When & why NordVPN (and other VPNs) would log your data

Contrary to popular belief, privacy has little to do with the proliferation of VPN services in recent years. The majority of the time, they are used to bypass restrictions on websites, video streaming services, and other online services, but their primary purpose is to increase your online privacy.

In order to prevent your internet service provider from seeing what you are doing (as it can if you don’t utilize a VPN), they accomplish this by encrypting the data being sent to and from your computer, phone, or tablet.

However, if you use a VPN, all of that data is routed through a server that belongs to the VPN provider. The VPN service may see what you’re doing since the data must first be decrypted at the VPN server before it can be transferred to its final destination. The majority of the data is already encrypted due to https and other online technologies, so the VPN encrypts the data that has already been encrypted.

Furthermore, any reliable VPN service will be set up to function so that none of this data is ever recorded or preserved. A no-logs policy refers to anything like this. This means that nothing about the websites you visit, the times you connect and detach, the files you download, and most definitely not your IP address (which could be used to identify you in connection with that activity) is ever stored or kept.

To prevent data from being inadvertently logged, several VPN services, like NordVPN, have gone so far as to outright remove hard drives from their servers or make them read-only. The servers use RAM as temporary storage for the files required to execute the service, and any data in RAM would be lost if the server was ever taken by law enforcement when it was unplugged.

However, if you carefully read the privacy policy of a VPN provider, which often contains information about any no-logs policy, you’ll frequently discover that some data is recorded.

This is generally accepted industry practice, and since it’s all anonymous, it can’t be linked to any particular user. This is almost always done to track the service’s effectiveness and enhance it.

The types of devices people use, such as an iPhone, a Windows laptop, or an Amazon Fire TV Stick, are recorded, as are the servers they connect to (to determine which are the most popular so that more can be added in the locations that most need them). The number of simultaneous connections is also enforced.

For instance, NordVPN permits six simultaneous connections to the service. If it didn’t log anything at all, it wouldn’t know how many devices you had connected to its service and wouldn’t be able to prevent you from connecting more than six.

In many circumstances, you must have faith in a VPN provider to uphold the terms of its privacy policy, but NordVPN and a select few others hire outside firms – auditors – to investigate and confirm that they are in fact following those policies. One of the things we consider when reviewing a VPN service is this.

Even though an audit is good, if you read the fine print even further, you might come across language like this on NordVPN’s Warrant Canary page: “We are 100% committed to our zero-logs policy – to ensure users’ ultimate privacy and security, we never log their activity unless ordered by a court in an appropriate, legal way.”

You have every right to worry about this. We have a pretty excellent zero-log policy, but we’ll record your data if a judge orders us to, it seems to say.

However, isn’t the reason NordVPN is domiciled in Panama to begin with to avoid such court orders? Although the page itself is still dated June 20, 2017, the original wording on this website said that NordVPN will not abide by requests from foreign governments and law enforcement organizations. This wording was altered back in January 2022.

When asked whether it will log data, NordVPN’s support service still uses the same terminology that was used when the move was initially widely reported in the tech press, including PCMag. The fact that this is the situation with all other lawful, reputable VPN services and – more crucially – that a court would ever make a request like this is not especially clear and doesn’t really help NordVPN.

You might be asking what kind of circumstance would require a court to mandate the logging of data. Was it to keep an eye on alleged criminal activity? Yes, most likely. Would that criminal action resemble unlawful movie downloads? Virtually probably not.

As an alternative, an order can apply to all VPN service users as a whole rather than a specific person. A nation’s laws could be amended to require data retention. Additionally, many others disobeyed, like NordVPN, which took down its Indian servers.

To obtain some explanation on the phrasing, we chatted with Laura Tyrylyte, head of public relations at NordVPN. She said to Tech Advisor, “NordVPN is a respectable business that complies with all legal requirements. Due to our ideals and our ability to do so lawfully, we do not log any customer data, and our entire infrastructure is designed with privacy in mind. However, just like any other lawful business, we are required to accede to valid requests if they are made by abiding by all necessary legal procedures.

Therefore, a court may theoretically issue a legally enforceable order requiring a firm to change its infrastructure in order to log user data. Again, theoretically and in very narrow situations, courts have the power to mandate just about anything. Such [an] instruction would be unprecedented, improbable, and highly challenging to execute. We would contest it up until the point where we had no more defenses left, but (again) it is theoretically doable.

“The same holds true for every other business in the globe. Being the biggest VPN service provider in the world for ten years, we have never even been near to such a circumstance, but we don’t want to mislead our clients into thinking we can break the law. No trustworthy business can.”

Therefore, theoretically, NordVPN and any other trustworthy VPN provider might be made to log user data and modify their hardware and software if required to do so.

However, the possibility of it being requested is slim, and even if it did, the VPN service should make every effort to resist the request.

You can also see if a request has been made by visiting websites like NordVPN’s Warrant Canary, at which point you can choose whether or not to keep using the service.

According to NordVPN as of July 14, 2022, it has:

  • NOT received any correspondence related to national security;
  • NOT been subjected to a gag order;
  • NOT gotten any warrants from any sort of government agency.

A VPN should be viewed by the majority of users as an additional layer of security and privacy when accessing the internet, and we’re talking about consumers here. It’s critical to comprehend their restrictions and what they are and are not capable of.

It’s unfortunate that many continue to make the false notion that they can make you anonymous online. They won’t prevent your ISP from monitoring your internet usage or how much data you download.

They are a valuable tool, whether you just want to unblock US Netflix or want to hide your online activities from a government that wants to keep an eye on everything its citizens do.

Leave a Comment