NordVPN Review

NordVPN

The BestVPN.com Awards have quickly become the industry gold standard, with all the providers battling for a top spot. At this year's exclusive Las Vegas event, NordVPN scooped the most coveted prize of them all - Best Overall VPN. Keep reading to find out why NordVPN was crowned Best of the Bunch this year.

Our overall score for NordVPN is: 

BestVPN.com Score 9.8 out of 10

Summary

NordVPN is a no-logs VPN provider based in Panama. This alone makes it one of the best VPN choices out there for privacy fanatics, who will also appreciate NordVPN's strong technical security.  It is also a very fully-featured service, with double VPN, VPN over Tor, DNS-based malware protection, Smart DNS, and more, all part of the very reasonably-priced package.

VPN Stats

  • Server Locations 62
  • Average Speed 59.23 Mbit/s
  • Simultaneous Connections 6
  • Jurisdiction Panama

Likes

  • Special Offer: 75% OFF!
  • Works with US Netflix and BBC iPlayer
  • Based in Panama (great for privacy)
  • Six simultaneous connections
  • Dedicated IPs (cost extra)

Dislikes

  • IPv6 leak in macOS IKEv2 app
  • No port forwarding

With prime time television ads and sponsorship deals with global brands like Liverpool Football Club, these days NordVPN is arguably the most recognizable name in the industry and the first to branch out into mainstream consciousness. NordVPN is certainly talking the talk, but can they walk the walk? Let's find out...

NordVPN and Liverpool FC partnership

Video Review

If you're short on time, you can check our video review where we cover all the important points of our NordVPN review.

NordVPN Review | BestVPN.com

NordVPN Review | BestVPN.com
NordVPN Review | BestVPN.com

Alternative VPN Choices for You

From $2.75 / month
BestVPN.com Score 9.5 out of 10
Visit Site   Read Review
From $6.67 / month
BestVPN.com Score 9.5 out of 10
Visit Site   Read Review
From $1.89 / month
BestVPN.com Score 9.3 out of 10
Visit Site   Read Review

Price

NordVPN has just the one all-in account plan, although discount “plans” are available for bulk purchases. NordVPN offers a 30-day money-back guarantee. It also offers a 3-day free trial for desktop users and 7-day free trial for its mobile apps.

It accepts payment via credit/debit card. It also accepts Bitcoin, which allows for potentially anonymous payment. However, as always, please remember that NordVPN will know your true IP address, regardless.

Supported Payment Platforms

Visa/MasterCard
Amex
Cryptocurrency

Does NordVPN unblock Netflix?

NordVPN CyberGhost ExpressVPN
Netflix
iPlayer

Whether thanks to its Smart Play feature or not, a wide range of streaming services including Netflix and BBC iPlayer work flawlessly with the VPN connected in Windows and using the older Mac OSX OpenVPN client. 

However, although NordVPN says Smart Play is enabled in all its apps, we could not access US Netflix using its new macOS IKEv2 app or its Firefox add-on.

Get NordVPN

Speed

We have now improved our speed testing algorithm to account for VPN services such as NordVPN whose software selects the best server for its users to offer improved speeds. This provides a much fairer comparison between this kind of setup and services that load-balance across a number of servers at a given location.

NordVPN CyberGhost ExpressVPN
BestVPN.com SpeedTest (max/burst) 229.99 132.01 178.05
BestVPN.com SpeedTest (average) 59.23 61.97 77.14
IPv4 leak detected?
WebRTC leak detected?

We decided to give the OpenVPN connection a bit more testing, and found the results were very server dependent, with many European servers proving faster than local UK ones. We did however sometimes have trouble connecting to some servers at all (most notably ones in the Netherlands). As far as reliability is concerned, we had no disconnections during our test period. One final test we performed was to check for DNS leaks and EarthVPN passed with flying colors.

Please note that Private RFC IPs are local IPs only. They cannot be used to identify an individual, and so do not constitute an IP leak. In Windows and using the new macOS IKE2 client we detected no IP leaks whatsoever. Using the older OSX OpenVPN client, though, we detected an IPv6 WebRTC leak.

If you are a Mac user with an IPv6 connection you should use the IKE2 client, disable IPv6 on your system (see the optional section for each OS listed in How to Change your DNS Settings), or disable WebRTC in your browser.

Get NordVPN

Features and Performance

NordVPN CyberGhost ExpressVPN
Windows
MacOS
iOS
Android
Linux

NordVPN provides custom apps for Windows, macOS, iOS and Android. It also provides manual setup guides for these platforms, plus Linux (Ubuntu and Raspberry Pi), Blackberry 10, Chromium, and various routers and NAS systems. These guides look a little on the bare-bones side, but should work well enough.

It is also possible to purchase a pre-configured NordVPN router from Flashrouters . Additionally, NordVPN offers browser add-ons for Chrome and Firefox.

Signing up for the service is a straightforward affair. A valid email address is required, but there is no reason this cannot be a disposable one. Unless paying in Bitcoin, of course, NordVPN will know your payment details anyway.

Once signed up, you can download NordVPN’s software immediately and will receive a confirmation email containing some useful links.

The NordVPN Windows Client

In order to connect to the fastest server for your needs, you should let the software pick a server for you. This is because individual servers can vary in performance, so picking one at random is unlikely to produce optimum results.

As we have already seen, there are lots of servers to choose from. These include many specialized servers. P2P is allowed on all servers, but some specially optimized for the task.

The Windows client now features both a per-app kill switch and a system kill switch. The system kill switch passed a simple disconnect test with flying colors, but failed when we force-closed all running VPN processes to simulate a software crash. NordVPN explained that:

"We already modify OS firewall but we still need one process running. That process is responsible for firewall only and is independent from the application. Means if the app or VPN process crash, the firewall continues to work. Making it without any extra process is on our roadmap as well, looking to deliver in a few months."

The NordVPN Windows client, then, is very fully-featured, looks good, and is easy to use.

The Mac Apps

A little confusingly, NordVPN offers two different Mac apps: a new IKEv2 Mac App Store app is the default option, but a direct-download OpenVPN app is also available.

The apps look almost identical to each other. The IKEv2 app has both a system kill switch and a per-app kill switch, but not much else. The OpenVPN app has these too, but also offers obfuscated servers, custom DNS settings, CyberSec protection, and can access Netflix.

As we have seen, though, the OpenVPN app leaked our IPv6 address via WebRTC. Neither app provides access to the full range of specialty servers. It may just be a quirk of my system, but neither app displayed the NordVPN server map correctly.

The Android App

The Android app looks remarkably similar to the Windows client. Which is a good thing.

It allows you to connect to NordVPN's full range of specialty servers. The new CyberSec feature us also is fully supported.

I detected no IPv4 DNS or WebRTC leaks while using the Android app (IPv6 not tested).

The browser add-ons

The Chrome and Firefox apps connect to a NordVPN's HTTPS proxy servers. They provide many of the benefits of a true VPN but limited to just the browser. These include spoofing your real location and encrypting your internet connection so that you cannot be spied on. Which can be very handy!

You need a full NordVPN account to use its browser add-ons. Interestingly, the Firefox add-on unblocked BBC iPlayer for me, but not US Netflix.

Get NordVPN

Customer Service

NordVPN CyberGhost ExpressVPN
Free trial Yes - 3 Days No No
24-hour support
Live chat support
Money-back Guarantee

24/7 customer support is provided via a ticket system (web form), Facebook, Twitter, or email. A live chat option is also available. When I contacted support via live chat, I usually received an instant or very quick response.

In the past, I have found the quality of its support to be somewhat uneven, but NordVPN seems to have upped its game of late. So much so, in fact, that it won "Best Customer Service" award in our 2018 BestVPN.com Awards. NordVPN provided fast, detailed, and knowledgeable responses to our battery of customer service tests so hats off to them for that. 

A small knowledge-base plus various setup tutorials are also available. A regularly updated blog discusses internet security issues in general, plus NordVPN-specific topics.

Privacy and Security

NordVPN CyberGhost ExpressVPN
Free trial Yes - 3 Days No No
24-hour support
Live chat support
Money-back Guarantee

Logging Policy

NordVPN is based in Panama and promises to keep no logs at all:

NordVPN does not monitor, store or record logs for any VPN user. We do not store connection time stamps, used bandwidth, traffic logs, IP addresses.

Panama has a completely uncensored internet and zero government surveillance. It is also comfortably outside the direct influence of the NSA and GCHQ. Indeed, the simple fact that this no-logs VPN provider is based in Panama makes it one of the best choices available for privacy fanatics.

There has been a great deal of speculation on the internet of late of NordVPN ties to Lithuanian infrastructure provider Tesonet.

With so much unseemly mud-slinging on all sides, BestVPN.com prefers not to enter the debate at this time. But we are monitoring it and performing our own investigations. We will therefore update this review as necessary.

Website tracking

The NordVPN website uses a number of trackers, but these seem fairly benign and non-invasive. Importantly, there are no Google Analytics or Facebook trackers.

Please check out BestVPN.com’s VPN Review Process Overview for a discussion on website tracking.

Payment Processors

All payments are handled by a company called CloudVPN, which is based in the United Staes. NordVPN explained the situation to us:

"Being based in Panama has a downside. It complicates our ability to sign our apps, place them in stores and process our payments. Therefore, we’ve established a proxy based in the US, which in a nutshell acts only as our payment processor and has nothing to do with the actual service... It's not a third party company, it's under our control, and we use it to process our payments. In short - we handle payments ourselves, just through another company."

VPN Protocols and Encryption

NordVPN CyberGhost ExpressVPN
PPTP
L2TP/IPsec
SSTP
IKEv2
OpenVPN

NordVPN can be configured using most common VPN protocols. OpenVPN is used by default in its Windows and older OSX clients, but its iOS and new macOS app use IKEv2 instead.

Both are solid protocols:  OpenVPN is much more battle-tested than IKEv2 from a security standpoint, but IKE2 is also considered very secure and is faster than OpenVPN. NordVPN uses the following encryption settings for OpenVPN connections:

Data channel: an AES-256-CBC cipher with HMAC SHA256 hash authentication.

Control channel: an AES-256-CBC cipher with an RSA-2048 handshake and HMAC SHA256 data authentication. Perfect Forward Secrecy (PFS) is provided by a DHE-4096 key exchange.

This is a very strong setup.

NordVPN’s iOS app uses IKEv2 with an AES-256-GCM cipher and HMAC SHA2-384 data authentication. PFS is provided by a DHE-3072 exchange.  The Mac App Store software uses IKv2 with Cisco’s NGE (Next Generation Encryption) protocol.

For more information on VPN encryption terms, please see here.

Security Features

The NordVPN desktop apps have a system kill switch. The Windows app also features a per-app kill switch. The iOS app features a kill switch. They all provide IPv4 and IPv6 DNS leak protection, plus WebRTC leak protection. As we have seen, in our tests these features all performed well (IPv6 WebRTC leak on the OSX OpenVPN client excepted).

NordVPN also offers the following  non-standard security features:

Get NordVPN

Double VPN

This feature allows you to “chain” VPN servers so that your data is routed between two VPN servers as it travels between you and the internet.

Your PC/device -> VPN server 1 -> VPN server 2 -> Internet

NordVPN offers several double VPN combinations.

Such chaining can provide some security benefits, but will always result in a major loss of speed. As I argue in this article, I think the privacy/security benefits of “double-hop” VPN are rather limited. But I understand that this is not a view shared by everyone. For those who value the feature, NordVPN is one of only a few providers to offer it.

Tor over VPN

For a full discussion on the pros and cons of using Tor over VPN (or Onion over VPN as NordVPN terms it). In this configuration, you connect first to a NordVPN server and then to the Tor network before accessing the internet:

Your computer -> VPN -> Tor -> Internet

NordVPN achieves this using an OpenVPN configuration file which transparently routes your data from the VPN tunnel to the Tor network. This means that your entire internet connection benefits from Tor over VPN.

This setup does offer some privacy and security advantages, but a similar effect can be achieved simply by using the Tor Browser while connected to the VPN. Crucially, such a setup is much more secure than the method offered by NordVPN.

Tor over VPN (however you do it) will seriously slow down your internet speeds as you get the combined hit of using both the Tor network (which is very slow) and the VPN.

XOR Obfuscated Servers

NordVPN runs obfuscated servers in a number of counties: the US, Canada, the UK, Germany, the Netherlands, Sweden, Hong Kong, Singapore, Turkey, the UAE, and Egypt. These use the XOR encryption algorithm to overcome VPN censorship blocks put into place by authoritarian governments.

XOR is often used by malware to hide from detection, but it also works just as well for hiding VPN ciphers! This means users in places such as China and Egypt should be able to access the open internet by connecting to one NordVPN’s obfuscated XOR servers.

CyberSec

CyberSec is a new feature. It blocks DNS requests based on a real-time blocklist of harmful websites that may host malware. As such, it should shield you against malware, help prevent botnet control, and block many intrusive web ads.

I can't comment directly on its effectiveness, but the principle is sound and there is no reason to believe it does not work as advertised.

WiFiSec

This new feature will automatically initiate a VPN connection whenever a Wi-Fi network is joined. It can be set up to auto-connect to Nord on both secured and unsecured Wi-Fi networks.

Get NordVPN

The VPN market is becoming increasingly competitive, with the result that many providers are becoming very generous with the number of devices they allow to connect at once. Permitting up to six simultaneous connections, NordVPN has joined this trend.

If you connect devices to the same server, you must choose different protocols for the VPN connections. OpenVPN  TCP and UDP are counted as different protocols, so you can connect one device using TCP and another using UDP. We do not consider this to be a major limitation,

Unlike some providers, NordVPN permits P2P torrenting on all its servers, although it does not support port forwarding. It also doesn't support port selection, so you can't specify OpenVPN to run over TCP port 443 in order to bypass VPN censorship. This should not be necessary, however, as NordVPN offers Xor obfuscation instead.

NordVPN's use of mixed bare metal and virtual servers is not a big issue for us, although as with other VPN services, we do wish it clearly labeled which are which so that users can make an informed decision about the servers they connect to.

Smart DNS (“Smart Play”)

Smart DNS is a technology that enables you to pretend to be elsewhere by resolving DNS requests at a specified location. This makes it ideal for streaming geo-blocked content.

According to NordVPN, users can access over 150 streaming services using NordVPN Smart Play. These include Hulu, Amazon Prime, ABC Go, Zattoo, Cartoon Network, Shudder, WeTV.com, Telemundo, VH1, Vevo, TNT Drama, Sundance.tv, StarTrek, Spike, PBS, Slacker, NBC Sports, FoodNetwork, DramaFever, Discovery, Crackle, and many more.

NordVPN’s implementation of Smart DNS is rather unusual. For a start, it uses an encrypted proxy connection. We are not sure what advantage this brings over an unencrypted connection, as Smart DNS is not really about security or privacy. On the other hand, though, it can't do any harm.

For a second, it requires no additional configuration. It runs inside all NordVPN’s apps (we are told), and when you are connected to a VPN server it detects whether the streaming service requires additional DNS routing. In practice, this meant that we could watch US Netflix even when connected to a non-US server. We have not tested, but NordVPN says all its UK servers now work for BBC iPlayer (both for mobile and desktop).

One downside of this setup is that you cannot configure NordVPN’s Smart DNS to run on devices that cannot run a VPN client: such as your smart TV, games console, or Roku.

Get NordVPN

Conclusion

NordVPN offers a very fully-featured service. The fact that it is based in Panama and keeps no logs is also a big draw for those who care about privacy. Its software looks good and works well.

Speed performance is an issue that has plagued NordVPN since its beginning. Implementing our new test algorithm did produce better results with some fairly decent average and max burst speeds. 

The 30-day money-back guarantee gives you plenty of opportunity to ensure that everything works for you as it should. What you get with NordVPN is a very fully featured, privacy-friendly VPN service with decent speeds and the ability to access restricted content on major streaming platforms such as Netflix. 

Overall, we recommend NordVPN! 

Get NordVPN

Written by: Douglas Crawford

With over five years’ experience at the sharp end of the VPN industry, Douglas is a recognized cyber-privacy expert. His articles have been published by numerous technology outlets, and he has been quoted by the likes of The Independent, Ars Technica, CNET and the Daily Mail Online.

178 Comments

  1. Deloresv

    on February 12, 2019
    Reply

    A few months ago I moved to Germany so I was looking for a VPN mostly for two things: streaming TV (particularly Hulu) and potentially torrenting some stuff. I have been doing some research and found that some of the best choices are NordVPN and ExpressVPN. I ended up getting NordVPN subscription because of a great discount on dealabs.com. I did some speed test not long ago (using different countries and WiFi) and I am pretty happy with results. Aside from few disconnects, I have no complaints against their service, so NordVPN works out well for me.

  2. Tom

    on January 29, 2019
    Reply

    A german security blogger discovered that the android version of NordVPN transmits personal data to tracking companies (what a no go for a privacy focused company): https://www.kuketz-blog.de/android-nordvpn-uebermittelt-e-mail-adresse-an-tracking-anbieter/ He discovered this in the apps from cyberghost and VyprVPN as well!

  3. Jeff

    on January 4, 2019
    Reply

    I reliably get 300mbs up/down over NordVPN, which was a big selling point. PIA is comparable, but inconsistent. ExpressVPN would top out around 100mbs when I trialed it a year ago.

  4. skarp

    on December 29, 2018
    Reply

    I'm very annoyed to discover, having finally set up nordVPN on a new router, so my nas boxes can benefit from it too, that NordVPN doesn't allow port forwarding. Now basically my remaining years of a 36 month sub is money down the toilet and I must find another VPN. NprdVPN do not give a s**t. Why the hell bestVPN don't mention this in their basic reviews I do not know but I cannot trust this site because of it.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.