Alternative Choices for You
Surfshark runs over 1000 servers in over 63 counties. In addition to all the usual locations, Surfshark has a strong presence in Asia, Latin America, the Middle East, and Africa. Impressively, it claims that these are all completely diskless VPN server instances that run on volatile memory (RAM).
This ensures that no server configuration files are stored locally and enables remote central management of the entire network. This also guarantees that Surfshark servers are always running the latest software and configurations – no matter whether they are. It also improves the security of the network by giving Surfshark better control over its infrastructure, and by ensuring that no information can ever be physically taken from its servers after a session ends (or if the plug is pulled on a particular server).
Surfshark's greatest selling point is that it permits unlimited simultaneous connections. This means you can connect as many devices as you want with just a single subscription. This makes it perfect for large families or people who own a lot of devices. Surfshark places a lot of trust in users, asking that users restrict access to family members and do not share account details with others – but it has no way to monitor this since it is a no-logs VPN (which is excellent for privacy).
Torrenting is permitted on all servers, with Surfshark automatically routing P2P traffic to its Canada or Netherlands servers, which are specially configured for the purpose. Plus, Surfshark has now introduced Two Factor Authentication (2FA), to improve authentication security for all of its users.
Split-tunneling ("Whitelist" and reverse whitelist)
Split-tunneling is a useful feature that is currently available in the Windows and Android apps (though the company is working on adding the feature to other platforms in the near future). Surfshark's Whitelist feature allows you to route only selected programs/apps through the VPN, or to exempt them from a system-wide VPN connection. The Windows app also allows you to exclude selected websites and IPs from the VPN.
Surfshark offers a Smart DNS service to all users. This is great for spoofing your location on devices that cannot run a VPN client, such as smart TVs, games consoles, and Apple TV. Just be aware of the fact that Smart DNS provides no privacy or security benefits as it doesn't provide any encryption, it's simply used for spoofing your location and unblocking content.
Surfshark's static IP feature is available in the Windows and Android apps. If you connect to a list of servers based in Germany, Japan, the Netherlands, UK, or US, then whenever you connect to the same server you will be assigned the same IP address. This is very handy if you run an FTP server, games server, media server, or otherwise need to connect to a computer from the internet while the VPN is running.
Surfshark has now also included the WireGuard protocol in all of its apps. This is a modern VPN protocol that is quickly being implemented by a number of market-leading VPNs due to the fact that it is highly secure, includes stealth by default, and can provide exceptional speeds.
Surfshark is already one of the fastest VPNs on the market, so the addition of this superb VPN protocol is bound to make any consumer who wants the best speeds extremely happy!
Netflix and iPlayer Unblocking
Surfshark unblocks a wide selection of streaming services, including Netflix in over 30 different countries – which is quite an achievement. In our tests, it unblocked US Netflix and BBC iPlayer as advertised.
In addition to unblocking Netflix and BBC iPlayer, Surfshark also easily unblocks other popular streaming services like Hulu, Disney+, HBO, Amazon Prime, and many more!
Speed and Performance
|ProPrivacy.com SpeedTest (max/burst)||273.2|
|IPv6 leak detected?|
|IPv4 leak detected?|
|WebRTC leak detected?|
|ProPrivacy.com SpeedTest (average)||41.0|
At the time of updating this review, Surfshark is one of the fastest VPNs in our books in terms of average speeds, which is excellent for streaming content in HD and for data-intensive activities like gaming or torrenting. Max burst speed performance is decent and will be more than fast enough for pretty much any VPN use-case.
Take a look at the chart below to see how Surfshark stacks up against some of the other top names in the business. This chart represents the results from June 2021 to September 2021 using our scientific speed tests that we run on each provider three times a day. We can see that Surfshark boasts some of the fastest speeds compared to the others included in this chart, with an average speed of 41 Mbit/s and a max burst speed of 273.2 Mbit/s.
As mentioned earlier, Surfshark has also introduced WireGuard on all platforms. This is a secure VPN protocol that leverages strong cryptographic primitives to create a robust tunnel for your data.
Best of all, WireGuard is known to provide exceptional speeds. So, if you want to get even better speeds than the (superb) ones quoted above – it is definitely worth trying out this new addition to Surfshark's platform.
We tested it ourselves and found it to be very fast, perfect for streaming in HD or gaming, so don't forget to give it a try!
IP leak tests
We detected zero IPv4, IPv6, WebRTC, or DNS leaks (IPv4 or IPv6). Top marks.
It is worth noting that Surfshark only guarantees WebRTC leak protection if you use its Chrome and/or Firefox browser add-ons, although we detected no leaks without them.
For more information about the danger posed by IP leaks, please check out our complete guide to IP leaks.
As is common these days, all Surfshark customers enjoy the same features. The per-month pricing is somewhat on the high end of the scale, but steep discounts are available for the longer-term subscription plans. Also, if you sign up for the service using this link an additional discount is on offer.
If you're a macOS, Android, or iOS user you can take part in a 7-day free trial, although you need to sign up for an account and provide payment details to take advantage of this. No payment will actually be taken if you cancel within the 7 days.
Surfshark now offers the HackLock and BlindSearch features (which we look at later in this review) as bolt-on extras for an additional $0.99 per month for the both of them.
All users can also take advantage of a generous 30-day money-back guarantee. Surfshark assures us that there are no limitations on this, which is great, but be aware that payments auto-renew, so you do need to contact support in order to cancel them.
Supported Payment Platforms
Surfshark accepts payment via PayPal, credit/debit card, and Alipay, which are processed by Stripe. Google Pay and Amazon Pay options are also available. Other payment methods are supported via the Tenpay and Unionpay payment processing services.
Bitcoin, Litecoin, and Etherium payments are also supported via either Coingate or CoinPayments. Paying in Bitcoin or Litecoin can provide a certain degree of anonymity, but do remember that Surfshark will always be able to see your IP address.
Helping Small Businesses during COVID-19
The coronavirus pandemic has been devastating to all businesses, but smaller companies feel it more than their larger counterparts.
Ease of use
Other than payment details, the only information asked when signing up for the service is your name and email address. If you wish to sign up anonymously, you can do so by paying in anonymously purchased Bitcoin or Litecoin and using a disposable email address.
A confirmation email will be sent to you containing useful links, but everything you need is readily available on the website, anyway.
The Windows Client
All of Surfshark's apps have recently undergone a major UI re-design, and now look great. The Windows VPN app uses IKEv2 by default but also supports OpenVPN.
The client features a kill-switch, split-tunneling ("Whitelister"), "CleanWeb", and multihop. It also supports Hacklock and BlindSearch if you have paid for these features.
We think the new Mini mode is neat!
IPv4 and IPv6 leak protection are built-in, although Surfshark says that you should use its browser add-ons to prevent WebRTC leaks. Although we didn't detect any leaks in our testing, this is still good advice.
The kill-switch is not enabled by default, but worked well in our tests. A simulated crash test showed that the kill-switch modifies Windows system firewall rules, meaning that it continues to work even if the Surfshark client and OpenVPN daemon suffer an unexpected crash.
Users can switch from OpenVPN UDP to OpenVPN TCP (port 443) to make VPN traffic look like regular HTTPs traffic. This is useful for evading VPN blocks, but will not fool more sophisticated detection techniques. And WireGuard is now available too.
The macOS client
Surfshark's macOS VPN app is available via the Apple App Store and as a stand-alone .dmg file from the website, and offers IKEv2 or WireGuard encryption protocols to choose from. It is currently rather light on features, although Surfshark tells us these will be added as fast as they can be authorized by restrictive App Store policies.
We are pleased to see that the Mac app features a kill-switch. As with the Windows client, this uses system firewall rules, and so remains effective even if the Surfshark client suffers a crash. As with all the rest of Surfshark's apps, the Mac client offers its "CleanWeb" feature. It also features "Wi-Fi connect".
The Android app
Surfshark's Android VPN app for Android also uses IKEv2 by default, but also supports OpenVPN (UDP and TCP). And it does what it says on the tin. A kill-switch (which is not enabled by default), Whitelisting, CleanWeb, and Shadowsocks are all present and correct. And the app also now provides WireGuard encryption, which is cool!
Very cool is a feature that overrides your Android device's built-in GPS location function, making apps that use GPS think you're in the VPN location.
Custom apps are available for Windows, macOS, Android, Android TV / Amazon Fire TV, and iOS. Interestingly, the iOS VPN app features a kill-switch and now supports IKEv2, OpenVPN, and WireGuard. All apps (including the browser add-ons) now use the same smart-looking user interface we can see above.
A command-line app for Linux is now also available. Good manual setup guides are also provided for all platforms, including macOS and Linux (Ubuntu, using NetworkManager). In addition to this, setup guides are available for DD-WRT, Tomato, and a number of popular routers that have OpenVPN clients built-in (AsusWRT, Netgear, TP-Link, and Linksys).
In addition to platform support, Surfshark offers browser add-ons for Chrome and Firefox that have been independently audited for vulnerabilities by security firm Cure53. These create secure HTTPS proxy connections in the browser to Surfshark's servers.
They also provide WebRTC protection. Now... we really wish VPN services would do more to warn their customers about the WebRTC issue and to warn them that they should be protecting themselves from unknowingly exposing their IP addresses online when using a VPN.
This includes Surfshark, although we can't be too harsh as we detected no WebRTC leaks using its software, anyway. That said, it is still safest to either install these add-ons or disable WebRTC in your browser manually.
The browser add-ons feature "CleanWeb" as an option (see later).
Customer service and support
|Money-back guarantee length||30|
|Free Trial Length||7|
Live Chat support is available 24/7, or you can send in a ticket email request. We found Surfshark's Live Chat response times to be near-instant and were thoroughly impressed by the competency and quality of the answers.
There is also knowledge-base. It is not huge but includes a useful FAQ section, setup articles, and other handy bits and bobs.
Furthermore, Surfshark is constantly expanding its availability, most recently adding Russian, Turkish, Korean, and Ukrainian languages to core pages on its website.
Privacy and Security
|WebRTC leak protection|
|IPv6 leak protection|
|Bare Metal Servers?|
Surfshark is registered in the British Virgin Islands (BVI) and its Terms of Service make it clear that all disputes will be resolved in BVI courts. The British Virgin Islands is a British overseas territory. It regulates its own internal affairs and has no mandatory data retention laws, but it remains under the jurisdiction and sovereignty of the UK government. This means it is reasonable to assume that the UK could put pressure on the BVI government and any businesses based there.
Whilst being based in the BVI is probably safer than being based in a 14-Eyes country, it is still not ideal.
Surfshark easily meets our requirements for a no-logs VPN:
We do not collect IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic and other similar data.
Its apps do collect some anonymous diagnostic and crash data by default, although this can be disabled. This includes aggregated performance data, how often you use its services, unsuccessful connection attempts, and other similar non-personally identifiable information.
Basic account and billing information are stored in full compliance with GDPR for European customers.
Although web activity is not tracked when using the VPN itself, the Surfshark website performs quite a lot of tracking. This includes logging IP addresses and performing browser fingerprinting on visitors.
Surfshark uses a number of third-party trackers, including Google Analytics.
Surfshark is a big fan of IKEv2, which it uses as the default VPN protocol in all its apps. IKEv2 is not as battle-tested as OpenVPN, but is regarded as being very secure, and is increasingly popular with VPN services because it is much faster than OpenVPN encryption.
As always, we look in detail at the OpenVPN settings this provider uses. Not only do they provide a good indicator of the care that a service takes over encryption, but it is the best way to compare like for like across VPN services. Surfshark uses the following OpenVPN settings in apps which support it:
Data Channel: an AES-256-GCM cipher. No additional authentication is required because authentication handled by AES-GCM.
Control Channel: an AES-256-GCM cipher with the TLS key exchange secured using RSA-2048. No additional authentication is required because authentication handled by AES-GCM, and perfect forward secrecy is provided by an ECDH-(384?) key exchange.
This is a highly secure setup. See VPN Encryption: The Complete Guide for more information on this subject. As already discussed, the Surfshark Windows, macOS, and iOS apps all feature kill-switches. We also detected no IP leaks of any kind on any platform,
It is worth noting that Surfshark makes something of a deal about being security-audited by Cure53, but just to be clear: it is only the Chrome and Firefox browser extensions which have been audited in this way.
Diskless Server Network
Surfshark is one of the first VPN providers to transition from traditional hard drive technology to a diskless RAM-only solution. This is important because the disk-based nature of hard drives means that configuration files are stored for operational purposes and can be accessed if seized by a third party.
Running completely on volatile RAM, however, means that this data is wiped the moment a server is turned off and your privacy is preserved. And it allows for a centrally controlled network, meaning it is always up-to-date with the latest patches.
The diskless server network effectively minimizes security risks of a hard drive-based server infrastructure, and provides assurance in offering highest quality privacy to our users. There are only a few VPN providers that have managed to move to a fully diskless VPN server infrastructure. However, focusing on user privacy and security has always been our top priority.
Other security features
The great news is that we detected no IP leaks of any kind on any tested platform, although it is still safest to use one of Surfshark's browser extensions to ensure against WebRTC leaks. The Windows, macOS, and iOS clients feature system-level kill-switches.
Surfshark has diskless bare-metal servers that are completely under its control. Those servers are set up in volatile RAM which means it can pull the plug on them at any time and they will be completely wiped. Some locations are virtual locations without a physical server presence, but these are a) clearly marked in the apps, and b) are run on diskless servers operated by Surfshark – which is perfect in terms of privacy. It also resolves all DNS requests itself on servers controlled by itself.
All of Surfshark's software features the "CleanWeb" option. This is advertised as blocking ads, trackers, phishing, attacks, and malware, and is almost certainly a set of firewall rules that block connections based on a simple blocklist, which should work well enough.
This feature is available in the Windows client. It allows you to "chain" VPN servers so that your data is routed between two VPN servers as it travels between you and the internet.
Your PC -> VPN server 1 -> VPN server 2 -> Internet
Surfshark offers several double VPN combinations, but you cannot chain any two of its servers.
Multihop VPN can provide some protection against end-to-end timing attacks against the end server, but will always result in a major loss of speed. We think the privacy/security benefits of multi-hop VPN are limited, but we know this can be more important to some users than others.
Again, this unusual anti-censorship feature is supported by Windows and Android apps. Shaowsocks "is an open-source proxy application, widely used in mainland China to circumvent Internet censorship". Basically it's a SOCKS5 proxy. To use it requires that you download the open-source Shadowsocks app and configure it so that you connect to Shadowsocks via a Surfshark VPN server. This process is a little fiddly but should be effective at evading VPN blocks.
This feature, available in the Windows client, allows you to decide how the VPN app works when you connect to new Wi-Fi networks – ask, protect, or always protect.
Available with BlindSearch as a bolt-on extra, HackLock scans the web looking to see if your email address has been involved in a data breach. As such, it is very similar to our own data breach tool, except that it provides regular automated scans. It is available in the Windows and Android apps.
This is a private search engine for Surfshark customers, which is ad-free and does not log your searches. We'd guess it's a SearX instance, and it works well.
This Android app is available free of charge to everyone from the Play Store. It sends DNS queries from your device directly to Surfshark instead of your ISP in order to improve privacy and help defeat censorship. These queries are protected from prying eyes using the DNS over HTTPS (DoH) (by default) or DNS over TLS (DoT) encryption protocols.
Surfshark is one of the first VPN providers to add dual authentication (2FA) to its service. 2FA is optional for those that might prioritize convenience, but users wanting the added security can choose to authenticate through email or using an application, like Google Authenticator or Authy. We recommend using an application, as it is safer (cannot be intercepted) and much easier to use.
Surfshark is a great VPN service. It keeps no logs, is reasonably fast, and offers great technical security with no IP leaks. The fact that it offers a large selection of servers is good, and the fact that they are all diskless servers that can be instantly wiped is fantastic.
The fact that Surfshark allows unlimited simultaneous connections is also great, and we are thoroughly impressed with the quality of the provider's friendly and knowledgeable 24/7 Live Chat support.
The extras on offer, such as multi-hop VPN, Cleanweb, and Wi-Fi-connect, are decent additions that many users will find helpful depending on what they are using the service for. Although none of these are killer features, they are nice to have and the collection is growing all the time, which improves Surfshark's already great value proposition.
Overall, we found that Surfshark is an excellent, privacy-friendly VPN service that ticks all the important boxes with ease.
5 User Reviews
Leave a Review - Step 1
Leave a Review - Step 2
Please tell us in more detail about this product