A few days ago, there has been a bit of drama among the VPN providers, and the publishers that are supposed to keep them in check. As your go-to source for everything VPN-related, TechTypical couldn’t stay away either. So we’ve decided to investigate and give our two cents on the matter.

It all started on January 19th, with PCMag, one of the most reputable online sources on all things tech, publishing a news article on NordVPN changing their 2017 blog post about complying with the authorities and handing over user data.

Very soon the publication showed up in seemingly everyone’s Google feed and sparked a contradiction that NordVPN hasn’t seen since the hack of 2018. The provider, however, was quick to respond, denying the allegations and explaining its actual stance on the matter as well as the decisions that lead to it.

So we’ve decided to look into all of that, and try and draw something productive out of the whole situation.

What did PCMag write?

The whole story revolves around an old 2017 blog post about NordVPN’s stance on complying with data requests from the authorities.

According to PCMag, NordVPN suddenly changed the wording in their old post from that which implies that the provider will not comply with any data requests, to the complete opposite.

When taken out of context, the change does seem drastic. This is Nord’s original 2017 post:

“NordVPN operates under the jurisdiction of Panama and will not comply with requests from foreign governments and law enforcement agencies”

And this is the new version:

“NordVPN operates under the jurisdiction of Panama and will only comply with requests from foreign governments and law enforcement agencies if these requests are delivered according to laws and regulations.”

PCMag’s editor puts even more emphasis on another change in the original post. It implies that NordVPN will now log user data if ordered by the authorities:

“… to ensure users’ ultimate privacy and security, we never log their activity unless ordered by a court in an appropriate, legal way. “

The wording of PCMag’s investigation heavily implies that from now on NordVPN will comply with any data request, log user data and cooperate with requests from any kind of law enforcement. And, to make matters worse, it seemed that the provider wanted to keep this change secret.

This does look bad. And this could have been enough to hurt the reputation of any other smaller provider. But with NordVPN being one of the biggest VPN providers in the world, the issue couldn’t have been that shallow.

NordVPN’s rebuttal

On Thursday, January 20th, NordVPN released a statement, clarifying the matter, and reached out to PCMag directly to make its position known.

The VPN provider goes out of its way to stress, that nothing has changed with the way NordVPN handles user data:

“Nothing has changed. There is no legal obligation for us to log user activity, and we won’t. Our infrastructure is built around the idea of privacy.”

In another place, however, NordVPN does clarify, that if multiple different circumstances come together, the provider might have no choice other than to comply with law enforcement requests. For this is how every business in the world operates:

“However, if a court order were issued according to laws and regulations, if it were legally binding under the jurisdiction that we operate in, and if the court were to reject our appeal, then there would be no other option but to comply. The same applies to all existing VPN companies if they operate legally. In fact, the same applies to all companies in the world.”

This, however, would, first of all, require numerous things to fall into place. But even if NordVPN couldn’t fight for its users, the only information the provider would be able to share is the payment data and the email address of the user. That is the information that NordVPN does have and does keep. And you can find all of it in their Privacy Policy.

The information that the provider logs is never, however, related to user traffic, since the VPN simply does not log it.

What made NordVPN alter the post

Context matters. And in this case, context is crucial.

On January 17th, one of the lesser VPNs by the name of VPNLab.net was shut down by law enforcement.

This particular VPN provider was very popular among cybercriminals and hackers in their illegal activities.

However, from what we can tell, the wording in some of VPNLab’s documents was taken directly from NordVPN (which is something smaller providers do, most recently, NoLagVPN taking their terms of service from ExpressVPN). So NordVPN wanted to distance itself from a VPN that gives the whole industry a bad name.

Even though we at TechTypical think that this could have been handled with more grace, rather than low-key going back and changing a five-year-old post, this is still strictly to do with PR and the public image of the provider. But it has nothing to do with how NordVPN works.

Starting a dialogue about VPNs

On the surface, we don’t think this whole situation goes beyond your regular online clickbait. ExpressVPN has recently gone through something of the sort, and it happens to some of the bigger providers from time to time. Nothing to see here.

However, we think that this might be a start to a bigger discussion. One that’s long overdue.

That’s the discussion on what VPNs are, what VPNs aspire to be, what they should be, and what they can actually do for the user.

The VPN industry is still pretty young, but it’s not that young. The landscape of the industry has gone through several major shifts, and yet lots of the providers, and most of the review or online privacy websites are spamming the same stuff about VPNs somehow being above the law and making you invisible. And in the words of NordVPN: This has to change.

This notion is only true in the case of the VPNLabs, DoubleVPNs, and the like which earn their keep by facilitating criminal activities.

These days VPN providers are multi-million companies, that play a massive role in shaping the internet as we know it. And while they are still a necessity for anyone concerned about their online freedoms and safety, they still operate in the real world, which means they have to play by certain rules.

So, perhaps, this minor hiccup with one of the biggest providers doing a sloppy job of changing an old post, and a media outlet pouncing on this discovery a bit too enthusiastically could open a bigger dialogue. And that one should be on what place VPNs take in today’s online world. What they can actually do. And why we still absolutely need trustworthy providers.