Popular VPN provider NordVPN has issued a stringent denial of claims, which have been circulating online, that the company has been involved in data mining. They have even gone so far as to commission an independent security audit to try and prove the claims to be false.
The Tesonet link
The claims have emerged as a result of a copyright infringement lawsuit which appears to link a company called Tesonet with Luminati, the owner of Hola VPN.
Hola VPN is a free VPN service which was found to be selling users' excess bandwidth. They were doing this through a Lithuanian proxy service operated by a company called Tesonet.
The copyright lawsuit suggests that Tesonet has been using this technology elsewhere, in breach of Luminati’s copyright. And crucially, the lawsuit names NordVPN and even implies that Tesonet is the real parent company of NordVPN.
Were this to be the case, the possible implications for NordVPN’s service and its reputation could be significant. Since the lawsuit came to light, rumour and conjecture have abounded, much of which appears to have been spread, rather maliciously, by rival VPN services.
But NordVPN has come out fighting, issuing a strong statement in which they condemn these rivals for their underhand tactics, firmly deny the accusations levelled against them, and set out how they intend to prove the allegations false.
Firstly, NordVPN begin by explaining the nature of their relationship with Tesonet. They explain that Tesonet is a big tech player in Lithuania. While they acknowledge that Tesonet does offer a data mining service, they insist that this is just one of many services they provide and not one that NordVPN uses.
In response to allegations that NordVPN is, in fact, owned by Tesonet, there is a flat-out denial. This is important because if that claim were true, the assertions that NordVPN is based offshore in Panama would be false.
NordVPN insists that Tesonet is not their owner, merely a service provider and that they are, and have always been, operating under the laws of Panama.
NordVPN’s Security Audit plans
And what’s more, NordVPN say they can prove this too. According to them, anyone who uses Wireshark can perform a network scan which will analyse all of the requests that the NordVPN app is making. This, they claim, will prove that allegations that NordVPN is selling excess bandwidth in the same way as Hola VPN, is wholly false.
However, they acknowledge that this may not be enough for some. So, they have gone even further. In their statement, they confirm that they have hired the services of one of the world’s biggest professional service firms to run an independent audit and verify this and their no user logs claim.
They will not be the first VPN to carry out such an audit. Tunnelbear conducted a similar one last year. But they are probably the biggest provider to undertake such an audit so far, and it is certainly a statement of intent from them.
The Hola VPN link explained
NordVPN’s statement also seeks to clarify the extent of their relationship with Hola VPN. There have been some insinuations that there might be a business relationship between the two, with the implications that NordVPN is involved in “a data mining conglomerate.”
They insist that the only link between the two companies is that Hola VPN was one of NordVPN’s many affiliate partners and, when customers left Hola VPN, they would be referred to NordVPN, with the latter paying a small commission if they signed up.
There is no reason to doubt the voracity of NordVPN’s claims at the moment. There is certainly no proof that they are guilty of any of the allegations which have been levelled against them at the moment.
But, as things stand, NordVPN cannot categorically prove their innocence at this point either. They have laid out how they intend to do so, but that process will take time and, for the moment at least, their reputation has taken a bit of a hit.
Insufficient proof… for now
Our view is that, for the time being, there is not sufficient evidence for existing NordVPN customers to be unduly concerned. While the relationship between NordVPN and Tesonet is unfortunate, there is no proof that any wrongdoing has taken place.
However, we do reserve the right to change this stance depending on the emergence of future evidence. The results of the Independent Security Review into NordVPN’s service will make for extremely interesting reading, as will any further revelations that emerge from the copyright infringement trial in the USA.
But the strength of NordVPN’s denials and the lack of evidence to prove the case against them is sufficient, for now at least, for us to take the line that their service can still be trusted. NordVPN is innocent until proven guilty, and such proof is certainly not available at the moment.