Surfshark Review

Surfshark

  • Pricing

    From $1.99 / month
  • Available On

    • Android
    • iOS
    • Windows
    • MacOS
    • Linux
  • Features

    • Money-back Guarantee
    • Live chat
    • Netflix
    • Torrenting

Based in the British Virgin Islands, Surfshark is a no-logs VPN service with great technical security, a bunch of useful features, and superb 24/7 support.

ProPrivacy.com Score 9.5 out of 10
Visit Site

Summary

Quick Stats

  • Jurisdiction British Virgin Islands
  • Simultaneous connections 1000
  • Countries 60
  • ProPrivacy.com SpeedTest (average) 77.26 Mbps

Alternative VPN Choices for You

From $3.49 / month
ProPrivacy.com Score 10 out of 10
Visit Site Read review
From $6.67 / month
ProPrivacy.com Score 9.1 out of 10
Visit Site Read review
From $2.75 / month
ProPrivacy.com Score 10 out of 10
Visit Site Read review
 

Features

Port selection
Simultaneous connections 1000
Total servers 1000
Countries 60
Router Support
Routers Supported DD-WRT, Tomato, AsusWRT, Netgear, TP-Link, Linksys.
Bare metal or virtual servers Bare metal
Torrenting

Surfshark runs more than 1000 servers in over 60 counties. Impressively, it claims all of these are physical single-occupancy bare metal servers. In addition to all the usual locations, Surfshark has a strong presence in Asia, Latin America, the Middle East, and Africa.

Even more impressively, Surfshark permits unlimited simultaneous connections. This means you can connect as many devices as you want, using the same account.  

Surfshark asks that users restrict access to family members and do not share account details with others, but says that it must trust its users. It keeps no logs that can identify abuse in this respect. We're big fans of this. 

Torrenting is permitted on all servers, with Surfshark automatically routing P2P traffic to its Canada or Netherlands servers, which are specially configured for the purpose.

Split tunneling (“Whitelist” and reverse whitelist)

Split tunneling is a useful feature is currently available in the Windows and Android apps. It allows you to route only selected programs/apps through the VPN, or to exempt them from a system-wide VPN connection. The Windows app also allows you to exempt selcted websites and IPs from the VPN.

Split tunneling feature


Smart DNS

Surfshark offers a Smart DNS service to all users. This is very useful for spoofing your location on devices that cannot run a VPN client. Such as smart TVs, games consoles, and Apple TV. Just be aware that it provides no privacy or security benefits. 

Static IP

SurfShark's static IP feature is available in the Windows and Android apps. If you connect to a list of servers based in Germany, Japan, the Netherlands, UK, or US, then whenever you connect to the same server you will be assigned the same IP address. This is very handy if you run an FTP server, games server, media server, or otherwise need to connect to a computer from the internet while the VPN is running.

Static IP feature

Netflix and iPlayer Unblocking

Netflix
iPlayer
Amazon Prime
Hulu

Surfshark unblocks a wide selection of streaming services, including Netflix in 16 different countries. Which is quite some achievement. In our tests, it unblocked US Netflix and BBC iPlayer as advertised.

If accessing these services is your main goal, make sure you check out  Best VPNs for Netflix and Best VPNs for BBC iPlayer for more information.

Speed and Performance

ProPrivacy.com SpeedTest (max/burst) 202.87
IPv6 leak detected?
WebRTC leak detected?
IPv4 leak detected?
Data limits
Bandwidth limits
ProPrivacy.com SpeedTest (average) 77.26

At the time of updating this review, Surfshark is the fastest VPN on our books in terms of average speeds. Which is good. Max burst speed performance is not quite so impressive but is nothing to complain about and will be more than fast enough for almost all VPN users. 

IP leak tests

We detected zero IPv4, IPv6, WebRTC or DNS leaks (IPv4 or IPv6). Top marks.

It is worth noting that Surfshark only guarantees WebRTC leak protection if you use its Chrome and/or Firefox browser add-ons, although we detected no leaks without them.

For more information about the danger posed by IP leaks, please check out our complete guide to IP leaks.

Pricing

 

As is common these days, all Surfshark customers enjoy the same features. The per-month pricing is somewhat on the high end of the scale, but steep discounts are available for 1-year and 2-year subscriptions. Also if you sign up for the service using this link an additional discount is on offer.

If you're a macOS, Android or iOS user you can take part in a 7-day free trial, although you need to sign up for an account and provide payment details to take advantage of this. No payment will actually be taken if you cancel within the 7 days.

Surfshark now offers the HackLock and BlindSearch features (which we look at later in this review) as bolt-on extras for an additional $0.99 per month for the both of them.

All users can also take advantage of a generous 30-day money-back guarantee. Surfshark assures us that there are no limitations on this, which is great, but be aware that payments auto-renew, so you do need to contact support in order to cancel them.

Supported Payment Platforms

Surfshark accepts payment via PayPal, credit/debit card, and Alipay, which are processed by Stripe. Other payment methods are supported via the Tenpay and Unionpay payment processing services.

Bitcoin, Litecoin, and Etherium payments are also supported via either Coingate or CoinPayments. Paying in Bitcoin or Litecoin can provide a certain degree of anonymity, but do remember that Surfshark will always be able to see your IP address.

Ease of use

Other than payment details, the only information asked when signing up for the service is your name and email address. If you wish to signup anonymously, you can do so by paying in anonymously purchased Bitcoin or Litecoin and using a disposable email address.

A confirmation email will be sent to you containing useful links, but everything you need is readily available on the website anyway.

The Windows Client

All Surshark's apps have recently undergone a major UI design, and now look great. The Windows VPN app uses IKEv2 by default, but also supports OpenVPN.

Windows client

The client features a kill switch, split tunneling ("Whitelister"), “CleanWeb”, and multihop. It also supports Hacklock and BlindSearch if you have paid for these features.

added features

We think the new Mini mode is quite groovy.

connected to a Chile server

IPv4 and IPv6 leak protection is built-in, although Surfshark says that you should use its browser add-ons to prevent WebRTC leaks. Although we didn’t detect any leaks in testing, this is still good advice. 

The kill switch is not enabled by default, but worked well in our tests. A simulated crash test showed that the kill switch modifies Windows system firewall rules, meaning that it continues to work even if the Surfshark client and OpenVPN daemon suffer an unexpected crash.

Users can switch from OpenVPN UDP to OpenVPN TCP (port 443) to make VPN traffic look like regular HTTPs traffic. This is useful for evading VPN blocks, but will not fool more sophisticated detection techniques.

The macOS client

Surfshark’s macOS VPN app is available via the Apple App Store and as a stand-alone .dmg file from the website. The app uses IKEv2. It is currently rather light on features, although Surfshark tells us these will be added as fast as they can be authorized by restrictive App Store policies.

We are pleased to see that the Mac app features a kill switch. As with the Windows client, this uses system firewall rules, and so remains effective even if the Surfshark client suffers a crash. As with all the rest of Surfshark’s apps, the Mac client offers its “CleanWeb” feature. It also features "WiFi connect."

The Android app

Surfshark's Android VPN app for Android also uses IKEv2 by default, but also supports OpenVPN (UDP and TCP). And it does what it says on the tin. A kill switch (which is not enabled by default),  Whitelisting,  CleanWeb, and Shaodowsocks ate all present and correct.

Android app

Very cool is a feature that overrides your Android device's built-in GPS location function, making apps which use GPS think you're in the VPN location.

Other Platforms

Custom apps are available for Windows, macOS, Android, Android TV / Amazon Fire TV,  and iOS. Interestingly the iOS VPN app features a kill switch and now supports both IKEv2 and OpenVPN. All apps (including the browser add-ons) now use the same smart-looking user interface we can see above.

 A command-line app for Linux is now also available. Good manual setup guides are also provided for all platforms, including macOS and Linux (Ubuntu, using NetworkManager). In addition to this, setup guides are available for DD-WRT, Tomato, and a number of popular router makes that have OpenVPN clients built-in (AsusWRT, Netgear, TP-Link and Linksys).

Browser add-ons

In addition to platform support, Surfshark offers browser add-ons for Chrome and Firefox that have been independently audited for vulnerabilities by security firm Cure53. These create secure HTTPS proxy connections in the browser to Surfshark’s servers.

They also provide WebRTC protection. Now... we really wish VPN services would do more to warn their customers about the WebRTC issue, and to warn them that they should be protecting themselves from unknowingly exposing their IP addresses online when using a VPN. 

This includes Surfshark, although we can’t be too harsh as we detected no WebRTC leaks using its software anyway. That said, it is still safest to either install these add-ons or disable WebRTC in your browser manually.

The browser add-ons feature “CleanWeb” as an option (see later).

Customer service and support

Free trial 7-days (macOS and mobile apps)
Money-back Guarantee
24-hour support
Live chat
Money back guarantee length 30

Live Chat support is available 24/7, or you can send in a ticket email request. We found Live Chat response times to be near-instant, and were impressed by the competency and quality of the answers.

There is also knowledgebase. It is not huge but includes a useful FAQ, setup articles, and other handy bits and bobs.

Privacy and security

Self-hosted/Proxied DNS Self-hosted
Kill Switch
Obfuscation (stealth)
IPv4 leak protection
IPv6 leak protection
WebRTC leak protection

Jurisdiction

Surfshark is registered in the British Virgin Islands (BVI) and its Terms of Service make it clear that all disputes will be resolved in BVI courts.  The British Virgin Islands is a British overseas territory. It regulates its own internal affairs and has no mandatory data retention laws, but it remains under the jurisdiction and sovereignty of the UK government. This means it is reasonable to assume that the UK could put pressure on the BVI government and any businesses based there.

Whilst being based in the BVI is probably safer than being based in a 14-Eyes country, it is still not ideal.

Logs

Surfshark easily meets our requirements for a no logs VPN:

“We do not collect IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic and other similar data.”

Its apps do collect some anonymous diagnostic and crash data by default, although this can be disabled. This includes aggregated performance data, how often you use its services, unsuccessful connection attempts and other similar non-personally identifiable information.

Basic account and billing information is stored, in full compliance with GDPR for European customers.

Website tracking

Although web activity is not tracked when using the VPN itself, the Surfshark website performs quite a lot of tracking. This includes logging IP addresses and performing browser fingerprinting on visitors.

Surfshark uses a number of third-party trackers, including Google Analytics.

Technical security 

IKEv2
OpenVPN

Surfshark is a big fan of IKEv2, which it uses as the default VPN protocol in all its apps. IKEv2 is not as battle-tested as OpenVPN, but is regarded as being very secure, and is increasingly popular with VPN services because it is much faster than OpenVPN encryption.

As always, we look in detail at the OpenVPN settings this provider uses. Not only do they provide a good indicator of the care a service takes over encryption, but it is the best way to compare like for like across VPN services. Surfshark uses the following OpenVPN settings in apps which support it:

Data Channel: an AES-256-GCM cipher. No additional authentication is required because authentication handled by AES-GCM.

Control Channel: an AES-256-GCM cipher with the TLS key exchange secured using RSA-2048. No additional authentication is required because authentication handled by AES-GCM, and perfect forward secrecy is provided by an ECDH-(384?) key exchange.

This is a highly secure setup. See VPN Encryption: The Complete Guide for more information on this subject. As already discussed, the Surfshark Windows, macOS, and iOS apps all feature kill switches. We also detected no IP leaks of any kind on any platform, 

It is worth noting that Surshark makes something of a deal about being security-audited by Cure53, but just to be clear: it is only the Chrome and Firefox browser extensions which has audited in this way.

Other security features

Great news is that we detected no IP leaks of any kind on any tested platform, although it is still safest to use one of Surfshark’s browser extensions to ensure against WebRTC leaks. The Windows, macOS, and iOS clients feature system-level kill switches.

Surfshark uses bare metal servers. Some locations are virtual locations without a physical server presence, but these are a) clearly marked in the apps, and b) are run on servers operated by Surfshark and therefore from a privacy point of view count as bare metal servers. It also resolves all DNS requests itself on the server you connect to, which is ideal.

CleanWeb

All Surfshark’s software features the “CleanWeb” option. This is advertised as blocking ads, trackers, phishing, attacks, and malware, and is almost certainly a set of firewall rules that block connections based on a simple blocklist. Which should work well enough.

Multihop

This feature is available in the Windows client. It allows you to “chain” VPN servers so that your data is routed between two VPN servers as it travels between you and the internet.

Your PC -> VPN server 1 -> VPN server 2 -> Internet

Surfshark offers several double VPN combinations, but you cannot chain any two of its servers.

server list

Multihop VPN can provide some protection against end-to-end timing attacks against the end server, but will always result in a major loss of speed. We think the privacy/security benefits of multi-hop VPN are limited, but we know this can be more important to some users than others.

Shadowsocks

Again, this unusual anti-censorship feature is supported by Windows and Android apps. Shaowsocks "is an open-source proxy application, widely used in mainland China to circumvent Internet censorship.” Basically it’s a SOCKS5 proxy. To use it requires that you download the open-source Shadowsocks app and configure it so that you connect to Shadowsocks via a Surfshark VPN server. This process is a little fiddly but should be effective at evading VPN blocks.

WiFi connect

This feature, available in the Windows client, allows you to decide how the VPN app works when you connect to new WiFi networks – ask, protect, or always protect.

HackLock

Available with BlindSearch as a bolt-on extra, HackLock scans the web looking to see if your email address has been involved in a data breach. As such it is very similar to our own data breach tool, except that it provides regular automated scans. It is available in the Windows and Android apps.

BlindSearch

This is a private search engine for Surshark customers which is ad-free and does not log your searches. We'd guess its a SearX instance, and it works well. 

Blind search

Trust DNS

This Android app is available free to everyone from the Play Store. It sends DNS queries from your device to Surfshark instead of your ISP in order to improve privacy and help defeat censorship. These queries are protected from prying eyes using the DNS over HTTPS (DoH) (by default) or DNS over TLS (DoT) encryption protocols. 

Conclusion

Surfshark is a great VPN service. It keeps no logs, is reasonably fast, and offers great technical security with no IP leaks. The fact that it offers a large selection of servers is good, but the fact that they are all secure bare metal servers is even better.

Unlimited simultaneous connections is also fantastic, and we are impressed with the quality of Surfshark’s 24/7 Live Chat support.

The extras on offer, such as multihop VPN,”Cleanweb”, and WiFi-connect, are decent additions. Although none of them are killer features, they are nice to have and the collection is growing all the time, which improves Surfshark's already great value proposition. 

Surfshark is a very good privacy-friendly VPN service that ticks all the important boxes with ease.

Visit Surfshark»

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

8 Comments

  1. Juhani T

    on August 29, 2019
    Reply

    I have used Surfshark for a couple of months now. It has many good features in the Windows app. I have two VPNs (the other PrivateVPN) and I notice that in Windows Surfshark has a second or two delay in loading pages. I dont know if it is because I have two VPNs installed or something in my Windows installation, but I dont see that problem with my other VPN. In Linux though it is blazing fast. Talking about Linux (kubuntu) I feel that it is unnecessary complicated to setup and use. Why am I not able to set it up through openvpn in the network connection like other VPNs so I can start i automatically or with a couple of mouse clicks on icons? Instead I have to start, stop and check status in the terminal with commands. There is no killswitch in Linux afaik. Seems a bit unnecessary to me. Otherwise I am very happy with it (I use Linux mainly) and you cant beat the price in the 2 year plan for all what it offers in Windows.

  2. Juha T

    on June 13, 2019
    Reply

    Thanks for a good and detailed review.

  3. Joy

    on April 29, 2019
    Reply

    I decided to try Surfshark after I read reviews on Trustpilot. And people were right. It is a complete package of security, privacy, features with reasonable speed. Worth to mention professional customer support, I had a few technical questions, but a guy (I don't remember his name) answered everything like a real pro.

  4. Mitse

    on April 19, 2019
    Reply

    Thanks for the review, I just started using it, but I am already amazed by Surfshark speed and that it supports unlimited number of devices so I can share one account with few people (I hope they won't change anything).

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

Large brand with very good value, and a budget price

The fastest VPN we test, unblocks everything, with amazing service all round

Longtime top ranked VPN, with great price and speeds

One of the cheapest VPNs out there, but still a good service