It’s been a mixed week for NordVPN. As we reported a few days ago, the company has just published the results of its second independent privacy audit which gave the company a clean bill of health.

This is great news for both the company and its users.

But this has been tempered somewhat by the revelation that the company has been collaborating with a UK-based white nationalist YouTuber and service issues that appear to have been as a result of an expired security certificate.

NordVPN’s controversial hook-up with Laura Towler

Most readers have probably never heard of Laura Towler unless they picked up on the story about her tweet to Yorkshire Tea not backing the Black Lives Matters movement, which they quickly rejected.

But she is also the head of an organisation known as the Patriotic Alternative, which bills itself as standing up for “the interests of the indigenous people” in the UK and claims to be “trying to build a nationalist community in Britain.”

Remarkably, a YouTube video created by Towler and making precisely these sort of hate-fueled claims was found to be sponsored by NordVPN.

The sponsorship was bought to light by German-based writer Mike Stuchbery.

He tweeted the revelation to NordVPN asking, “you’ve collaborated with a white nationalist who wants to deport non-Britons, and who works with Neo-Nazis. You sure you want to do this? I know a few people who’d switch providers if they knew.”

His prediction proved sound with several Twitter users responding to this post by saying they would be cancelling their subscription to NordVPN.

NordVPN were quick to distance themselves from Towler and her far-right organisation. They responded to Stuchbery’s tweet by claiming that this was a “one-off” sponsorship and they have since improved their vetting process in an attempt to ensure it doesn’t happen again.

“We do not endorse racism in any form, and the creator’s views do not reflect ours. We do not support hate speech or radical political views of any leaning,” they quickly added and pointed the finger at their unnamed agency.

Towler’s counter-claims

This agency presumably managed NordVPN’s popular influencer reward programme. This scheme has led to NordVPN being promoted by a whole host of prominent YouTubers including Philip DeFranco and PewDiePie.

This scheme offers financial incentives to YouTubers in exchange for “giving your audience your honest personal feedback about the product.” There is a form to sign up on their website but no obvious explanation of any vetting process.

In a video which was posted as recently as June 14th, Laura Towler claimed that far from this being a one-off sponsorship led by an agency, “Nord asked me to collaborate with them and they’re great people.”

Responding to Mike Stuchbery’s post on Twitter, she confirmed that her collaboration with NordVPN had ended but claimed that “if they want me to take it down, they’d have to pay me.”

While we wouldn’t question NordVPN’s rejections of any suggestion that they endorse the white supremacist agenda of Laura Towler, this story still leaves plenty of unanswered questions about their influencer reward programme and how they target YouTubers.

The company needs to reveal more details about how it ended up sponsoring a white nationalist, what went wrong, and how they have improved things to ensure it doesn’t happen again.

NordVPN has a fairly strong track record on transparency but its attempts to shut this debate down are simply not good enough and they must be clear about they are going to do to ensure this kind of error never happens again.

NordVPN Service Outage

With NordVPN still reeling from this PR disaster, the last thing they needed was a service issue to tarnish their week still further.

But that’s exactly what happened on Wednesday when the company confirmed it was experiencing issues with its OVPN/IKE protocols.

Their initial advice to customers who were struggling to connect to their service was to switch to their new NordLynx tool which allows users to connect to their VPN using the new WireGuard protocol.

Not long after this initial announcement, NordVPN confirmed that the cause of the issue was an expiring intermediate security certificate.

This time, NordVPN pointed the finger of blame at an automated checker that failed to inform them of the imminent expiration of the certificate.

This looked rather like another attempt to deflect the blame for this schoolboy error elsewhere and it was only when being quizzed about the issue by irate users that they eventually confirmed that this was “our mistake”.

It absolutely was NordVPN’s mistake and there is no way that a company that deals with online privacy and security should find themselves in this situation. It sends out a terrible message to its users and any potential new users.

This should have been a great week for NordVPN with the news of their independent privacy audit. Instead, it has turned into something of a disaster for them.

We still believe that NordVPN is one of the best VPNs on the market right now.

But we would like to see them adjusting their focus a little bit away from the heavy marketing push we have seen from them in recent times and more towards doing the basics well and not making these silly mistakes which undermine all their good work.