Surfshark Browser Extension is leaking IP information on initial launch

Steps to replicate:

1. Chrome/Brave browser with Surfshark Extension
2. Set extension to Auto-Connect fastest, and connect VPN
3. Visit What Is My IP Address - Surfshark
4. Notice protected connection details
5. Close browser completely and wait a little bit for VPN connection to expire
6. Open browser again
7. The extension will auto-connect, however, the saved “tab” will have made a request to the site (What Is My IP Address - Surfshark) before the extension is able to connect
8. Notice that the site indicates “not protected” status

This is problematic as any site you visit and have a saved tab on will be able to gather both your physical connection and VPNed connection details when you first open your browser.

I’ve contacted Surfshark support about this and got this response:

After further investigation, we’d like to inform you that is expected behaviour, therefore, autoconnect does not ensure your IP will not be leaked. Before connecting to location, it contacts surfshark api to get best VPN server for your connection. Also, as for the time it takes, depends on your current network and speeds.

Hey there. Thank you for your feedback on the extension and for sharing your findings. Perhaps you could forward this information to us so we could try and replicate the issue and help find a solution for you? You can reach us at [email protected].

I’ve forwarded the information as well as the previous interaction to [email protected]

Thank you! We’ll take a look at it as soon as we can. Appreciate your effort in helping find a solution.