Trust is scarce these days and that’s why we prefer to use VPNs that have commissioned independent third-party audits. Pretty much all of the best VPNs did this, and we love them for that.
Surfshark is definitely a top dog and has recently announced that its servers have passed an independent infrastructure audit. Carried out by Germany-based Cure53, the extensive research did not detect any serious issues.
The audit results
The server infrastructure audit — which is a rarity in the VPN world — was part of an evaluation that also included a broader security assessment. In the end, Cure53 produced a report stating that Surfshark’s server network relies on good defaults and that the company engineers really demonstrated their dedication and skill in the configuration of constructs and cipher-suites.
As for the uncovered security issues, they were general rather than specific flaws, all of which were fixed by the time I am writing these words, with Cure53 judging the fixes to be appropriate to the problems.
This was the second time Cure53 ran an audit on Surfshark.
On the record
“Having a secure network of thousands of servers is a big responsibility, so we needed to have an independent expert opinion on how we’re doing. We made sure to quickly react to all the recommendations so today we can be even more confident of delivering on the security our customers expect,” said Surfshark CEO Vytautas Kaziukonis.
About the auditor
Cure53 is a German cybersecurity firm founded by Dr. Mario Heiderich. It has almost a decade of experience in the field, including an audit of a South Korean parental monitoring mobile app. The audit uncovered security issues big enough for the SK government to withdraw support for the app.
Cure53 previously audited Surfshark in 2018.