How a TechRadar investigation pushed Surfshark to overhaul its data collection

Surfshark has just become even more private. As of today, the company has ceased collecting malware-related data from users of its antivirus software.

This shift in data retention is a response to a TechRadar investigation that questioned the necessity of a detailed antivirus "paper trail" linked to users.

A Surfshark spokesperson confirmed to TechRadar that any malware statistics collected will now be fully anonymized. This marks a significant privacy victory for users of one of the best VPNs on the market.

How TechRadar pushed Surfshark to rethink its antivirus approach

We recently conducted a "Right of Access" test, asking 10 of the most well-known VPNs for the data they held on us.

While most providers failed to meet our expectation, Surfshark excelled, delivering a comprehensive PDF report in just a few hours.

However, the increased transparency revealed a surprising irony. The report was extremely granular, detailing payment histories, account IDs, and a specific log of malware blocked by Surfshark’s antivirus tool.

The antivirus logs were particularly striking. The data included specific malware names detected on a user's machine, the device ID, and the user's country-level location at the time of detection.

While this retention complied with Surfshark's existing privacy policy, we questioned whether a centralized database was truly compatible with a privacy-first model.

When we presented these concerns to Surfshark, the team initially defended the practice as a useful feature for families monitoring multiple devices.

However, within 48 hours, the company reversed its stance. Surfshark has now committed to stripping all personal identifiers from antivirus logs.

Why it matters

Data minimization is a cornerstone of modern privacy regulation and should be the north star for companies built on digital anonymity.

As large-scale data breaches become increasingly common, the best defense is simply not to hold identifiable data in the first place.

By removing these logs, Surfshark has raised the bar for the industry, proving that privacy practices should be evolving strategies. We are pleased that our investigative work could facilitate a tangible improvement for user security.