Norton VPN has just reinforced its commitment to privacy – here's why it matters

News
By published

Norton VPN not only passed a new no-log audit, but it also made important changes

Norton VPN dashboard on a smartphone being held by a user
Image credit: Pixabay (Image credit: Norton)
  • Norton VPN has just completed another third-party audit, proving the company's no-log policy
  • The auditors only found an issue around IP addresses in certain error cases, but the team swiftly released a fix
  • The provider is also reducing its data retention practices, while getting rid of connection timestamps completely

Norton VPN has released some important updates to double down on the company's commitment to privacy and transparency.

An independent cybersecurity firm, VerSprite, confirmed that Norton VPN doesn't store any logs of your online activity, as well as other private data. It also verified Norton's secure infrastructure and policies.

Despite the (already stellar) results, Norton is also strengthening its commitment to user privacy by considerably reducing its data retention practices and getting rid of connection timestamps completely.

The provider also increased the cadence of its transparency reports, bringing it to every four months instead of six.

These changes bring Norton VPN up to speed with the best practices across the industry, helping it rival some of the best VPNs right now. Here's what you need to know.

Third-party audit confirms that Norton VPN doesn't log your activity

Norton VPN interface, connected to a server in the United States.

(Image credit: Norton)

In Norton's second annual third-party audit, VerSprite confirmed that it upholds its no-log policy. Norton VPN doesn't collect or store your DNS requests, IP addresses, or browsing history, offering a highly anonymized browsing experience.

Beyond that, VerSprite closely examined the entire Norton VPN infrastructure. This includes its servers, its log retention and anonymization policies, and data flow. Not only were all of those things deemed to be in good order, but VerSprite also noted that Norton has an ongoing commitment to privacy engineering; its efforts are more than just a one-time thing.

The testing was carried out using advanced methods that simulated real-world attacks on Norton's backend systems to assess how they'd handle potential threats.

VerSprite concluded that Norton VPN's backend systems handle user data consistently with published privacy policies. The auditing firm also assigned it a privacy impact score of "None," indicating that it's one of the most private VPNs available.

Norton VPN immediately reacted to a worrying error

Although Norton VPN appears to have done great in the audit, VerSprite's initial findings included a potential privacy gap.

In rare error conditions, VPN client IP addresses could be logged. The logs could reveal potential usage patterns or accessed resources.

However, by the time VerSprite performed its validation retest, Norton VPN had managed to address this problem.

In response to this result, Jon Mah, Technical Director at Norton, said: "We're not just saying 'we don't track you,' we're proving it. Our no-log policy is baked into every technical layer of how the Norton VPN service runs."

Norton VPN's data privacy and transparency levels up

A woman sits at the airport, using a laptop and a phone connected to Wi-Fi

(Image credit: Norton)

Norton VPN is increasingly becoming an impressive offering, and its commitment to user privacy plays an important part here. This is why the provider decided to make some changes to boost its commitment even further.

For starters, the company got rid of timestamps entirely, in line with other top VPN services. Now, the only information stored is how many times you connect during a period of 24 hours. This means Norton won't know when exactly you connected and how long each session lasted.

The amount of time the provider retains the very few data it collects has also been drastically reduced. Under Norton VPN's updated privacy policy, connection events are now held for 12 months instead of 24. While app metadata events have passed from being stored for 36 months to 18 months. Again, these changes position Norton VPN in line with other top services.

The company has increased the cadence of its Transparency Reports, too. They'll now be published once per quarter instead of once every six months.

Outside of privacy, Norton VPN added OpenVPN Data Channel Offload (DCO) support for Windows recently. This can boost connection speeds when using the OpenVPN protocol.

All of these changes are important to end users. The whole point of using a VPN is often data privacy and security, so Norton's ongoing commitment to both is a good sign.

You might also like

TOPICS
Monica J. White
Monica J. White
Contributing Writer

Monica is a tech journalist with over a decade of experience. She writes about the latest developments in computing, which means anything from computer chips made out of paper to cutting-edge desktop processors.

GPUs are her main area of interest, and nothing thrills her quite like that time every couple of years when new graphics cards hit the market.

She built her first PC nearly 20 years ago, and dozens of builds later, she’s always planning out her next build (or helping her friends with theirs). During her career, Monica has written for many tech-centric outlets, including Digital Trends, SlashGear, WePC, and Tom’s Hardware.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.