NordVPN was busy getting its VPN product checked thoroughly again, and they are now ready to announce the results proudly. The auditing firm “PwC Switzerland” has found the software and the underlying infrastructure to be compliant with the no-logs claims made by the VPN company. The assurance procedure took place between May 20 and May 28, 2020, with the auditing entity being given full access to the NordVPN service. The overall conclusion of PwC is that there are no signs of violation of the promises made by the VPN company to its users.
PwC Switzerland conducted interviews with NordVPN employees, server configuration inspections, technical log inspections, and looked deep into auxiliary and third-party servers connected with the product’s network. This time, the assurance process involved NordVPN’s obfuscated Double VPN and P2P servers, which were left out in 2018 when the company had engaged an auditor to evaluate their no-logs claims. That said, the auditing engagement was a lot broader this time, covering all aspects and technical infrastructure of the VPN firm. This extension of the evaluation spectrum was the first reason why NordVPN contracted PwC for this audit.
The second big reason for doing this is to generate some positive, prestige-heightening, and trust-building news. Sure, audits are a risk when you can’t be sure about the results, and this is why you never read these types of stories for controversial or shady VPN tools. The products that are confident about their ability to abide by their promises don’t hesitate to conduct these in-depth examinations. Even if something unexpected is discovered, they have the chance to fix it before it gets exploited in the “real world,” sending their reputation and years of hard work down the drain.
The last time that NordVPN completed a penetration-testing security audit on its VPN products was in October 2019, when VerSprite performed vigorous simulated attacks against it. As a result of this, seven low-level, six medium-level, four high-level vulnerabilities were found and fixed. Last May, NordVPN contracted “Cure53” to audit NordPass, the company’s newly launched password manager. This also led to the discovery of nine issues, which NordVPN addressed even before the auditing procedure was concluded. That said, audits aren’t only about communicating the superiority of your products, but also about finding gaps and plugging them.