Surfshark aces its first no-logs audit
VPN users have the assurance that their data is in safe hands
Retaining users' trust is the first element when it comes to privacy. The best VPN providers, those responsible for building the software meant to protect anonymity online, know this very well.
So, just weeks after NordVPN passed its third no-logs audit, another VPN service called an external cybersecurity company to verify it actually treats subscribers' data as it claims.
As its most recent initiative to promote transparency, our favorite cheap VPN app Surfshark has just aced an independent no-logs audit.
After a thorough inspection of Surfshark's IT systems, industry-leading auditing firm Deloitte confirmed that the provider complies with the data-handling practices stated in its privacy policy.
While Surfshark's security infrastructure has already been verified in the past, this is the first time the provider has undergone such an audit on its privacy statement.
Surfshark’s no-logs policy — more than just words! Auditing firm @Deloitte confirms that we have both the means and the will to carry it out. That’s another proof of us valuing our customers’ privacy! https://t.co/Q28xlVk2GMJanuary 25, 2023
Evidence of top privacy and quality standards
"Working in an industry that highly relies on trust and transparency, we understand that it takes more than just words to validate our efforts," commented Surfshark's VPN Product Owner Justas Pukys.
"The positive result from Deloitte’s no-logs assurance report provides factual evidence to our users and future customers that Surfshark operates on the highest privacy and quality standards."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
A strict no-log policy is one of the most important features for a truly private VPN provider. It's the users' sole guarantee that no identifiable information is ever retained about their online activities.
Subscribing to a trustworthy no-log VPN is vital to make sure that even if a hacker or government manages to seize the service, no sensitive data can be leaked. That's simply because such details won't exist in the first place.
Deloitte conducted its assurance procedures between November 21 and December 2 last year.
To successfully verify Surfshark's privacy claims, the auditing experts closely reviewed Surfshark server's configuration and deployment process, while conducting interviews with responsible employees.
They also checked whether or not the relevant IT systems are designed to match the company's privacy policy. These include both its standard VPN servers, static IP and MultiHop structure.
More details about Deloitte's audit can be found here.
"Based on the procedures performed and the evidence obtained, in our opinion, the configuration of IT systems and management of the supporting IT operations is properly prepared, in all material respects, in accordance with Surfshark's description of its no-logs policy," concludes the report.
Showing a continuous effort to transparency, Pukys from Surfshark said: "We will continue to perform various audits and tests to get independent verification of our security and privacy measures."
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com