NordVPN.com is a popular VPN provider known for its dedication to protecting its users’ privacy. This is a reputation strongly bolstered by the fact that NordVPN is based in Panama.
There has been a storm brewing on the internet, however, about who NordVPN is and where it is based. Evidence has surfaced that demonstrates a strong link between NordVPN and Lithuanian network infrastructure provider Tesonet.
That this evidence was first presented by a certain rasengan has only served to fuel acrimony since rasengan is a handle used by Dr. Andrew Lee, co-founder and CEO of rival VPN service Private Internet Access.
An ugly court case
According to court documents used in an ongoing lawsuit between VPN provider Hola and Tesonet:
"Between November 2015 and June 2018, Hola, had a business relationship with Tesonet related to HolaVPN and Tesonet’s VPN service called NordVPN.”
Which is unfortunate, as one of the many projects that Tesonet is involved in is data mining:
"Tesonet offers large-scale web data extraction products and services under the OxyLabs brand. https://oxylabs.io/ (Exhibit E).”
It is a case that does credit to no parties involved. Hola is suing Tesonet for stealing its data scraping technologies during their business partnership, and embedding these technologies into its own products.
"9. The Asserted Patents are directed toward methods for fetching content over the
internet through the use of intermediary tunneling devices.
- Luminati, formerly known as Hola, provides a cloud service connecting tens of
millions of devices over the Internet through a proxy-based network. Each participating device
allows the network to utilize a small fraction of that device’s idle time for the network. Luminati
utilizes this network to provide proxy-based services to businesses.”
So Hola (the plaintive) itself admits selling data scraped from its VPN (proxy) customers. Nice. In the past, Hola has been accused of stealing customers’ bandwidth and other dubious practices.
NordVPN’s response
NordVPN has published an official statement on the issue in which it firmly denies any wrongdoing on its part, reiterating the company’s commitment to keeping no logs whatsoever. It also announced that it would commission an independent audit to verify its claims.
It must be said, though, that this statement left us with as many questions as answers. ProPrivacy.com therefore reached out to NordVPN for further clarification.
NordVPN told us that it does have close links with Tesonet, but that it is an independent entity owned by Panamanian company Tefincom S.A. Its trademark is also held by Tefincom. At no point has NordVPN been legally owned by Tesonet, and it has no connection to other projects that Tesonet might or might not be involved in.
NordVPN explained to us that Tesonet simply helps it with various infrastructure services on a strictly contractual basis, and is involved in payment collection in some cases. Their partnership gives Tesonet no control NordVPN’s policies or how it interacts with its customers.
Crucially, this means NordVPN has no connection to Hola, and is in no way involved with the Luminati vs. Tesonet lawsuit. NordVPN says being named "Tesonet’s VPN” in the court documents is a factually incorrect mistake, a fact that will be made clear when the case comes to court.
ProPrivacy.com’s expert opinion
UAB Tesonet is a large company with its fingers in many pies. We would like additional clarity about NordVPN’s exact relationship with Tesonet, but it seems entirely plausible to us that NordVPN is not involved in Tesonet’s other business interests, and that Tesonet has no influence on NordVPN’s internal operations.
The current slew of accusations and mud-slinging (started, it should be remembered, by a rival company) is based purely on circumstantial evidence. No matter NordVPN’s relationship with Tesonet, there no evidence whatsoever that it is anything other than the privacy-focused VPN provider it claims to be.
We nevertheless welcome NordVPN’s announcement that:
"We are hiring one of the largest professional service firms in the world to run an independent audit and verify our ‘no logs’ claim. The audit is expected to be completed within 2 months and will independently verify that the accusations are false.”
It is vital to get the parameters of this audit right, and it must be performed with total transparency. But assuming this is the case and that NordVPN is vindicated by its findings, an independent audit is the best possible way to lay the matter to rest.