Surfshark Passes No-Logs Audit

[cnet.com] 3 days ago

Another virtual private network provider just took an important step towards boosting its transparency with customers. Surfshark -- CNET's Editors' Choice for Best Value VPN and one of our top VPN picks -- passed an independent no-logs audit conducted by auditing firm Deloitte, the VPN company said in a blog post on Wednesday.

"The positive result from Deloitte's no-logs assurance report provides factual evidence to our users and future customers that Surfshark operates on the highest privacy and quality standards," Surfshark's VPN product owner Justas Pukys wrote. "We will continue to perform various audits and tests to get independent verification of our security and privacy measures."

The audit examined the configuration and management of Surfshark's IT systems and supporting IT operations and was conducted between Nov. 21 and Dec. 2, 2022, according to a summary of Deloitte's audit report (PDF). As part of the audit, Deloitte inspected the design and configuration of Surfshark's standard VPN servers, static IP VPN servers, multihop servers and multiport servers.

"Based on the procedures performed and the evidence obtained, in our opinion, the configuration of IT systems and management of the supporting IT operations is properly prepared, in all material respects in accordance with [Surfshark's no-logs policy]," Deloitte said.

Deloitte's validation is important, because an independent audit is one of the only ways to confirm that a VPN provider's no-logs claims are legitimate. Even though an independent audit from a firm like Deloitte can only confirm its findings for the scope and duration of its audit, it can offer customers a certain measure of confidence that the VPN they're using is genuine in what it promises.  

"[The] No-logs Policy is one of the most important features of our Services," Surfshark says in its Terms of Service. "It means your activities are not in any way logged, retained, or transferred to third parties when you connect to our Services. We do not collect any information about what you do online (your visited IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic or any other similar data)." 

Surfshark's announcement comes two weeks after its sister company NordVPN announced its own independent no-logs audit, also completed by Deloitte. Surfshark had its browser extensions independently audited in 2018 and its server infrastructure in 2021, but Deloitte's audit is Surfshark's first independent no-logs audit. 

For more on VPNs, check out Surfshark's new Dynamic MultiHop feature and how to boost your VPN speeds.