Today we’re going to review NordVPN to see if it’s really worth the money…or if you’re better off looking at another provider.
Before we get started, I did want to mention that NordVPN certainly has a great reputation, and is highly competitive with other leading services like ExpressVPN, IPVanish VPN, CyberGhost VPN and PIA VPN, among others.
NordVPN certainly doesn’t lack credibility either, because it has been featured some of the largest publications online, such as Wired, The Huffington Post, BuzzFeed, Forbes, TheGuardian, and BBC.
Nevertheless, there are many factors to consider when selecting a VPN service, but in my opinion, the most crucial factor is security. Users need to make sure they know what data is logged, and what data isn’t logged.
In addition, even common users need to know which VPN protocols are available, and which security features a service has that competing services lack.
Only after security concerns are taken into account should the price be considered. However, most people fret about price and try to get the cheapest service possible, which doesn’t necessarily guarantee the best value.
At any rate, since the price is such a crucial factor for the majority of VPN subscribers, let’s start by analyzing NordVPN’s pricing model.
NordVPN offers extremely competitive rates, and its rates are so affordable I was shocked. Not only was I surprised regarding how inexpensive this service is, I was also surprised to see that NordVPN offers subscription lengths much longer than most other competitors.
The following outlines NordVPN’s pricing model:
- Monthly subscription – $11.95 per month
- Annual subscription – $5.75 per month
- 2-year subscription – $3.29 per month
These rates, with exception to the monthly plan, are incredible. When considering prices of average VPN services, it’s reasonable to expect to pay in the neighborhood of $5.00 to $6.00 per month for a decent quality service, and that’s typical with a six-month or annual subscription. But NordVPN was able to drop the price even further by lengthening the subscription term to two years.
This two-year subscription price makes NordVPN competitive with other services like PIA VPN, which only costs $3.33 per month with an annual subscription.
But it gets even better because NordVPN currently has a temporal promotion for a three-year subscription, which only costs $2.75 per month (a one-time payment of $99 USD).
Just imagine how much cheaper this is than a monthly subscription to a more expensive (yet still high quality) VPN service like ExpressVPN, which costs $8.32 per month with an annual subscription.
I’m not sure how long the three-year subscription offering will last, though I did note the offer only appears as a pop-up window on the site. NordVPN hasn’t added the offer to the Order page, so I doubt it will be a permanent offering. Additionally, I would recommend staying away from the monthly subscription, which costs $11.95.
There’s no point in signing up for it if you plan on using a VPN tunnel in the long term, and it really doesn’t offer great value. I think most people realize the monthly price isn’t the best option, and that it mostly serves as marketing shenanigans to incentivize users to opt for longer-term plans.
Regardless of the plan you choose, however, be aware that it comes with a 30-day money back guarantee, which is very generous.
A few other services offer a 30-day money back guarantee, but it’s more common to see a money back guarantee last only a week or two. I think a full month is more than enough time to test out NordVPN, so the risk of being unhappy is extremely low.
My only complaint is that there isn’t a free service or a free trial. The website claimed it had a free trial, but it was really only referencing the 30-day money back guarantee.
Also, I did find it marginally disappointing that NordVPN doesn’t accept as many payment providers as its competitors. Since NordVPN offers all the mainstream payment systems, it didn’t inconvenience me personally, though. NordVPN accepts Bitcoin, PayPal, Visa, MasterCard, Discover, AMEX, and AliPay.
NordVPN Key Features
Overall, I was very impressed with NordVPN’s set of security features. Like most other providers, NordVPN covers all the bare minimum requirements I have for a viable VPN service, but NordVPN raises the bar with cool extra security and streaming features.
First off, note that NordVPN is capable of AES-256 encryption, which is so strong it’s still used in the military (I would be surprised if a modern VPN service lacked AES-256).
By far the coolest security feature, however, is the double data encryption. Its name is self-explanatory and runs encrypted data through the encryption process once more to make it that much more impossible to decrypt.
Admittedly, I think this is kind of a flashy feature which adds unnecessary overhead to the VPN tunnel. Why?
Well, AES-256 is such a powerful encryption algorithm that it is virtually immune to brute force attacks. For an AES-256 key to be successfully cracked, it would mathematically take more time than is feasibly possible for a hacker (or even generations upon generations of the hacker’s family) to succeed.
In fact, it would take 10^56 years, which is a billion billion years. No, that’s not a typo! Now imagine how much longer it would take to encrypt data that’s been encrypted twice.
Really, since the underlying algorithm is immune to brute force attacks already, there’s only marginal value in the second cycle of encryption. But I still like it because it gives me the peace of mind that I’m browsing the web with an extra layer of security.
Furthermore, note that VPN tunnels are not impervious to all types of attacks. If one end of the tunnel was infected with a virus, an attacker might be able to capture the encryption key.
At any rate, I think encrypting data twice with two different keys is a cool feature, and it certainly isn’t a common feature among other providers. Furthermore, there’s a CyberSec feature, which helps block ads and malware.
Note that the CyberSec feature is nowhere near being a full replacement for an ad-blocker or anti-malware software. It is, however, yet another layer of protection against hackers and trackers.
In summary, the following outlines NordVPN’s list of general features:
- Military-grade encryption using AES-256
- Double VPN feature which encrypts data twice back-to-back for an extra layer of security
- CyberSec feature to block ads and malware
Another reason to love NordVPN is the fact it offers up to six simultaneous connections. I remember just a few years ago it was common for providers to offer three or fewer connections.
In fact, within the last year and a half (or thereabouts), ExpressVPN upped its allowance of two simultaneous connections (limited to one laptop/desktop and one mobile device) to three simultaneous connections, regardless of device type.
NordVPN, on the other hand, simply allows more simultaneous connections than the majority of other providers, and I respect that a lot.
It is getting more and more common to see a competing service offer up to five simultaneous connections, but NordVPN goes one step further. So Kudos to you, NordVPN.
I did find it odd, however, that NordVPN listed “IP address protection” as one of its features. This ‘feature’ is simply inherent to the technology, so you’ll get this same ‘feature’ with any competing service.
Basically, NordVPN is saying that you’re true IP address – that is, the one you lease from your ISP – will be masked so third parties can’t see it. Since third parties can’t see your true IP address, they can’t track your online activities or know where you geographically reside.
And like so many other VPN services, NordVPN claims to have a strict no-logging policy, but we’ll cover logging policies in the following section. There is, as to be expected, an automatic kill-switch feature built into the client to help protect downloads and Internet traffic in the event of a tunnel disconnect.
The client also comes with DNS-leak protection (hallelujah!), which I frequently argue should be a part of every consumer-grade VPN service.
There is also an interesting Onion Over VPN feature, but it’s not my preferred method of using anonymity networks. Basically, your traffic will flow between your computer and the VPN server in an encrypted format, and then be decrypted at the VPN server.
Then the VPN server routes your data through the Tor anonymity network, in an encrypted format, until it leaves the Tor anonymity network. The only leg of your data’s journey left in an unencrypted state is from the Tor network’s exit node to the destination server, and that’s assuming the encapsulated data isn’t a secure protocol like HTTPS.
Basically, the Onion Over VPN feature adds a layer of obfuscation which makes it virtually impossible for third parties to identify the source of your Internet traffic, allowing you to browse the web without being traced or victimized by ad-tracking and data collection firms.
I also like the inclusion of web browser extensions, which allows a user to connect to proxy connections that only route web browser data. That way, background applications can be excluded from the proxy server connection, and only website data is sent to the proxy server.
This is an ideal configuration when the only thing a user wants is to unblock foreign websites and streaming media services. I was also moderately impressed with the size of NordVPN’s network, which is slightly larger than the average size of competitors’ networks (discussed in greater detail in the following section).
Next up, NordVPN allows unlimited bandwidth and data, which isn’t really an amazing feature since every other service includes unlimited bandwidth and data too.
Furthermore, I always sigh when I see a VPN provider claim to be the “fastest VPN” available. NordVPN makes this claim as well, but this claim holds little weight, and I tire of seeing it on a service’s list of features.
Last but not least, do note NordVPN allows P2P traffic on its servers. P2P allowance combined with the Onion Over VPN feature make this service a great tool for BitTorrent downloaders who want to stay private from international authorities as well as peers, seeders, and leechers.
In summary, the following outlines NordVPN’s list of general features:
- Six simultaneous connections
- IP address protection
- Strict no-logging policy
- Kill-switch feature included in the client
- DNS-leak protection
- Onion over VPN
- Browser extensions for proxy servers
- Over 3,300 servers in 60+ countries
- Unlimited data and bandwidth
- P2P and BitTorrent traffic permitted on select servers
- The “fastest VPN”
- Dedicated IP addresses available
Relative Network Size and Country Locations
NordVPN hosts servers in over 60 countries, and currently operates approximately 3,300 servers around the globe. That may sound like a lot, and compared to other providers, it certainly seems to be an inordinate amount of servers. But these days, what counts as a ‘server’ could mean different things to different people.
You see, multiple virtual servers can exist on a single hardware entity, essentially turning one server’s worth of hardware into multiple virtual systems through the miracle of virtualization technologies like VMWare.
So if a service says it hosts four servers in Montreal, it could mean there are four separate servers dispersed throughout the city (unlikely), or it could mean that four virtual servers were set up. Whichever the case, NordVPN does have a decent set of servers and above average global coverage.
I often find the typical number of countries in which a VPN service hosts servers is about 30 to 50 countries. But the distribution of its servers isn’t uniform, which could be good or bad, depending on where you reside and which servers you wish to use. NordVPN has a very strong presence in Europe, and I thought it was worth mentioning that approximately half of the servers are located in European countries (1634 servers throughout Europe).
NordVPN does certainly host servers in North America, Central America, South America, Africa and China, but seems to only stick to the most popular countries. Conversely, it seems that NordVPN wanted to cast a wide net and blanket Europe with as many server locations as possible.
Yet another excellent quality of NordVPN is where it is headquartered. NordVPN is based in Panama, which is much more advantageous than other countries like the US, UK, Canada, Australia or New Zealand.
These aforementioned countries are generally thought of as being terrible places to base a digital business due to the Five Eyes national intelligence sharing agreement, past data scandals, wiretapping and data retention laws.
Fortunately for users who just want privacy they can trust, Panama doesn’t have any mandatory data retention laws. Even if a foreign power harassed NordVPN – the basis of which would be shaky at best due to a lack of jurisdiction in a foreign country – there wouldn’t be any data to hand over in the first place.
I did find it a little disappointing, however, that despite being based in Panama, NordVPN does not host any servers there, which is a shame.
Part of the decision to refrain from hosting servers in Panama may have been caused by Panama’s harsh digital copyright laws, which could fine an individual or company up to $200,000 USD for repeat digital copyright violations (i.e. torrenting) for repetitive offenses.
Regardless of the lack of Panamanian servers, NordVPN setup headquarters in one of the ideal countries imaginable under current data laws. As we all know, laws are subject to change over time, but it always takes a great amount of time for legislation to be enacted.
For not only the near future but also the far distant future, NordVPN is headquartered in a country with extremely favorable anti-logging and data retention laws.
NordVPN offers four different connection types. I would highly recommend prioritizing their use, as follows:
It’s typical to see providers offer three main connection types, which are OpenVPN, L2TP/IPsec, and PPTP. I was pleasantly surprised to see NordVPN offer IKEv2/IPsec, which is superior to L2TP/IPsec from a security perspective.
Also, without getting into the nitty-gritty and boring details of the protocols too much, I must advise you to use OpenVPN as your go-to protocol and to only use the other protocols when OpenVPN is unavailable.
OpenVPN, by and large, is more secure than any of the other protocols for several reasons. Note that it is capable of AES-256-bit encryption, which is so strong it's virtually impervious to brute force attacks and is commonly used in banking and military applications.
Furthermore, OpenVPN is an open source protocol, meaning that the source code can be viewed by anyone. Conversely, closed source code, such as proprietary applications like Microsoft Windows, can’t be viewed by the general public.
Since OpenVPN’s source code is accessible, it has been tested and audited with a fine tooth comb by third-party security firms to validate its security and legitimacy.
Basically, we know that there aren’t any hidden backdoor flaws intentionally written to give third parties (or governmental agencies, wink wink) the ability to view a tunnel’s contents.
The next best protocol to use is IKEv2, which was created by a Cisco and Microsoft collaboration team. One thing I absolutely adore about this protocol is its ability to reconnect and renegotiate tunnels better than the other protocols mentioned above.
If you were to hop from your local home Wi-Fi network to your cell carrier’s network, you would still be able to use the tunnel without disconnection problems (barring unforeseeable exceptions, like an ISP issue).
The third best protocol to use is L2TP/IPsec, which offers slightly less security than the IKEv2/IPsec connection, but is still solid enough to use to send sensitive data. Yet again, I wouldn’t use this protocol unless the previous two protocols were unavailable. And lastly, there’s the proverbial turn in the punch bowl, which is PPTP.
I abhor PPTP and want to caution you to never use this unless you don’t care who sees the data your transmitting. This protocol offers almost no protection in the way of security, and the protocol can be easily cracked with cheap software.
In my opinion, the only thing it’s really useful for is unblocking geo-restricted streaming content. I sincerely doubt that the aforementioned three protocols would all be unavailable, so there’s really no reason to use this protocol at all.
Logging Policy and Privacy Considerations
As an overview, be aware that NordVPN doesn’t log any of your online activities. Instead, it only logs customer data records that are necessary for maintaining an account. For example, note that NordVPN records the following information about its users:
- User email (for account activation and verification)
- Username and password data
- Payment card data
- Server load and aggregate (anonymous) bandwidth data
- Customer service conversations (unless the customer wishes that data to be deleted)
- The website uses browser cookies
From the moment a NordVPN.com user turns on the NordVPN.com software, their Internet data becomes encrypted. Any online traffic coming from user’s device is no longer visible to ISP, third-party snooper or cyber criminals. Further, NordVPN have a strict no logs policy when it comes to seeing user activity online: being based in Panama, which does not require data storage or reporting, NordVPN is empowered to deny any third party requests. Period.
Furthermore, I was overjoyed to discover that NordVPN has a warrant canary policy as well. If you don’t understand what a warrant canary is, allow me to briefly explain. In many countries around the world, the government can serve companies secret documents which allow the government and courts to obtain information.
In the case of VPN providers, it might allow a government to tap into the servers or review detailed customer records.
If a company is served secretive legal documents, there is often a dire legal stipulation forcing the business to remain silent and not warn anyone about the subpoena or other legal actions taken against them.
As a countermeasure to help its user understand if and when NordVPN is coerced into legal action by authorities, a warrant canary was enacted.
Basically, a user will understand the service has been compromised through the omission of an “all clear” message. NordVPN offers daily reassurances that the government hasn’t tapped their services, as follows:
We, NordVPN, confirm that we take full control of our infrastructure. It has never been compromised or suffered a data breach. We have not disclosed any private keys or any information of our users, and we have not been forced to modify our system to allow access or data leakage to a third party of any kind. We have NOT received any National Security letters. We have NOT received any gag orders. We have NOT received any warrants from any government organization.
If this message is absent from the website, users will understand something is happening behind the scenes with the government, and NordVPN will still not have violated the terms of secrecy with the authorities.
NordVPN has so many great aspects of its service, it only makes sense that one quality of its VPN service would lack. The speed test didn’t perform as well as I would have liked it too, though it was by no means a terrible connection for streaming, downloading or browsing the web. It simply wasn’t the “fastest VPN connection” I’ve ever seen or used.
The results of the speed test are as follows:
- Hong Kong – Download: 2.97Mbps; Upload: 0.82Mbps; Ping: 203ms;
- London – Download: 4.36Mbps; Upload: 0.88Mbps; Ping: 167ms;
I should also mention that I’m on a Google Fiber connection with 5Mbps download speed and 1Mbps upload speed. Still, I was surprised how slow the Hong Kong connection was. It’s possible that any variety of outside influences, such as international carrier bandwidth throttling or network policies at different countries’ borders, caused the connection to be slower.
Still, I wish it had been faster. I was happy that the latency wasn’t extremely high, in spite of the protocol overhead and the physical distance to the server.
Quality voice calls require less than 300ms of round-trip latency, so this connection is more than adequate for clear voice calls. The only thing I wouldn’t use these connections for is bulk data transfer.
NordVPN certainly has a support department superior to the average competitor. First of all, I have to say how thrilled I was that NordVPN included a variety of methods with which to contact support.
Thankfully live chat is available, which allows almost instantaneous access to a support representative. When I took the live chat feature out for a test drive, I was unable to contact anyone due to my ad-blocker.
I then queried “how do I contact support” in the knowledgebase search bar, and it directed me to the exact how-to article I needed, which suggested disabling ad-block. I got a response within fifteen seconds too, though there are still other traditional ways to contact support, such as email or web forms. Furthermore, the knowledge base was clean, succinct and intuitively laid out.
Each common troubleshooting issue relating to connectivity problems was intelligently organized by operating system, making it easy to find the right guide for your specific problem. For instance, the following lists some common VPN problems relevant to Windows users:
- Windows TAP driver error while connecting to a VPN
- Installation guide for Windows 7 and above
- How to change DNS servers in Windows
- Sharing a VPN connection from a Windows PC
The guides also include step-by-step screenshots, which have been highlighted to show you exactly where to click. They may not be 100% infallible because of the user’s competency and computer literacy, but the guides are so well designed I think my grandmother could use them effectively.
All in all, I have to say that NordVPN has a fantastic support department, and is better than the average competitor.
Final Thoughts – Is NordVPN Worth It?
Overall, I was thrilled with NordVPN, and I would place this provider as a clear leader in the VPN industry. It’s extremely challenging to find another comparable service with so many great security features at such a cheap price.
I guess it isn’t true what they say – you don’t always get what you pay for. In the case of NordVPN, even though the service is enticingly inexpensive, the service quality doesn’t suffer.
The only thing I wish had been better was the speed test. Still, the speed of the VPN connections wasn’t so drastically poor as to significantly impact the majority of Internet activities.
If you want to unlock geo-restricted content, stream multimedia, use audio and video call programs or simply browse the web, NordVPN is a phenomenal choice. And it’s even great for families because it allows a whopping six simultaneous connections!
Sources & References
- AES Definition – TechTarget.com
- How secure is AES against brute force attacks? – EETimes
- Five Eyes national intelligence – ukdefencejournal
- What is Open VPN? – OpenVPN
- Understanding IKEv2/IPsec – NordVPN.com
- What can L2TP do for your network? – NetworkWorld.com
- Microsoft's PPTP Implementation FAQ – schneier.com