NordVPN is one of the most popular VPNs in the world, but is it actually safe? In this article we dig into the technical security, privacy policy, and past controversies to give you an honest, detailed answer.
NordVPN Security: The Technical Details
| Security Feature | NordVPN Implementation |
|---|---|
| Encryption | AES-256-GCM (OpenVPN) / ChaCha20-Poly1305 (NordLynx) |
| Protocols | NordLynx (WireGuard), OpenVPN UDP/TCP, IKEv2/IPSec |
| Kill Switch | App-level + OS-level (Windows/macOS/Linux) |
| DNS Leak Protection | Yes — private DNS on every server |
| IPv6 Leak Protection | Yes |
| No-Logs Audit | PwC (2018, 2020, 2022), Deloitte (2023) |
| Jurisdiction | Panama (outside 5/9/14-Eyes) |
NordVPN’s No-Logs Policy: Is It Verified?
NordVPN’s no-logs policy states they do not log connection timestamps, IP addresses, traffic data, or session durations. This policy has been independently audited four times — by PricewaterhouseCoopers (three times) and Deloitte (2023). These are two of the world’s largest and most reputable audit firms.
The audits confirmed that NordVPN does not store any data that could be used to identify individual users or their activity. This is the highest level of verification available in the VPN industry.
The 2018 Server Breach: What Happened?
In 2019, it became public that NordVPN suffered a server breach in March 2018 — a hacker gained access to a single server in Finland via an insecure remote management system installed by the data center provider (not NordVPN itself).
What data was exposed: The attacker had access to one server for about a month. No user data was compromised because NordVPN’s servers don’t store user logs. The attacker could have intercepted traffic flowing through that specific server in theory, but there’s no evidence this occurred.
NordVPN’s response: NordVPN terminated their contract with that data center, audited all servers, launched a bug bounty program, and moved toward diskless RAM-only servers. They disclosed the breach publicly in 2019.
This incident, while serious, ultimately demonstrated that NordVPN’s no-logs architecture prevented any meaningful user data exposure.
NordVPN RAM-Only Servers
Since 2020, NordVPN has operated all its servers in RAM-only mode — no data is written to physical hard drives. Every server reboot wipes all data completely. This is the same architecture used by ExpressVPN’s TrustedServer and ensures there is literally no stored data to seize even if authorities compel a data center operator.
Is NordVPN Safe for These Specific Use Cases?
- Torrenting: Yes — dedicated P2P servers, kill switch, verified no-logs
- Streaming: Yes — no privacy risks with Netflix/streaming use
- Public WiFi: Yes — encrypts all traffic from snooping on open networks
- Bypassing censorship: Yes — Obfuscated servers for restrictive regions
- Banking online: Yes — adds encryption layer over public WiFi
Audited no-logs policy, RAM-only servers, AES-256 encryption, and Panama jurisdiction make NordVPN one of the safest VPNs available.
Get NordVPN ›
Frequently Asked Questions
Can NordVPN see what I’m doing online?
No. NordVPN’s servers operate in RAM-only mode and do not log traffic data, connection times, or IP addresses. Their no-logs policy has been independently audited four times.
Has NordVPN ever given data to the government?
NordVPN has stated they have received government data requests but had no data to hand over due to their no-logs policy. Panama (their jurisdiction) does not require VPN providers to store user data.
Is NordVPN owned by a Chinese company?
No. NordVPN is owned by Nord Security, a company registered in Panama and Lithuania. It is not owned by any Chinese entity.