Popular VPN service Surfshark has undergone a voluntary third-party security and privacy audit to ensure its service is up to scratch. The independent audit primarily focused on network and infrastructure security, ensuring that Surfshark users can take confidence that the VPN will actually protect their data.
The audit found “a very solid security premise” at Surfshark, although a few easily fixable issues were also uncovered.
Surfshark Third-Party Audit Confirms Security Credentials
Surfshark asked Berlin-based security company Cure53 to audit its service, delving into server security, VPN configurations, and related infrastructure.
Cure53’s official report [PDF] found Surfshark’s overall security “solid” and that the “overall outcome should be regarded as good.”
The testing team found very few security issues, uncovering four “security-relevant” weaknesses in the system. However, none of these issues were deemed to create an actual security problem for Surfshark users, and indeed, the VPN provider moved to rectify them as soon as they were notified.
Of note was the use of an outdated version of sudo, the Unix program that allows users to run programs within a system or computer. The outdated version points to a somewhat slack update process within the company. However, this is an easily rectified issue.
The testing team has no doubt that the Surfshark maintainers have a clear understanding of security and privacy challenges associated with being a VPN provider . . . Despite extensive searches and exemplary coverage toward a plethora of possible risks, no serious issues were detected
Surfshark users, then, can rest assured that their VPN service of choice is safe and secure.
VPNs Deliver Security and Privacy
In the world of VPNs, you want two things: security and privacy. Most VPNs offer the former but not all offer the latter. Many VPN services log your data, often for advertising purposes or because their operational jurisdiction requires them to, by law.
Surfshark is a logless VPN, which means it doesn’t log your activity while using the service. When you’re using a VPN for privacy, to protect from prying eyes, a logless VPN is important as otherwise, you’re basically negating the use of VPN to begin with.
Although Surfshark’s VPN audit didn’t explore the privacy and logging side of the service, its terms and conditions explicitly state that it does not “collect IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic and other similar data.”
Without a full audit, there isn’t really a way of confirming this. Hopefully, Surfshark will submit to a privacy audit in the future to affirm its privacy and logging policy.