NordVPN promises independent security audit amid data mining allegations


Popular VPN provider NordVPN has issued a stringent denial of claims, which have been circulating online, that the company has been involved in data mining. They have even gone so far as to commission an independent security audit to try and prove the claims to be false.

The Tesonet link

The claims have emerged as a result of a copyright infringement lawsuit which appears to link a company called Tesonet with Luminati, the owner of Hola VPN.

Hola VPN is a free VPN service which was found to be selling users’ excess bandwidth. They were doing this through a Lithuanian proxy service operated by a company called Tesonet.

The copyright lawsuit suggests that Tesonet has been using this technology elsewhere, in breach of Luminati’s copyright. And crucially, the lawsuit names NordVPN and even implies that Tesonet is the real parent company of NordVPN.

Were this to be the case, the possible implications for NordVPN’s service and its reputation could be significant. Since the lawsuit came to light, rumour and conjecture have abounded, much of which appears to have been spread, rather maliciously, by rival VPN services.

But NordVPN has come out fighting, issuing a strong statement in which they condemn these rivals for their underhand tactics, firmly deny the accusations levelled against them, and set out how they intend to prove the allegations false.

Firstly, NordVPN begin by explaining the nature of their relationship with Tesonet. They explain that Tesonet is a big tech player in Lithuania. While they acknowledge that Tesonet does offer a data mining service, they insist that this is just one of many services they provide and not one that NordVPN uses.

In response to allegations that NordVPN is, in fact, owned by Tesonet, there is a flat-out denial. This is important because if that claim were true, the assertions that NordVPN is based offshore in Panama would be false.

NordVPN insists that Tesonet is not their owner, merely a service provider and that they are, and have always been, operating under the laws of Panama.

NordVPN’s Security Audit plans

And what’s more, NordVPN say they can prove this too. According to them, anyone who uses Wireshark can perform a network scan which will analyse all of the requests that the NordVPN app is making. This, they claim, will prove that allegations that NordVPN is selling excess bandwidth in the same way as Hola VPN, is wholly false.

However, they acknowledge that this may not be enough for some. So, they have gone even further. In their statement, they confirm that they have hired the services of one of the world’s biggest professional service firms to run an independent audit and verify this and their no user logs claim.

They will not be the first VPN to carry out such an audit. Tunnelbear conducted a similar one last year. But they are probably the biggest provider to undertake such an audit so far, and it is certainly a statement of intent from them.

The Hola VPN link explained

NordVPN’s statement also seeks to clarify the extent of their relationship with Hola VPN. There have been some insinuations that there might be a business relationship between the two, with the implications that NordVPN is involved in “a data mining conglomerate.”

They insist that the only link between the two companies is that Hola VPN was one of NordVPN’s many affiliate partners and, when customers left Hola VPN, they would be referred to NordVPN, with the latter paying a small commission if they signed up.

There is no reason to doubt the voracity of NordVPN’s claims at the moment. There is certainly no proof that they are guilty of any of the allegations which have been levelled against them at the moment.

But, as things stand, NordVPN cannot categorically prove their innocence at this point either. They have laid out how they intend to do so, but that process will take time and, for the moment at least, their reputation has taken a bit of a hit.

Insufficient proof… for now

Our view is that, for the time being, there is not sufficient evidence for existing NordVPN customers to be unduly concerned. While the relationship between NordVPN and Tesonet is unfortunate, there is no proof that any wrongdoing has taken place.

However, we do reserve the right to change this stance depending on the emergence of future evidence. The results of the Independent Security Review into NordVPN’s service will make for extremely interesting reading, as will any further revelations that emerge from the copyright infringement trial in the USA.

But the strength of NordVPN’s denials and the lack of evidence to prove the case against them is sufficient, for now at least, for us to take the line that their service can still be trusted. NordVPN is innocent until proven guilty, and such proof is certainly not available at the moment.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.


  1. tylerzambori

    It does not matter that Tesonet does not own Nordvpn. What matters is that Darius Bereika is the CEO of both Tesonet and Cloudvpn, which apparently IS Nordvpn. Even this audit does not matter – it’s just a distraction. What matters is that Darius is the rotten fish head, and the fish rots from the head.

    I’ve been researching this, and I think what I’ve found is rather interesting.

    • Nordvpn has a shell company in Panama. It does not run Nordvpn. Nordvpn claims they are owned and run by Tefincom S.A. in Panama. The address they give is used by OTHER shell companies, as well as their own.
    • Nordvpn claims that their HQ is in Panama, and that Tefincom S.A. actually runs the company.
    • Nordvpn accepts payments through a company called Cloudvpn, Inc.
    • The president/director of Cloudvpn, Inc. is Darius Bereika. He lives in Lithuana.
    • Nordvpn has an app on the Google Play store, called Nordvpn. It is signed by Cloudvpn.
    • There is an old version of Nordvpn’s website in the wayback machine, which can be viewed in either English, or in Lithuanian. That means Nordvpn is based in Lithuania.
    • Darius Bereika is also the CEO of Tesonet.
    • Tesonet does, and HAS, run a data mining botnet.

    Whether or not Nordvpn is involved in any data mining, does not matter. This right here is very VERY SHADY. Why would you want to turn over all of your internet activity to this lot? Think about it! The only thing you have to rely on here is trustworthiness and transparency. I don’t see ANY trustworthiness or transparency going on here.

    I suppose it is possible that some other Lithuanian people own Nordvpn, and they just hired Cloudvpn to handle their payments for them in the US, AND code their Android app for them. Even then, these same Lithuanian people are still trying to hide behind a shell company in Panama. What is most LIKELY is that Cloudvpn IS Nordvpn, and Darius Bereika IS the CEO of Nordvpn.

    I posted this, plus my sources, here:

  2. max

    I’ve seen that the audit regarding no-logs policy have been completed. I’m a NordVPN user so I was able to see it in my account and as far as I understood it it does confirm that they do not keep logs. I’m quite happy about this as I was a little concerned. I guess I gained a couple of grey hair for nothing, jokes on me.

  3. Jerry

    I do not get why people are so paranoid about this. Everyone should be clapping their hands that the company hired a professional service firm to run an audit. And as I understand the results shows that everything looks okay.

  4. Rickon

    It’s quite funny how this scandal is turning out to be a perfect opportunity for Nord to prove their service as a legit one. Congrats to Nord for keeping up the good work. And shame to companies who waste their time digging through unrelated information instead of improving their service.

  5. Nick

    Was there a follow up article to this? It is hard to know if we can trust anyone these days

Leave a Reply

Your email address will not be published. Required fields are marked *