Surfshark registers patent to combat metadata sharing and protect privacy

Smartphone with 3D purple and blue message bubbles on pink background
(Image credit: OsakaWayne Studios / Getty Images)

VPN provider Surfshark has registered a new patent which aims to improve end-to-end encrypted messaging. It focuses on a system for distributed trust-based communication, and allows for more private communication by reducing the amount of metadata shared with service providers.

Sitting at number two on our best VPN list, Surfshark's commitment to privacy is no secret and it wants to decentralize the ownership of messages – keeping private messages private.

The patent was invented by Karolis Kaciulis, Leading System Engineer at Surfshark, who said "there is an evolving need for better security standards for our messaging."

He noted the growth in network-based communications and the risks associated with private messaging and encryption that can be improved. "Our patent suggests solutions to improve the security of existing messaging methods," he continued.

Screenshot of patent encryption information

Image: Stage-by-stage visualization of Surfshark and Kaciulis' patented de-encryption process (Image credit: Future / Netflow UAB / Karolis Kaciulis)

"The proposed method in our patent would include decentralizing the ownership of the message. In simple terms, this model would employ two separate companies, for example, two different VPNs during the encryption process," Kaciulis explained.

"This would mean that during the whole transmission process, there wouldn't be a single provider that had access to the information in its entirety."

"The patented method would ensure that the information is split. Thus, the metadata seen by the provider companies (as well as the governments where they reside) is reduced," the patent inventor added.

Surfshark Android app

(Image credit: Surfshark)

The need for this patent can be traced back to the initial adoption of end-to-end encryption, something widely seen in best encrypted messaging apps.

Kaciulis described how in the early days of social media, "all of our messages were simply stored on Facebook or other messaging services the person would be using."

Messages and their content could be seen by the provider, and Kaciulis said end-to-end encryption was invented "in order to address this enormous privacy malpractice."

Although it led to significant privacy improvements, end-to-end encryption hasn't entirely solved the problem. "Today, Facebook or other services with end-to-end encryption can't see the messages the user is sending, but a lot of metadata is still visible to the provider," Kaciulis said.

"For example, companies can see who sent a message to whom, when the message was sent, the size of the message, and many other things" – and it's the visibility of this metadata that Surfshark is looking to minimize.

Surfshark, which is also the fastest VPN we've tested, currently has 22 registered patents, with plans to register more this year.

"Innovation and continuous improvement are important to us in order to keep providing the best service to our clients," said Kaciulis. "As the current technology landscape is changing faster than ever, our team is committed to keeping the same pace with the solutions we create."

Disclaimer

We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

George Phillips
Staff Writer

George is a Staff Writer at Tom's Guide, covering VPN, privacy, and cybersecurity news. He is especially interested in digital rights and censorship, and its interplay with politics. Outside of work, George is passionate about music, Star Wars, and Karate.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.