Surfshark Passes First Independent No-Logs Audit

Auditing firm Deloitte confirmed that the configuration of Surfshark's IT systems were in line with the VPN's no-logs policy.

Attila Tomaschek
Attila is a Staff Writer for CNET, covering software, apps and services with a focus on virtual private networks. He is an advocate for digital privacy and has been quoted in online publications like Computer Weekly, The Guardian, BBC News, HuffPost, Wired and TechRepublic. When not tapping away on his laptop, Attila enjoys spending time with his family, reading and collecting guitars.
Expertise Attila has nearly a decade's worth of experience with VPNs and has been covering them for CNET since 2021. As CNET's VPN expert, Attila rigorously tests VPNs and offers readers advice on how they can use the technology to protect their privacy online and
Attila Tomaschek
2 min read
Surfshark logo on a phone

While a no-logs audit isn't a guarantee, passing the audit is still a good sign.

Sarah Tew/CNET

Another virtual private network provider just took an important step towards boosting its transparency with customers. Surfshark -- CNET's Editors' Choice for Best Value VPN and one of our top VPN picks -- passed an independent no-logs audit conducted by auditing firm Deloitte, the VPN company said in a blog post on Wednesday.

"The positive result from Deloitte's no-logs assurance report provides factual evidence to our users and future customers that Surfshark operates on the highest privacy and quality standards," Surfshark's VPN product owner Justas Pukys wrote. "We will continue to perform various audits and tests to get independent verification of our security and privacy measures."

The audit examined the configuration and management of Surfshark's IT systems and supporting IT operations and was conducted between Nov. 21 and Dec. 2, 2022, according to a summary of Deloitte's audit report (PDF). As part of the audit, Deloitte inspected the design and configuration of Surfshark's standard VPN servers, static IP VPN servers, multihop servers and multiport servers.

"Based on the procedures performed and the evidence obtained, in our opinion, the configuration of IT systems and management of the supporting IT operations is properly prepared, in all material respects in accordance with [Surfshark's no-logs policy]," Deloitte said.

Deloitte's validation is important, because an independent audit is one of the only ways to confirm that a VPN provider's no-logs claims are legitimate. Even though an independent audit from a firm like Deloitte can only confirm its findings for the scope and duration of its audit, it can offer customers a certain measure of confidence that the VPN they're using is genuine in what it promises.  

"[The] No-logs Policy is one of the most important features of our Services," Surfshark says in its Terms of Service. "It means your activities are not in any way logged, retained, or transferred to third parties when you connect to our Services. We do not collect any information about what you do online (your visited IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic or any other similar data)." 

Surfshark's announcement comes two weeks after its sister company NordVPN announced its own independent no-logs audit, also completed by Deloitte. Surfshark had its browser extensions independently audited in 2018 and its server infrastructure in 2021, but Deloitte's audit is Surfshark's first independent no-logs audit. 

For more on VPNs, check out Surfshark's new Dynamic MultiHop feature and how to boost your VPN speeds.