NordVPN – Mobile Latency Download Upload No VPN Trial 1 12 ms 74.99 mbps 14.52 mbps Trial 2 8 ms 75.30 mbps 14.32 mbps Trial 3 12 ms 74.12 mbps 14.49 mbps Average 11 ms 74.80 mbps 14.44 mbps US Trial 1 128 ms 4.08 mbps 6.87 mbps Trial 2 138 ms 4.15 mbps 7.63 mbps Trial 3 126 ms 23.31 mbps 7.01 mbps Average 131 ms 10.51 mbps 7.17 mbps Comp to Bench +120 ms 14.05% 49.64% UK Trial 1 299 ms 1.89 mbps 2.21 mbps Trial 2 354 ms 5.99 mbps 3.72 mbps Trial 3 395 ms 1.78 mbps 3.03 mbps Average 349 ms 3.22 mbps 2.99 mbps Comp to Bench +339 ms 4.30% 20.68% Hong Kong Trial 1 369 ms 1.63 mbps 2.14 mbps Trial 2 365 ms 10.32 mbps 2.76 mbps Trial 3 364 ms 8.40 mbps 2.56 mbps Average 366 ms 6.78 mbps 2.49 mbps Comp to Bench +355 ms 9.07% 17.22% Australia Trial 1 405 ms 1.41 mbps 1.86 mbps Trial 2 407 ms 1.47 mbps 1.72 mbps Trial 3 590 ms 3.34 mbps 1.11 mbps Average 467 ms 2.07 mbps 1.56 mbps Comp to Bench +457 ms 2.77% 10.82%

The Hong Kong and Australia servers were very hit and miss, as the tests would often hang up and never complete. Speeds being slow could be partially because of the strong, and often demanding level of encryption used (AES-256), as well as the protocol (TCP) – however, I wouldn’t expect ANYTHING like the slowness seen above. Note that this ISN’T an indictment on server performance necessarily, but on the low degree of informing the user of server detail when connecting manually.

Getting support: After not being able to connect above, I contacted support via the site’s live chat feature. I do like live chat when a service provides it – when it’s good. Some services rely on third party ticketing/helpdesk systems that require the use of cookies and other widgets and so forth. NordVPN uses one such service, in which you are forced to turn off privacy badger (or other cookie blocking browser plugins) in order to use the live chat. I don’t appreciate this from a privacy standpoint at all.

After a few minutes, I was connected to “Ethan”, who asked if I had special characters in my password, which I did (as this was what NordVPN assigned to me automatically after a “forgot password – reset). He told me that I would have to change my password because special characters may not work. When I asked why I’d be assigned an invalid password, I got a canned, “Our team is working hard on fixing this issue right now. I’m sorry for your inconvenience.” response. Not impressed. The only reason I’m not doling out a stamp of shame here is because they were still able to resolve the issue (that they caused).

Getting a refund: I got back on live chat and spoke to “David”, to whom I requested a refund. After some typical due diligence type back and forth (offering to help troubleshoot, giving some suggestions, etc), David obliged and granted my refund request.



Concerns in Terms & Conditions / Privacy Policy: NordVPN’s terms aren’t exactly elegant, but neither are they obtuse. Nothing offensive as far as I can see. They do a pretty good job of explaining their privacy policies and exactly what is and isn’t retained from the user. I’ve seen much much worse. Overall, not bad.

Final thoughts: As many other services do, NordVPN relies too heavily on affiliate marketing (native advertising/paid reviews, etc). Their resellers appear to refuse to provide full and prominent disclosure of their financial relationship with NordVPN (as most affiliates do unfortunately) and I couldn’t find evidence that they expect anything more from them. This is encouraging unethical behavior and is not in the best interest of their customers. Most commercial services do this – and it’s not okay.



NordVPN is an interesting case. On one hand, they have a very clear “no logs” policy, spelling out exactly what is NOT being logged, they only require an email address at most, offer anonymous payment methods, they do take many needed steps to be transparent and accommodating for user privacy. However, they fall just short of earning a “Privacy” badge due to using CloudFlare (although their main site SSL Cert is not signed to CF it’s involved somewhere as indicated by the browser scan and redirect), 3rd party non-private helpdesk/live chat systems, cookies, and a number of proprietary APIs.

Their service was very clunky to get started, and not user friendly or descriptive when it came to giving detail about the servers, their locations, or requirements to connect. The site was a mess when it came to downloading Android config. files as well. I wouldn’t recommend the service based on what I saw, despite the hype I usually see online. It’s not the worst service I’ve used, but given their love of affiliate marketing – you might think twice the next time you see someone recommend NordVPN.

FROM THE VPN COMPARISON CHART CATEGORY VPN SERVICE NordVPN JURISDICTION Based In (Country) Panama Fourteen Eyes? No Enemy of the Internet No LOGGING Logs Traffic No Logs DNS Requests Logs Timestamps No Logs Bandwidth No Logs IP Address No ACTIVISM Anonymous Payment Method Email Accepts Bitcoin Yes PGP Key Available Yes Meets PrivacyTools IO Criteria Yes LEAK PROTECTION 1st Party DNS Servers Yes IPv6 Supported / Blocked No Offers OpenVPN Yes OBFUSCATION Supports Multihop Yes Supports TCP Port 443 Supports Obfsproxy Yes Supports SOCKS Yes Supports SSL Tunnel Yes Supports SSH Tunnel Other Proprietary Protocols PORT BLOCKING Auth SMTP No P2P Some SPEEDS US Server Average % 5.36 Int’l Server Average % 1.5 SERVERS Dedicated or Virtual SECURITY Default Data Encryption AES-256 Strongest Data Encryption AES-256 Weakest Handshake Encryption Strongest Handshake Encryption RSA-2048 AVAILABILITY # of Connections 6 # of Countries 41 # of Servers 475 Linux Support (Manual) Yes WEBSITE # of Persistent Cookies 5 # of External Trackers 1 # of Proprietary APIs 3 Server SSL Rating A SSL Cert issued to Self PRICING $ / Month (Annual Pricing) $4.00 $ / Connection / Month $0.67 Free Trial Yes Refund Period (Days) 30 ETHICS Contradictory Logging Policies Falsely Claims 100% Effective Yes Incentivizes Social Media Spam POLICIES Forbids Spam No Requires Ethical Copy No Requires Full Disclosure No AFFILIATES Practice Ethical Copy Give Full Disclosure No

If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.