I’ve got a response from Surfshark about why they’ve installed root certificates. Opinions?
The root certificate is for the IKEv2 protocol. You can delete it from your certificate store if you don’t use IKEv2.
Is there a security risk? Yes. If Surfshark goes rogue, they can use their root certificate to impersonate any website. If their key got stolen, whoever has the key can do the same. Since Surfshark is a VPN provider, not a root CA, you can assume that their policies for guarding their root certificate is less strict that that of root CAs.
Concerned. What is the implication of Surfshark having the root certificate installed?
I really wish this was more transparent. I don’t get trust by having to figure these things out by casually having to browse reddit on a Friday afternoon instead of up front from Surfshark before doing it.
Good, a few vpn work atm on removing the certificates.
That’s a good response in my opinion.
The certificate is a concern, but is it actually required for IKEv2 protocol? I know someone that prefers to use it for their router. Unsure if removing it entirely would be a good idea. I can understand removing the ability on Windows due to the vulnerability though.
And that is what they did with my traffic routing it through Cisco Umbrella and it only failed the impersonation because I did not trust the Umbrella root. I still have not received an answer on how that happened.
Ah, I see. Well, I still use this VPN along with Adguard and use surf shark when I’m in public WiFi or want to watch international things. Uncensored content so to speak. Thanks for the insight.
I honestly don’t understand much of the root certificate installed on their efforts, but I do agree with you with transparency. I believe Adguard asks your permission for a root certificate installation on your device, but never from surf shark. This was their response to the matter, I’m not sure if this is a good thing or not?
So surf shark is not the first to do this? At least they’re fixing the old methods
Not sure, but you could use it with ipad and iPhone
Edit:I believe it’s uses wireguard for ios
It doesn’t, I just double-checked
but never from surf shark.
Actually they do since 3.4.4 i think during install not a popup its a checkbox i think.
So surf shark is not the first to do this?
maybe ? not sure who started first with trying to get rid of certs… but multiple VPN try atm.