![]() Well! It is not a severe issue as it may allow an attacker who can spy on the connection of the user. One is the service invitation emails which uses an unencrypted HTTP link. The findings of the audit report reveal two vulnerabilities identified by Cure53. The auditors were extremely satisfied to see a robust security posture on the SurfShark VPN extensions, especially given the shared vulnerability of similar products to privacy issues. The team addressed the issue to ensure a bullet-proof service by all means. One they marked as ‘Low impact’, which was not related to the browser extension and another was of a more general flaw. The Cure53 audit team worked for five days and found just two vulnerabilities. According to the results, both extensions stand out in relation of being rare for VPN browser extension products that suffer from different issues. The report also included the findings of Chrome and Firefox extensions. ![]() It implies to both privacy and general security jurisdictions. The members of the Cure53 team conclude that the tested applications have an extremely robust impression and are not exposed to any issues. They do so to reach the right level of coverage, which clear all doubts and questions of the targeted audience. To fortify and reinforce the reliability of the results, Cure53 testers hired the so-called white-box methods while they were assessing the VPN. But that’s where the hypocrisy rises- after all, preventing bugs, exploits, and leaks is much easier if you submit your service to such audit companies. In an industry that is built on promises of utmost privacy and security, reports of security holes are best avoided. Their subjects have a bit less to gain but a lot to lose. It is quite understandable and clear why independent audits and public reports of such inspections are rare. Of its significant experience and value in the market, SurfShark decided to choose Cure53 as its auditors. When TunnelBear VPN completed its review in 2017, it was also performed by Cure53. Its team was behind the shutdown of a parental control app distributed by the South Korean government.Īlthough the VPN industry is full of bold and boastful statements regarding anonymity, security, and privacy, however, independent audits are infrequent. It is a respected and reliable firm in the security sphere, which is known for the integrity of its analysis along with one or two scandals it uncovered in the past. SurfShark, for its first independent audit, chooses a German cybersecurity company, Cure53. Both a code audit and a penetration test were done to verify the no-log claim. The report states that the foremost aim of the project was to attain an external view of how well the VPN browser extension handles the security and privacy of the users.Īfter the audit was done so, it concluded that whatever promises were made to users regarding protecting against DNS and IP leaks were kept. In the entire audit process, the VPN gave both Chrome and Firefox browser extensions with the source code to Cure53 for in-depth analysis. The audit report successfully claim it a no-log VPN provider and was crowned as the best VPN newcomer of 2019. In late 2018, the company took another step in Surfshark’s evolution as it published the result of an independent audit. With time, SurfShark VPN expands in network size, number of supported platforms, and increased feature list. It doesn’t mean ‘’no activity logs’’ or some other marketing phrase, but zero logs. The VPN service provider came out with no simultaneous connection limit as well as a full-fledged no-log policy. It was evident that the people behind it knew what they were doing. When it came out earlier during the year 2018, the majority of the users had a good feeling about this service. Surfshark VPN has become one of the most popular privacy tools in the market. Who did the service audit? And what was concluded from the inspection? So, just read on. Let’s drive in to see how SurfShark VPN moved in the line of such practice. It has proved to be an effective way for various VPN service providers to test their security features and provide exceptional service to the users of what they had just promised.ĭifferent VPN providers, like ExpressVPN, NordVPN, PureVPN, and VyprVPN, were able to defend their statements with reliable facts and verification proofs by top auditing companies around the globe. There are several adverse incidents which take place in the past which advertise the VPN service in a wrong manner.īut, over the past few years, a new practice of independent auditing has emerged. It is sometimes hard to back up the zero-logs privacy claims because there is a pressure from not only government agencies but also surveillance centers for tighter netizens’ control. For some time, VPNs had to deliver their services on a promise-like basis.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |