For those that remember and want to get to rebutting, please bear with me. I also know that this could get heated so please remember the human.
Way back, a time long ago but not so long it’s irrelevant, NordVPN was exploited and kept mum about the whole matter until much (much) later. You can read about the ordeal here, here, and here.
Now yes, maybe they shouldn’t have kept their users/clientele OOTL when the alleged breach occurred. However, we know now that it doesn’t matter as private data was private. This is highlighted further by the fact that NordVPN offers its users
a zero-logs VPN service. That means that we do not store your online activity. Nothing to store — nothing to see — nothing to share with anyone. [sic]
[Source]
The speeds are one of the best in the market, they keep data safe and secure, and they have been audited by an independent third party (you can read more about said audit here).
All in all, the VPN provider should be a top option for people.
/u/BeautifullyMediocre (OP) has awarded 3 delta(s) in this post.
All comments that earned deltas (from OP or other users) are listed here, in /r/DeltaLog.
Please note that a change of view doesn’t necessarily mean a reversal, or that the conversation has ended.
(https://www.reddit.com/r/changemyview/wiki/deltasystem) ^| (https://www.reddit.com/r/changemyview/wiki/deltaboards)
transparency is a key metric when vetting a company who’s primary selling points include security. they didn’t tell us this last time when it didn’t matter, how do i know i can trust them to tell us when it does matter? even a data breach of this caliber should still be made public knowledge as soon as the potential risks have been assessed. even if those risks are zero.
the fact of the matter is that when security is this important, companies like nord are incentivized to stay quiet because the media sensationalizes things. if they had gotten out in front of the media, prepared a press briefing, and explained that the situation was under control and that no data had been lost or stolen, nobody would have even remembered. but they sat on it. because keeping quiet meant the shareholders would be happy as the stock would have a lower likelihood of going down in the short term. that to me shows as a company who cares more about its investors than the customers it claims to protect.
i would never want to do business with a company who prioritizes the bottom line over your data security when one of their chief promises is data security.
Look, just because they weren’t “hacked per se” doesn’t make their behavior any less concerning. The real issue isn’t about whether private data was exposed - it’s about trust and transparency.
They kept that security breach hidden for 18 months. That’s not a small oversight, that’s a deliberate choice to keep users in the dark. How can you trust a company whose entire business model is based on security when they hide security incidents?
Their “zero-logs” policy means nothing if they’re not upfront about vulnerabilities. And let’s be real - every VPN provider claims to have a “zero-logs” policy. That audit you mentioned? It’s from 2022, years after the incident, and they paid for it themselves.
The market has way better options now. Mullvad doesn’t even require an email to sign up. ProtonVPN is based in Switzerland with stronger privacy laws. Mozilla VPN uses Mullvad’s infrastructure but with better transparency.
NordVPN spends more money on YouTube sponsorships than on actual security improvements. Fast speeds don’t matter if you can’t trust the company running the servers.
Would you keep using a bank that waited 18 months to tell you about a potential security breach, even if no money was stolen? Same principle applies here.
What exactly do you mean by “it’s okay”? Do you mean safe? Other VPN services would also qualify by this metric.
One could argue you put yourself at a higher risk by using one because your traffic is being parsed by a third party, meaning a malicious actor would only have to breach the VPN service to gain access to your data. Just because there hasn’t been a breach in the past doesn’t mean there will never be one.
Sure, it’s okay to feel safe using NordVPN now using their track record, but there’s an inherent risk to using one, and it’s often times useless to use one. I’m not exactly sure what viewpoint you’re having me change here.
Quite frankly, I’m satisfied with the service really. I don’t usually need to use a VPN, but that doesn’t stop me from doing so now, since it barely affects speed at all (and usually only turn it off while gaming).
All in all, been a registered user for three years now, and I feel good about it.
It is in general okay, however, for the most part, VPNs are quite useless, so could you expand on what reasons you have for getting one?
OK to use it? I mean sure, most people really don’t need a vpn for much at all, and are just buying it to bypass network restrictions and geofences. It works fine for that.
But a top option? Hardly. Mullvad and Proton are basically better on all fronts. They have far better privacy policies, mullvad notably conducting business such that you don’t even need to provide an email, and accepting both cash and crypto as payment, meaning you can remain 100% unknown to them beyond “this account number has paid”. They’ve had multiple genuine external audits, which they are wholly transparent about, including vulnerabilities found and how they’ve chosen to address them
Proton offers, in my own personal opinion, a better service, though it’s absolutely in the margins for most people, with the downside of only matching mullvad in price when you lock in a 2 year subscription. And I don’t think most would mind being able to “only” pay by credit card and PayPal.
So with genuinely good options available, why should people sit down, look at their options, and say “yeah, I’ll pay for nordvpn”?
the fact of the matter is that when security is this important, companies like nord are incentivized to stay quiet because the media sensationalizes things.
Agreed. Which is why it’s easy to see why they kept quiet.
if they had gotten out in front of the media, prepared a press briefing, and explained that the situation was under control and that no data had been lost or stolen, nobody would have even remembered.
I’m not so sure. Whilst you and I agree that the media would have sensationalised the whole thing, it is easy to see them keeping quiet so that they could limit attacks on the company until the whole thing had been fully investigated. An independent audit found them to be in the clear.
I see. I suppose I hadn’t thought about exactly *what* it was that NordVPN kept hidden. I see now that they betrayed their customers about it all and maybe they should have informed everyone asap. Thank you.
!delta
My point is that people should not have a personal boycott of using NordVPN because it is safe to use despite their shaky past.
VPNs are quite useless
I don’t want nasty letters from my ISP when I illegally download movies so I use a VPN when I do that. Also, it’s not super common, but once in a while, I’ll be travelling and whatever hotel I’m at will block porn sites on their in-house wifi. (I couldn’t tell you why but I’d speculate that it’s either because the workers use the same network and HR made them block it, or to drum up pay-per-view sales.)
VPNs are usefull for both of these situations.
My post isn’t about whether one should or should not get a VPN. Rather it is about accepting that NordVPN is an acceptable option despite its shaky past which wasn’t shaky at all.
right but how can you justify waiting a year after the incident to tell your customer base? they only told us because they got caught. how can you trust someone who will sell you to the shareholders any chance they can? you conveniently ignored my statements about how nothing bad happened this time, but that won’t always be the case. if the next attack is big, and they tell nobody, it could do a lot of damage. they have lost trust and have made no significant steps to regain that trust. the only thing that audit proves is that the data was secure. it didn’t prove they handled the situation adequately and in a timely manor.
I think most people who are “against” using Nord VPN are against the idea of using a VPN in the first place. They sell their product by targeting and overstating the fears of consumers. Most people use them to pirate.
But to address any potential resistance towards this service: If someone doesn’t want to use nord because someone got a hold onto an expired certificate, they’re completely justified in feeling that way. It’s their data. Just because the breach didn’t involve user data doesn’t mean a potential customer isn’t allowed to feel that a lack of oversight that led to the incident in 2018 isn’t indicative of something more that could spell trouble into the future.
It doesn’t really matter what methods Nord uses to parse or store data, human error is the largest cause of breaches. The 2018 incident to me looks like an error in human judgment because they chose to partner with a service that was irresponsible. That makes them irresponsible. I don’t care what their marketing team says to downplay that.
That’s unfair - I hate NordVPN and don’t use it because of their ad spam. Nord, squarespace, and Raid Shadow legends are a pox upon advertising on YT.
They don’t really do anything that the normal user needs.