What Surfshark's Safety Audit Revealed

From the world of VPNs, reputation is all. Whenever someone expects you to conserve their privacy, anonymity, and safety, you deliver. And do not get me wrong. VPN suppliers attempt to do this by all means. They are simply not always super clear about how well they are succeeding. This is the reason why I was a bit surprised (pleasantly so) when I read information concerning Surfshak's recent safety audit. Just how open they're about the outcomes is really very welcome and must be commended. In my current review of Surfshark, I noticed that they are fast developing a reputation as one of the greatest up and coming VPNs. This safety audit only enforces this announcement. Additional VPN suppliers take note.

The Safety Audit

The analysis issues Surfshark's Chrome and Firefox extensions. In case you are unfamiliar with them, it is pretty straightforward. They are pretty much only browser plugins offering VPN connectivity once the browser is currently in use. Extensions are a popular solution for those people who do not demand a system-wide VPN. Ordinarily, browser-based VPN solutions do not have the best reputation. For several decades, glaring security issues with a couple unique and widely-used VPN plugins throw a dark shadow over others. Auditing Surfshark for security and privacy issues Surfshark desired to show they are different. So, a couple of weeks before, they commissioned a third party audit of their browser plugins. The aim, to ascertain how safe and reliable they are. Both variations passed with flying colours. Respected code safety and penetration testing company Heal 53 completed the audit. They did a complete review of their extensions' code. They also looked completely in the applications in action. The evaluations, which generally took five times, uncovered just two safety problems. One was believed out-of-scope and another an exploitable vulnerability.

Initial Issue

The primary difficulty Heal 53 discovered had to do with the invitation email Surfshark delivered to new users. The email contained insecure HTTP download link to the program page (rather than HTTPS). This issue could permit a malicious performer to eavesdrop on your link via software download. But, it introduced no usable danger to the VPN itself, after occupied.

Second Issue

Another found problems had to do with the true VPN extension. However, as in the first scenario, in addition, it posed no actual danger. Inside the configuration files which control the performance of their extensions, the testers found an odd line of code. It suggested the prospect of allowing an encrypted HTTP connection to the Surfshark VPN servers, instead of an encrypted HTTPS tunnel. The fantastic news is there's not any way any third party may use this code to empower such a link. It is also not a configurable user-facing alternative so nobody can turn this on by injury.

The Audit Report

The outcomes of the audit proved so positive that it amazed even the testers. They left the following comment in the finished report:
Since the low amount of findings and their restricted implications clearly indicatethe outcomes of the Heal 53 evaluations of their Surfshark VPN extensions place the item in an excellent light.
In addition they concluded the report with
Heal 53 is exceptionally suited to see such a powerful security position on the Surfshark VPN extensions, particularly given the frequent vulnerability of comparable goods to privacy problems.
Here is the total Surfshark audit record.

An Unusual Event

It is well worth noting again that safety reviews of the type are rare in the VPN industry. Most operators hate allowing third party access to their programs and applications. For this reason, it is not possible to tell just how many customer VPN services might have privacy or security vulnerabilities which have gone undetected by many, or worse, are proven to malicious actors who operate to exploit them. Security audits of VPN providers make it possible for suppliers to deal with vulnerabilities and problems before they become a danger to us all. That is something which Surfshark understands nicely, according to Chief Technology Officer Magnus Steinberg, who stated:
Presently, browser extensions are the most well-known programs to remain confidential whilst browsing the net - which is exactly why we began together. We've completed an external safety audit to show our dedication to transparency and deliver a promise of diamond-strong protection.
Additional Steinberg
The problem of the entire VPN market is stressing, because near none VPN suppliers can actually substantiate on promises of complete privacy and safety. Possessing an outside audit is just one of the hardly any ways to demonstrate your claims.
Surfshark was quick to act on the audit document. Both problems identified have been addressed.

The Bottom Line

By commissioning and discharging the outcome of the audit of the VPN browser extensions, Surfshark has established a helpful business precedent. They have proven that it's both possible and appropriate for VPN suppliers to back up their assertions concerning the safety and security of their goods. With any luck, additional providers will follow their lead. It would be perfect for everybody to begin supplying us comprehensive audit advice similar to this. It might make our decision making when selecting a VPN service that much more educated. If this finally occurs, all sides will probably be better off. And VPNs will reinforce their reputation as the go-to information protection product they're.

Comments