Reddit users hate NordVPN. Are their criticisms legit? | usagoldmines.com

I was browsing on Reddit recently, as one does, and noticed yet another cynical comment dissing NordVPN. It compelled me to consider why exactly Nord in particular, and other popular VPNs in general, have this adverse public perception, and whether it’s actually fair.

There is a trend in the online VPN community, particularly on Reddit, where users attack major VPN providers for any number of perceived issues. The most common are violations of user privacy.

While all VPN services have experienced some negative criticism, no service seems to take more flack in these online forums than NordVPN.

So is there anything to all this criticism, or are they just unsubstantiated rumors? Let’s take a look at what people are saying, why Nord is being singled out, and if any of this is legit.

Why are Reddit users dissing NordVPN?

Sam Singleton

As you’d expect with any large, well-known company, there’s no shortage of complaints about NordVPN in the Reddit community. Critiques range from the nitpicks of chronic complainers to more serious accusations, but the most common is a distrust of Nord’s handling of user privacy.

The issue seems to be two-fold: Users are concerned with Nord’s connection to an entity called Tesonet, and they are dubious about its claim to be based in Panama. There are other secondary concerns about Nord’s late disclosure of a 2018 server breach and deceptive auto-renewal practices, but these are less discussed, if not important, issues in comparison. 

For the purposes of this article, though, I’ll stick to discussing those issues that center on the greatest concern to a VPN user: privacy. That includes the company’s Tesonet connection and Nord’s reputed location.

NordVPN is owned by the larger firm Nord Security, which was initially funded in part by a Lithuanian tech incubator and business accelerator called Tesonet. In the past, Tesonet has come under fire for simultaneously operating Nord as well as Oxylabs, a company known for data-mining services. Users are therefore understandably suspicious that there’s a conflict of interest here, as VPN users are trying to protect their data, while companies under the same ownership are trying to collect it.

Additionally, some users are skeptical of NordVPN’s claim that it’s based out of Panama—a country with strong pro-privacy laws—as it maintains operations in both the Netherlands and Lithuania as well. The Netherlands being a member of both the 9 and 14 Eyes data-sharing alliances and Lithuania abiding by the less privacy-friendly EU GDPR data retention laws make them suboptimal privacy choices compared to Panama.

Furthermore, Tesonet’s complex corporate structures, seemingly opaque ownership, and investment networks, and overlapping co-founders with Nord Security only add fuel to the fire.

In reading all of that it’s understandable, on a surface level at least, to see why these Redditors are complaining. For its part, Nord Security has always maintained that it is operated independently from Tesonet and does not share or collect user data outside of what it states in its privacy policy.

To better understand what is really going on here though, it’s important to take a closer look at the history of NordVPN, where it’s really located, and what connections it actually still has with Tesonet.

NordVPN: A brief history

NordVPN was launched in 2012 by Tomas Okmanas (sometimes known as Tom Okman) and Eimantas Sabaliauskas. At the same time, they founded the company Nord Security and debuted NordVPN as its flagship product. 

In its early years, NordVPN was incubated and largely supported by Tesonet, a Lithuanian startup accelerator and venture builder. Coincidentally, Okmanas and Sabaliauskas are both listed as founders of Tesonet as well—more on that in a bit.

Now, NordVPN is one of the most popular VPNs on the market and Nord Security operates an entire catalog of cybersecurity and privacy-related products.

Where is NordVPN based?

One of the main criticisms of NordVPN regards the discrepancy between where company says it is located and where its employees work. The company clearly states on its website that it is “based and operates under the jurisdiction of Panama,” but despite this, parent company Nord Security is incorporated in Amsterdam and NordVPN is headquartered in Vilnius, Lithuania.

To further complicate things, Nord Security, the parent company of NordVPN, is registered in the Netherlands, but actually operates mostly out of Lithuania where it has its main offices. So what’s the deal?

Well, think of it just like a U.S.-based company that operates out of a tax-haven state—looking at you, Delaware—for the tax benefits, but has offices with employees in other states due to convenience or job market factors.

When I reached out by email to inquire about this, a NordVPN spokesperson replied as such, “NordVPN is incorporated in Panama, that’s always been the case. Although Nord Security does have an establishment in the Netherlands that can be referenced, when it comes down to NordVPN’s matters, we request all inquiries regarding user data to be directed through the relevant institutions in Panama and adhere to the processes established by Panamanian law.”

So, NordVPN incorporated itself in Panama because the country has limited data-sharing laws, but maintains a global team based in other European countries. While this corporate structure may raise eyebrows, many other multinational corporations have set themselves up in similar ways.

Panama is therefore a convenient location for NordVPN’s legal registration. Its services are explicitly designed to operate under the legal framework of Panama to ensure that its no-logs policies are upheld. Lithuania doesn’t have the same data-sharing protections that Panama does, so it makes more sense, as a digital privacy company, to house yourself in a location that allows you to better protect your users and their data.

NordVPN and Tesonet

Sam Singleton

That brings us to the final and most persistent criticism online: Nord’s connection to Tesonet. What is their current and past relationship and do they share user data with one another?

Remember, Tesonet is the tech incubator that partially funded NordVPN in the beginning. Both share the same founders and owners. It’s a connection that has led many to speculate there is more to the Nord/Tesonet relationship than just venture-building. 

NordVPN’s spokesperson had this to say, “In the past, Tesonet supported Nord as a tech accelerator, providing resources that helped Nord develop and launch its service…Nord operates independently. Tesonet’s role has been limited to acceleration and investment support, and Nord runs its business autonomously, with its own operations, strategy, and decision-making processes. This separation has been in place from the start.”

Tesonet, meanwhile, has yet to respond to my requests for comment about its relationship to Nord Security and NordVPN.

Nevertheless, the management overlap between Nord Security and Tesonet is noteworthy. And all of this wouldn’t necessarily be an issue if it weren’t for Tesonet’s other companies, particularly Oxylabs. 

Oxylabs has a dubious history and has been embroiled in numerous lawsuits over the years, including one where it was found guilty in 2018 of stealing data-scraping tech and embedding it into its own products. Additionally, Oxylabs and a few other data-mining services were recently sued by Reddit for scraping the comments of users on an “industrial scale” for commercial gain.

All of this is to say that NordVPN being owned, or at least partially controlled by the same company that owns a notorious data scraper such as Oxylabs is a bit concerning. While I have to admit that the waters we’re treading here are a bit murky, any direct connection between NordVPN users and Oxylabs or other Tesonet entities just isn’t that convincing. Up until now, no links have been proven and nothing has materialized. 

Is criticism of NordVPN justified?

To an extent, but not fully. The fact is that NordVPN, just like other companies, is out to make money and that could lead it to conduct business in ways that might seem a bit shady to many users but likely isn’t putting their privacy at risk.

Sharing co-owners with Tesonet and receiving funding from the same company that owns a data-mining service isn’t ideal. But there is no evidence, and never has been, that anything is being shared between NordVPN and Oxylabs. Besides, NordVPN states that it follows a strict no-logs policy, which means it doesn’t record, store, or share user activity. And this is backed up by the usage of RAM-only servers and multiple independent audits—most recently the service passed a third-party no-logs audit in late 2025 by security firm Deloitte.

Also, setting up a company under the jurisdiction of Panama but operating it with most of your staff out of Europe might raise eyebrows. But it’s something nearly every other international corporation does and, right or wrong, it’s not illegal. It’s just a shrewd business and marketing strategy to entice users and provide extra privacy.

It’s so easy in today’s age to get caught up in rumor mongering and the negative feedback loop of our online ecosystem. Much of the discussion on Reddit and elsewhere appears to be speculative, rather than rooted in actual fact—there has been no confirmed proof that NordVPN has violated its stated privacy policies. 

Until proven otherwise, users can safely trust NordVPN. But if you’re serious about relying on a VPN to boost your privacy and security, then you should always be wary of any service you use. And if for whatever reason you still don’t like NordVPN, then there are a plethora of other great VPNs available to use instead.

Related content

• Does a VPN really provide 100% privacy? Here’s what you need to know
• ExpressVPN vs. NordVPN: Clash of the heavyweight titans
• 6 common VPN myths everyone falls for—and why they’re wrong