Surfshark's Web Content Blocker

Manage content access with the web content blocker
 

• Protect family members by blocking harmful content
  
• Customize content access for age-appropriateness
  
• Prevent unauthorized changes with 2FA
  

Why should you choose a web content blocker?

Surfshark's Web Content Blocker is a fresh approach to online safety that differs from traditional parental controls. Instead of focusing on monitoring specific websites or restricting users, it offers a respectful way to block access to your selected website categories — without keeping tabs on online activities. 

Web Content Blocker focuses on safeguarding every household when browsing online. It allows you to filter various websites based on categories provided, lock them using 2FA (Two-factor Authentication), and help protect family members from potential online threats caused by curiosity or carelessness. Unlike traditional tracking applications, the web content blocker helps you protect family members from seeing malicious content and websites — without snooping on their browsing activity or monitoring the actual websites they visit. With this new feature, you can filter various websites by category and lock specific content across all family mobile devices.

 

Surfshark's New Feature is GREAT!

Secure browsing with a web content blocker

Protect yourself and your family and enhance productivity with our category-based content controls. Block unwanted content, restrict access to distracting sites, and ensure a safe online environment for everyone.
 

• Prevent gambling sites on family devices
  Ensure a safe online environment for your family by blocking access to gambling sites on all devices.
  
  
• Restrict distractions on work devices
  Enhance productivity by restricting access to distracting websites on devices used for work.
  
  
• Block adult content on children devices
  Protect your children from inappropriate content by blocking adult websites on their devices.
  

 

All-in-one protection, plus added privacy: Surfshark One+

Enjoy overall protection online and offline with our suite for next-level privacy and security, Surfshark One+.

See more HERE

Data and info derived / lifted from Surfshark with permission

• Future-proofing Surfshark's performance
  The number of internet users is increasing. With this update, Surfshark is preparing for the future and making sure that heavy internet activity by others won’t slow down the user's internet connection. Imagine downloading a big OS update while someone else streams 4K video without any buffering. This update keeps the user's video calls clear, even when a roommate uploads files.
  
  
• High-quality streaming and VR
  As streaming will continue to evolve to 4K, 8K, and even 360°, and as virtual reality will become more integrated into daily life, the new 100Gbps servers will ensure that all users have the bandwidth needed for these high-demand applications.
  
  
• Smoother gaming and virtual meetings
  High-speed internet means lag-free gaming and virtual meetings. With this update, Surfshark ensures that the increasing number of internet users won’t result in buffering, and all can get a more seamless experience, even during the busiest times.
  
  
• Greater peak-time reliability
  With a 100Gbps server, more users can connect to the same server without experiencing slowdowns. This means that even with the increasing number of internet users, Surfshark users will continue getting more stable gaming pings, fewer buffering issues, and smoother work calls.
  

Surfshark -  Shaping the future of VPNs
With 100Gbps servers, Surfshark is not just keeping up with the future. They are leading the way! This new standard — enabled by bigger pipes, faster encryption, smarter software paths, and better load distribution — delivers consistently high speeds, greater stability, and the capacity needed for the next wave of bandwidth-intensive use. At the moment, they are testing this innovation with a few servers, laying the foundation for potential future rollouts.

MORE Info HERE

 

Surfshark Apps Version Updates

 

Windows App Changelog - Surfshark 6.6.0 (2026-03-05)

What's new:
 

• This release includes various small optimizations and fixes to enhance the Surfshark app's stability and usage.
  

Windows App Changelog - Surfshark 6.5.0 (2026-02-06)

What's new:
 

• This release includes various small optimizations and fixes to enhance the Surfshark app's stability and usage.
  
• Great news for Surfshark Antivirus users! You can now click on your protection history to get insights into what actions were taken by the antivirus;
  
• We improved our Refer and Earn screen, making it easier than ever to refer friends and earn rewards;
  
• We upgraded our Clean Web ad blocker for improved performance and effectiveness;
  
• As always, we added a few app improvements for even smoother surfing.
  

macOS App Changelog - Surfshark 4.26.0 (20-02-2026)

What's new:
 

• Good news for Surfshark One / One+ users, You can now block unwanted content categories by using the newest web content blocker tool. 
  • As always, we've implemented a few bugs fixes and improvements to ensure our app is running smoothly.
    

iOS App Changelog - Surfshark 3.33.3 (13-03-2026)

What's new:
 

• We did some minor VPN performance fixes and sligh app improvements so you can surf even smoother.
  

Android App Changelog - Surfshark 3.26.1 (2026-03-06) / 3.26.0 (2026-02-20)

What's new:
 

• Authenticating via Apple or Microsoft accounts should be easier with this new fix, which addresses an issue causing application termination;
   
  • Enjoy improved VPN connection stability in cases when the network experiences drops or interruptions;
     
    • As always, we added minor bug fixes and performance optimizations to improve your experience with the Surfshark VPN app.
      

Surfshark Browser Extension / Add-ons
 

• Firefox Add-on version 4.38.1 (01-30-2026)
   
  • Edge Add-on version 4.39.0 (02-03-2026)
     
    • Surfshark VPN Extension version 4.40.0 (03-10-2026)
      

Data and info derived / lifted from Surfshark with permission

News of a large-scale privacy breach or a new data security incident seems to hit the headlines every week, leaving millions of us wondering: “Is it my turn to be a victim?“ --Ms. Ema Pennell of Surfshark shares us info on what to do after a data leak. Read on below. 

Quote:“Data breaches are a constant threat, and your data is likely already exposed. Our focus must shift from simply reacting to incidents to changing our habits more broadly, for example, using personal data in ways that minimize the risk of loss or limit harm to us.”

– Tomas Stamulis, Chief Security Officer at Surfshark

Here are the main steps to take after a data breach to secure your accounts and online presence:

• Prioritize affected accounts. Your immediate response should be changing the password for the specific service mentioned in the leak. For example, if it was a Facebook password breach, start there;
  
  
• Cut the password chain. If you use the same password for Facebook, your bank, and other important accounts, a single Facebook breach can give a hacker an in to your entire online life. Change them all;
  
  
• Make your new passwords strong and unique. A strong password should be at least 12 characters long, use a mix of letters, numbers, and symbols, and not be reused for multiple accounts;
  
  
• Use a password manager. You don’t need to try to memorize dozens of complex passwords. To make your life easier, consider a secure password manager to generate and store them safely.
  

• Set up alerts. Enable real-time notifications for every transaction on your debit and credit cards;
  
  
• Review statements. If you see a charge you didn’t make, even as small as $1.00, report it immediately — hackers often test a card with small amounts before going big;
  
  
• Report fraud fast. If you see something suspicious, call your financial institutions immediately. The faster you report the credit card fraud, the better your chances of getting the stolen money back.
  

Quote:If you don’t want to be a part of the next big headline, focus on your digital hygiene. Start by minimizing the data you share — if a service doesn’t strictly need your phone number or home address, don’t give it. Additionally, try using an alternative persona online as much as possible. And most importantly, stay curious and informed. Consider our article on more ways hackers get your information and how to protect yourself online as your next read.

AI voice scams use convincing voice clones to trick you into sending money or sharing sensitive information. Since all it takes is a short recording and free software, these scams are now easier than ever to pull off and increasingly common.

To protect yourself, it helps to understand the basics — the methods, the different types, and the warning signs. With that in mind, let’s start by looking at what AI voice scams actually involve. -- Mr. Jon Sidor of Surfshark shares us some info/tips to protect ourselves from AI voice scams.

How AI voice cloning works

• Free or cheap AI tools: low-cost or free online tools remove the need for sophisticated setups and expensive software; 
  
  
• Ease of use: most modern voice-cloning programs are simple and user-friendly, allowing anyone to create a clone in minutes — no technical know-how necessary;
  
  
• More voice content available: criminals now have a much larger pool of material to work with as people constantly share voice notes, post videos, and use voice assistants;
  
  
• Realistic results: modern AI can replicate tone and emotion almost flawlessly, making manipulation more effective; 
  
  
• Increased visibility: growing public awareness and media coverage push these scams into the spotlight, making each case more noticeable.
  

• Social media videos
  Social platforms like TikTok, Instagram, and YouTube are the most common hunting grounds for scammers looking for audio samples. Just 5-10 seconds of casual talk about your lunch or weekend plans can be enough to create a clone. Since these clips are natural and usually high quality, scammers can feed them straight into voice-cloning software. 
  
  
• Voicemail greetings
  Scammers can also grab your voice from voicemail greetings, either through leaked data or by calling your number and recording it. These clips are pretty handy for bad actors since they capture natural speech and often include a name. Plus, since most people practice and record multiple takes before settling on one, the audio usually needs little to no cleanup. 
  
  
• Interviews, podcasts, and webinars
  Public recordings like podcasts, interviews, panels, and webinars are easy for AI to clone. They provide high-quality speech, which helps the AI model to replicate your voice with little effort. These extended recordings also give the AI more material to work with than, say, a 15-second Instagram reel.
  
  
• Recorded calls from old data breaches
  Some bad actors may turn to leaked call center recordings or hacked apps to get voice samples. They buy these clips online, extract the audio, and use it to create clones. Since the recordings are from real calls, the cloned voice sounds natural in similar contexts, making the scam feel more believable.
  
  
• Direct manipulation
  If scammers can’t find your voice online, they go straight to the source and try to get you to speak. They may call while pretending to be a survey company, bank, or delivery service confirming an appointment. Often, they’ll ask questions that force you to answer in full sentences or repeat specific phrases.
  

• Emergency impersonation (“help me!”) scams
  These scams use a cloned voice of someone close to you — a child, partner, parent, or sibling — to fake an emergency. The caller typically sounds frantic, cranking up Acting 101 theatrics with uncontrollable sobbing, shaky whispers, or background noises like sirens and yelling to push you into acting fast. 
  
  The storyline is usually familiar as well: arrested, kidnapped, or in an accident. Others play it coy with the ever-vague “I can’t talk freely right now.” No matter the tale, it always ends with the scammer demanding fast payment and that you keep it quiet.
  
  
• Business and CEO impersonation scams
  In these scams, bad actors pretend to be a company executive — usually a CEO, CFO, or senior manager — to trick employees into carrying out “pressing” tasks. The caller usually sounds calm and authoritative while making routine-sounding requests like approving payments, moving funds, sharing login credentials, or sending confidential documents. 
  
  The sneakier scammers do their homework and name-drop or slip in internal information scraped from company websites, press releases, LinkedIn, or past breaches to make the request less suspicious. Since the task is framed as top-priority and coming from higher-ups, employees often comply immediately.
  
  
• Financial, crypto, and investment scams
  Scammers clone the voice of someone you’re likely to trust, such as a bank officer, financial advisor, or a public-facing figure like a crypto influencer, in these scams. They might claim there’s an urgent issue with your account, offer “exclusive” investment opportunities, or pitch time-sensitive deals. 
  
  To sell the story, they often throw in jargon, fake case numbers, or bogus statistics — painting the situation as urgent or a once-in-a-lifetime opportunity. The goal is to push you into transferring funds, moving crypto, sharing credentials, or approving account changes.
  
  
• Voice-authentication bypass attempts
  Unlike other AI voice cloning scams that target victims directly, these ones go after banks, customer support hotlines, or account recovery services — pretending to be the victim. Here, scammers use cloned voices to answer security prompts, repeat passphrases, or even chat with a human agent to bypass voice-based identity verification.   
  
  Since voice checks are rarely used on their own, scammers typically turn to voice cloning only after stealing other personal information, such as usernames and passwords. The cloned voice is the last step that helps them cruise through voice-based security checks.  
  
  
• AI phone-call scams
  These scams are entirely fake phone calls where the caller’s voice is fully AI-generated to sound human. You might expect stilted, robotic speech, but modern AI-synthesized voices can be surprisingly natural and conversational. The AI can pause, shift tone, or add filler words just like a real person.
  

• Strange pauses or unnatural rhythm: pauses or start-stops that feel abrupt, misplaced, or calculated; 
  
  
• Perfect pronunciation without emotion: the voice remains impeccably clear with little to no trembling or breathiness in supposedly emotional moments; 
  
  
• Overly formal or robotic tone: the caller avoids slang and contractions, giving the impression of trying a little too hard to sound normal;
  
  
• Mismatched background noise: crackling static, looped audio, or total silence, even as the caller claims to be moving around;
  
  
• Delayed replies:  short, consistent delays before each reply, even when the speech is otherwise fluent;
  
  
• Pressure, urgency, or secrecy: the caller demands immediate action, discourages any form of verification, and insists on secrecy;
  
  
• Refusal to switch to video: the caller dodges live video, refuses call-back verification, or balks at third-party confirmation with creative excuses like a broken camera.
  

• Create a family safe word
  A simple but effective way to verify identity is to use a shared safe word known only to close family members. If someone calls claiming to be in trouble, they must provide the secret word before you jump into action. Make sure to choose a word or phrase that’s hard to guess and not publicly available online — obvious choices like street names or pet names won’t cut it. 
  
  
• Verify through another channel
  Don’t just go off a single call or voice message, even if the voice sounds familiar. Instead, take a moment to actually cross-check and verify the caller’s identity. Take a deep breath and hang up, then text, video call, or phone the person directly to confirm the call is genuine. Even the most urgent request will survive a quick check.  
  
  
• Limit how much of your voice you post online
  Be selective about what you share on TikTok, Instagram, and similar platforms. Clear, uninterrupted speech — like long monologues or Q&As — is prime material for fraudsters. That said, even short clips, stories, and reels can be scraped, manipulated, and reused. It’s safest to assume anything public can be copied, so set your profiles to private or limit followers to those you know.
  
  
• Don’t answer unknown calls with long greetings
  Don’t open your call with scripted introductions like “Hello, this is [your name] from XYZ company speaking.” Better yet, let unknown callers make the first move and speak before you. Otherwise, malicious actors could record these openings and reuse them to train or fine-tune voice clones.
  
  
• Strengthen your account security
  You might not be able to completely prevent fraudsters from copying your voice, but you can reduce the potential damage a cloned or misused voice can cause by shoring up your account security. 
  

• Enable MFA (Multi-factor Authentication) — especially for vital accounts like email, banking, and cloud services — to add another layer of verification; 
  
  
• Avoid voice-based authentication whenever possible or add an extra verification step to confirm identity;
  
  
• Use strong, unique passwords by combining upper and lowercase letters, numbers, and special characters, and use a 
  password manager to store them securely.
  

• Surfshark Alert: notifies you if your personal info appears in data breaches or leaks, helping you stay on guard against voice scams that might exploit your data to sound believable; 
  
• Surfshark Antivirus: helps block malware, phishing links, and spyware that scammers might use alongside AI voice scams to steal your accounts or personal info; 
  
• Surfshark VPN (Virtual Private Network): encrypts your internet traffic and masks your IP (Internet Protocol) address, making it harder for scammers to target you or abuse your data to seem more convincing. 
  

• Stop communicating
  First, end the call or stop replying immediately, even if the person sounds urgent or desperate. Don’t bother explaining, arguing, or testing them — scammers count on keeping you engaged so they can pile on the pressure and extract more information or money. Any extra interaction only gives them more opportunities to exploit you.
  
  
• Verify the person’s identity
  If something sounds even slightly off, take it as a sign that you should go to the source directly. Verify through a separate, trusted channel: call the person on a number you already have, message them through an existing chat, or use the official website or app. For banks or similar institutions, a quick in-person visit is the safest. 
  
  
• Report the scam attempt
  Let the platform where the scam occurred know — whether that’s your phone carrier, messaging app, social network, or email provider. For scams involving financial information, threats, or impersonation, contact your local law enforcement or consumer protection agency. In the US, the FTC (Federal Trade Commission) and the FBI’s IC3 (Internet Crime Complaint Center) handle these reports.
  
  
• Change security settings if needed
  If you shared any info — even minor details like names — during a suspicious interaction, assume it could be used against you. Take the initiative to secure your accounts: change passwords, enable 2FA (Two-factor Authentication), review recent login activity, and remove any unfamiliar devices. If banking or payment details came up, contact your bank to flag potential fraud.
  
  
• Activate breach monitoring tools
  Tools like Surfshark Alert let you know if your personal information ends up online after a data leak incident. This means you can promptly take necessary actions like changing compromised passwords or enabling 2FA. It also helps you stay ahead of AI voice scams that might try to use your leaked info to pass off as the real deal. 
  

• Colorado parent scam
  A woman in Colorado, US, received a frantic AI-generated call that sounded like her daughter. The caller, claiming her daughter had been abducted, demanded $2,000 for her release. After sending the money, the mother learned that the daughter was safe at home all along. 
  
  
• US officials alert
  The FBI has issued an alert about scammers impersonating senior US officials using AI-generated voice and text messages. These fraudsters try to build trust first before persuading victims to share access to their personal or official accounts.     
  
  
• Italian ransom scam
  Fraudsters mimicked Italian Defence Minister Guido Crosetto’s voice to call prominent business figures, claiming kidnapped journalists in the Middle East needed urgent ransom payments. Massimo Moratti, former owner of soccer club Inter Milan, reportedly sent nearly €1 million across two transactions.
  
  
• Industry concern
  OpenAI CEO Sam Altman has voiced his concern that financial institutions still accept voice prints for authentication. He highlighted a growing “fraud crisis” as AI makes it incredibly easy for malicious actors to impersonate others.
  

• Limit audio content on social media: avoid posting videos where your voice is clearly isolated, and opt for captions or background music instead
  
  
• Simplify voicemail recordings: switch to a generic greeting or keep custom messages short, neutral, and free of emotional cues or identifying details; 
  
  
• Clean up old content: check past uploads on platforms like Instagram, TikTok, or YouTube and delete, archive, or restrict anything with clear, uninterrupted audio; 
  
  
• Tighten privacy settings on social apps: limit who can view, download, share, or remix your content and disable search engine indexing.
  

Five, Nine, and Fourteen Eyes alliances...a common assumption is that VPNs based in the 5-9-14 Eyes countries are inherently less private and that VPN's share data with them. In reality, a VPN’s privacy level is shaped by its infrastructure, internal privacy and data-logging policies, as well as national data protection laws. There are quite a few misconceptions surrounding the Eyes alliances, especially related to VPNs. -- Ms. Ema Pennell  of Surfshark shares us some enlighting info. Read on below

• Privacy laws of the jurisdiction — the country where a VPN provider is based determines which data protection and disclosure laws apply. When choosing a VPN, look for a privacy-friendly jurisdiction that limits mandatory data retention and has user-focused privacy laws — these privacy protections reduce how much information providers can or are required to collect and keep;
  
  
  
• No-logs VPNs have nothing to share — if a VPN provider doesn’t collect or store any logs, there’s no meaningful user data to hand over. This means that even if authorities request user information, the provider simply has nothing to share. That’s why you should be choosing a service with strict, independently audited no-logs policies;
  
  
  
• Modern infrastructure limits data retention — VPNs that use RAM-only servers don’t write data to physical hard drives and automatically wipe all data when servers are restarted. This eliminates the possibility of long-term storage and further reduces the risk of user data being retained or exposed.
  

Quote:The Netherlands distinguishes itself as one of the most privacy-oriented countries in the world. Its data protection is governed by Dutch and EU law, including the GDPR — widely recognized as the global gold standard for user privacy and personal data protection.

Ms. Goda Sukackaitė, Senior Privacy Counsel at Surfshark

• Being in a 5-9-14 Eyes country automatically makes a VPN unsafe. In reality, a VPN’s safety depends more on its logging policy and infrastructure than on its location. A VPN that doesn’t keep logs and uses privacy-focused technology can effectively protect users, even if it’s based in or operates within an Eyes country;
  
  
  
• Using a VPN in 5-9-14 Eyes countries is illegal. In actuality, VPNs are completely legal in all allied countries, including the US, the UK, Canada, and Australia, and across most of Europe. VPNs here are widely used for everyday privacy, security on public Wi-Fi networks, and even remote work;
  
  
  
• Governments can see all VPN traffic. Connecting to a VPN encrypts your internet traffic, making it unreadable to outside parties. So, while governments can request data from VPN providers under certain legal conditions, encrypted traffic itself isn’t visible. And if a VPN keeps no logs, there’s little to obtain.
  

• VPN jurisdiction refers to the country where the VPN company is legally based. This is what determines which laws apply for user data collection, retention, and sharing;
  
  
  
• Server location refers to the actual geographic location of individual VPN servers around the world. A VPN provider can operate servers in multiple countries across the globe, even if the company itself is headquartered in a single country.
  

• Step 1: Asymmetric cryptography handshake
  
  The encryption process begins with a secure handshake between your device and the VPN server. This handshake uses asymmetric cryptography — which involves a public and a private key — to verify the connection and securely exchange information.
  
  
• Step 2: Symmetric key exchange
  
  During the handshake, a unique symmetric encryption key is securely generated and shared. This key is then used to encrypt and decrypt your data for the rest of the session. A fresh key is created regularly to keep your connection secure and prevent exposure, even if a past session was compromised.
  
  
• Step 3: Data encryption
  
  With the symmetric key in place, all your internet traffic is encrypted using advanced encryption algorithms, such as AES-256 or ChaCha20 — ensuring your data stays private and protected as it travels between you and the VPN server.
  
  
• Step 4: Integrity check
  
  Finally, integrity algorithms verify that your data hasn’t been tampered with or altered during transmission.
  

• OpenVPN protocol
  
  OpenVPN is a tunneling protocol that is available as an open-source project. Its code is freely available on the internet, and it is maintained and updated by security and networking experts from around the world. Additionally, while using this protocol on Surfshark, you are using obfuscated servers. The Surfshark app offers two options for OpenVPN: UDP and TCP.
  
  UDP is faster and is great for safe streaming, video calls, or games.
  TCP is more stable and will ensure that every single packet of information that you send from your device is delivered. However, it may be slower compared to other protocols.
  
  NOTE: OpenVPN is available on Surfshark apps for Android, macOS, Windows, iOS, and Linux.
  
  
• WireGuard® protocol
  
  WireGuard® is a relatively new communication protocol that has recently gained popularity in the cyber-security market. WireGuard works by creating secure point-to-point connections using state-of-the-art cryptography, aiming for high performance and minimal overhead. Its open-source nature provides better performance compared to OpenVPN and IKEv2. It is considered the fastest VPN protocol available today. 
  
  To ensure an even further security - Surfshark has implemented post-quantum protection on top of the WireGuard protocol - simply use it in app and you're protected!
  
  NOTE: Currently, WireGuard® is available on Surfshark apps for Windows, iOS, Android, and macOS. If you cannot find it on your Surfshark app, update it to the latest version. Post-quantum encryption layer is not supported on manual configurations at this time. Please note that WireGuard® is a registered trademark of Jason A. Donenfield.
  
  
• IKEv2 protocol
  
  IKEv2 (Internet Key Exchange version 2) is a widely used VPN protocol known for its strong security features and efficient performance. It establishes a secure connection between a client and a VPN server, enabling encrypted data transmission over the internet. IKEv2 is notable for its ability to quickly re-establish connections in case of network disruptions, making it suitable for mobile devices and remote access scenarios.
  

Post-quantum protection is now live on WireGuard!

This upgrade adds an extra layer of future-proof security, shielding you against potential quantum computing threats. Read on below to know how it works and why it matters

• Quickly resolve connectivity hiccups with the new refresh button on the VPN dashboard, making it easier than ever to stay connected;
  
  
• Stay informed about your email security without leaving the app, with the revamped Alert dashboard, which now shows your email status;
  
• Enjoy a smoother and more reliable experience with various improvements and fixes.
  

• We strive to provide the best possible experience for you, and this release was focused on that.
  
• We made some slight app improvements and uplifts so you can enjoy smoother connections. 
  

• We made some minor VPN performance fixes and slight visual app improvements so you can surf even more smoothly.
  

• This release includes various optimizations to enhance the Surfshark app.
  

• Cleanweb and post-quantum connection improvements.
  

• Firefox Add-on version 4.40.0  (18-03-2026) 
  
  
• Edge Add-on version 4.40.0 (18-03-2026) 
  
  
• Chrome VPN Extension version 4.41.2  (01-04-2026)