WireGuard protocol goes live for all Surfshark users

(Image credit: Surfshark)

Surfshark has announced that it has rolled out support for the WireGuard protocol to its Windows and macOS desktop VPN clients as well as to its mobile apps for Android and iOS.

WireGuard is a relatively new, open source VPN protocol created by Edge Security's Jason A. Donenfeld which uses state-of-the-art cryptography to provide users with the highest level of privacy, security and speed.

One of the main differences that sets WireGuard apart from existing VPN protocols is the fact that its code base has under 4,000 lines of code compared to OpenVPN's 400,000 lines of code. This makes it much easier for security researchers to audit for vulnerabilities and other bugs which in turn helps protect VPN users online.

WireGuard also encrypts user data using modern protocols and primitives including ChaCha20 for symmetric encryption, Curve25519 for ECDH, Blake2s for hashing and keyed hashing, SipHash24 for hashtable keys and HKDF for key derivation. The protocol also provides rotating keys for perfect forward secrecy as connection handshakes take place every few minutes. 

Double NAT system

Although WireGuard has turned the VPN industry on its head with its excellent speed and performance, the new protocol is often criticized for its ability to secure users' privacy. For this reason, Surfshark has implemented a double network address translation (NAT) system to further protect the privacy of its users.

While OpenVPN and IKEv2 assign IP addresses dynamically, WireGuard gives users the same static IP address every time they connect. Surfshark's double NAT system rectifies this by assigning users a dynamic IP address every time they connect to one of its VPN servers using WireGuard. Since users are provided with a different IP address each time they connect, there is no incentive to save any identifiable data on a server.

With its double NAT method in place, Surfshark is able to offer its users the ability to use a fast, modern and secure VPN protocol without putting their privacy at risk. The company's WireGuard implementation also complements its RAM-only server network which was finalized earlier this year.

In order to start using WireGuard with Surfshark's apps and clients, users should go to the settings menu and choose the new protocol when connecting to a VPN server.

  • Also check out our complete list of the best VPN services
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.