
Surfshark, one of the top-rated VPN providers, has registered a new patent aimed at improving end-to-end encryption (E2E) messaging by reducing metadata exposure. The patent introduces a distributed trust-based system that ensures conversations remain private by limiting the amount of metadata shared with service providers.
Karolis Kaciulis, Lead System Engineer at Surfshark and the patent inventor, emphasized the growing need for better security in messaging. "There is an evolving need for better security standards for our messaging," he said, highlighting how network-based communication has grown and why encryption needs to improve.Â
He explained that while E2E encryption prevents service providers from reading messages, metadata such as sender and receiver details, timestamps, and message sizes remain visible. "Today, Facebook or other services with end-to-end encryption can't see the messages the user is sending, but a lot of metadata is still visible to the provider," he added.
Surfshark’s solution involves splitting encryption between two separate VPN providers. "The proposed method in our patent would include decentralizing the ownership of the message," Kaciulis explained. "In simple terms, this model would employ two separate companies, for example, two different VPNs during the encryption process."Â
This means no single provider would have complete access to the encrypted data, reducing the risk of metadata exposure to companies and governments. As a result, even if a VPN provider or government tries to track user activity, they will only see partial data, making it harder to collect information about who is communicating and when.
The backstory for why Surfshark’s new patent is needed dates back to the early days of social media, when messaging services like Facebook saved user messages, meaning they were completely readable by the platform. This was a considerable privacy mess, finally leading to the rollout of E2E (end-to-end) encryption (only the sender and the receiver would be able to read the messages). While this was a big step forward, it didn’t completely solve the problem.Â
Kaciulis explained that even with E2E encryption, service providers can still see some metadata. This leftover metadata can still be used to track users, so Surfshark’s new encryption method focuses on reducing the amount of information visible. By splitting data between two VPN providers, the new system makes it harder for any single company or government to access a complete picture of a user’s communication.
That said, some VPN services, like NymVPN, use a decentralized system where no single company controls the data. Surfshark’s approach is different.
According to Kaciulis, eliminating all central authority may make matters less safe. According to him, "decentralized VPN" is now more of a catchphrase than a practical remedy. Therefore, Surfshark's concept distributes control across several reliable providers rather than eliminating authority. In this manner, security is maintained while ensuring no one can access excessive user data.
With its new encryption model, Surfshark takes a different approach to minimizing metadata exposure. Its practical application, though, remains to be seen. The company continues experimenting with what this technology might look like within its existing products. As encryption and privacy concerns continue to evolve, innovations like this highlight the ongoing efforts to strengthen online security.
How Surfshark’s approach functions in practice will determine whether it establishes a new standard for private messaging.