The IT Nerd

Cybersecurity company Surfshark just released its second no-logs assurance report. The independent verification by Deloitte confirms that Surfshark operates according to the highest privacy and quality standards, and reaffirms that users’ online activities are not logged or tracked.

The recent assurance conducted by Deloitte involved a thorough examination of Surfshark’s systems and internal processes. As part of the evaluation, Deloitte conducted interviews with relevant personnel and reviewed supporting evidence to confirm adherence to Surfshark’s no-logs policy. The assessment included a review of various server types, such as standard, static, and multiport VPN servers. 

Deloitte also evaluated Surfshark’s server configuration and deployment processes, inspected privacy-related settings and procedures, and verified that these align with the stated privacy policy. Furthermore, the assessment confirmed that Surfshark’s no-logs policy is consistently and effectively enforced across all applicable servers and infrastructure components. The detailed report (ISAE 3000) is available to all Surfshark users in their Surfshark account.

Surfshark continues to drive security innovation across the security and privacy sector. Recently, Surfshark introduced public no-logs DNS servers. Surfshark DNS was created for privacy-conscious individuals and organizations, helping them to take the first step towards privacy and security by using this tool. The company has also announced an industry-first, patented technology called Surfshark Everlink. This is a supporting, self-healing infrastructure that ensures continuous VPN connectivity by seamlessly recovering dropped connections.

Surfshark unveils Surfshark Everlink, an industry-first patented (patents: US11190491B1, US20240080302A1) technology designed to deliver greater VPN connection stability. Surfshark Everlink is a supporting, self-healing infrastructure that ensures continuous VPN connectivity by seamlessly recovering dropped VPN connections. This technology allows users to enjoy a stable VPN connection and minimizes the risk of IP address exposure.

How does Surfshark Everlink work?

Surfshark Everlink is an additional layer of security which helps to recover lost connections. When connected to the VPN, Surfshark user connects not only to the VPN infrastructure, but also to Everlink infrastructure. In case there is a drop of connection, Surfshark Everlink instantly acts as a “self-healing” mechanism and revives user’s connection by reconfiguring the VPN tunnel without having to disconnect and reconnect from the VPN service, protecting the user from potential data exposure.

Surfshark Everlink also ensures that the VPN service for the user remains stable in case of server maintenance repairs.

More than just convenience: protecting users’ privacy

Budvytis emphasizes that Surfshark Everlink isn’t only essential for seamless connectivity, but is also an important new technology for privacy and security.

The Surfshark Everlink technology is enabled by default on WireGuard protocol on all platforms, including iOS, macOS, Windows, Android, and Linux.

Surfshark Everlink was built on a patented technology (patent: US11190491B1, Method and apparatus for maintaining a resilient VPN connection; patent: US20240080302A1, Clustering of Virtual Private Network Servers). Currently holding multiple patents for industry innovation, the company seeks to improve not only on its VPN offering, but also help build a better internet for everyone. Recently, Surfshark launched a free DNS service, offering a more private alternative to default DNS providers. 

It’s time for Google Gemini to step aside. Meta recently introduced its chatbot app, Meta AI, which is the new data king. According to a study by cybersecurity company Surfshark, Meta AI collects user data like no one before. It stands out among all analyzed chatbots by collecting 32 out of 35 data types, which is more than twice the average. 

Meta AI collects the most user data among the analyzed apps, gathering 32 out of 35 possible data types — over 90% of the total. It is also stands out from all the others because it is the only one chatbot app that collects data across categories such as financial information, health and fitness, and even sensitive information, which includes racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data.

Additionally, only Meta AI and Copilot collect data linked to user identity for purposes such as displaying third-party ads in the app or sharing data with third parties that display third-party ads. While Copilot lists two data types, such as Device ID and Advertising Data, used for this purpose, Meta AI may use up to 24 different data types. 

“Meta is an ecosystem that collects user data across platforms like Facebook, Instagram, and Audience Network for displaying third-party ads, and now it’s doing the same through Meta AI. This chatbot learns from public posts, photos, and texts, as well as new data shared by users, which is an example of gross misconduct and mishandling of user data. Generative AI should not be trained on user data, and this highlights why regulations for AI are an urgent necessity,” says Karolis Kaciulis, Leading System Engineer at Surfshark.

Chatbots collect and learn from diverse data, which can have flaws

The average number of collected types of data is 13 out of a possible 35 for the analyzed AI chatbot apps. 45% of the apps collect users’ locations. Additionally, nearly 30% of these apps track user data. Tracking refers to linking user or device data collected from the app with third-party data for targeted advertising or advertising measurement purposes or sharing it with a data broker. 

AI chatbots learn from diverse sources of information, with Meta AI having the additional factor of learning from Facebook and Instagram posts and images. As they gather massive amounts of data, including public posts and user-provided content, the results we receive can vary and often be incorrect due to inaccuracies in their training data. The latest example of how X’s Grok responded to unrelated prompts and discussed white nationalist themes with X users highlights the challenge we have with current generative AI standards.

“People should keep in mind that even though these chatbots may provide you with a quick answer, the results they get are mediocre. Why is that? AI chatbots are being fed with all kinds of information and the majority of it can be inaccurate. Every person is responsible for the results they provide at their job, but generative AI is not; it is unaccountable and is not legally subject to the same scrutiny as a human,” K. Kaciulis comments.

Be careful when sharing information with chatbots

Google Gemini collects 22 unique data types. This includes precise location data, which only Gemini, Meta AI, Copilot, and Perplexity collect. Gemini also collects a significant amount of data across various other categories, such as contact info (name, email address, phone number, etc.), user content, contacts (such as a list of contacts in the user’s phone), search history, browsing history, and several other types of data.

ChatGPT collects 10 types of data, such as contact information, user content, identifiers, usage data, and diagnostics, while avoiding tracking data or using third-party advertising within the app. While ChatGPT collects chat history, it is possible to use temporary chats, which auto-delete all data after 30 days, or to request the removal of personal data from training sets.

Copilot, Poe, and Jasper are the three apps that collect data used to track you. This data could be sold to data brokers or used to display targeted advertisements in your app. While Copilot and Poe only collect device IDs, Jasper collects device IDs, product interaction data, advertising data, and other usage data, which refers to “any other data about user activity in the app”. 

According to K. Kaciulis, when using chatbots, users pay not only in money for subscriptions but also in personal data. “As a human being, especially in Europe, where GDPR protects user rights, personal data belongs to you, not to corporations or AI systems. Sharing it with generative AI can lead to it being stored, analyzed, and used without your full control, risking targeted manipulation, identity theft, or misuse. Also, people should be aware that things AI learns from your personal data can not be unlearned. It’s important to protect your privacy and online integrity in an age where personal data is increasingly treated as a commodity.” 

METHODOLOGY

We identified the 10 most popular AI chatbots, with Meta AI added as an additional app on May 20, 2025, and analyzed their privacy details on the Apple App Store. The comparison was based on how many types of data each app collects, whether it collects any data linked to you, and whether the app includes third-party advertisers. We also checked the privacy policies of DeepSeek and ChatGPT to better understand what kind of data is kept on servers and for how long.

Note on data used to track the user: “Tracking refers to the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes. Tracking also refers to sharing user or device data with data brokers.” 

Surfshark announced today that it has expanded its Dedicated IP service to seven new locations, now offering unique, static IP (Internet Protocol) addresses in 20 locations worldwide. This expansion provides users with reliable access to IP-sensitive services. It also minimizes frustrating human verification requests by ensuring a consistent IP address each time they connect through a designated VPN server.

Benefits of Dedicated IP

The Dedicated IP feature is available on Android, Windows, iOS, and macOS and supports all major protocols, including WireGuard®, for maximum speed. This allows users to benefit from a static IP address without sacrificing connection performance.

One key advantage is a noticeable reduction in human verification requests — common with standard VPNs, where multiple users share the same IP address, often triggering verification prompts. Dedicated IP minimizes this issue by assigning a unique address, making traffic appear more consistent to websites. It also enhances network performance, as only one user generates traffic through the IP, leading to faster and more stable connections. Additionally, Dedicated IP simplifies access to remote networks, eliminating the unpredictability of changing addresses associated with shared VPN servers.

7 new locations

Surfshark already offered 13 Dedicated IP locations: the US (San Jose, Los Angeles, Dallas), Canada (Toronto), the UK (London), the Netherlands (Amsterdam), Germany (Frankfurt), France (Paris), Italy (Milan), Japan (Tokyo), Hong Kong (Hong Kong), Australia (Sydney), and South Africa (Johannesburg). Now, the company has expanded Dedicated IP to seven new locations: the US (Denver, New York, Las Vegas), Brazil (São Paulo), Poland (Warsaw), Singapore (Singapore), and Turkey (Istanbul).

Surfshark, has announced that it is launching a public DNS (Domain Name System). Unlike the default DNS servers provided by ISPs (Internet Service Providers), which often track and record user activity, Surfshark’s new public DNS server ensures privacy by not logging browsing history, data transfers, or any other internet behavior. Surfshark DNS was created for privacy-conscious individuals and organizations, helping them to take the first step towards privacy and security by using this tool.

Many people rely on the default DNS provided by their ISP or other big companies, often overlooking the potential to enhance their browsing experience. A public DNS service hosted by a trustworthy entity would have a positive impact on privacy online and may even improve overall network performance. However, it’s important to note that UDP and TCP DNS queries are still sent over the internet in plaintext, making them susceptible to interception. To counter this, Surfshark’s DNS server supports secure DNS protocols such as DoT, DoH, and DoQ to keep browsing activity private.

What is a DNS server

DNS server works as a translator of domain names like bbc.com or thenewyorktimes.com, into IP (Internet Protocol) addresses that computers can understand. K. Kaciulis explained that it acts as the phonebook of the internet, ensuring users can access websites using easy-to-remember names instead of numerical IP addresses.

How does a DNS work

When a request is made to access any website on the browser, the DNS resolution process is initiated. During this step, the domain name entered into a browser is converted to the corresponding IP address required to locate the desired web resource. The initial DNS query is sent to a resolver, which first contacts a root server to get information about the correct top-level domain (TLD), such as .com or .org. This TLD data then helps direct the request to the server responsible for the specific domain.

Finally, it reaches the authoritative name server, which holds the exact IP address for the website. This address is then sent back so the site can be loaded.

Benefits of using Surfshark public DNS

ISPs may collect and log users’ DNS queries for user identification. They can also monitor DNS traffic, both passively and actively, and are capable of blocking specific hostnames when necessary. Additionally, user data can be used for targeted advertising or sold to third parties. Surfshark DNS server is different, it operates under a strict no-logs policy, which means no collection, storage, or sharing of browsing activity. 

Using a Surfshark DNS may lead to a positive improvement in overall network performance. Unlike default ISP DNS servers, which can become overloaded. Since the Surfshark public DNS infrastructure is spread out, it has a better understanding of geolocation, which can provide users with closer servers. As a result, it may reduce delays, connection drops, and improve overall browsing reliability.

I will be testing this and providing my feedback on how this works as I never use ISP provided DNS servers for speed, security and privacy reasons. Stay tuned for that.

Leading cybersecurity company Surfshark is celebrating its 7th anniversary. For that occasion, it offers users a limited-time birthday deal.

As part of its birthday celebration, Surfshark is offering special pricing across its suite of privacy plans (until April 30th, 2025, at 08:59 AM EDT):

• Surfshark Starter: $1.99/month
  
• Surfshark One: $2.49/month
  
• Surfshark One+: $3.99/month
  

Each plan includes a range of privacy and security tools:

• Surfshark Starter includes the company’s award-winning VPN, the ad-blocking feature CleanWeb, and Alternative ID, a tool for masking personal email and information.
  
• Surfshark One builds on that by adding Antivirus, Alert (a data breach detection service), and Search, a private search engine.
  
• Surfshark One+ includes all of the above, plus Incogni — Surfshark’s data removal service that helps users erase personal data from data broker databases.
  

Surfshark milestones: 7 years of enhancing online security

Since its founding in 2018, Surfshark has grown rapidly and earned international recognition for its innovative privacy tools. Some key highlights from the past seven years include:

•  2018: Surfshark is founded, offering its first product, a virtual private network (VPN).
  
•  2020: Within two years, Surfshark becomes one of the top 3 most popular VPN services globally.
  
•  2021: Surfshark created Incogni, a data removal service that helps individuals automatically request the removal of their personal information from data broker websites. In the same year, Surfshark merged with Nord Security.
  
•  2022: After raising the number of servers over the years, Surfshark reached the milestone of 3,200+ servers in 100 countries.
  
•  2023: Surfshark and Nord Security secure a $100M investment from global investor Warburg Pincus, doubling their combined valuation from $1.6B to $3B.
  
• 2024: Surfshark is recognized by the Financial Times as one of Europe’s 50 fastest-growing companies, ranking 47th overall and 8th in the IT & Software category in the FT1000 list.

In 2022, 156 out of 1M internet users in Canada were hit by cybercrime, which places Canada third in the world by cybercrime density a Surfshark’s study shows.

Here are the key takeaways:

• Despite a 10.7% decrease in cybercrime density compared to 2021, Canada retains its position as the third country in the world by cybercrime density.
• The UK topped the list for cybercrime density with a staggering 4,371 cybercrime victims per 1 million internet users. Canada was not far behind in third place, trailing behind the US with 1,612 cybercrime victims per 1 million internet users.
• A total of 6k Canadian internet users fell victim to cybercrime in 2022.
• Phishing was the most common cybercrime in 2022, with 300k reported victims.
• Investment fraud was the most financially devastating cybercrime in 2022, with a total of 3.3 billion USD in losses globally.

For more information on Surfshark’s findings, please see the study here.

With the COVID-19 wreaking havoc worldwide, the last thing people think about is their digital privacy. Unfortunately, in some countries, measures taken to tame the outbreak infringe people’s digital privacy. The analysis conducted by the privacy protection company Surfshark covers 12 applications in 12 different countries across the globe and aims to report what these apps are doing, what information they collect, and what consequences they could bring to the society.

Main findings:

• At least 7 out of 10 apps* track GPS location
• At least 6 out of 10 apps are unclear about what they track, don’t provide Terms and Conditions upfront, or use intrusive methods such as surveillance camera footage to track their users
• At least 2 out of 10 apps clearly state that they share this information with third parties
• At least 4 out of 10 apps were developed by or with the help of non-government bodies, such as private companies

*10 apps that are already released, as the UK and Belgium ones are not yet available

“Many crisis-management measures might become a fixture of life. Therefore, we must consider how our life after COVID-19 will be impacted permanently. Governments worldwide are introducing invasive, privacy-ignoring measures that people adapt to because they are afraid,” says Naomi Hodges, cybersecurity advisor at Surfshark. 

“Such Orwellian security measures, driven by the seemingly noble goal of public health safety, can be critiqued for a lot of reasons. The first of which is the fact that the majority of people lack cybersecurity education to evaluate the potential consequences of sharing their data,” explains Naomi Hodges.

Collecting an incredible amount of user data is increasingly recognized as a bad thing. It can fuel discrimination, especially since innocent-looking data may reveal sensitive information such as political views or sexuality.

For instance, the app developed in Colombia asks people if they have participated in any mass events in the previous eight days. Due to the recent protests all over the country, it is controversial and may have life-threatening consequences.

In countries that hold laws against such invasion of privacy – Belgium and its app-in-development being one of the examples – changes may be made to accommodate for intrusive apps. 

On top of that, some app developers may have other interests – especially in cases such as Alibaba group helping develop the Chinese app, or Google being involved in the development of the CoronaMadrid app. Ultimately, people would have to trust every company involved not to exploit the crisis. 

“There is no argument against the fact that the COVID-19 pandemic is threatening to change our lives as we know them. It has already impacted millions of people who got sick, lost their jobs, and will impact so many more. Mass surveillance is quickly spreading along with the advancing technology – and this pandemic crisis is allowing them to both set a precedent and normalize it,” says Naomi Hodges.

The full analysis can be found here: https://surfshark.com/blog/privacy-invasive-covid-19-apps