In an industry first NordVPN has held its no logs service up to the scrutiny of an independent audit.
NordVPN has always claimed to be a no logs VPN service, but this claim was thrown into doubt during a heated online debate this summer about its ownership.
In order to back up this claim, and reassure customers as to its integrity, NordVPN has commissioned an independent audit of its logging systems.
An audit like this has never been performed on a VPN service before, so here at ProPrivacy.com we were very excited to get our hands on it.
The audit
The audit was performed by one of the world’s big four auditing firms. Unlike audits of the kind recently published by Surfshark, that look at the technical security of a providers’ software, this audit focused on the logs that NordVPN does and does not keep.
This is a market first, and a welcome one, as increased transparency over no logs claims is desperately needed.
At present, the audit is only available to a pre-selected list of journalists. At bestVPN.com we were lucky enough to be among the first to see the results.
We were pleased to learn that the report fully endorses NordVPN’s no logs claims. A small amount of non-personally identifiable server usage data is collected, but this presents no threat to users’ privacy.
The audit we were shown does not provide much in the way of detailed technical information, although it does outline the procedures the auditing firm used to reach its conclusions.
At present, it is less a full audit than a statement from the firm that it looked at NordVPN’s systems and found everything to be satisfactory in regards to its no logs claims. This auditing company is a notably trustworthy independent auditing body, whose word we are more than happy to trust.
Limitations
Any audit with the scope of this one does have clear limitations. It can only provide a snapshot of what is happening in certain locations at the time the audit was performed.
As NordVPN itself acknowledges:
“The audit can only refer to our service and server configurations as of November 1st 2018. Because a digital service can be reconfigured, we understand why the audit cannot apply its conclusions to a broader scope of dates.”
Crucially for subscribers, what it does prove is that NordVPN has the systems in place to provide an entirely no-logs VPN service. NordVPN has also promised to carry out regular audits in the future to help verify that these systems remain in place, and are part of NordVPN’s standard mode of operation.
ProPrivacy.com’s Expert Opinion
Here at ProPrivacy.com we have long wished for a way to audit VPN providers’ no logs claims. The logs a VPN service does or does not keep, is a much bigger danger to its users’ privacy than the technical security it uses, and is therefore the single most important point of failure.
Even basic technical security will protect VPN users’ data and browsing habits from most individual criminal hackers. State-level actors are a different ball-game, but even these will go after a provider’s logs long before they attempt to compromise a VPN client’s technical security measures.
Every single case that has become public, where a VPN user was caught out, was the result of a provider handing over its logs to the authorities, sometimes under duress.
Obviously, if a VPN provider keeps no logs then it has nothing it can hand over. Which is why the integrity of a provider’s no logs claim is so vital to its privacy credentials.
No audit of a provider’s logging claims can prove with total certainty that no logs are kept when the auditor goes home, but an audit of the kind performed on NordVPN provides the highest level of transparency it is possible to get.
NordVPN’s approach is trailblazing and we sincerely hope that it encourages other VPN services to follow suit.
Conclusion
An audit of this kind provides the highest level of transparency possible in relation to verifying a VPN provider’s logging claims.
The bottom line is that one of the world’s foremost independent auditing companies has looked in detail at what and how it logs data and has given NordVPN’s no logs claims its seal of approval.
Right now, this makes NordVPN unique in the VPN industry and we hope where they lead, many others will follow.