NordVPN: Mostly Ironclad Privacy
February 3, 2022
Panama-based VPN provider NordVPN swore in 2017 that it would refuse requests from any foreign government to release customer data. In the wake of what happened to VPNLab after its tussle with Europol, however, TechRadar Pro reports, “NordVPN Will Now Comply with Law Enforcement Data Requests.” The firm still promises privacy—unless and until the legal eagles appear. We learn NordVPN recently revised the original, 2017 blog post in which it promised unwavering privacy to reflect the new reality. Reporter Anthony Spadafora writes:
“Now though, the original blog post has been edited and the post now reads: ‘NordVPN operates under the jurisdiction of Panama and will only comply with requests from foreign governments and law enforcement agencies if these requests are delivered according to laws and regulations.’ [Emphasis mine.] The revised blog post also goes a bit further in regard to NordVPN’s zero-logs policy by explaining that the company will log a user’s VPN activity if there is a court order to do so: ‘We are 100% committed to our zero-logs policy – to ensure users’ ultimate privacy and security, we never log their activity unless ordered by a court in an appropriate, legal way.’ Meanwhile, the company updated its privacy policy back in July of last year with a new section that contains further details on information requests. A NordVPN spokesperson explained in an email to TechRadar Pro that the sole reason it changed its blog post in the first place was to dissociate its company from bad actors following PCMag’s original article on the matter.”
Spadafora points out the now shuttered VPNLab mostly catered to cybercriminals—a very different outfit from NordVPN. He also emphasizes that, despite the new language, NordVPN still offers a no-logs VPN, so there would be little to no pre-existing data for the company to relinquish even if law enforcement did come knocking. At this point, such a request is purely hypothetical—the firm notes it has yet to receive a single national security letter, gag order, or warrant from government organizations asking for user information since it was founded in 2012. We suspect they hope that streak continues.
Cynthia Murrell, February 2, 2022