Surfshark 2021 Review
Reviews score: Excellent
Surfshark is highly secure, affordable, and allows you to connect unlimited devices. If you think CyberGhost or NordVPN are too expensive, Surfshark is one of the best alternatives available.
- Unlimited devices: With a single subscription, you can use Surfshark on as many devices as you like.
- Highly secure: Surfshark uses all the essential security tools (OpenVPN, AES-256, kill switch) to keep your data private.
- RAM-servers only (no logs): RAM servers have short-term memory only, which are wiped upon reboot. This means that there are no user logs.
- Servers in 61 countries: Surfshark has a good spread of servers around the world.
- Works with all devices: Surfshark offers beautifully designed apps for Windows, Mac, Android, iOS and Linux.
- Works with torrents (P2P), Netflix and BBC iPlayer.
- Speed: Surfshark is fast enough for most users, but it doesn’t belong to the fastest VPNs we’ve tested.
- Best deal: $ 2.49 / month
- Refund Policy: 30 days
- Customer Support: 24/7 Live chat
- Devices per account: Unlimited
- Platforms: Windows, Mac, Android, iOS and Linux
- Works with US Netflix: Yes
- Works with Torrents: Yes
- Works in China: Yes
- Speed: 82 Mbps
- Servers in: 61 countries
- Server count: 3.200+
- IP Addresses: 1.040+
- Jurisdiction: British Virgin Islands
- Data leaks: None
- Logging policy: No logs
Privacy and Security
The Good: Surfshark has its headquarters in the Brittish Virgin Island, and therefore away from nosy governmental agencies. It also has a zero-logs policy, features a kill-switch, and uses the open-source OpenVPN protocol and top of the line AES-256 encryption.
The Bad: Surfshark does not operate its own DNS servers.
What privacy and security elements do we test for?
- Logging Policy
- Own DNS Servers
- Kill Switch Test
- Leak Test
1. Logging Policy
What does “logging policy” mean and why is it significant?
VPN providers may gather information about your internet activity. This is called “logging.” Of course, everyone prefers those VPN providers that don’t gather or store user information, but not all of them can claim this.
Data collection is actually a way for your VPN provider to optimize its service. This improves service performance and helps prevent service abuse. Of course, the amounts of collected data vary from VPN provider to VPN provider.
VPN providers can gather and store 4 different “types” of information. Here they are listed from the least harmful to the most harmful:
- VPN service data: Data regarding which VPN server you’ve connected to, the operating system that you use, and version of the app you use.
- Connection data: Your login and logout dates and times, the duration of service usage, and the amount of downloaded and uploaded data.
- Original IP address: Your device’s real IP address. Using your phone or computer’s IP address, your location can be determined.
- Online activity: Webpages that you go to, your search queries, your services. Your entire browsing history, in essence.
VPN service data and the connection data isn’t considered harmful information to hold. After all, you are connected to your VPN anonymously and the data collected is all bundled together with that of other users. This data is used for optimizing and enhancing the VPN service’s performance. This data is generally considered fair game and most VPN providers gather it on a regular basis.
Although IP address collection isn’t really a huge offense, many users are still apprehensive about this, and for a reason. At the end of the day, VPN services are used to retain anonymity, which doesn’t go hand-in-hand with IP address collection.
Finally, your internet activity falls under data that really shouldn’t be collected by your VPN service. In fact, many users resort to VPN to prevent their ISPs from collecting such data. Therefore, this is something of a hefty red flag for a VPN provider.
Out of all the VPNs recommend here, none of them collect this data type, but some free VPN providers actually do. This is very dangerous as they may end up selling this info to data collectors, which is why free VPNs are generally frowned upon.
What is Surfshark’s logging policy like?
“To maintain a perfect quality of our Services and provide you with efficient support we collect diagnostics information and monitor crash reports on our apps. The information we collect contain aggregated performance data, the frequency of use of our Services, unsuccessful connection attempts and other similar information. As you probably already understood, the data collected for diagnostic purposes does not contain uniquely identifiable information.”
In short: It collects only that data needed to improve its service to you. It is not collecting your browsing behavior, IP address or other sensitive material.
On top of that, Surfshark announced in July 2020 that it has moved entirely to RAM-only servers. This is important, as these servers have no hard disk. As RAM is short-term memory, that is wiped regularly, Surfshark cannot store any data on its users, even if it wanted to.
What does jurisdiction mean and why is it significant?
Essentially, the country of a VPN provider’s incorporation is called a “jurisdiction.” Every country has its own regulations to abide by, so you should take jurisdiction into consideration when choosing your VPN provider.
For instance, certain countries like Australia, the USA, and some EU members are under strict data retention laws. Data retention laws actually require ISPs in that particular country to provide a wide range of user data. This data includes websites visited and emails sent.
One of the main purposes of VPN is encrypting data that is sent over an ISP network. This means that the ISP isn’t able to read and get its hands on your data. This is among the primary reasons why many people resort to VPN in the first place – to escape mass surveillance.
The word on the web is that the VPN services are bound by data retention laws to collect user information. This rumor is a myth, as VPN services are private network providers, unlike ISPs. This means that a VPN service isn’t bound by identical rules as your standard internet service provider. A VPN service isn’t required to collect data.
That being said, government agencies actually have ways of bypassing this rule. In the US, a federal agency can actually issue a secret subpoena, like a National Security Letter, which allows it to gain access to data logs of a VPN, even of entire servers.
Bear in mind that these aren’t folktales. Instead of letting the NSA get their hands on Edward Snowden, Lavabit, an email encryption provider was forced to close operations, back in 2013. Similarly, Private Internet Access had to close its servers in Russia to avoid the overly-strict data logging rules in 2016. This means that government agencies are constantly making efforts to seize VPN user data.
To avoid these issues, there are two main things that a private user can do:
- When selecting a VPN provider, pick a VPN location that isn’t a country that’s an international intelligence treaty member (for instance, the UKUSA agreement) and doesn’t have any data retention laws. NordVPN, for example, has its HQ in Panama, while Express VPN is seated in the British Virgin Islands. Both of these providers are immensely popular.
- Make sure that your VPN has a legitimate zero-logging policy and that vouches not to store your internet activity (visited websites, services used, searches made, etc.) If a VPN provider doesn’t store that information, it can’t give it, sell it, or surrender it to the government.
What is Surfshark’s jurisdiction?
Surfshark is based in the British Virgin Island, this not only is a tax-haven, but also a privacy-haven. There are no data retention laws, and it is not connected to any of the international data sharing arrangements.
On top of that, Surfshark features a warrant canary on its website. This means that it will publically display any data requests it receives from governmental organizations through National Security letters and gag orders.
What does protocol mean and why is it significant?
A VPN protocol is essentially a set of rules on how the data is transmitted and formatted via a network (internet or local area (LAN)). Several protocols exist and they vary in terms of security and speed. OpenVPN is deemed as the one that’s the most secure, followed by L2TP, IKEv2, PPTP, and SSTP. Surfshark now also includes the Wireguard procol.
What protocols does Surfshark use?
Surfshark uses the opensource OpenVPN (TCP/UDP) and IKEv2/IPSec protocol.
What does encryption mean and why is it significant?
Encryption is the “translation” of fully readable information into “coded gibberish.” In order to encrypt something, an encryption key is used. Naturally, only those that have key access can decipher and, therefore, read the information in question.
Advanced Encryption Standard (AES) is widely considered as the best one around. There are two main encryption key lengths: AES-128 and AES-256. AES-128 is generally considered to be unbreakable, while AES-256 is stronger. The former is 128 bit long while the latter is 256 bits long.
What encryption standard does Surfshark use?
Surfshark encrypts your data according to the highest possible standard: AES-256.
5. Own DNS Servers
What do DNS servers mean and why are they significant?
Web addresses, such as YouTube.com and Facebook.com are, in fact, long strings of numbers. These numbers are the above-mentioned IP addresses. Complex and seemingly illogical, they aren’t easy to remember, which is why domain names, such as Facebook.com, exist.
DNS-servers are basically the internet’s phone operators. Countless domain names are stored on DNS-servers and so are their respective IP addresses. These servers make sure that you always reach the IP address that you were looking for when you type a website’s name into the address bar.
If a VPN provider happens to have DNS servers of its own, this means that your movement is encrypted using the exact same VPN-tunnel like any other online activity that you perform. This further means that a third-party can’t log or intercept it and that the government agencies and organizations can’t censor it.
Does Surfshark use its own DNS servers?
Yes. Surfshark runs its own DNS servers.
6. Kill Switch Test
What does a kill switch mean and why is it significant?
The moment the VPN becomes inactive on your connection, a safety feature called the “kill switch” is triggered. It immediately kills your internet connection. Essentially, this means that if your VPN fails, your online activity will remain hidden.
Does Surfshark use a kill switch?
Yes, Surfshark features a kill switch.
7. Leak Test
What does a leak mean and why is it significant?
It can occur that a VPN fails to hide a certain data amount, despite it being continuously active. This is called a “leak.” The most common of the bunch are IP Leaks, DNS leaks, the Windows Credential Leak, WebRTC Leaks.
Does Surfshark leak your data?
No, Surfshark does not leak any of your data.
The Good: –
The Bad: Although Surfshark is fast enough for everyday use, it is definitely not the fastest VPN that we have tested.
What does a speed test mean and why is it significant?
Using a VPN does come at a price – it will slow down your internet connection by taking up a portion of your bandwidth.
This may manifest itself in slower download speeds, lower Netflix or YouTube streaming quality, slower webpage loading, etc.
Of course, you can do a few things in order to improve the overall internet speed while using VPN:
- Get a fast VPN. Speeds vary from VPN provider to VPN provider. Hotspot Shield, for instance, is extremely fast, having almost zero internet speed impact. Alternatively, Tunnelbear is notoriously slow.
- Always choose a server as close to you as possible. The closer it is the shorter the distance that your data will have to travel is. Most VPN services enable you to handpick the server location that you want to use. This is crucial for improving download and streaming speeds and latency.
- Don’t settle for the default server that your VPN provider chooses for you. Take a few servers for a test. Connect to different servers, run a few speed tests on each one, and choose the fastest one.
How did Surfshark score in the speed test?
We were testing from Europe on a base of connection of 90 – 100 Mbps.
Short-distance tests have shown that Surfshark causes significant download speed loss. In our tests, the drop was 90Mbps to 74Mbps on a London server. Most tests have shown a speed loss of up to 18%.
Although this doesn’t put Surfshark at the top of any VPN list in terms of speed, the loss is insignificant if you have a reliable ISP. The VPN also doesn’t seem to have ping issues so the app can be used for gaming purposes too, along with torrenting and HD streaming.
Global speed tests don’t put Surfshark in the best light. There is considerable speed loss, especially at longer distances. Europe to US speed tests show a drop of at least 60%.
The drop goes up to almost 80% when connecting to a server in Australia. For a 90Mbps average download speed, you can expect 54 to 56Mbps on German servers and a mere 17Mbps on Australian servers.
US and Canadian servers fare much better in long-distance situations as our tests showed an average download speed of 30 to 34Mbps. That said, Surfshark remains good enough for browsing purposes and for HD streaming and torrenting, even on long-distance servers.
Of course, one of the reasons the speed may be drastically affected at times is Surfshark’s double VPN feature which bounces traffic between two servers. Great for security but not so much for performance.
The Good: Surfshark has servers in 61 countries, supports all major operating systems (Windows, Mac, Android, iOS, and Linux), has browsers extensions for Chrome and Firefox, supports Netflix and torrenting, and is able to bypass censorship. And to top it all of, it allows you to connect an unlimited amount of devices on a single subscription.
The Bad: –
What features do we test for?
- Server Locations
- Platform and Devices
- Number of Connections
- Streaming and Torrenting
- Bypassing Censorship
1. Server Locations
What does a server location mean and why is it significant?
When you pick your VPN server, you will appear as if you’re located in the country or the city where the server is physically located. The majority of providers let you choose between multiple countries around the globe, 30 being the average.
While many providers only let you choose a country, others go a step further, allowing you to choose a city. Cities such as New York and Los Angeles are common options in the USA.
Now, what this means is that your data has to travel from the device that you’re using through the VPN server and only then connect to the web. If you are in Australia and choose a French server, it might slow down your connection significantly, on account of the distance that the data has to travel before connecting to the internet. The more server locations a VPN provider offers, therefore, the better.
Where are Surfshark’s servers located?
Surfshark has 1000+ servers in 61 countries. With an even spread across the world, all regions are well served except for Africa. In the latter only Libya and South Africa have servers.
2. Platforms and Devices
What do platforms and devices mean and why are they significant?
Operating systems, devices, and browsers that a particular VPN service is compatible with are called “platforms.” Most VPN providers feature Windows, Android, Mac OS, and iOS apps, while only several support Linux. Some VPN providers even offer direct router installation, as well as browser extensions for Firefox, Chrome, Safari, etc.
Regarding browser extensions, keep in mind that you should always check whether the particular extension works as a proxy server, an encryption-based proxy server, or as a complete VPN:
- A proxy server: This means that your VPN extension functions as a proxy and, therefore, that the IP address that you’re using is masked. The websites that you visit with a proxy server will consider your location as the country that you’ve selected in your VPN extension. You can unlock services that aren’t supported in your country this way. For example, you can watch American Netflix when abroad. That being said, your data remains unencrypted and vulnerable to hackers and ISP data collection.
- Encryption-based proxy server: If your browser extension features encryption, your browser is completely encrypted. This means that it will be unreadable to hackers and ISPs. Your online activities like streaming Spotify, though, will remain open.
- In instances where a VPN browser extension has full control over the VPN app, it means that the entirety of your online activity is encrypted. The IP address is masked and VPN settings can be changed without actually leaving the browser.
What platforms and devices does Surfshark support?
Surfshark has apps for nearly everything: Windows, Mac, Linux, Android, and iOS serve laptops and smartphones, while its apps for Apple TV, Fire TV, Playstation, and Xbox serve a range of other media devices.
On top of that, Surfshark has browser extensions for Chrome and Firefox which function as proxies. This means that they only encrypt the traffic that goes through your browser, and not the data which flows through other apps.
3. Number of Connections
What do connections mean and why are they significant?
Different VPN subscriptions offer different numbers of connections. This number indicates the number of devices that can use the VPN app at the same time. For the individual, three connections are more than enough, as you can use them to protect your laptop or computer, phone, and, for instance, your tablet. If you want to share your subscription with more people, you should get a better subscription plan.
How many simultaneous connections does Surfshark support?
Surfshark allows you to connect an unlimited amount of devices on a single subscription. It is the only VPN we know of with such a generous offer.
4. Streaming and Torrenting
What do streaming and torrenting mean and why are they significant?
In case you live outside the US or you are an American citizen traveling abroad, you can use a VPN app to access American Netflix. Just log in to a server that’s based in the USA and you’ll be able to access Netflix and enjoy the American content.
If you’re into torrents, you can use a VPN to safely download them. With a fully encrypted connection, your ISP won’t be able to see what you’re doing online and you won’t suffer the legal and online consequences of using P2P.
Does Surfshark support streaming and torrenting?
Surfshark can unblock Netflix content from the US, UK, Germany, France, Australia, and another 8 countries. It also works well with BBC iPlayer, which isn’t very common among VPNs.
5. Bypassing Censorship
What does censorship mean and why is it significant?
You can use a VPN to go around censorship, although some VPN providers aren’t available in every country. As China boasts the strictest regulations that affect a huge chunk of the world’s population, it is generally used as a test subject for whether a VPN provider can circumvent censorship.
Here are some useful sources if you want to get educated on online censorship:
- Open Media
- Center for Democracy and Technology
- Fight For The Future
- Electronic Frontier Foundation
- Freedom House
- Access Now
- Internet Defence League
Does Surfshark bypass censorship successfully?
If you live in, or travel through, a highly censored country such as China, Turkey or the UAE, make sure to switch on “No Borders” in your Surfshark app. From that moment forward, Surfshark will recognize when you are in a restricted region and offer you special servers that allow you to browse as normal.
Trustpilot / BitDefender
Trustpilot / BullGuard
Trustpilot / CyberGhost
Trustpilot / ExpressVPN
Trustpilot / Hotspot Shield
Trustpilot / NordVPN
Trustpilot / Norton
Trustpilot / Panda Security
Trustpilot / Private Internet Access
Trustpilot / SurfShark
Trustpilot / UltraVPN
Trustpilot / ZenMate