NordVPN has announced a brand new feature for its VPN client on iOS - that is soon to land on Android as well, according to the recent press release. The VPN company has decided to incorporate a Dark Web Monitor for added security, which will be able to detect if the user credentials have been exposed on the dark web. If they are, the user will receive an alert to take precautionary protective action and avoid getting compromised further.
The dark web monitor will work continuously under the hood and push alerts in real-time so that users can be confident that they’ll get to know the risk as soon as possible. This is similar to HaveIBeenPwned or other services where you can register with an email address and get notifications as soon as a breach becomes public knowledge. The power of the idea lies in the operation of the dark web crawlers and the report aggregation, but NordVPN didn’t share many details about that yet.
NordVPN may have partnered with a dark web monitoring company to offer this new feature, but we can’t say for sure yet. We reached out to the company to verify if that’s the case, and we will update this post as soon as we hear back from them.
No matter how exactly it operates, you can start benefiting from the new feature by updating your iOS client app and enabling the Dark Web Monitor from within the settings menu. The tool will only scan for exposed credentials that are associated with the email address used for the NordVPN account and nothing else.
Any other credentials you enter to access accounts while sitting behind the VPN service won’t be logged or parsed by NordVPN and its dark web monitor tool. This also means that if you have a breach on other email addresses and networking accounts, NordVPN won’t be in a position to alert you about it.
Vykintas Maknickas, product strategist at NordVPN, has provided us with the following comment on the data privacy aspect of the latest feature:
Once the users opt-in for their account security status to be checked, Perfect Forward Secrecy comes into play. We send partial email hash to the databases we use, and only when the answer is received, we match full hashed email on our end. Providers of the databases are controlled by NordVPN to ensure that all data is received ethically.