8/5/2023 0 Comments Surfshark limited![]() We know that many organisations, people and Governments will make great and grand claims which we must trust, but where you can you should verify. These are gospel words around Info/Cyber Sec researchers. However RIPA has yet to be used in this way, although given the right circumstances - I do not hesitate for one second to doubt that HM Gov’t will use their powers to pressure BVI. There are cases of pressure being exerted by British authorities to that of sovereign territories to cooperate with English law. The British Virgin Islands is sovereign territory of Great Britain where RIPA has been enacted. Having previously worked with organisations heavily using RIPA, I’ve seen both sides of the table. I hate to tell you but no - this doesn’t really change things. Doesn’t sound good, but they are in the British Virgin Islands and they don’t log - so I’m ok, right? There is no way to know if they are using instead of (which they failed to do in their own browser extensions - read the report here). These products have not been validated, and there is no way to ensure that the code locally running on your computer, TV or game console is trustworthy. Using any of their other platforms should be a cause for concern. Not even the independent security auditors know how secure your data is, and this should worry you. In summary, running the Surfshark VPN is like connecting to a blackhole. Additionally use of any other platforms, other than the two browser extensions, have not been audited. It doesn’t, and this is extremely important, validate the security and encryption of your connection, the best practices used by Surfshark or how secure their infrastructure is. Surfshark did not allow the auditors infrastructure or backend access, so although the browser extensions are believed to be ‘safe’, this accreditation only extends to the code that runs locally on your machine. The latter being the only service audited.Įxcerpt of Surfshark’s website showing their supported platforms Surfshark offers customers access to their network through desktop applications (Windows, Linux & MacOS), Mobile Applications (iOS & Android), Smart TVs (FireTV and AppleTV to name a few), Game Consoles (Playstation and Xbox) as well as two browser extensions. In addition to to the two browser extensions. Surfshark offers its VPN services through multiple products including the two audited products, the Firefox and Chrome extensions. Now to most people this isn’t a problem, but let’s delve deeper. The audit was of an extremely limited scope, that being their Chrome Browser Extension and Mozilla Firefox Extension. Surfshark has been audited, but not in the way you’d expect. The customer has to contact the company directly to try and leave this service.Excerpt of independent security auditing organisation Cure53’s report on Surfshark VPNĪfter spending less than 5 minutes reading the minuscule audit report, which even with its limited scope was able to find two vulnerabilities, it became apparent that Surfshark isn’t a new and upcoming VPN with a focus of being transparent but rather a VPN aimed at marketing their ‘independently audited’ sticker left, right and centre. Surfshark also has terrible company culture where they auto-renew subscriptions. So I was given a run around for an issue already known. I was asked to perform a bunch of tests and submit them back of which I did only to be told "we are aware of the issue". ![]() On one occasion I notified Surfshark about issues with all nodes within a country being speed limited and cutting out. Technical support on these issues did not resolve them. This should be a MAJOR red flag for anyone looking to use a VPN. On many occasions I have been browsing the internet thinking I was protected under the VPN to find out the software had magically logged me out and disabled the kill-switch option. The Surfshark software regularly.and I mean regularly, logs you out of the program and changes the program settings to turn off the kill switch. This is common among VPN providers as its a last security option to protect anonymous browsing. You can enable a kill switch within the VPN program so if the VPN isn't connected the internet won't work. ![]() The biggest failure of all is the following. Nodes from certain countries extremely speed limited on occasion. VPN nodes of any location constantly getting restricted by captcha.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |