I visited NordVPN and Surfshark's HQ – here's what I found out

 A large screen welcoming Tom's Guide to Cyber City.
Credit: Future

Walking into Nord Security's Cyber City campus in Vilnius, Lithuania, is quite the experience. Comprising three huge Soviet-era buildings – previously used as sock factories – it's now a central part of Vilnius' burgeoning Silicon Valley.

Cyber City is home to what we rate as the best VPN, NordVPN, as well as Surfshark, Oxylabs, and Hostinger. Billion-dollar startup Vinted is headquartered just two minutes down the road, and countless other tech businesses are dotted around the beautiful Naujamiestis district.

The startup culture that has driven Vilnius' rapid rise towards the tech elite is evident, and I was lucky enough to be invited out to meet the teams. Over the course of three days I learned about their new developments – I even had the chance to interview key members of the team to bend their ears on some of today's most pressing privacy concerns.

Here, I'll be running down everything I learned on the trip, from NordVPN's cutting-edge tech and the group's new venture, Saily, to Surfshark's provocative marketing ploys.

NordVPN: the best VPN overall
I currently rate NordVPN as my number-one VPN. It's very secure, unblocks tons of streaming sites, and has plenty of features – which I'll explore below. If you fancy checking out its current pricing, the button below will get you the best deal possible.View Deal

The front of NordVPN's ex-sock-factory office building
The front of NordVPN's ex-sock-factory office building

Nord's Threat Protection is getting an upgrade

NordVPN's Threat Protection feature has been around for a while now, and at its core, it's a DNS-based tool that filters your traffic through Nord's DNS servers. It offers useful protection from malicious websites and phishing domains, but is limited to browser extensions, Android, iOS, and Linux. This is much the same as rival offerings, like ExpressVPN's Threat Manager, and requires NordVPN to be connected to a server to work.

However, on 18 June, 2024, NordVPN introduced Threat Protection Pro. Currently available on Windows and macOS for Plus plan subscribers, it still blocks malicious and phishing domains, but it also blocks ads, malicious links, and trackers, and can even scan files for malware after you've downloaded them. It'll also silently run whenever you've got NordVPN open on your device, whether you're connected or not.

Table showing what Threat Protection Pro offers compared to competitors
Table showing what Threat Protection Pro offers compared to competitors

In a presentation, NordVPN showed us their own findings of how successful Threat Protection Pro was at detecting and stopping dangers. It's worth mentioning that the results we saw are only from internal testing and shouldn't be used to gauge the feature. However, Threat Protection Pro appeared to block around 90% of phishing and malware URLs, whereas other alternatives – including the basic DNS-based version of Threat Protection – topped out at around 40%.

Obviously, I'll wait until I've tested it out myself and studied other independent reviews to sing its praises, but it appears to be a well-rounded tool more akin to an antivirus than a simple DNS-based blocking system. Very good news indeed.

An ever-expanding range of products

Nord Security has never been a group to mess about. Both NordVPN and Surfshark have seen a lot of investment, and have developed tons of new features which help put them ahead of the pack. In fact, I've previously complained that Nord can be a little too quick on the trigger when pushing features – for example, in its initial form, Pause VPN was a little intrusive – but in recent years the team has become more methodical and polished in its approach.

However, arguably the biggest news for the group as a whole is the launch of its eSIM provider, Saily. While I'm no expert in telecoms, and I likely won't be covering it much in the future, Saily shows that Nord Security is fearless when entering new markets, and has its sights set to the stars. After all, Nord's exactly the brand I had in mind when I asked "why are VPN companies trying to do everything?"

Saily's homepage
Saily's homepage

Essentially, Saily is a simpler version of rivals like Airalo that allows you to keep a single eSIM on your device, and top it up with data for the countries that you're visiting.

We were all given a promo code for 5 GB of data when we arrived, and from my experience over the week, it was very easy to use compared to my previous encounters with roaming eSIMs. Prices do currently look a little steeper than the competition, though, and it doesn't currently offer a global plan like Airhub and Jetpac.

While there were no concrete statements about the future of the product – it's only been live since the start of 2024 – it would be a safe bet that Nord Security starts to introduce more privacy features into the app as it matures, bringing it in line with the rest of its products. Perhaps even a Saily network? Watch this space…

Surfshark isn't runner-up in terms of features

For some, Surfshark may seem like a lightweight cheap VPN, and not a real NordVPN alternative, but despite its lower price, this couldn't be further from the truth. The development teams at Surfshark and NordVPN work separately, and when we asked one of the lead engineers about how much of the tech stack they share, the answer was an emphatic "none."

In fact, Surfshark offers some very interesting features that NordVPN doesn't. For example, its Alternative ID tool allows you to not only create spoof email addresses for times you might not want to use your real email address, but also full personal aliases, and even spoof phone numbers.

In terms of implementation, spoof phone numbers require significant investment and come with a fair amount of red tape on the provider's end, and it's impressive that Surfshark has gone this far to protect its users. If you're wondering why that might be useful, it's perfect for listing items on Craigslist or Gumtree, and signing up to services you don't want to share your real phone number with.

Diagram of how Surfshark Nexus works
Diagram of how Surfshark Nexus works

Surfshark also offers a few very interesting features, including its Nexus feature. Nexus itself needs a whole article to do it justice, but in short, it rotates your IP – a rare thing in modern VPNs – and allows dynamic multi-hop, which allows you to connect to any two servers in tandem. This is much better than the rest of the competition, including NordVPN, which only offer certain server pairs.

Elsewhere, Incogni is really picking up steam in the personal data removal service industry. Despite being far newer than rivals like DeleteMe, Kanary, and Optery, Incogni is now the most searched-for service of its kind. I've had a test subscription for around a year now, and I've seen a moderate decrease in the amount of spam I get in my inbox.

Admittedly, I live in the UK where things like people search sites don't exist as they do in the US – and truthfully, I find it terrifying they exist at all – but Incogni is still a very useful tool for removing my info from data broker lists.

Surfshark's guerrilla marketing is fascinating

Arguably the most interesting session we were treated to looked into Surfshark's guerrilla marketing campaigns. While NordVPN is rather stoic and sensible in its approach, Surfshark is far more exciting, and is keen to push boundaries in the way it promotes its products and brand image.

One of Surfshark's first attempts at this was its leaky pipe campaign. Placed strategically outside Meta's new office in Munich, the pink and green monstrosity represented the ongoing flow of data that Big Tech leaks. It invited hands-on interaction, and seemed to cause quite a stir.

Surfshark toilet truck outside Future PLC's London office
Surfshark toilet truck outside Future PLC's London office

Next up, we had my typically childish favorite, the transparent toilet truck. Essentially, it's a big glass lorry with someone inside, sat on the toilet. It drove around London – and actually visited our UK HQ in Paddington – asking anyone who saw it to question whether they should value their digital privacy as much as their physical privacy. After all, you wouldn't want to relieve yourself in public, would you? (Insert leaky pipe joke here.)

The last stunt featured a café in New York, in which customers were asked to pay with personal data rather than real money. Remarkably, a considerable amount of people handed over details like dates of birth, email addresses, and even credit card security codes. Thankfully Surfshark immediately shredded the data, rather than using it for nefarious purposes.

It was an excellent bit of fun to see what interesting campaigns the marketing team has come up with, and I'm looking forward to seeing what they'll do next. I just hope I won't suffer another bathroom-based surprise when I'm heading out on my lunch break…

...and we're back home safe and sound

All in all, my trip to Vilnius bore incredibly valuable insight into the way that Nord Security runs its ship – and for me, it has definitely settled the fact that NordVPN is my top-rated VPN.

More interesting, though, was getting to know more about Surfshark. I've always really liked the product, but after seeing some of their latest developments – and some upcoming releases I can't talk about yet – it's clearer than ever it's not simply the budget alternative it's often mistaken for.

However, despite all that, it's good to be home – if only for the fact that I won't be looked at strangely when I ask for milk in my tea.