The audit found “a very solid security premise” at Surfshark, although a few easily fixable issues were also uncovered.

Surfshark Third-Party Audit Confirms Security Credentials

Surfshark asked Berlin-based security company Cure53 to audit its service, delving into server security, VPN configurations, and related infrastructure.

Cure53’s official report [PDF] found Surfshark’s overall security “solid” and that the “overall outcome should be regarded as good.”

The testing team found very few security issues, uncovering four “security-relevant” weaknesses in the system. However, none of these issues were deemed to create an actual security problem for Surfshark users, and indeed, the VPN provider moved to rectify them as soon as they were notified.

Of note was the use of an outdated version of sudo, the Unix program that allows users to run programs within a system or computer. The outdated version points to a somewhat slack update process within the company. However, this is an easily rectified issue.

Surfshark users, then, can rest assured that their VPN service of choice is safe and secure.

VPNs Deliver Security and Privacy

In the world of VPNs, you want two things: security and privacy. Most VPNs offer the former but not all offer the latter. Many VPN services log your data, often for advertising purposes or because their operational jurisdiction requires them to, by law.

Surfshark is a logless VPN, which means it doesn’t log your activity while using the service. When you’re using a VPN for privacy, to protect from prying eyes, a logless VPN is important as otherwise, you’re basically negating the use of VPN to begin with.

Although Surfshark’s VPN audit didn’t explore the privacy and logging side of the service, its terms and conditions explicitly state that it does not “collect IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic and other similar data.”

Without a full audit, there isn’t really a way of confirming this. Hopefully, Surfshark will submit to a privacy audit in the future to affirm its privacy and logging policy.