Surfshark Review

Surfshark is a VPN based in the British Virgin Islands that is extremely well-liked by subscribers (it has 4.5 stars on TrustPilot). The VPN allows an unlimited number of simultaneous connections with a single subscription, making it great for families who want to use it at home and on public Wi-Fi, or for users with many devices.

Surfshark has super-fast servers in over 100 countries around the world, making it the first premium VPN with such an impressive coverage. And Surfshark grants access to many of the most sought-after streaming services around the world like Netflix US, BBC iPlayer, and Amazon Prime. To secure your data, this VPN provides industry-standard OpenVPN encryption and provides a kill-switch and obfuscation. That means you can access content and properly conceal your VPN use while doing so.

Finally, you can give Surfshark a test run completely risk-free thanks to its 30-day money-back guarantee. An amazing all-rounder that provides massive value for your money.

For details about how we review Surfshark and all of the other VPN services we have on the site, check out our VPN review process page.

Our Score
4.7 / 5
Pricing
$1.99 - $15.45
Simultaneous connections
Unlimited
Server locations
140
Jurisdiction
British Virgin Islands
ProPrivacy.com SpeedTest (average)
41.0 Mbps
Available on:
Works with:
Visit Surfshark

Statement from Surfshark regarding changes in India

In response to the new Indian data regulation laws, Surfshark has shut down its physical servers in India.

Surfshark proudly operates under a strict "no logs" policy, so such new requirements go against the core ethos of the company. The infrastructure that Surfshark runs on has been configured in a way that respects the privacy of our users, and we will not compromise our values – or our technical base.

Surfshark shut down all its physical servers in India as the new law came into power. But, don't worry, before the new regulations come into effect, Surfshark had already introduced new virtual Indian servers – physically located in Singapore, the Netherlands, and London. So, users can still get Indian IPs through the virtual servers and continue with their India-related online activities as per usual. Users in India who use international servers (those outside India) won't notice any difference, of course.

Meanwhile, Surfshark will continue to closely monitor the government's attempts to limit internet freedom and encourage discussions intended to persuade the government to hear the arguments of the tech industry.

Notably, VPN suppliers leaving India isn't good for its burgeoning IT sector. Surfshark's data shows that since 2004, the year data breaches became widespread, 14.9B accounts have been leaked and a striking 254.9M of them belong to users from India. To put in perspective, 18 out of every 100 Indians had their personal contact details breached (more info here.)

The official press release is here.

Features

Simultaneous connections 1000
Total servers 3200
Server locations 140
Routers supported
Split-tunneling
Number of countries 100

Surfshark runs over 3,200 in over 100 countries worldwide. Besides all the usual locations, Surfshark has a strong presence in Asia, Latin America, the Middle East, and Africa. Some of the most recently added server locations include Ghana, Saudi Arabia, and Puerto Rico. Impressively, it claims that these are all completely diskless VPN server instances that run on volatile memory (RAM).

Having extensive coverage of server locations across the globe assures most people will be able to choose a connection close to their homes, offices, or a traveling destination. It allows a fast and, most importantly, secure and private browsing experience

Justas Pukys, VPN product owner at Surfshark

This ensures that no server configuration files are stored locally and enables remote central management of the entire network. This also guarantees that Surfshark servers are always running the latest software and configurations – no matter whether they are. It also improves the security of the network by giving Surfshark better control over its infrastructure, and by ensuring that no information can ever be physically taken from its servers after a session ends (or if the plug is pulled on a particular server).

Surfshark's greatest selling point is that it permits unlimited simultaneous connections. This means you can connect as many devices as you want with just a single subscription. This makes it perfect for large families or people who own a lot of devices. Surfshark places a lot of trust in users, asking that users restrict access to family members and do not share account details with others – but it has no way to monitor this since it is a no-logs VPN (which is excellent for privacy).

Torrenting is permitted on all servers, with Surfshark automatically routing P2P traffic to its Canada or Netherlands servers, which are specially configured for the purpose. Plus, Surfshark has now introduced Two Factor Authentication (2FA), to improve authentication security for all of its users. 

Surfshark One

Surfshark One is a suite of additional security and privacy tools offered inside the Surfshark VPN app for an additional $1.49 a month. This subscription gives you access to Antivirus, Search, and Alert. These tools will be covered in depth in a separate review, but they're all fairly self-explanatory.

Antivirus is Surfshark's own AV program which, as far as we can tell, is developed entirely in-house. In addition to Windows and Android, it is now available on macOS as well. Search is a Surfshark search engine designed to enhance privacy with the usual guarantees – no tracking, no sale of your data, and no privacy concerns.

Alert is slightly more interesting, however. This is Surfshark's identity theft monitoring solution, which provides real-time updates when your details appear on the dark web, monitors your credit cards for unusual transactions, and checks your passwords for matches against data breaches. This is quite the bundle for what Surfshark is charging, and the features of Alert alone would often command a much higher price.

Split-tunneling ("Whitelist" and reverse whitelist)

Split-tunneling is a useful feature that is currently available in the Windows and Android apps (though the company is working on adding the feature to other platforms in the near future). Surfshark's Whitelist feature allows you to route only selected programs/apps through the VPN, or to exempt them from a system-wide VPN connection. The Windows app also allows you to exclude selected websites and IPs from the VPN.

Split tunneling feature

Smart DNS

Surfshark offers a Smart DNS service to all users. This is great for spoofing your location on devices that cannot run a VPN client, such as smart TVs, games consoles, and Apple TV. Just be aware of the fact that Smart DNS provides no privacy or security benefits as it doesn't provide any encryption, it's simply used for spoofing your location and unblocking content. 

Static IP

Surfshark's static IP feature is available in the Windows and Android apps. If you connect to a list of servers based in Germany, Japan, the Netherlands, UK, or US, then whenever you connect to the same server you will be assigned the same IP address. This is very handy if you run an FTP server, games server, media server, or otherwise need to connect to a computer from the internet while the VPN is running.

Static IP feature

WireGuard Encryption and manual WireGuard connection

Not did only Surfshark include the WireGuard protocol in all of its apps, but recently this became the primary protocol in all its major apps. This is a modern VPN protocol that is quickly being implemented by a number of market-leading VPNs due to the fact that it is highly secure, includes stealth by default, and can provide exceptional speeds.

Surfshark is already one of the fastest VPNs on the market, so the addition of this superb VPN protocol is bound to make any consumer who wants the best speeds extremely happy!

Manual WireGuard connection

Another great novelty that Surfshark added to its (already long) list of features is manual WireGuard configuration. The company is one of the few to offer this option. Most VPNs enable you to connect to WireGuard only with automatically generated public and private keys, but, thanks to Surfshark's new update, you can now pick them manually as well.

This extends Surfshark VPN usage to all your other devices that weren't previously compatible with the Surfshark app (VPN-compatible routers and such) and to countries that restrict VPN usage. Besides, the manual WireGuard connection puts you in control of protecting your devices, without sacrificing your speeds online.

 

Introducing Nexus

Surfshark has developed a brand new exclusive feature based on SDN (Software-defined networking) technology, which redefines the term "server network" and improves the overall VPN experience.

Most traditional VPNs allow you to connect to only one server at a time, which is sufficient for you to change your IP address or hide your digital footprint (to an extent). However, this standard method has its shortcomings, such as – dependence on a single IP address, potential speed and stability deteriorations due to overloading of a single server, and even occasional interruptions caused by server maintenance and such.

Nexus by Surfshark, on the other hand, takes a much more progressive approach to server networking and connections. It connects users to the entire network of servers and then routes their connection to a chosen location, avoiding disruptions, and improving the security and performance of your VPN connection.

Advantages of Nexus

Here are the main advantages of the Nexus feature in more detail.

Netflix and iPlayer unblocking

Netflix
iPlayer
Amazon Prime
Hulu
Disney+

Surfshark unblocks a wide selection of streaming services, including Netflix in over 30 different countries – which is quite an achievement. In our tests, it unblocked US Netflix and BBC iPlayer as advertised.

If accessing these services is your main goal, make sure you check out our comparisons of the best VPNs for Netflix and the best VPNs for BBC iPlayer for more information.

In addition to unblocking Netflix and BBC iPlayer, Surfshark also easily unblocks other popular streaming services like Hulu, Disney+, HBO, Amazon Prime, and many more!

Speed and performance

Surfshark ExpressVPN NordVPN
Speed 273.2 100 568.0
ProPrivacy.com SpeedTest (average) 41.0 100 85.9
Performance 9 10 9
Reliability 8 9 8

At the time of updating this review, Surfshark is one of the fastest VPNs in our books in terms of average speeds, which is excellent for streaming content in HD and for data-intensive activities like gaming or torrenting. Max burst speed performance is decent and will be more than fast enough for pretty much any VPN use-case. 

Take a look at the chart below to see how Surfshark stacks up against some of the other top names in the business. This chart represents the results from June 2024 to September 2024 using our scientific speed tests that we run on each provider three times a day. We can see that Surfshark boasts some of the fastest speeds compared to the others included in this chart, with an average speed of 41 Mbit/s and a max burst speed of 273.2 Mbit/s. 

Surfshark speeds June 2024 to September 2024 

As mentioned earlier, Surfshark has also introduced (default) WireGuard on all platforms. This is a secure VPN protocol that leverages strong cryptographic primitives to create a robust tunnel for your data.

Best of all, WireGuard is known to provide exceptional speeds. So, if you want to get even better speeds than the (superb) ones quoted above – it is definitely worth trying it out. We tested it ourselves and found it to be very fast, and perfect for streaming in HD or gaming, so don't forget to give it a try! 

Another great change has been announced in October 2024. Surfshark is gradually introducing 10Gbps (instead of the previously used 1Gbps) servers to all its locations, which will further improve your internet speed while using this VPN. Half of the server locations already have the upgrade, with the rest to follow in the upcoming months.

IP leak tests

We detected zero IPv4, IPv6, WebRTC, or DNS leaks (IPv4 or IPv6). Top marks.

It is worth noting that Surfshark only guarantees WebRTC leak protection if you use its Chrome and/or Firefox browser add-ons, although we detected no leaks without them.

For more information about the danger posed by IP leaks, please check out our complete guide to IP leaks.

Pricing

 

As is common these days, all Surfshark customers enjoy the same features. The per-month pricing is somewhat on the high end of the scale, but steep discounts are available for the longer-term subscription plans. Also, if you sign up for the service using this link an additional discount is on offer. 

If you're a macOS, Android, or iOS user you can take part in a 7-day free trial, although you need to sign up for an account and provide payment details to take advantage of this. No payment will actually be taken if you cancel within the 7 days.

Surfshark now offers the Antivirus, Search, and Alert features (which we look at later in this review) as bolt-on extras for an additional $1.45 per month.

All users can also take advantage of a generous 30-day money-back guarantee. Surfshark assures us that there are no limitations on this, which is great, but be aware that payments auto-renew, so you do need to contact support in order to cancel them.

Supported payment platforms

Surfshark accepts payment via PayPal, credit/debit card, and Alipay, which are processed by Stripe. Google Pay and Amazon Pay options are also available. Other payment methods are supported via the Tenpay and Unionpay payment processing services.

Bitcoin, Litecoin, and Etherium payments are also supported via either Coingate or CoinPayments. Paying in Bitcoin or Litecoin can provide a certain degree of anonymity, but do remember that Surfshark will always be able to see your IP address.

Helping small businesses during COVID-19

The coronavirus pandemic has been devastating to all businesses, but smaller companies feel it more than their larger counterparts.

Ease of use

Other than payment details, the only information asked when signing up for the service is your name and email address. If you wish to sign up anonymously, you can do so by paying in anonymously purchased Bitcoin or Litecoin and using a disposable email address.

A confirmation email will be sent to you containing useful links, but everything you need is readily available on the website, anyway.

The Windows client

All of Surfshark's apps have recently undergone a major UI re-design and now look great. The service has also officially become a WireGuard-first VPN, meaning WireGuard became the primary protocol in all its key apps, including Windows (Linux is soon to follow).

Up until now, the Windows VPN app used IKEv2 as a default protocol with options to switch to OpenVPN and WireGuard. However, with the usability and popularity of the IKEv2 protocol on Windows fading (its primary usage is for mobile devices), Surfshark decided to remove this protocol from the Windows app altogether. With these latest changes, we should expect an overall improved user experience, especially in terms of the quality of the connection. 

The app itself is simple to download, and once you're in you're presented with a standard login form, as well as the option to log in with a code from another device if you've already set up your Surfshark account elsewhere. As one of Surfshark's main selling points is unlimited devices under one account, we're glad to see there's an easy way to onboard new devices.

We took the code login feature for a test run and were pleasantly surprised by how easy it is to use. All you need to do is use a device where the Surfshark app is already installed. Log in, enter a six-character code, and the app on your new device will automatically log you in, too. This process worked flawlessly and was much more convenient than a normal credentialed login.

Surfshark's onboarding process walks you through some key features in a clear and concise way. Most VPNs come with Auto-connect, which ensures your VPN doesn't drop out when you switch between networks. As even a small gap in your VPN coverage can expose your IP to third parties, including government snoops and malicious hackers, highlighting this feature straight out of the gate is a plus for Surfshark.

The Auto-connect options menu is simple to navigate, presenting you with the Wi-Fi network you're connected to and an interface that allows you to add new networks to your trusted list on the fly, as well as a configuration for connection preference. Most users won't need to change this from Fastest Location, but again, it's nice to see that Surfshark is offering this level of customization.

Surfshark also makes you aware of the wide selection of servers ahead of time, giving you the ability to discern which servers have a higher use load at a glance as well as making you aware of the Favorite feature straight away. Favorites can be used to populate a quick-access list full of your most used VPN servers so you can get connected that much quicker.

When you're aware of all the primary features Surfshark has to offer, getting started is as easy as clicking the Quick-connect button and going about your day-to-day activities. Surfshark works out of the box with no extra configuration necessary, and we found the default connection settings worked just fine for browsing, streaming, and gaming.

The Surfshark interface itself is clean and minimalistic, striking a balance between white and grey backgrounds and the deep sea colors of Surfshark's house style. This makes it very easy to spot the feature you're looking for without much effort. All of your connection details are hidden under a quick-access pop-up tab, and it's easy to connect to a new server either by picking Fastest location or Nearest country to get started automatically. If you've got a particular need to connect from a certain country, a search bar gives you quick access to the servers you need.

By default, connecting to a new location through Surfshark will assign you a new IP as there will be several servers assigned to a certain location. This is fine for most users who don't need to worry about constantly appearing from the same address over time. However, it can be very annoying if you're in the middle of an online gaming session and your connection drops – you might be connected automatically, but with a new IP that screws up your matchmaking.

Surfshark does offer Static IP servers, however, which always have the same endpoint IP. If you're concerned about privacy, have no fear: all users connecting from a Static IP server have the same IP, so it's still very difficult to tell which individual user is doing what from a Static IP server.

On the other hand, if you're extremely concerned about privacy then it might be worth checking out Surfshark's MultiHop servers. This technology works by chaining together several separate VPN connections. So, you connect to one VPN and then use that connection to connect to your endpoint server. In practice, this means that a hacker would have to compromise both servers in order to work out where you're connecting from. While we noticed a slight degradation in connection quality while testing European servers, it was not enough to significantly impede our browsing.

Accessing VPN configuration options is easy, through a sidebar you always have access to from the Surfshark dashboard. Most of the configuration options are self-explanatory, but most of these options do not need to be touched in order to get the most out of Surfshark.

Surfshark implements the start-on-boot and kill-switch options that you'd expect from a modern VPN. The kill-switch is not enabled by default, but worked well in our tests. A simulated crash showed that the kill-switch modifies Windows system firewall rules, meaning that it continues to work even if the Surfshark client and OpenVPN daemon suffer an unexpected crash.

As per numerous users' requests, Surfshark is bringing the old kill-switch functionality to Windows apps, and they will be able to choose between Soft Kill Switch or Strict Kill Switch.

The client gives you the option to connect from WireGuard and OpenVPN. Users can switch from OpenVPN UDP to OpenVPN TCP (port 443) to make VPN traffic look like regular HTTPs traffic automatically with Surfshark's obfuscated servers in Camouflage mode. This is useful for evading VPN blocks, but will not fool more sophisticated detection techniques. WireGuard is now available too, both via UDP and TCP. While we recommend OpenVPN for connection stability and security, Surfshark's WireGuard implementation is blazingly fast and stable. 

While default WireGuard implementations have some security flaws surrounding how user IPs are assigned on the VPN server, Surfshark has built a custom implementation of WireGuard that eliminates these issues to ensure your IP isn't logged while you're connected. Surfshark also has a few interesting features it's worth taking a look at, including the Bypasser and Speed Test.

Bypasser goes beyond a simple split-tunnel interface by allowing you to not only assign which programs are routed through your VPN and which bypass it, but also which websites and IP addresses you want to bypass the VPN. This is a step above most split-tunnelling features and is incredibly handy when you're dealing with a stubborn streaming service or a particularly suspicious banking website that wants you to connect from your home network, or when logging in to your work email.

Surfshark also offers an in-app speed test which allows you to either choose from a pre-populated list or create a list of your favorite servers, and then run a quick Speed Test on them to give you accurate and up-to-date information on which server is right for you. It might be that you're prioritizing latency while you're playing an online game or taking a voice call, or you might need maximum download for that hefty 4k video you're streaming. Whatever your use case, Surfshark's Speed Test gives you current connection information with absolutely no technical skills needed whatsoever, and all in an easy-to-read layout.

Surfshark VPN now comes bundled with Surfshark Antivirus in one package. While the system drivers and Antivirus definitions aren't installed by default to cut down on program size, it's as simple as clicking into the Antivirus tab and waiting a few minutes to get online.

We took the Surfshark Antivirus for a spin and found that it's quick and effective, offering both targeted file scanning and full system scanning. A full review of Surfshark Antivirus is beyond the scope of this review, but it's a nice addition that comes bundled with the two-year subscription to Surfshark VPN. The interface is pleasingly simple to use and features a real-time protection option that scans incoming files to ensure your downloads aren't malware.

Available with BlindSearch as a bolt-on extra, HackLock scans the web to see if your email address has been involved in a data breach. As such, it is very similar to our own data breach tool, except that it provides regular automated scans. It is available in the Windows and Android apps.

Finally, Surfshark gives you quick access to their proprietary search engine from inside the app, which is handy if you want to search privately without handing over your details to Mozilla, Google, or even DuckDuckGo. Surfshark Search offers completely ad-free, tracker-free, search-history-free results to all Surfshark users at no extra cost, and even hosts regional results that you can change based on your location!

IPv4 and IPv6 leak protection are built-in, although Surfshark says that you should use its browser add-ons to prevent WebRTC leaks. Although we didn't detect any leaks in our testing, this is still good advice. 

The macOS client

Surfshark's macOS VPN app is available via the Apple App Store and as a stand-alone .dmg file from the website, and offers WireGuard, OpenVPN, or IKEv2, encryption protocols to choose from. Most features from the Windows app are present in the MacOSX version too, so you can browse in comfort and protection knowing you're not compromised on security just because you're not using Windows.

We are pleased to see that the Mac app features a kill-switch function. As with the Windows client, this uses system firewall rules, and so remains effective even if the Surfshark client suffers a crash. As with all the rest of Surfshark's apps, the Mac client offers its "CleanWeb" feature. It also features "Wi-Fi connect".

The latest macOS compatibility

With the release of version 3.4.0, Surfshark's macOS VPN app is now compatible with Apple's latest M1 chip. So what does this mean for the average user? It means:

The Android app

Surfshark's Android VPN app for Android uses IKEv2 by default, but also supports OpenVPN (UDP and TCP). And it does what it says on the tin. A kill-switch (which is not enabled by default), Whitelisting, CleanWeb, and Shadowsocks are all present and correct. And the app also now provides WireGuard encryption, which is cool!

Android app

Very cool is a feature that overrides your Android device's built-in GPS location function, making apps that use GPS think you're in the VPN location.

The Android app also provides a unique functionality called Pause VPN. This handy feature, for now only available on Android devices, lets users pause their VPN connection for 5 minutes, 30 minutes, or 2 hours. So you no longer have to disconnect your VPN when accessing trusted local services or when you need your original IP, you can simply pause it for a while.

Linux app

A new graphic user interface (GUI) for Linux is now also available on Ubuntu 20.04 LTS, Debian 11, Mint 20, and their newer versions. This is a huge advantage and a great time-saver for all Linux users, who can now enjoy all the benefits of Surfshark's app advanced features, including IPv6 and DNS leak protection, quick connect, MultiHop, CleanWeb, Wireguard protocol, and many more.

Others, like the auto-connect feature and a kill-switch for Linux, are to be implemented in the next couple of months. Knowing Surfshark, a fast-paced VPN leader, dedicated to constant improvements, we can expect many more pleasant surprises in the future. Not to mention that the GUI interface for Linux is still a luxury that only a few VPN providers offer.

Previously, Linux users had to control the app via the terminal. While this was nothing unusual to the dedicated users, it was still less convenient than it could have been. But with the new GUI, Surfshark Linux users will be able to enjoy a fully functional app that allows them to do more than just switch VPN servers with a couple of mouse clicks.

Justas Pukys, VPN product owner at Surfshark

Other platforms

Custom apps are available for Windows, macOS, Android, Android TV / Amazon Fire TV, iOS, and Linux. Interestingly, the iOS VPN app features a kill-switch and now supports IKEv2, OpenVPN, and WireGuard. All apps (including the browser add-ons) now use the same smart-looking user interface we can see above.

Good manual setup guides are also provided for all platforms, including macOS and Linux (Ubuntu, using NetworkManager). In addition to this, setup guides are available for DD-WRT, Tomato, and a number of popular routers that have OpenVPN clients built-in (AsusWRT, Netgear, TP-Link, and Linksys).

Browser add-ons

In addition to platform support, Surfshark offers browser add-ons for Chrome and Firefox that have been independently audited for vulnerabilities by security firm Cure53. These create secure HTTPS proxy connections in the browser to Surfshark's servers.

They also provide WebRTC protection. Now... we really wish VPN services would do more to warn their customers about the WebRTC issue and to warn them that they should be protecting themselves from unknowingly exposing their IP addresses online when using a VPN. 

This includes Surfshark, although we can't be too harsh as we detected no WebRTC leaks using its software, anyway. That said, it is still safest to either install these add-ons or disable WebRTC in your browser manually.

The browser add-ons feature "CleanWeb" as an option (see later).

Customer service and 2.0 help center

Money-back guarantee
24-hour support
Live chat
Money-back guarantee length 30
Free trial
Free trial length 7

Live Chat support is available 24/7, or you can send in a ticket email request. We found Surfshark's Live Chat response times to be near-instant and were thoroughly impressed by the competency and quality of the answers.

Surfshark's help center keeps getting updated too, enabling you to browse its growing knowledge base faster and in a more efficient manner. The latest revamped version includes a set of FAQs, setup and troubleshooting instructions, "Surfschool" where you can learn another thing or two about Surfshark and VPNs in general, and other handy bits and bobs.

Furthermore, Surfshark is constantly expanding its availability, most recently adding Russian, Turkish, Korean, and Ukrainian languages to core pages on its website.

Privacy and security

Kill-switch
Obfuscation (stealth)
IPv6 leak protection
WebRTC leak protection
Bare-metal servers?
Self-hosted DNS

Jurisdiction

Surfshark is registered in the British Virgin Islands (BVI) and its Terms of Service make it clear that all disputes will be resolved in BVI courts. The British Virgin Islands is a British overseas territory. It regulates its own internal affairs and has no mandatory data retention laws, but it remains under the jurisdiction and sovereignty of the UK government. This means it is reasonable to assume that the UK could put pressure on the BVI government and any businesses based there.

Whilst being based in the BVI is probably safer than being based in a 14-Eyes country, it is still not ideal.

Logs

Surfshark easily meets our requirements for a no-logs VPN:

We do not collect IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic and other similar data.

Its apps do collect some anonymous diagnostic and crash data by default, although this can be disabled. This includes aggregated performance data, how often you use its services, unsuccessful connection attempts, and other similar non-personally identifiable information.

Basic account and billing information are stored in full compliance with GDPR for European customers.

Website tracking

Although web activity is not tracked when using the VPN itself, the Surfshark website performs quite a lot of tracking. This includes logging IP addresses and performing browser fingerprinting on visitors.

Surfshark uses a number of third-party trackers, including Google Analytics.

Technical security 

PPTP
L2TP/IPSec
SSTP
IKEv2
OpenVPN
WireGuard
Catapult Hydra
Shadowsocks

Surfshark is a big fan of IKEv2, which it uses as the default VPN protocol in all its apps. IKEv2 is not as battle-tested as OpenVPN, but is regarded as being very secure, and is increasingly popular with VPN services because it is much faster than OpenVPN encryption.

As always, we look in detail at the OpenVPN settings this provider uses. Not only do they provide a good indicator of the care that a service takes over encryption, but it is the best way to compare like for like across VPN services. Surfshark uses the following OpenVPN settings in apps that support it:

Data Channel: an AES-256-GCM cipher. No additional authentication is required because authentication is handled by AES-GCM.

Control Channel: an AES-256-GCM cipher with the TLS key exchange secured using RSA-2048. No additional authentication is required because authentication is handled by AES-GCM, and perfect forward secrecy is provided by an ECDH-(384?) key exchange.

This is a highly secure setup. See VPN Encryption: The Complete Guide for more information on this subject. As already discussed, the Surfshark Windows, macOS, and iOS apps all feature kill-switches. We also detected no IP leaks of any kind on any platform, 

It is worth noting that Surfshark makes something of a deal about being security-audited by Cure53, but just to be clear: it is only the Chrome and Firefox browser extensions that have been audited in this way.

Diskless Server Network

Surfshark is one of the first VPN providers to transition from traditional hard drive technology to a diskless RAM-only solution. This is important because the disk-based nature of hard drives means that configuration files are stored for operational purposes and can be accessed if seized by a third party.

Running completely on volatile RAM, however, means that this data is wiped the moment a server is turned off and your privacy is preserved. And it allows for a centrally controlled network, meaning it is always up-to-date with the latest patches.

The diskless server network effectively minimizes security risks of a hard-drive-based server infrastructure, and provides assurance in offering the highest quality privacy to our users. There are only a few VPN providers that have managed to move to a fully diskless VPN server infrastructure. However, focusing on user privacy and security has always been our top priority.

Gabrielle Racai, Communications manager at Surfshark

Other security features

The great news is that we detected no IP leaks of any kind on any tested platform, although it is still safest to use one of Surfshark's browser extensions to ensure against WebRTC leaks. The Windows, macOS, and iOS clients feature system-level kill-switches.

Surfshark has diskless bare-metal servers that are completely under its control. Those servers are set up in volatile RAM which means it can pull the plug on them at any time and they will be completely wiped. Some locations are virtual locations without a physical server presence, but these are a) clearly marked in the apps, and b) are run on diskless servers operated by Surfshark – which is perfect in terms of privacy. It also resolves all DNS requests itself on servers controlled by itself.

CleanWeb

All of Surfshark's software features the "CleanWeb" option. This is advertised as blocking ads, trackers, phishing, attacks, and malware, and is almost certainly a set of firewall rules that block connections based on a simple blocklist, which should work well enough.

Multihop

This feature is available in the Windows client. It allows you to "chain" VPN servers so that your data is routed between two VPN servers as it travels between you and the internet.

Your PC -> VPN server 1 -> VPN server 2 -> Internet

Surfshark offers several double VPN combinations, but you cannot chain any two of its servers.

server list

Multihop VPN can provide some protection against end-to-end timing attacks against the end server, but will always result in a major loss of speed. We think the privacy/security benefits of multi-hop VPN are limited, but we know this can be more important to some users than others.

Shadowsocks

Again, this unusual anti-censorship feature is supported by Windows and Android apps. Shaowsocks "is an open-source proxy application, widely used in mainland China to circumvent Internet censorship". Basically it's a SOCKS5 proxy. To use it requires that you download the open-source Shadowsocks app and configure it so that you connect to Shadowsocks via a Surfshark VPN server. This process is a little fiddly but should be effective at evading VPN blocks.

Wi-Fi Connect

This feature, available in the Windows client, allows you to decide how the VPN app works when you connect to new Wi-Fi networks – ask, protect, or always protect.

Trust DNS

This Android app is available free of charge to everyone from the Play Store. It sends DNS queries from your device directly to Surfshark instead of your ISP in order to improve privacy and help defeat censorship. These queries are protected from prying eyes using the DNS over HTTPS (DoH) (by default) or DNS over TLS (DoT) encryption protocols.

Two-factor Authentication

Surfshark is one of the first VPN providers to add dual authentication (2FA) to its service. 2FA is optional for those who prioritize convenience, but users wanting the added security can choose to authenticate through email or an application, like Google Authenticator or Authy. We recommend using an application, as it is safer (cannot be intercepted) and much easier to use.

Conclusion

Surfshark is a great VPN service. It keeps no logs, is reasonably fast, and offers great technical security with no IP leaks. The fact that it offers a large selection of servers is good, and the fact that they are all diskless servers that can be instantly wiped is fantastic.

The fact that Surfshark allows unlimited simultaneous connections is also great, and we are thoroughly impressed with the quality of the provider's friendly and knowledgeable 24/7 Live Chat support.

The extras on offer, such as multi-hop VPN, Cleanweb, and Wi-Fi-connect, are decent additions that many users will find helpful depending on what they are using the service for. Although none of these are killer features, they are nice to have and the collection is growing all the time, which improves Surfshark's already great value proposition. 

Overall, we found that Surfshark is an excellent, privacy-friendly VPN service that ticks all the important boxes with ease.

Visit Surfshark»

10 User Reviews

gravatar profile picture
Lars
on 2023-03-17 18:56:36.
Overall score: 5
I just started with SurfShark, and coming from another good VPN app. I'm using SurfShark for ANDROID mainly. Quite satisfied with using it, in fact happy with how dynamic the Android app has been rolling out impressive features. EXCEPT PAUSE button, is my concern because of its ambiguity in how this button executes in SurfShark Android. The explanation on how this button executes its action only says that it pauses the connection for a fixed no. of minutes AND then it continues to state that works much like the BYPASS feature. But from the SS website PAUSE button actually means that the VPN app goes into DISCONNECT, the apps can connect directly without the VPN. Isn't it strange that a PAUSE buttons exรฉcutรฉs an "All bets are off" action ? Whatever apps that are required to pass in the VPN Tunnel can now be free to connect directly, if you PAUSE. I believe the explanation for PAUSE should be clarified. For me, a PAUSE is a FREEZE action (Nobody move while I go to the bathroom please). If after I'm back and see my apps calling home because they got freed when I pressed PAUSE . . . I'm pretty sure PAUSE means FREEZE and not DISCONNECT right. The complication in SS Android is that the BYPASS feature has two options 1. In-App Kill-Switch and 2. System Kill-Switch NOW, to ask, does PAUSE free apps filtered in BYPASS using In-App Kill. Really ? How about PAUSE using System Kill ? I found out I can't BYPASS if I utilize System Kill (it's ALL apps in Tunnel, no BYPASS allowed. So what does PAUSE really do ? because it's not for FREEZING while you go to the bathroom. Oh well, I'm going to send this to SS Support. Just saying. I have NO problems with the connection none whatsoever. It's great. The PAUSE button should be clarified so I can start using it. Great review !
gravatar profile picture
DoughnutsRGchq
on 2021-04-27 16:06:14.
Overall score: 5
I've been a Surfshark customer for nearly a year now and have never had any issue with the service. The customer service has been great when I've needed it, and as a bonus they are very cheap compared to other VPN services. I can't fault them and believe me I've tried.
gravatar profile picture
JC (TrustPilot)
on 2020-07-22 08:11:55.
Overall score: 5
Great customer service! Very patient in helping me resolve my issues setting up

Leave a Review

Your comment has been sent to the queue. It will appear shortly.

Thanks for your review!

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

15 Comments

Igor
on August 18, 2024
The review is outdated. Surfshark does not have servers in Russia anymore.
VIJAYENDRAN SATHYANARAYANAN
on April 16, 2020
Can you confirm does this works to unlock contents of Amazon India and Netflix India Libraries ?
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small_webp.webp
Douglas Crawford replied to VIJAYENDRAN SATHYANARAYANAN
on April 16, 2020
Hi VIJAYENDRAN. You will need to contact Surfshark's 24/7 Live Chat support about this.
Augustus
on December 31, 2019
I got Surfsharkโ€™s subscription during Black Friday, and I have to say Iโ€™ve been nothing but satisfied ever since. The main reasons I got it was because of security (obviously), and for being able to bypass geo-blocks (especially for Xbox). The speed of games is the same if not improved, and I can get the new games without waiting until they are released in my country.
Thomas
on December 23, 2019
Donโ€™t buy Surfshark services if you are in China. Surfshark VPN simply DOES NOT work in China. If you live in the USA and need a cheap VPN, why not. But if you are in China, I strongly advise against buying Surfshark VPN. I made the mistake myself, and after three months with intermittent to no connection through Surfshark VPN, I had to buy another VPN. I simply could not stay longer without access to the Internet. Surfshark says that they provide customer service to help you access the Internet: I have spent countless hours making technical operations on my iPhone and my laptop to try to have the service work, but it does not work. Surfhshark is down during weeks at a time, without the possibility to access to Internet. I usually donโ€™t post reviews online, but I must say that my experience with Surfshark has been awful and I do not recommend using their services. After buying a new VPN, I requested a refund for my Surfshark service, since it does not work. They declined it, arguing that they could give technical support to help their VPN work. It simply does not work, regardless of the hours spent trying to make it work. I feel like I ordered a whole meal, and Surfshark only delivered the appetizer. It failed to deliver the main course, but refuses to refund the meal. Bad customer service. Go with other more serious and reliable VPN are you are in China.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service