Surfshark Security

The Surfshark website boasts that it has passed a security audit by the German Security company Cure53. And that's true, but this was limited to an examination of Surfshark's browser extensions. PrivateVPN PrivateVPN is a growing supplier that claims to be the best VPN for security and privacy like the name implies. Surfshark, on your Android device. We will not share your email address with third parties, and will only contact you when necessary to ensure the best service. The primary feature of the Surfshark VPN is a virtual private network service that focuses on privacy, but the company also includes a range of other security features beyond simply encrypting your. We will not share your email address with third parties, and will only contact you when necessary to ensure the best service.

Free hotspots are great (most of the time). Maybe you don’t know exactly what a hotspot is, but chances are, you’ve used them in the past.

A hotspot is a physical location, that provides access to the internet over WiFi. It can be any location: a mall, a coffee shop, a private location or any other location. You can even have your own personal hotspot, by sharing your internet connection of your smartphone.

Surfshark

Is Surfshark Illegal

Security Issues With Free Hotspots

We don’t recommend using free hotspots, if you have a mobile data plan available (3G, 4G or 5G). Most hotspots are not secure at all, and you should avoid them if possible. By using free hotspots, you risk getting hacked.

Even hostspots that are password protected, can be unsecure. There is no real protection, if the same password is shared with multiple users.

The solution? Whenever possible, use a VPN service. A VPN will encrypt your data and lets you browse the internet anonymously.

How Does A VPN Work?

VPNs were first built for work. It allowed employees working from home or outside the office to access documents and files without jeopardizing office security.

According to our research NordVPN is the best VPN you can buy for personal and business uses.

What a VPN does is create a private address for you. It masks your actual IP address and connects you through the new address on the selected server location.

What Else Can a VPN Do?

A VPN connects you to the site or content you want to access, making the server location seem like your location. In doing this, you can access everything securely from your server location. This is how you can access blocked content.

At the same time, the VPN encrypts your data before connecting you to the server.

This is how VPNs provide security. Some can even provide an extra layer of security by redirecting your address twice.

This means your connection goes through two different servers. So if you are on a public network and use a VPN, you don’t have to worry about your information being leaked.

Yes, you should use a VPN with your wifi hotspot, especially if you access your email address or internet banking.

Most free wi-fi hotspots are unsecure and hackers could get access to your accounts. The simplest solution is to use a VPN or to stop using free wifi for email/banking.

There are multiple ways a VPN can help you.

  • Protect yourself on the internet – VPN services encrypt your data and save you from the prying eyes of third-parties on the internet. Some VPNs allow you to route through two servers, giving you double protection. This makes your digital activities even harder to trace.
  • Get access to your office database – This is what VPN was originally developed for. Your office database is probably restricted to multiple security layers. When you work from home or use a public network, a VPN protects both your and your company’s information. Most businesses have designated VPN software for this purpose.
  • Unblock geo-blocked sites – Geo-blocked sites are those that you do not have access to because of your geographic location. Not only does it limit you from using various websites, but it can also be a hassle when you are travelling. You can use a VPN to access these sites, that mostly fall in two categories:
    Media streaming – Online streaming services like Netflix, Hulu, Amazon Prime use geo-blocking to target their audiences. You can access their much larger libraries set for different locations using a VPN.
    Online shopping – If you want to order something from your country while on a trip abroad, you may find certain sites blocked. This is done so that local businesses can sell more goods and services. However, you can use a VPN to bypass this block and order online.

Compare VPN software and learn more here.

A hotspot uses WiFi to provide access to the internet to various devices. A wifi is the technology that make this possible. You can’t have a hotspot without wifi.

In the world of VPNs, reputation is everything. When someone trusts you to uphold their privacy, anonymity, and security, you better deliver. And don’t get me wrong. VPN providers try to do so by all means. They’re just not always super transparent about how well they’re succeeding.

This is why I was a little surprised (pleasantly so) when I read news about Surfshak’s recent security audit. How open they are about the results is indeed very welcome and should be commended.

Surfshark

In my recent review of Surfshark, I noted that they’re quickly developing a reputation as one of the best up and coming VPNs. This security audit only enforces that statement. Other VPN providers take note.

The Security Audit

The audit concerns Surfshark’s Chrome and Firefox extensions.

If you’re not familiar with them, it’s pretty simple. They’re pretty much just browser plugins that offer VPN connectivity when the browser is in use. Extensions are a popular option for those of us that don’t require a system-wide VPN.

Generally, browser-based VPN solutions don’t have the best reputation. For many years, glaring security problems with a few specific and widely-used VPN plugins cast a dark shadow over all others.

Surfshark wanted to show they’re different. So, a few weeks ago, they commissioned a third-party audit of their own browser plugins. The goal, to determine how secure and reliable they really are.

Both versions passed with flying colors.

Respected code security and penetration testing firm Cure53 performed the audit. They did a full review of the extensions’ software code. They also looked thoroughly at the software in action.

The tests, which in total took five days, uncovered only two security issues. One was considered out-of-scope and the other an unexploitable vulnerability.

First Issue

The first problem Cure53 found had to do with the invitation email Surfshark sent to new users. The email included an insecure HTTP download link to the software page (instead of HTTPS).

This issue could allow a malicious actor to eavesdrop on your connection during software download. However, it posed no operational threat to the VPN itself, once active.

Second Issue

The other discovered issue had to do with the actual VPN extension. But, as in the first case, it also posed no real threat.

Within the configuration files that control the operation of the extensions, the testers found an unusual line of code. It indicated the possibility of enabling an unencrypted HTTP connection to the Surfshark VPN servers, rather than an encrypted HTTPS tunnel.

The good news is there is no way any third-party could use this code to enable such a connection. It’s also not a configurable user-facing option so no one could turn this on by accident.

The Audit Report

The results of the audit were so positive that it surprised even the testers. They made the following remark in the final report:

As the extremely low number of findings and their limited implications clearly indicate, the results of this Cure53 assessment of the Surfshark VPN extensions position the product in a very good light.

They also concluded the report with

Cure53 is highly satisfied to see such a strong security posture on the Surfshark VPN extensions, especially given the common vulnerability of similar products to privacy issues.

Here’s the entire Surfshark audit report.

A Rare Event

It’s worth noting once again that security reviews of this kind are rare in the VPN industry. Most operators loathe allowing third-party access to their systems and software.

Surfshark Security Guard

For that reason, it’s impossible to tell how many consumer VPN services may have security or privacy vulnerabilities that have gone unnoticed by most, or worse, are known to malicious actors who work to exploit them.

Security audits of VPN services allow providers to address vulnerabilities and issues before they become a threat to us all.

This is something that Surfshark understands well, according to Chief Technology Officer Magnus Steinberg, who said:

Currently, browser extensions are the most popular apps to stay private while surfing the web – that is why we started with them. We have carried out an external security audit to prove our commitment to transparency and deliver on a promise of diamond-strong protection.

Surfshark Security Breach

Added Steinberg

The situation of the whole VPN market is worrying, since close to none VPN providers can truly substantiate on claims of full privacy and security. Having an external audit is one of the very few ways to prove your claims.

Surfshark was quick to act on the audit report. Both issues identified have already been addressed.

The Bottom Line

By commissioning and releasing the results of the audit of their VPN browser extensions, Surfshark has set a useful industry precedent. They’ve shown that it is both possible and proper for VPN providers to back up their assertions regarding the security and safety of their products.

Nordvpn Vs Surfshark Security

With any luck, other services will follow their lead. It would be great for everyone to start providing us detailed audit information like this. It would make our decision making when choosing a VPN service that much more informed.

Surfshark Security Lights

If that eventually happens, all sides will be better off. And VPNs will reinforce their reputation as the go-to data security product they are.

Surfshark Security Reviews

And, by the way, if you are impressed with Surfshark’s initiative and would like to try out the service, be sure to take advantage of their current sale pricing. There isn’t another top-tier VPN service that I’m aware of that you can pick up for less.