How NordVPN protects the privacy of its customers
Today, PCMag released an article stating that NordVPN has “quietly changed a 2017 blog post to note that it does comply with lawful requests for data.” The sole reason we made the change in our blog post was to dissociate ourselves from bad actors. The wording was prone to misinterpretation and we wanted to be clear about how we operate. We also sent a comment to PCMag about it.
However, the article creates an impression that something has fundamentally changed within our policies and the way we approach user privacy. That we perhaps somehow stopped respecting our values and our promise to our customers and will now log user data under the request of law enforcement. Nothing has changed. There is no legal obligation for us to log user activity, and we won’t. Our infrastructure is built around the idea of privacy. That said, there are few things we want to make clear, to avoid confusion:
- From day one of our operations, we have never provided any customer data to law enforcement, nor have we ever received a binding court order to log user data. We never, for a second, logged user VPN traffic, and the results of multiple audits prove that we are true to our policies.
- We respect the privacy and security of our customers, so even if we were to receive such requests, we would do everything to legally challenge them.
- However, if a court order were issued according to laws and regulations, if it were legally binding under the jurisdiction that we operate in, and if the court were to reject our appeal, then there would be no other option but to comply. The same applies to all existing VPN companies if they operate legally. In fact, the same applies to all companies in the world.
There are some misconceptions regarding the power given to VPN services, and this has to change. Some people think that VPNs can somehow operate above the law and no matter what, they will never comply with lawful requests issued by a court. It simply isn’t accurate. True, there is very limited data that a no-logs VPN service can provide. The scope of such information is clearly defined and is limited to the payment data provided when purchasing a VPN service and email address. It is in no way related to user traffic. However, truly legitimate and reputable companies will always operate within the law. That is important to understand. It is also important to emphasize that nothing has changed in the way we operate our service. The only thing that changed was the wording of our blog post written in 2017.
In the past, we made moves to secure our infrastructure from risks arising from the actions of states that limit freedom of speech. We will always stand up for such a cause with everything that’s in our power.
The PCMag article mentioned in the beginning was written as a reaction to our comment and the adjustment of our blog post, in which we wanted to dissociate ourselves from illegitimate VPN companies. We are in a different league than VPNLabs.net or other VPN service providers that facilitate illegal activities and do evil instead of doing good. And we aim to be vocal about it.