All products featured here are independently selected by our editors and writers. If you buy something through links on our site, Mashable may earn an affiliate commission.
Great for power users, NordVPN is a highly customizable service bundled with lots of security features. A poorly handled breach clouds its reputation, but it's made some commendable gains in privacy and transparency in the years since.
Solid privacy practices, including bug bounty program
Long-term plans are a decent value
30-day money-back guarantee
24/7 support via email and live chat
Works on a huge variety of platforms
Kill switch, split tunneling, and multi-hop connections ("Double VPN")
Comes with an anti-malware/tracker tool and a dark web monitor
Subscriptions can be upgraded with password manager, file encryption, dedicated IP, and more
The Bad
Expensive monthly plan
Occasionally struggled to connect in testing
Split tunneling is only available on Android, Android TV, and Windows
Some lingering transparency concerns
UPDATE: Sep. 2, 2023, 5:00 a.m. EDT We've revisited this review as part of an ongoing overhaul of Mashable's VPN coverage based on stricter criteria and hands-on testing. Our analysis will continue to evolve as we keep using NordVPN over the coming months.
After 11 years on the market and a number of high-profile influencer sponsorship deals, NordVPN is easily the most recognizable name in the VPN space. Does it live up to the hype?
My testing confirmed that most of what you've already heard in YouTube and Twitch adslots is true: NordVPN is a highly customizable service with a slew of features that offers a great value if you opt for a long-term plan. I wish its approach to transparency was as historically aggressive as its marketing strategy, but it's made some admirable headway on that front in recent years.
How much does NordVPN cost?
NordVPN offers three different subscription tiers, which vary in price depending on the plan's length and included extras. Each one supports up to six simultaneous connections per account:
NordVPN Standard ($12.99/month, $4.99/month per year, or $3.79/month per two years with three free bonus months) includes the VPN service and Threat Protection, an anti-malware and tracker/ad-blocking tool.
NordVPN Plus ($13.79/month, $5.79/month per year, or $4.59/month per two years with three free bonus months) tacks on NordPass, a cross-platform password manager with a data breach scanner.
NordVPN Complete ($14.99/month, $6.99/month per year, or $5.79/month per two months with three free bonus months) throws in NordLocker, a file encryption tool with 1TB of cloud storage.
You can flesh out any plan with two other add-ons:
A dedicated IP, or static IP, is an IP address that's exclusively assigned to you whenever you connect to the VPN. It's less likely to get flagged by streaming services and other sites that block VPNs by looking out for IP addresses with multiple users.
Incogni (starting at $3.69/month) is a service that scrubs your personal information from the web.
For the purposes of this review, I only tested the VPN service itself (via NordVPN Standard).
NordVPN offers a 30-day money-back guarantee within the first 30 days of a subscription and accepts credit cards, cryptocurrencies, PayPal, Amazon Pay, and Google Pay, among other payment options.
NordVPN works on Windows, Mac (which I used), Android, iOS, Linux, Chrome, Firefox, Edge, Android TV, Fire TV Stick, Chromecast, Kindle Fire, Raspberry Pi, and gaming consoles via hotspot or router.
NordVPN automatically uses its proprietary NordLynx protocol, which is built around WireGuard, though you can manually select OpenVPN instead.
The NordVPN desktop app features a simple world map stippled with blue dots representing the locations of its servers, which turn green when you're connected to them. A bar at the top of the window displays your current connection status alongside a "quick connect/disconnect" button.
As a visual person, I'm a big fan of the map.Credit: Screenshot: NordVPN
Users can connect to a NordVPN server simply by clicking that button, clicking a dot on the map, or by selecting one of the options on the left side of the app window:
The downloads, speed, and browsing presets are shortcuts for servers that have been optimized for their respective activities.
The alphabetical countries list makes it easy to select a server in a specific location if you don't feel like panning through the whole map. (NordVPN had more than 5,700 servers in more than 60 countries worldwide at the time of writing — it's not the best global diversity we've seen among premium VPNs, but it's still pretty respectable.)
The five specialty servers are shortcuts for advanced connection types like your dedicated IP, if you added one to your subscription; double VPN (aka multi-hop) servers; obfusticated servers that can supposedly bypass VPN-blocking firewalls; Onion Over VPN servers that route your traffic through the Onion network (Tor) after it's encrypted by the VPN; and P2P servers that are optimized for torrenting.
NordVPN also offers a split tunneling function, but only on Windows, Android, and Android TV.
Selecting "Onion Over VPN" put me on one of NordVPN's specialty servers in Switzerland.Credit: Screenshot: NordVPN
There's a column of icons on the top left-hand side of the NordVPN app, which open tabs for your presets, your usage statistics, and several baked-in security features. These include the threat protection blocker; a dark web monitor that trawls the internet for credential leaks associated with your account's email; and a Meshnet feature that lets you route traffic and share files through trusted devices.
There are two more icons in the bottom-left corner of the app. One of them opens a preferences tab where you can play around with different settings — including a kill switch, which needs to be manually enabled. The other icon pulls up a trio of shortcuts that link out to email support, an online help forum, and some activity logs the app retains for troubleshooting purposes. (A NordVPN spokesperson told me these logs are stored locally and only contain information about usage and possible crashes, not sensitive user data.)
It's very apparent that NordVPN is geared toward power users who want to be able to noodle around with every aspect of their VPN experience. As for me, I tested NordVPN solely within the scope of casual, everyday browsing and streaming, and primarily on my nearest local server in Chicago.
My experience was a mostly positive one. NordVPN sometimes took 30 seconds to a whole minute to connect, both when I was home and at a nearby coffee shop — long enough to be actively annoying. But it ran unnoticed in the background once the connection was made, and DNS leak tests confirmed it consistently hid my true IP address. What's more, an Ookla Speedtest showed a negligible impact on my download speed and ping.
Regular internet connection versus nearby NordVPN server
Credit: Screenshot: Ookla
Credit: Screenshot: Ookla
I did notice slow load times when I tried out some NordVPN servers abroad, but that's to be expected since my traffic was traveling a greater distance. (This was reflected in another Ookla Speedtest that measured high ping.) More importantly, I had zero trouble unblocking ITVX, the BBC iPlayer, and Netflix UK when I connected to one of NordVPN's British servers. And once shows loaded, they played without any buffering or lagging.
Regular internet connection versus French NordVPN server
Credit: Screenshot via Ookla
Credit: Screenshot via Ookla
Is NordVPN trustworthy?
NordVPN is respectably clear about the personal data it does and doesn't collect. Its record of transparency is a little iffier, but some amends have been made.
The NordVPN privacy policy "guarantees a strict no-logs policy" for its services, promising never to track, collect, store, or share users' internet activity with third parties. (This covers user bandwidth, traffic, IP addresses, and browsing history.) "From the moment a NordVPN user connects to one of our VPN servers, their internet data becomes encrypted," the policy reads.
NordVPN does collect some technical data associated with users, mainly to optimize their experience. Statistical server load information plays a part in its server recommendations, for instance, while concurrent active sessions are kept in check based on usernames and session timestamps. (Those timestamps are then deleted after 15 minutes.) It also processes basic billing information in order to collect payments for its service.
NordVPN's no-logs claim has been verified in three independent audits. It's never been forced to prove the legitimacy of this claim in court or as part of an investigation, unlike other popular providers, but that's through no fault of its own: According to the company's warranty canary, which gets updated daily, it's never received a single National Security letter, gag order, or government warrant.
NordVPN's transparency efforts fell short of what we expect from an industry-leading provider back in 2019, when the company revealed one of its servers at a third-party data center in Finland had been breached six months after the fact — and really only when the news reached X (then Twitter).
NordVPN said in a blog post that no user credentials or activity logs were compromised in the breach, and that the affected server was immediately "shredded." It also addressed its delayed disclosure to the public, citing a need to make sure the attack couldn't be replicated on any of its other servers. Still, the incident was a major knock against its reputation at the time, and perhaps rightfully so: It's hard to trust a VPN that seems like it's trying to hide something. (For further reading, I highly recommend this analysis by Max Eddy, former lead security analyst at our sister site PCMag.)
The good news is that NordVPN has used this incident as an opportunity to re-examine and overhaul its privacy and transparency practices. In the years since, it's launched a bug bounty program, established new security standards for its partnered data centers, and started upgrading its network to diskless servers that don't store anything locally. It's also subjected its NordLynx protocol, apps, and infrastructure to independent audits, and fixed vulnerabilities accordingly.
Is NordVPN worth it?
Power users will make the most out of NordVPN, but it's still easy enough for casual and first-time VPN users to navigate. Overall, it's a versatile and flexible VPN service that's a killer deal for long-term subscribers given everything it includes — even at the most basic tier.
Features aren't everything when it comes to VPNs, though, and potential subscribers should decide for themselves whether NordVPN has done enough to redeem itself since its breach bungle.
We put the VPNs we review through a series of hands-on stress tests for a few weeks at a time. For this latest update, I had NordVPN running for two weeks while I browsed, participated in video calls, shopped, and streamed (both domestic and international content). I performed several DNS leak tests to determine whether the VPN was actually concealing my public IP address. I also ran Ookla Speedtests to get a feel for how it affected my connection. I performed all of my testing on a Mac but will try NordVPN on other platforms for future updates.
The main purpose of this testing is to give potential users a general sense of how a VPN works as part of an everyday workflow (not in a lab). That said, our overall scores also hinge heavily on guidance from cybersecurity experts about the things consumers should look for in VPNs. Much of what separates the good from the bad, they told us in interviews, can be gleaned before anything is installed.
When you surf the internet freely without a VPN, you're being tracked online constantly by multiple third parties, including your Internet Service Provider (ISP), search engines like Google, and possibly even your employer or school. Connecting to a VPN means taking your traffic away from them and putting it in the hands of one lone entity instead, conceding exclusive, unfettered access to all of your browsing data. It's a privilege that needs to be earned, and the true caliber of a VPN ultimately comes down to whether you can wholly trust it to keep you safe.
The big issue is that the VPN industry is notorious for hyperbolic marketing, especially when it comes to privacy practices. This can "give VPN users a false sense of security if they don’t realize that the protections offered are not comprehensive," according to a Consumer Reports investigation into 16 providers. (Many popular VPNs shout about offering "military-grade" encryption, for example, which isn't a thing.) It's unwise to take a provider's claims at face value.
So how do you know for sure if a VPN is trustworthy? A single Google search can be enlightening; a good provider won't have a long rap sheet for mishandling users' personal data or succumbing to server breaches, and bad headlines should raise a red flag — including those about a VPN's ownership or parent company. A swift, effective response to crises and a healthy dose of corporate accountability can offset these concerns in some cases, but we tend to place a high value on a pristine reputation.
Any provider worth its salt will also be willing to open itself up to scrutiny. Propping up a strong privacy policy that specifies how user data gets handled and protected is one thing. But subjecting that policy to independent audits — and making them public — provides a much higher level of assurance.
Reputable VPNs will also issue regular transparency reports disclosing any requests for data they've received from government or law enforcement agencies. (These requests won't yield anything if a provider's privacy policy holds up.) Some go the extra mile by offering in-house bug bounty programs to researchers who comb their software and servers for vulnerabilities.
After trustworthiness, we base our VPN reviews on a combination of the following factors (listed in no particular order):
DNS leak tests
A DNS (domain name service) leak test is basically a lookup of your active IP (internet protocol) address. That's the unique number identifying your general location and the name of your internet service provider that's assigned to your device when it's connected to the internet. By running several DNS tests with a VPN off and on, we can determine whether it's actually encrypting our IP address. Some VPN apps have built-in DNS leak tests; otherwise, you can perform them via DNSleaktest.com.
Included features
Most premium VPNs come with similar sets of privacy tools, so we don't encounter major provider-to-provider discrepancies in this regard. Still, it's worth noting some of the important ones we look out for:
A kill switch will immediately disconnect your device from the internet if your VPN drops. (This one's non-negotiable.)
Support for multi-hop connections that route your traffic through two or more of the VPN's servers adds an extra layer of protection.
Split tunneling, a tool that sends some of your traffic through the VPN and some outside it to conserve bandwidth, can be useful for streaming and gaming.
Oftentimes, providers will also bundle their VPN with additional security features like malware/adware blockers, data breach detectors, and cloud storage. These won't make the VPN itself any better or more successful, but they're good to have alongside your go-to antivirus software and password manager. (If you have to choose between a reputable VPN and one that comes with a bunch of add-ons, always go with the former.)
Protocol type
A VPN's protocol is the set of instructions that determines how data gets communicated between its servers and your device(s). Many VPN providers have developed proprietary protocols within the past few years, but OpenVPN remains the most popular and widely respected option: It's stable, secure, and open-source, meaning anyone can inspect its code for vulnerabilities. WireGuard is another good pick that's newer than OpenVPN and similar but supposedly faster.
Encryption type
A VPN protects your data by encrypting it, or scrambling it up into unreadable "ciphertext" that can only be decoded by authorized parties with access to a secret key or password. Virtually all premium VPNs use Advanced Encryption Standard (AES) 256-bit encryption, which is pretty much uncrackable to third parties.
Different use cases
The No. 1 purpose of VPNs is to make it difficult for anyone other than the provider to identify and track your online activity, but they're also widely used as location-spoofing tools to skirt geo-restrictions on streaming services. (Platforms like Netflix limit their libraries abroad because of region-specific distribution rights.) While we don't put a ton of weight on their ability to succeed in this secondary use case, it's great if they do and we still test them for it.
Server network size and distribution
Picking a VPN with a large server network means there's a lower likelihood of you sharing one with a bunch of other users, which is especially valuable for streaming (since there's more bandwidth to go around).
Relatedly, a VPN with a geographically diverse network of servers in many different parts of the world will make it easier for you to spoof specific locations and find one close to you to optimize speeds. (More on that below.) Most premium VPNs maintain servers throughout the Americas, Europe, Asia, and Australia; few have a big presence in Africa.
Number of simultaneous connections
Most VPNs can be used on five to 10 devices per account (depending on the provider), which should be plenty for individual users. A handful of them support unlimited simultaneous connections to better serve bigger households.
Supported platforms
Every premium provider we've encountered offers VPN clients for Windows, Mac, Android, and iOS at minimum, though some restrict certain features to certain platforms. Some VPNs also work on Linux, Chrome, smart TVs, and even gamingconsoles (via router or hotspot).
Speed
The speed of a VPN depends on a lot of different variables, but it will almost always be slower than your regular internet connection, so it's not a huge factor in our final ratings. That said, we try to get an idea of how well a VPN performs by using it for a lengthy period of time and running it through some quick Ookla Speedtests. If a VPN is noticeably sluggish to the point where it affects usability, we'll call it out.
A general rule of thumb for any given VPN is that your speeds will be fastest when you're connected to a server geographically close to your actual location.
Customer support options
Users should have access to some kind of help around the clock in case an issue arises with their VPN connection or account, whether it's by phone, email, or live chat. (Online help forums and tutorials are nice, but not enough on their own.) We also give preference to VPNs that offer some kind of money-back guarantee; in most cases, it's 30 days long.
Overall value
Premium VPN providers typically charge anywhere from $2 to $12 per month for access to their clients, depending on the subscription length. It's easier to justify the higher end of that spectrum if it gets you a reliable and responsible VPN with some useful extra security features.
Overall ease of use
Some VPNs are more intuitive and beginner-friendly than others.
It's important to note that many popular VPN providers posit their jurisdiction, or the location of their headquarters, as something that can have serious privacy implications based on local surveillance laws (such as the Five, Nine, and 14 Eyes alliances). Without getting too in the weeds, the experts we spoke to said the average consumer shouldn't put a big stake in these claims, and that authorities will get access to user data one way or another if the need is great enough. What's more concerning, they added — to bring things full circle — is whether any data is being retained by a VPN provider in the first place.
If anything, users might be better off choosing a VPN headquartered in a country with strong consumer protections against deceptive marketing (like the U.S. and many countries in the European Union). These could come in handy if a provider's privacy policy was ever questioned.
Finally, we generally don't recommend using any free VPNs. Such providers often sneakily log and sell user data, and sometimes even bundle their clients with malware. (If they're not making money off subscriptions, they have to get paid somehow — it's a classic "no free lunch" situation.) The best way to get a VPN "for free" without putting yourself at risk is by signing up for a paid plan through a reputable provider, then making use of its money-back guarantee.
Note: Ookla is owned by Mashable's publisher, Ziff Davis.
Haley Henschel
Senior Shopping Reporter
Haley Henschel is a Chicago-based Senior Shopping Reporter at Mashable who reviews and finds deals on popular tech, from laptops to gaming consoles and VPNs. She has years of experience covering shopping holidays and can tell you what’s actually worth buying on Black Friday and Amazon Prime Day. Her work has also explored the driving forces behind digital trends within the shopping sphere, from dupes to 12-foot skeletons.
Haley received a B.A. in Journalism from the University of Wisconsin-Madison and honed her sifting and winnowing skills at The Daily Cardinal. She previously covered politics for The Milwaukee Journal Sentinel, investigated exotic pet ownership for Wisconsin Watch, and blogged for some of your favorite reality stars.
In her free time, Haley enjoys playing video games, drawing, taking walks on Lake Michigan, and spending time with her parrot (Melon) and dog (Pierogi). She really, really wants to get back into horseback riding. You can follow her on X at @haleyhenschel or reach her via email at [email protected].
The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.