Surfshark has launched the Surfshark Dausos VPN protocol, a proprietary connection standard designed to increase connection speeds by up to 30% compared to current industry standards. The latest protocol focuses on three primary pillars: increased throughput, hybrid post-quantum encryption and the implementation of dedicated, private server-side tunnels for every individual user session.
For the average user, these technical shifts are intended to translate into a more stable experience during data-heavy activities such as 4K streaming and competitive gaming. By reducing the overhead typically associated with encrypted tunnels, the company aims to bridge the gap between the high security of a VPN and the raw speed of an unprotected connection.
The move marks a significant strategic shift for the provider as it moves away from reliance on legacy standards. For years, OpenVPN served as the gold standard for security and stability, though We see often criticized for being slow and resource-intensive. Although WireGuard later streamlined the process, Surfshark is now positioning Dausos as a next-generation alternative that attempts to optimize both performance and privacy without the trade-offs inherent in older protocols.
The architecture of dedicated server-side tunnels
One of the most distinct technical departures in the Dausos protocol is how it handles data traffic on the server side. In traditional VPN configurations, multiple users typically share a single network interface on the server. While this is efficient for the provider, it creates a shared environment where data packets from various users are processed through the same logic.
Dausos changes this by creating a unique network interface for every single session. Essentially, when a user connects, the server spins up a dedicated tunnel specifically for that connection. This isolation ensures that no network space logic or resources are shared between users during their session.
“While the risk of cross-traffic exposure in modern VPNs is very low, our unique protocol design goes the extra mile to ensure a clean, private, and secure path for each user’s data,” said Karolis Kaciulis, Surfshark’s lead systems engineer.
From a software engineering perspective, this is akin to moving from a crowded public highway to a private express lane. By eliminating the demand for redundant checking of data packets across a shared interface, the protocol reduces latency and removes the theoretical possibility of data packets interfering with one another.
Advancing privacy with post-compromise security
Beyond speed, the protocol introduces a more aggressive approach to encryption keys. Most modern VPNs utilize Perfect Forward Secrecy (PFS), which generates ephemeral encryption keys that rotate every few minutes. This ensures that if one key is compromised, only a minor window of data is exposed.
But, in many PFS implementations, new keys are derived from previous ones. This creates a theoretical vulnerability where an attacker who captures a key could potentially derive future keys. The Surfshark Dausos VPN protocol implements what the company calls post-compromise security, where new encryption keys are entirely unique and unrelated to any prior keys. This break in the chain makes it virtually impossible for an attacker to utilize a past compromise to decrypt future traffic.
To future-proof this security, Surfshark has also integrated post-quantum encryption. This hybrid approach combines current encryption standards with algorithms designed to resist the processing power of future quantum computers, which are expected to be capable of cracking traditional asymmetric encryption.
Comparison of VPN Protocol Characteristics
| Protocol | Primary Strength | Performance | Security Architecture |
|---|---|---|---|
| OpenVPN | Universal Compatibility | Moderate/Slow | Shared Interface |
| WireGuard | Efficiency/Lean Code | Fast | Shared Interface |
| Dausos | Session Isolation | Very Fast | Dedicated Server-Side Tunnels |
Independent verification and audit results
To validate these security claims, Surfshark commissioned Cure53, a respected German security firm, to perform an independent source code audit. The audit focused specifically on the cryptography and connected architecture of the Dausos protocol.
The findings revealed eight issues, all of which were rated as medium severity or lower. According to the audit summary, Surfshark remediated the majority of these findings immediately following the testing phase. Cure53 concluded that there were no findings rated as “Critical” or “High” severity within the actual protocol, describing the platform as stable, and resilient.
This level of transparency is increasingly necessary in a market where “proprietary” often means “closed-box.” By submitting the code to a third party, the company provides a layer of accountability for the claims regarding its hybrid encryption and session isolation.
Deployment and availability
Currently, the Dausos protocol is not available across all devices. It has been rolled out exclusively for the Surfshark MacOS app. Users on Windows, Android, and iOS will have to continue using existing protocols like WireGuard until the update reaches their respective platforms.
Company representatives have stated that the team is actively working to expand Dausos to other operating systems, though a specific release calendar has not yet been provided. The phased rollout is common for proprietary protocols, allowing the company to monitor server loads and stability on a smaller user base before a global launch.
The next expected milestone will be the expansion of the protocol to Windows and mobile platforms, which will allow for a broader set of real-world performance benchmarks against other industry leaders.
Do you prioritize raw speed or quantum-resistant security in your VPN? Share your thoughts in the comments below.
