NordLocker Review

NordLocker 2.0 is the latest version of the encryption tool developed by the highly respected VPN company NordVPN. We found it to be a powerful and easy-to-use product, albeit one that will face stiff competition from the wealth of free and open-source alternatives that are available. In this NordLocker review, we take an in-depth look at pricing, features, how secure it is, and more.

Our Score
4 / 5
Pricing
$3.99 - $7.99
Visit NordLocker

Pricing

A free version of NordLocker is available, which limits users to 2 GB of encrypted data. Free users can, however, decrypt files of any size sent to them. 

Premium users can encrypt unlimited amounts of data, and can choose between purchasing either an annual subscription or a monthly subscription. The annual subscription plan costs $38.28 for the first year of service as a special introductory offer. After the initial annual period, the price then gets bumped up to $59.88 annually for any subsequent years of service. For users who don't want or need to commit for a longer period of time, a monthly subscription plan is available for $7.99 per month.

nordlocker prices october 2024  

As with the NordVPN service, you can try 30 days of NordLocker Premium out for free with a no-quibble money-back guarantee.

It should be noted that a subscription model for the kind of thing which is normally offered as a stand-alone app raised eyebrows here in the ProPrivacy office, although there may be good reasons for it. 

Features

NordLocker is not open-source but is based on the excellent open-source gocryptfs per-file encryption app. This means that each file in a volume is encrypted and stored individually, so a change to one file does not mean re-uploading an entire encrypted container when stored online.

The beauty of this system is that if, for example, you open a Word document stored in a NordLocker container, edit and save it, then the changes are seamlessly saved in the encrypted document.  

This makes NordLocker a great choice for storing files securely on otherwise insecure cloud storage services such as Dropbox or Google Drive.  

Master password reset

When you create a new account, you also choose a master password which is used to encrypt your files (see technical security below). NordLocker also generates a recovery key that's only available to you and is best kept offline for added security. This can be used to reset your master password, but exercise caution. If you lose both your master password and the recovery key, then you won’t be able to open your files. 

Get NordLocker

New cloud storage add-on

NordLocker has recently introduced a new cloud storage feature, which is included for all NordLocker users. Free users get access to 3 GB of cloud storage, while Premium users get access to 500 GB of cloud storage. This is an excellent additional feature for NordLocker users since they'll get all the benefits of the encryption service as well as access to a generous chunk of cloud storage, at no extra charge.

And if you need additional cloud storage on top of the allotted 500 GB on the Premium plan, you can contact NordLocker directly and the service department can help you tailor your cloud storage capacity to your personal needs.

With NordLocker's new cloud storage add-on, you'll get premium cloud storage features like multi-device synchronization to allow you to access your files on any computer or device, easy drag-and-drop functionality, world-class encryption standards, and zero-knowledge privacy.

Overall, we think it's a great addition to an already superb product and one that users will surely find advantageous, especially since it comes included with both the free and premium plans.

Privacy and security

Jurisdiction

NordVPN is legally based in the Republic of Panama and the NordLocker Terms of Service make it clear that all legal disputes will be resolved in that jurisdiction. Panama has an uncensored Internet and no domestic surveillance we are aware of. 

It is also outside any direct sphere of influence of the United States and its Five Eyes spying partners, although a strong economic presence might allow the US to exert indirect pressure on the Panama government should it wish to. 

NordVPN has admitted to having close links with Lithuanian infrastructure provider Tesonet, but the exact nature of this relationship remains unclear.

Privacy policy

At present, the NordLocker website does not host any trackers, although its privacy policy gives it a great deal of leeway to perform extensive tracking of website visitors in the future.

NordLocker provides client-side encryption, so its developers have no access to your encrypted data, although some aggregated and pseudo-anonymized diagnostics and usage data are sent from its apps to Tefincom. The Windows client has an option to turn such sharing off, although this is sadly not present in macOS just yet.

All data which is collected may be shared with third-party service providers, affiliated companies, and officials in accordance with valid legal demands. European customers’ data is, of course, protected by GDPR.

Technical security

The first thing to note is that NordLocker is a closed-source proprietary software. This means we just have to trust its developers that it is what they say it is, and that it’s not doing anything it shouldn’t. Such is the nature of all closed-source software. 

All files are encrypted client-side, meaning that NordLocker provides end-to-end encryption. You encrypt your files, and only you or other NordLocker users you have chosen to share them with can decrypt them. 

So even if you store them somewhere wildly unsecure, such as Dropbox or Google Drive, they are secure. But with NordLocker's new cloud storage add-on, you won't need to worry about using unsecure cloud storage options anymore anyhow.

Data is secured using AES-256-GCM and the encryption keys hashed using Argon2. Both of which are tried and tested cryptographic primitives. Public key cryptography for the generation and authentication of asymmetric key pairs, however, is via Elliptic-curve cryptography (ECC) instead of the more common RSA. 

How NordLocker works

Locker keys never leave your desktop without being encrypted using your secret key and the XChaCha20 cipher with Poly1305 authentication. Your secret key is derived from your master password, which is hashed and salted using the Argon2 key derivation function. 

NordLocker has also now added a 'check for updates' function to its app, so you can ensure you are running the latest version – with any new security updates – with the simple click of a button.

Concerns about ECC cryptography

Elliptic curve cryptography has the big advantage of requiring much smaller key sizes, but its use is highly controversial. 

Its existing known vulnerability to side-channel attacks and its theoretical known vulnerability to quantum computing attacks are worrying enough, but even more worrying is how easy it is to insert backdoors into the algorithm.

Indeed, ongoing concerns that a backdoor might have been inserted into the Dual_EC_DRBG elliptic curve algorithm appear to be confirmed by internal NSA memos leaked by Edward Snowden. 

Despite such concerns, "the algorithm, as a whole, remains fairly secure" if properly implemented, which is a known problem. As an IASCA report on Elliptic Curve Cryptography notes.

In a nutshell, a lot of things can go wrong while ECC is being implemented. There are numerous examples of how the failed implementation of ECC algorithms resulted in significant vulnerabilities in the cryptographic software.

And being closed-source, there is simply no way to know how well ECC cryptography has been implemented in the NordLocker software. In fairness to NordLocker, though, the kind of attacks that ECC is vulnerable are unlikely to be part of most of its customers’ threat models.

Sharing files

Lockers, folders and individual files (which are converted into Lockers) can be shared with other NordLocker users via almost any means – by email, via a shared Dropbox folder, on a USB stick and various other methods. 

dropbox, onedrive, box, and google drive logos

Thanks to asymmetric public-key cryptography (ECC), only the intended recipient, identified by their email address, can unlock the Locker using his or her own private key. 

Due to this, we assume that it requires some form of centralization in order to distribute customers’ public keys to senders. 

Add user access for NordLocker

If this is the case, then it explains why NordLocker works on a subscription model rather than being sold as a stand-alone product. But it also raises questions about whether NordLocker can keep a record regarding who sends files to who. 

Get NordLocker

Customer Care

The website features a fairly simple FAQ and some troubleshooting guides. 24/7 live chat support is promised but was not available when this review was written. Instead, early adopters will have to rely on email support, which is already in place.

Ease of use

NordLocker is available for Windows and macOS. The Windows app requires the .Net Framework 4.8, which must be installed during setup if it is not already present on your system.

Once opened with your master password, a NordLocker container acts just like a regular folder. Files will be opened by their usual programs and seamlessly re-encrypted when changes are saved. 

NordLocker Folder

To encrypt files, just drag and drop them into an open Locker window. You will be asked if you want to keep the original or move it to the Locker-only. You can add user access for other NordLocker customers, which is particularly useful for sharing Lockers that are stored online. 

To store a Locker online, simply upload it to your cloud service of choice (if you are using a third-party cloud storage service). If you store a Locker in your cloud folder, then any changes made to files to it will be immediately mirrored in your cloud storage.

You can also share files and folders by converting them into new Lockers and then sharing them by whichever means you prefer. As already noted, this feature is still in the works at the time of writing. 

NordLocker folder sharing

In Windows, shared Lockers are simply saved so that you have to share them yourself manually, such as by adding one as an email attachment. The macOS app has slightly better OS integration, allowing to share Lockers using the built-in macOS sharing function automatically.  

Final thoughts

NordLocker is a very polished product. It looks great and provides arguably the easiest way we have seen to encrypt files locally or in the cloud and to share them with others securely. 

We are not convinced that the use of Elliptic curve cryptography is the best choice, but the technical security used to protect your data is otherwise very robust. It’s just a shame that the app is closed-source, so we can’t really see what is going on or how well the security has been implemented. 

Our other big concern is pricing. The encryption app space is already crowded, with plenty of excellent and fully open-source options available. We will say that none of these are as polished or versatile as NordLocker, but they are free and open-source. 

NordLocker is not cheap (especially compared to free), and even as a commercial product its subscription model is a little jarring for what many would think of as a stand-alone product deserving a one-off price tag. But as we have already speculated, there may be reasons for this. 

It would be nice to be able to access encrypted files from mobile devices, but we would be very surprised if iOS and Android apps are not in the works. 

Overall, we think NordLocker is a very good product that offers a unique take on encrypting files locally and in the cloud. But it’s neither free nor open-source. 

Get NordLocker

0 User Reviews

Leave a Review

Your comment has been sent to the queue. It will appear shortly.

Thanks for your review!

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

8 Comments

Hendrik Dieter
on April 28, 2020
I just checked the NordLocker website and it seems that they changed their pricing quite radically. It's significantly cheaper now - only $12 a year or $1.49 per month. At the same time though they reduced the amount of encryption you get on a free plan to 2GB. You win some you lose some, but I think you should update this review to reflect that.
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small.png
Douglas Crawford replied to Hendrik Dieter
on April 28, 2020
Hi Hendrik. Thanks for letting us know. Yup, that's a big price change! Updating the article now.
Stef
on April 25, 2020
You can't be serious. Nordlocker didn't work for form the start even after reinstalling "Failed to mount locker container" so i can't recommand this crap.
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small.png
Douglas Crawford replied to Stef
on April 27, 2020
Hi Stef. Um... not quite sure what to say to this. As you can see from the screenshots I took, it definitely worked for me! Did you contact Nord's support?
Kaiden
on January 6, 2020
I’m also a bit disappointed that they don’t have mobile apps but hope they will fix it in the future as it was recently released. Despite this fact Nordlocker works easily without any issues so far.
Peter
on December 4, 2019
Haven't got the same luck. Tried to install the NordLocker folder on diff. drives (and folders) with the same error msg. Can't not create folder! Even in the \documents folder!! Not available on mobile apps yet. So this thing is *not* ready for prime time yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: