Surfshark VPN Review

Surfshark stands out for how good a VPN it is at unblocking streaming platforms.

It unblocks Netflix, BBC iPlayer, Disney+, Amazon Prime Video, Hulu, ITV Player, All 4, and HBO Max.

Great for Unblocking Netflix

We experienced high video quality and lag-less streaming in our tests.

While there are no dedicated streaming servers, the vast majority of US servers will work. In our most recent tests, only the Charlotte and St.Louis servers didn’t stream US Netflix.

For more, read our in-depth guide on using Surfshark for Netflix.

Unblocks BBC iPlayer, Disney+, and More

All of Surfshark’s UK servers work with BBC iPlayer. This is highly impressive. It works with other UK streaming channels like All 4 and ITV Player, too.

It was also the first VPN to unblock Disney+ on its release, and has been our best choice ever since.

US Amazon Prime Video and HBO Max is easily accessed as well. But not Hulu.

Surfshark is a very good VPN for torrenting.

Its privacy-focused logging policy and high encryption help hide your P2P activity from your ISP.

Also, the automatic kill switch stops your IP address from showing if your VPN connection drops. This keeps your download activity safe from any accidental exposures.

All Surfshark servers allow P2P file-sharing, but some servers are specifically optimized for P2P activity. You can find these servers by typing in ‘P2P’ into the app’s server search bar.

These fast P2P-optimized connections let you torrent anonymously using torrent clients like BitTorrent, Deluge, Transmission, uTorrent, and Vuze.

You’ll also be able to stream privately P2P-based services such as Ace Player, VLC, and PopcornTime

Surfshark doesn’t allow port forwarding

However, Surfshark does not allow seeding as there is no port forwarding option due to the “security threat.”

We tested our connection speed before and after connecting to a server in London, close to our real location.

Surfshark’s same-country local connection speeds are very good, dropping just 15% to 85Mbps. If you’re in the US and connect to a nearby US server, you can expect similar results.

These speeds are more than fast enough for most users, though when we reviewed Private Internet Access and analyzed NordVPN, we recorded even smaller speed losses.

We find that the OpenVPN connection is reliably faster than WireGuard when using Surfshark. For optimal speeds, select OpenVPN.

Long-Distance Speed Tests

Surfshark’s speeds over long-distance connections are also good.

We connected to its US, Australia, Canada, and Germany servers from our London office and measured our connection speeds before and after.

We recorded an average speed loss of 41% when connected to the US, and 40% connecting to Australia.

This is not unusual for long-distance connections, though VPNs like Hotspot Shield recorded losses of just 17% on US servers.

Surfshark’s international speeds are good and stable across the board, with speed loss consistently under 50% when connecting to servers very far away.

Surfshark’s Speeds Compared to Other VPNs

In addition to testing VPN speeds manually, we’ve also developed an automated VPN speed test tool that constantly tests VPN speeds around the world.

Tests run automatically four times per day, and test connection speeds are capped at 100Mbps to recreate a typical home internet connection.

The graph below compares Surfshark VPN’s average loss of internet speed to other popular VPNs for New York to New York connections:

Use our Speed Test Tool to see Surfshark’s worldwide speeds.

Surfshark’s VPN speeds have been improving month by month, and the gap with faster VPNs is narrowing down.

Moreover, Surfshark is now regularly beating CyberGhost in many speed tests.

There is no reason to doubt Surfshark’s commitment to user privacy. It does not keep logs of user activity or connection data, and its jurisdiction of the British Virgin Islands is a privacy haven.

We’ve analyzed the service’s logging policy and can confirm it’s sensible and privacy-focused, but not completely zero-logs.

While Surfshark isn’t a no-logs VPN by definition, it comes close to it. It doesn’t collect personally identifiable data, meaning it won’t store your internet activity or IP address.

The VPN service’s privacy policy states the following:

“To maintain a perfect quality of our Services and provide you with efficient support we collect diagnostics information and monitor crash reports on our apps. The information we collect contains aggregated performance data, the frequency of use of our services, unsuccessful connection attempts and other similar information.”

There are some very minor causes for concern in the above wording.

Firstly, we were alarmed by the phrase “other similar information.” A good privacy policy is as specific as possible – it’s unclear exactly what “similar information” entails.

Secondly, Surfshark collects advertising identifiers – unique, resettable IDs for advertising provided by third parties. You can opt out of personalized ads by adjusting the settings in your app.

What’s more, there has still been no independent audit of its VPN applications, or its logging policy.

Without a confirmed audit, there’s always room for doubt around logging practices. Many major VPN companies, like ExpressVPN and VyprVPN, have already done so to earn even greater trust.

It’s worth noting that there’s a separate privacy policy for its BlindSearch and HackLock features. BlindSearch collects an aggregated number of performed searches and HackLock stores your email address. Both tools are separate from the main VPN applications.

Based in a safe jurisdiction

Surfshark is owned by Surfshark Ltd, whose CEO is Vytautas Kaziukonis.

The company was incorporated in the British Virgin Islands (BVI) in 2018. It’s a very sensible place to set up a VPN company. There are no intrusive data retention laws or practices in the BVI, and it’s widely viewed as a privacy-haven.

The nation is not part of the Five Eyes, Nine Eyes, and 14 Eyes surveillance agreements. Foreign governments cannot force Surfshark to collect or share user logs.

In the spirit of transparency, Surfshark publishes the number of government agency requests it receives on its warrant canary page. Currently, it has received zero requests for information.

Surfshark includes all of the essential security features you would expect from a top-tier service.

You’ll benefit from robust encryption, secure protocols, IP and DNS leak protection, and an automatic kill switch on all applications. We also found no evidence of IP, DNS, or WebRTC leaks.

AES-256 encryption is used on all platforms, with ChaCha encryption also available for Android users.

VPN Protocol Selection

IKEv2 is the default protocol used on all apps, though you can choose OpenVPN in the settings menu.

The Windows, Android, iOS and Mac apps also let you choose between TCP and UDP OpenVPN connections.

Like many other providers, Surfshark also introduced its patched WireGuard protocol recently, which has much less bandwidth overhead than OpenVPN.

Check out our WireGuard vs OpenVPN guide for a full comparison of these two leading protocols.

RAM-Based Servers

Following in ExpressVPN and NordVPN’s footsteps, Surfshark has moved away from hard drive technology and now operates a completely diskless, RAM-only server network.

This vastly improves security, as information cannot be physically extracted from the servers, and it enables central management of the whole network. Very few VPNs have this feature.

Surfshark’s Extra Features

Surfshark is filled with advanced security features, built to enhance your experience and safeguard your data.

Here’s a list of the VPN’s advanced security features:

• BlindSearch is a private search engine designed to allow users to search the web with no ads or trackers. You can add BlindSearch, along with an Surfshark Antivirus and HackLock, to your existing subscription for an extra $1.49 per month.

• Camouflage Mode, also known as obfuscation. This is a technology that disguises your VPN traffic to make it look like ‘normal’ browsing. This means even your ISP can’t tell you’re using a VPN.
• CleanWeb is Surfshark’s proprietary ad, tracker, and malware blocker. It is not turned on by default.

• MultiHop, sometimes known as Double VPN, routes your traffic via two different VPN servers instead of one. This additional step makes you harder to track, though it may reduce connection speeds.
• Surfshark Alert is a breach detection tool that scans the web in real-time, checking that your email and login information hasn’t been leaked online. This feature comes as an added bundle with BlindSearch and Surfshark Antivirus.

• Surfshark Antivirus is an antivirus tool available on Windows and Android. It offers real-time protection against malware, viruses, and apps that do things on your device without your permission.
• Whitelister is a split tunneling feature that allows you to define which applications and websites shouldn’t use the VPN connection. You can find it in the sidebar menu of the Surfshark app, under ‘Features.’ However, it is not available on Apple iOS or Mac.
• A VPN kill switch is an essential feature for any VPN, preventing your true IP address from leaking if your VPN connection drops. To enable it on Windows, toggle the setting in the app’s security menu. On Android devices, you’ll need to enable it manually in the device settings.

To clarify, Hacklock, Surfshark Antivirus, and Blindsearch need to be downloaded separately as part of the Surfshark One bundle, which costs an extra $1.49 per month.

Surfshark also developed an Android-only GPS spoofing feature found under Virtual Location. It lets you easily change your GPS location and bypass GPS geo-blocks set by various mobile apps. Hopefully, GPS spoofing will be added to the iOS app soon.

High encryption standards

The VPN service has also gone the extra mile to include a two-factor authentication (2FA) option for its users too.

For more technically minded users, Surfshark’s encryption uses an RSA-2048 handshake and HMAC SHA256 data authentication.

Perfect Forward Secrecy is implemented through the Diffie-Hellman Key Exchange (DHE), meaning encryption keys are not reused between sessions, for an added layer of security.

Server Network Audit

In 2021 Surfshark commissioned an audit of its server infrastructure. This was performed by Cure53, a Germany-based IT security firm.

The full audit identified some ‘medium’ level security concerns, which the Surfshark team swiftly handled.

The report concludes:

“The overall outcome should be regarded as good and the testing team has no doubt that the Surfshark maintainers have a clear understanding of security and privacy challenges associated with being a VPN provider.”

It’s good to see Surfshark commissioning audits of its server security, something very few providers do. While some issues were identified, these were fixed quickly.

IP, WebRTC and DNS Leak Test Results

Surfshark uses private DNS on every server to protect your DNS requests.

We tested this on our VPN leak test test tool by connecting to a US server from our office in London, and recorded zero DNS, IPv4, or WebRTC leaks using its apps.

You can also see leak-free results when using Browserleaks.com:

Incompatible with IPv6 Protocol

Surfshark currently has no IPv6 support. This means that IPv6 leaks are highly likely and your normal ISP will be used should you encounter an IPv6 address on your network. This is a security risk we want Surfshark to resolve as soon as possible.

It also means that Surfshark won’t work at all if you have a new IPv6-exclusive router. IPv6 is the most recent version of the internet protocol, so most routers have IPv4, but it’s worth checking with your router provider or testing for IPv6 with our tool.

No Viruses or Malware Detected

Surfshark is virus-free too. We scanned the VPN software for any malicious files and it came back completely clean:

Android App Tracker Scans

We also scanned the Android app for trackers that could potentially compromise your privacy.

We ran the app through the εxodus tool. This exposes any trackers or permissions present in Android apps. Here’s what we found:

Surfshark’s Android app has four trackers for Google Analytics, GoogleCrashLytics, Google Firebase Analytics, and AppsFlyer.

Analytics aren’t too concerning as it allows Surfshark to maintain the performance of its app and see how users interact with its service.

Other top VPN apps have similar trackers in place. However, our review of Astrill and our evaluation of Hide.me show how these two VPNs have no trackers whatsoever.

The use of AppsFlyer is a little more concerning. This is a marketing tracker that “uses artificial intelligence and machine learning for big data analytics.”

According to VentureBeat, AppsFlyer leverages metadata from 98% of the world’s mobile devices. While this doesn’t sound good for privacy at all, its privacy policy states that it doesn’t share data with any third parties.

Android App Permissions

The Android app also has 16 permissions, which dictate the level of access the software has to your device.

Three of these permissions are considered ‘special’ or ‘dangerous’ according to Google’s protections levels, including:

• Access to your camera
• Access to the contents of your SD card
• Permission to modify and delete the contents of your SD card

These permissions are unnecessary for a VPN application designed for privacy. We’d like to see these removed, or at the very least explained, in future app updates.

Surfshark has clearly put a lot of work into bypassing aggressive online censorship.

We can confirm it’s currently one of the best VPNs to circumvent web blocks in countries like Russia, Turkey, Saudi Arabia, and the UAE.

According to out test results, it’s also capable of getting around the strictest Chinese censorship, but only 30% of the time. Astrill, on the other hand, works 100% of the time.

Anti-Censorship Features

Its additional anonymity features allow Surfshark to work reliably in highly-censored countries.

Camouflage Mode is an obfuscation tool designed to make your VPN traffic appear as normal traffic, disguising your VPN usage from ISPs and thereby eluding web censors.

This feature is automatically activated whenever you connect with the OpenVPN (TCP or UDP) protocol, and is the main reason why Surfshark works in high censorship nations.

NoBorders Mode is specifically built to beat internet restrictions and censorship. It detects when you’re connected to a restricted network or in a censored country, and automatically redirects your traffic elsewhere.

Surfshark also uses ShadowSocks, often called SOCKS5. This is an open-source proxy, usually used by torrenters, that can often bypass strict web censorship.

ShadowSocks requires manual configuration on most devices, and here are online guides on how to do this for Android, MacOS, and Windows.

Surfshark provides fast, friendly, and helpful customer support with 24/7 live chat and a ticketing system available.

There’s also an online help section featuring installation guides, troubleshooting, an FAQ, and a knowledgebase.

To access Surfshark’s live chat simply head to the website and click the Chat icon in the bottom right corner of the page.

We found the company’s customer support team to be fast and informative, and we got an answer to our query in under a minute.

However, technical questions might take a little longer. When we asked about ChaCha encryption, our support agent took a while to respond and their answer was lacking in detail.

If you have a particularly technical question, we recommend using Surfshark’s email ticketing system instead.