Surfshark unveils new end-to-end encryption patent to reduce metadata collection
The VPN service seeks to innovate how handling E2E

- Surfshark is looking to improve the privacy of current end-to-end encryption with a new patent
- The plan is currently based on distributed trust-based communication frameworks
- Despite this, Surfshark says its approach differs from the likes of NymVPN and ObscuraVPN
Surfshark has just registered a new patent looking to improve the privacy of current end-to-end encryption (E2E) systems.
Based on a distributed trust-based communication infrastructure, Surfshark's proposed method seeks to reduce the amount of visible metadata – meaning all the data that isn't the content – by splitting the encryption process between two separate VPN providers.
Better metadata privacy
Encryption refers to the scrambling of data into an unreadable form and is the technical solution born to protect the network-based communications we all rely on daily – whether that's a text message, a document, or a photo shared with another user over the internet.
End-to-end encryption (E2E) is the tech used by virtual private networks (VPNs), some secure email services, and messaging platforms to ensure the content of these online activities remains private between the sender and the receiver.
A lot of metadata is still visible to the provider
Karolis Kaciulis, Surfshark
Yet, Surfshark's Lead System Engineer, Karolis Kaciulis believes that it's time to go beyond E2E.
He told TechRadar: "After the emergence of E2E encryption, we feel that the topic of user anonymity and security while using various messaging systems and technologies has stagnated. We believe there is still room for improvement."
The main issue with today's encrypted messages, Kaciulis explains, is that while these messages cannot be accessed by unwanted third parties, "a lot of metadata is still visible to the provider."
Metadata includes details such as who sent a message to whom, when the message was sent, the size of the message, and many others.
This is where Surfshark's new patent comes in. Based on a distributed trust-based communication framework, it seeks to introduce a new way for VPN providers to handle encryption and de-centralize the ownership of the message.
Such a framework would involve two different VPN companies handling the encryption process so that no single entity has all the information in its entirety.
"The patented method would ensure that the information is split," said the patent inventor. "Thus, the metadata seen by the provider companies (as well as governments where they reside) is reduced."
Don't call it decentralized VPN
It's worth mentioning that some providers already offer decentralized VPN solutions that split users' information between several entities without having a single point of governance.
For example, the newly launched NymVPN is built on a decentralized server network run by anonymous users across the world. Obscura VPN employs a two-party VPN structure, using Mullvad's WireGuard VPN as an exit hop.
Kaciulis, however, thinks that Surfshark's patent goes beyond what a decentralized VPN stands for.
"Personally, I believe that today 'decentralized VPN' is a little bit of a buzzword used to convince users that it’s a better solution than the status quo. The Internet is built on trust and authority, and losing said authority only makes it less safe," Kaciulis told TechRadar.
Therefore, this solution comes as a way to emphasise the importance of having even more authority. "It’s just that the authority is shared between multiple actors instead of one."
You might also like
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.