How a TechRadar investigation pushed Surfshark to overhaul its data collection

News
By published

Surfshark has officially stopped logging users' malware data.

surfshark vpn
  • Surfshark has stopped collecting your malware-related data
  • Any malware statistics collected will be fully anonymized
  • The change follows a TechRadar's investigation

Surfshark has just become even more private. As of today, the company has ceased collecting malware-related data from users of its antivirus software.

This shift in data retention is a response to a TechRadar investigation that questioned the necessity of a detailed antivirus "paper trail" linked to users.

A Surfshark spokesperson confirmed to TechRadar that any malware statistics collected will now be fully anonymized. This marks a significant privacy victory for users of one of the best VPNs on the market.

Article continues below

How TechRadar pushed Surfshark to rethink its antivirus approach

We recently conducted a "Right of Access" test, asking 10 of the most well-known VPNs for the data they held on us.

While most providers failed to meet our expectation, Surfshark excelled, delivering a comprehensive PDF report in just a few hours.

However, the increased transparency revealed a surprising irony. The report was extremely granular, detailing payment histories, account IDs, and a specific log of malware blocked by Surfshark’s antivirus tool.

Surfshark Antvirus interface

(Image credit: Surfshark)

The antivirus logs were particularly striking. The data included specific malware names detected on a user's machine, the device ID, and the user's country-level location at the time of detection.

While this retention complied with Surfshark's existing privacy policy, we questioned whether a centralized database was truly compatible with a privacy-first model.

When we presented these concerns to Surfshark, the team initially defended the practice as a useful feature for families monitoring multiple devices.

However, within 48 hours, the company reversed its stance. Surfshark has now committed to stripping all personal identifiers from antivirus logs.

Why it matters

Data minimization is a cornerstone of modern privacy regulation and should be the north star for companies built on digital anonymity.

As large-scale data breaches become increasingly common, the best defense is simply not to hold identifiable data in the first place.

By removing these logs, Surfshark has raised the bar for the industry, proving that privacy practices should be evolving strategies. We are pleased that our investigative work could facilitate a tangible improvement for user security.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

TOPICS
CATEGORIES
Chiara Castro
Chiara Castro
News Editor (Tech Software)

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She believes an open, uncensored, and private internet is a basic human need and wants to use her knowledge of VPNs to help readers take back control. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, tech policies, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.