NordVPN is one of the most popular VPNs, which makes the critiques over its privacy practices extra concerning. We investigate the most prominent accusations.
Send like most of the valid criticism is based around the fact that the company also is in the business of user data mining. Which is enough for me to never use them.
Though they also very aggressively advertise, which is also a big red flag.
Sharing co-owners with Tesonet and receiving funding from the same company that owns a data-mining service isn’t ideal. But there is no evidence, and never has been, that anything is being shared between NordVPN and Oxylabs. Besides, NordVPN states that it follows a strict no-logs policy, which means it doesn’t record, store, or share user activity. And this is backed up by the usage of RAM-only servers and multiple independent audits—most recently the service passed a third-party no-logs audit in late 2025 by security firm Deloitte.
Deloitte? Lol. My past employer was audited by them, and passed. There is absolutely no way we should have passed. I was flummoxed when I read the report. Since then, any time I see a security or privacy audit by Deloitte, I just assume the company being audited would actually fail a bare-minimum audit.
Tesonet is pretty well known as one of the biggest tech company in the baltics region so obviously they do a lot of different tech.
VPN itself is mostly harmless and can’t intercept e2e encrypted traffic and today even DSN is under e2e.
The only red flag is really the inaccurate advertising that vpn protects from public wifi issues which is on page with every VPN ad (except Mullvad) but still wrong.
We had a project that, by law, could only be touched by people within the US. We constantly caught Deloitte trying to sneak their (undoubtedly cheaper) off shore staff in there.
Send like most of the valid criticism is based around the fact that the company also is in the business of user data mining. Which is enough for me to never use them.
Though they also very aggressively advertise, which is also a big red flag.
Deloitte? Lol. My past employer was audited by them, and passed. There is absolutely no way we should have passed. I was flummoxed when I read the report. Since then, any time I see a security or privacy audit by Deloitte, I just assume the company being audited would actually fail a bare-minimum audit.
Tesonet is pretty well known as one of the biggest tech company in the baltics region so obviously they do a lot of different tech.
VPN itself is mostly harmless and can’t intercept e2e encrypted traffic and today even DSN is under e2e.
The only red flag is really the inaccurate advertising that vpn protects from public wifi issues which is on page with every VPN ad (except Mullvad) but still wrong.
I mean… Deloitte is mercenary, and hired by the company wanting a passed audit.
They get paid to check pre-agreed spots A, B, and C and keep their eyes closed outside those areas.
A RAM-only server can still send metrics, metadata, “anonymized” metadata…
Anything Deloitte touches is crap and their employees are as incompetent as they come. Source: my work contracts with Deloitte regularly.
We had a project that, by law, could only be touched by people within the US. We constantly caught Deloitte trying to sneak their (undoubtedly cheaper) off shore staff in there.