The security protocols Surfshark offers include WireGuard, OpenVPN, and IKEv2. These are the best options available. Surfshark has taken the right decision to abandon outdated protocols like PPTP.
Surfshark also uses the best encryption cipher, called AES-256. This is what conceals your data and it’s considered unbreakable.
We can confirm this is the case, as we tested Surfshark’s encryption with the packet-sniffing tool, Wireshark. Our analysis showed that our web traffic was completely unreadable and fully encrypted.
Does Surfshark’s Kill Switch Work?
Surfshark’s kill switch is not on by default, which is an oversight in our opinion. We recommend that you go into Surfshark’s settings and toggle it on.
We tested whether Surfshark’s kill switch actually works by using our in-house kill switch test tool. If the kill switch works, our real IP address should never be detected — even when we switch servers or our internet connection drops.
Our results show that Surfshark’s kill switch worked to prevent our IP address leaking, except when changing servers on macOS devices. This is a problem common to many VPNs on Mac. However, VPNs like Mullvad and PIA have come up with a solution, so we expect the same from Surfshark.

Surfshark’s kill switch does not stop IP address leaks when changing servers on macOS.
First-Party DNS Servers to Prevent Leaks
We tested Surfshark for IP, DNS, and WebRTC leaks using our own leak test tool. It passed on all fronts and no sensitive data was ever exposed.
This is thanks to the fact that Surfshark uses its own private DNS servers. This means Surfshark handles your DNS requests itself, which is an impressive security feature that should be rewarded.
However, Surfshark has no IPv6 support. Instead, it re-routes IPv6 connections to IPv4. That’s fine as it prevents leaks, but we’d like to see full IPv6 support.
This also needs to be considered if you own a new IPv6-exclusive router, as Surfshark will not work at all.
Double VPN, Rotating IP & Diskless Servers
Surfshark has excellent security standards, but it also offers an array of advanced security features that most VPN services can’t match.
The first additional feature is Multi-Hop, which routes your traffic through two VPN servers. Though it’s not always necessary, that means double protection.
There’s also a Rotating IP option, which is unusual. This feature changes your public IP address every 5-10 minutes without you ever having to switch servers.

Surfshark’s Rotating IP changes your IP address every 5-10 minutes.
IP rotation isn’t necessary for online protection, and some other VPNs like HMA and AtlasVPN offer similar features. However, it might appeal to the most privacy-conscious users.
Android users can also use Surfshark’s GPS Spoofing feature, which matches your GPS geolocation to your chosen server. This is a very rare feature that helps to bypass geo-blocks set by mobile apps, and something we’d like to see rolled out across all of Surfshark’s apps. It is a particularly useful feature if you want to stream blackout NHL games on Android.

Surfshark has lots of features in its settings menu.
The most substantial security feature is Surfshark’s diskless server network, or RAM-only network. This means that your user data is never stored on physical servers that can be seized and extracted.
For such a low asking price, the extent of Surfshark’s security offering is truly impressive. VPNs with the same advanced features usually cost two or three times more, like Astrill.
Does Surfshark Block Ads?
Surfshark has an ad blocker called CleanWeb. Our tests show that CleanWeb works to block 77% of all ads and trackers on the web. This ranks it 10th in our list of the best VPN ad blockers.
We used CleanWeb to block ads on popular sites like Spotify and Twitch, but it didn’t work for websites like Google and YouTube.