Security

NordVPN is fortified with data protection features, such as top-tier encryption, an automatic kill switch, doubled encryption of data and private Domain Name System (DNS) services. Upholding a stringent no-logs policy, NordVPN does not gather or retain any user data. Additionally, NordVPN actively seeks third-party auditors to verify its adherence and assess its security measures; the company has successfully passed all such inspections to date.

The kill switch functionality is included in the Linux, iOS and MacOS versions of the NordVPN application. A similar feature can also be activated on devices operating on Android 7 or later. The kill switch continually monitors your connection to ’NordVPN’s server. In the event of a disconnection, it will instantly prevent your device or specified apps from accessing the internet until the connection is re-established.

NordVPN uses OpenVPN, IKEv2/IPSec and WireGuard (NordLynx) protocols. OpenVPN is a versatile protocol that can be used on both Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports while supporting many encryption algorithms.

TCP is a connection-oriented protocol, meaning that it establishes a direct link between the source and destination before data is sent. This allows for guaranteed delivery of data packets and maintains data integrity by ensuring that packets arrive in the same order in which they were sent.

UDP, unlike TCP, is connectionless, meaning it doesn’t establish a dedicated end-to-end connection before sending data. Packets of data (called “datagrams”) are sent individually and are checked for integrity only if they arrive. Packets might arrive out of order, be lost, or duplicated along the way.

NordVPN also uses next-generation encryption on its IKEv2/IPSec, providing increased security. Phase 1 keys are generated using AES-256-GCM for encryption, SHA2-384 for integrity and PFS using 3072-bit DH keys. AES-256-GCM is an encryption standard that is generally considered “superior” in most practical applications: it’s faster, it provides authentication and it doesn’t need padding. However, its implementation requires more care, especially about nonce management. Therefore, which to use will depend on the specific requirements of the system in which the encryption is being used. NordVPN also uses AES-256 (referring to AES-256-CBC, or Cipher Block Chaining).

All this technical jargon essentially means that its IKEv2/IPSec protocol ensures a more secure tunnel between the client and server.

NordVPN recommends customers use its proprietary WireGuard protocol, NordLynx. It claims its cryptography is superior to OpenVPN and IKEv2/IPSec, while being faster and having leaner code, meaning it’s easier for NordVPN to deploy, audit and fix when things go wrong. NordLynx is the default protocol on NordVPN’s apps.

However, despite its strict security, NordVPN confirmed a security breach in 2018. One of its data centres in Finland was accessed without authorisation. The attacker gained access to the server by exploiting an insecure remote management system left by the data centre provider. NordVPN stated that the server did not contain any user activity logs and it was impossible to intercept usernames and passwords. NordVPN also noted that accessing other VPN servers or user databases from a compromised VPN server was impossible. This incident led to some concern about NordVPN’s overall network security, despite its assurances.

User experience

Along with its robust security features, NordVPN stands out for its excellent user experience. Upon loading the app, you’re greeted with a large, easily accessible button, allowing you to establish a secure connection in just a moment. This feature connects you swiftly to a server in your current region, such as the UK, but you can easily navigate between servers in other global locations by scrolling down the interface or using the search bar located below the “Quick Connect” button.

The main display houses everything you need, including NordVPN’s traffic-routing Meshnet feature and speciality servers. Meshnet effectively allows you to create your own personal NordVPN server. This means any connected devices, no matter where they are in the world, will be able to form a connection and share an IP address. The app’s user-friendly design ensures that even those who might find technology challenging will find it straightforward and easy to enable different security features All your enhanced security options are found along the left side menu and can be enabled by clicking a simple toggle. NordVPN has also handily provided quick summaries of what each option does.

Performance

NordVPN delivered some of the most consistently fast download speeds of all the VPNs in this group test. However, upload speeds struggled once our team connected to servers beyond the UK. With US and Australian servers at less than 5 per cent of the baseline upload speed without a VPN, users would find it difficult to share files. We also had difficulty connecting to NordVPN’s US servers. It failed to connect us to its default New York server, and we then tried – and failed – to connect to the Chicago, Denver, Los Angeles and Miami servers. Eventually, we were able to connect to New York. It was a similar story on the Australian servers regarding upload speeds. However, download speeds from the Australian servers were among the fastest in the group of VPNs in the test.

Speed test results