Skip to main content

Surfshark VPN switches to superfast WireGuard protocol

Surfshark Wireguard protocol
(Image credit: Surfshark)

One of the best VPN providers on the planet, Surfshark, has become the latest in a long line of virtual private network providers to adopt the swift and concisely-written WireGuard protocol. 

Available on all major platforms (Windows, Mac, iOS, Android, and Linux), the introduction of WireGuard promises to boost connections speeds, make auditing easier and increase privacy and security for the user. 

While innovations can sometimes take time to be accepted into the information-security community, WireGuard has been has been gaining traction for some time now. Thanks to its early adoption by some of the top VPN providers, such as NordVPN and Mullvad, it's becoming a respected and trusted protocol.

Why WireGuard?

The established industry-standard protocol OpenVPN is well trusted and used by almost every VPN provider on the market. 

However, weighing in with roughly 400,000 lines of code, OpenVPN is bloated and can be troublesome to work on. And vulnerabilities are more difficult to spot and rectify.

WireGuard, however, comes in at just 4,000 lines of code. That makes it easy to manage. Having been written from the ground up within the past three years, it's thoroughly modern and holds no legacy loopholes or lazy workarounds.

In turn, that makes WireGuard easy to work with and, for the end user, means faster apps and connections. However, it's not without its flaws, and many VPN providers are only now considering it fit for purpose.

Plugging WireGuard's holes

WireGuard's main vulnerability is the fact that although it practices perfect forward secrecy and minimizes packet loss in its handshakes, it assigns the user the same static IP address every time it connects. 

While overall the protocol outdoes the rival OpenVPN and IKEv2/IPsec protocols in other respects, this privacy issue is a key stumbling block for WireGuard's adoption.

However, Surfshark has addressed this itself by implementing a double network address translation (NAT) system. This ensures users are assigned a different IP address on each connection, effectively eliminating this vulnerability and, in Surfshark's words, giving "no incentive to save any identifiable data on a server."

Avoiding user activity logs is an essential part of any VPN worth its salt, and combined with Surfshark's all-RAM server network (meaning no information can be stored permanently on these servers), this is an effective way of providing VPN users with the privacy and untraceability they likely desire.

What this means for Surfshark

In practice, Surfshark's WireGuard adoption means the cheap VPN should deliver exceptional speeds and quick connection times plus further security for its users.

It's also been adopted just in the nick of time, as most of the top-rated services are either taking WireGuard into the fold (Mozilla VPN uses it as its sole protocol), or developing their own protocols, like ExpressVPN's LightWay and Hotspot Shield's Catapult Hydra.

  • nonnymmus
    You really should put a note or reword the article as the way you describe it, Surfshark offers WireGuard on Linux. Based on your wording I purchased Surfshark, and now have a VPN that can't use WireGuard on Linux.
    Reply