Search the Community
Showing results for tags 'NordVPN'.
Found 3 results
A german IT security blogger recently discovered that NordVPN's official android app transmits personally identifiable information to NordVPN and a few third parties. The checked version of their app is v3.9.8 which seems a few versions behind the current branch but still fairly recent. The blogger discovered that a user's Google mail address along with the advertising ID and a bit of other info are sent to Iterable, AppsFlyer and Tune along with some Google services like Analytics - all seemingly without the user's consent and even without mentioning it in the app's ToS. Of course customer support has been asked as well. Their answer was not satisfactory: Everyone interested in some of the HTTP POSTs discovered can look at them in the article linked above. The article itself is German-language, but it doesn't contain more info than this, only a bit of the writer's opinion which I share: It's very questionable that a "no-log" or even "privacy-centered" VPN provider like NordVPN is bold enough to state "marketing reasons" as their justification to track users of their Android app. Even worse that this tracking is performed by third parties who will most likely use this data in cross-referencing... Try to avoid NordVPN. Searching for "NordVPN" in this forum alone will yield more than enough reason. One in three newly created threads is about them.
The real problem with NordVPN is they claim to be offshore and "securely based in Panama." But I don’t believe that. CloudVPN INC, their payment processor, is based out of Lithuania, and there are clear ties to Tesonet... Just do a Google search. Suffice to say, NordVPN is fully operated out of Lithuania and Lithuanians own the company that processes all customer billing info. That whole offshore thing is a lie, and they have no clue about international law. But the big problem here is, Nord is dishonest! This is the big issue. Dishonesty. And, because they are being so dishonest, and choosing not to address it in public, it should make people wonder what else they are hiding. NordVPN if you want us to take down anything here, TELL PEOPLE THE TRUTH. Just admit that the majority of your operations are based out of Lithuania. They are not securely offshore (It doesn’t matter what their management says), and Lithuania is one of the worst countries for privacy and data retention laws. The official “Owner” of NordVPN such as the domains and trademarks, have gone through great lengths to disguise their identity by registering the entity in Panama. There is NO information on Tefincom co S.A. – the entity that owns Nord trademarks. Anyone, literally ANYONE, with $1500 can open a shady anonymous Panama company in just a few days. They’ll provide a local address, resident agent, nominee directors, and power of attorney to the person in control so they can pull the strings behind the mask of a panama corporation. WHY, would anyone trust their privacy to a company who’s owner wishes to remain anonymous, and outsources 100% of it’s daily operations, accounting, billing, software dev, and marketing to a company in Lithuania. (Who just happens to run a bunch of other VPNs). Moving on to why they are misleading users and need to be called out: They tell people they are more secure because they are based in Panama, all safely tucked away “offshore”. They are giving people legal advise that is completely incorrect. A persons billing information is no safer just because Nord’s parent is incorporated in Panama. Tefincom doesn’t operate the payment processing, Cloud VPN INC (Tesonet) does, and therefore holds all personal data on subscribers. The US CloudVPN INC entity is not immune to legal process and neither are CloudVPN INC's Lithuanian owners. So to recap: NordVPN is lying to users about being an “offshore” VPN provider. They are processing payments through a US company CloudVPN INC owned by Lithuanians. This is 100% true, not allegations. They even admit it. AND, they are going through great lengths to hide the identity of the individuals and/or companies that have majority ownership in NordVPN. People need to understand that transparency in company ownership is the SINGLE most important factor one should consider when picking a VPN. You are literally giving all of your web traffic to this company, you better know who they are, or else you cannot and should not trust them. Anyone who thinks that their billing info is safe tucked away in a Lithuanian office building should really consult an attorney.
Apparently it is as easy as adding the following to the client/server OPVN files: http://my.host.net.nz/2014/04/12/adding-perfect-forward-secrecy-to-openvpn/ Create a common private key, eg openvpn --genkey --secret /path/to/store/pfs.key Securely distribute this key to each OpenVPN client, then add the following to the server tls-servertls-auth /path/to/store/pfs.key 0 and this to each client tls-clienttls-auth /path/to/store/pfs.key 1 Without this, using OpenVPN standalone will lack some essential security features.