Surfshark What we want to share with you 4 min read

Surfshark got audited! To make sure our service is crackless and tight, we hired independent web security testers Cure53 to examine our browser extensions. We’re proud to present the results.

The report, despite the premises and scrutiny of Cure53, reads that the findings of our Chrome and Firefox extensions stand out as being extremely rare for VPN browser extensions.

READ FULL REPORT HERE

What the Report Said

To strengthen the reliability of the results, Cure53 testers employed the so-called white-box methods during the assessment, therefore reached a good level of coverage.

“Two members of the Cure53 team, who examined the scope in November 2018, can only conclude that the tested applications make a very robust impression and are not exposed to any issues, neither in the privacy nor in the more general security realms.”, the report concludes.

It also adds that the findings of our Chrome and Firefox extensions stand out with the relation “to being very rare for the VPN browser extension products, which commonly suffer from various issues.”

Despite the “extremely low number of findings,” it’s important to add, the report yielded two vulnerabilities rated with “low” severity. However, to quote Cure53, “only one is an actual vulnerability and not even related to the browser extension itself, and the other one a general weakness.” Our teams have already addressed the issues to guarantee a bullet-proof service by all means.

“To sum up, Cure53 is highly satisfied to see such a strong security posture on the Surfshark VPN extensions, especially given the common vulnerability of similar products to privacy issues”, reads the report.

READ FULL REPORT HERE

Why VPN Audits Matter

In recent years the VPN industry has been shaken by various scandals which grew customers’ distrust of the services. Popular VPN providers who claimed to be security and privacy orientated turned out to be selling just another lies nailed to the counter.

Just to name a few examples. Last summer IPVanish embroiled into a logging scandal whereby they provided user logs to the authorities. In 2017 it was revealed that PureVPN helped the FBI to catch an alleged cyberstalker by handing over his logs. Even though before they had always marketed their service as ‘no logs VPN.’

Audits are essential for two main reasons. First, independent cybersecurity experts analyze codes and discover vulnerabilities. They give important feedback which helps developers and engineers to improve their services.

Second, to be a credible VPN, it’s necessary to provide as many proofs as possible. Customers are often not aware of what goes on under the hood of a VPN service – it requires both technical and legal knowledge. Audits inform the public about the general state of the service, minus possible marketing clichés.

Thus, we decided to complete our first 3rd party audit and approached Cure53 to test our Chrome and Firefox extensions. Why them? Cure53 is an industry-leading web security service provider, dedicating their efforts to testing various online services.

Of course, we paid for the audit. Cure53 has some of the best security experts working on their teams, we couldn’t expect two members of the Cure53 to spend five days working for free.

Having said that, Surfshark is satisfied with the results and committed to continuing going even further to delivering what we promise – a robust privacy and security service with your experience being our highest priority.

—

Surfshark team would like to thank Cure53 for their investigation and pleasant collaboration.

Have further questions? Don’t hesitate to drop us a line in the comment section below or contact our Head of Communications Paavo Aalto, [email protected]

