Surfshark in 2026 Talks About Post-Quantum Security, Smart Privacy, and Uninterrupted Freedom
Published
Key Takeaways
- Surfshark is expanding post-quantum encryption across all platforms in 2026 while strengthening its Software-Defined Networking (Nexus) architecture to reduce correlation risks and improve real-world performance.
- RAM-only servers, multi-hop routing, and audits keep user data secure even if a server is compromised.
- Multi IP, Rotating IP, and modern obfuscation make VPN traffic harder to detect or block.
- Surfshark is prioritizing censorship-resistant access through initiatives like Emergency VPN while maintaining a strong stance on user privacy.
- The company is enhancing user safety with smarter threat detection while continuing to explore new ways to safeguard users without compromising privacy.
As quantum computing edges closer to real-world impact and network surveillance grows more advanced, the future of online privacy is entering a decisive phase. For Surfshark, 2026 is about preparing for what’s next, apart from just reacting to what’s already here.
In our discussion with Karolis Kaciulis, Leading System Engineer at Surfshark, he outlined how the company is rethinking VPN architecture from the ground up, focusing on post-quantum encryption, volatile-memory infrastructure, and dynamic traffic routing that minimizes correlation and exposure. Rather than treating privacy as a single feature, Surfshark is building it directly into network design, performance optimization, and user experience.
From Nexus-powered routing to tools like Multi IP, Rotating IP, and Emergency VPN access for users facing internet shutdowns, Surfshark is aligning technical innovation with digital rights protection.
This interview unpacks Surfshark’s 2026 strategy, revealing how the company is shaping a VPN ecosystem that prioritizes resilience, future-proof security, and everyday usability in an increasingly restricted internet landscape.
Rachita Jain: What is the main technical goal your VPN is pursuing in 2026, and what concrete changes, such as new features, cryptographic mechanisms, or architectural shifts, are you launching to achieve it? Why is this necessary now?
Karolis Kaciulis: In 2026, we are focused on integrating post-quantum security across all platforms, a commitment we have already begun to implement and will continue to expand.
Our ongoing strategy is not only to broaden identity protection features but also to strongly emphasize real-world performance. By demonstrating how our tools work in practical scenarios, we aim to connect the theoretical advantages of our security measures directly to a seamless, everyday user experience.
Rachita Jain: Which specific lessons from past VPN breaches, audits, or law-enforcement cases are directly shaping your 2026 architecture, product design, or feature roadmap? What decisions would you not have made five years ago?
Karolis Kaciulis: Our design and roadmap are heavily influenced by the growing challenges presented by the constantly evolving landscape of online threats. These events serve as crucial lessons, reinforcing the need for robust security measures in every aspect of our architecture and product design. They directly shape how we prioritize features focused on minimizing digital footprint and enhancing user privacy. To help our users effectively maintain online safety and resilience against these pervasive threats, we offer a product suite that integrates multiple essential online security solutions.
Rachita Jain: If one of your VPN servers were compromised today, what user information could realistically be inferred, and how do the concrete changes planned for 2026, including infrastructure or feature changes, further reduce that exposure?
Our service operates exclusively with a RAM-only server architecture. This means all data on a server is stored solely in volatile memory (RAM), guaranteeing that all contents are instantly erased if the server is compromised or loses power.
Karolis Kaciulis: Crucially, no persistent storage, such as server disks, is used to store personal user data or account details.
Additionally, our Software-Defined Networking (SDN) works by jumbling user traffic across our servers. This design means that both servers in the path would need to be compromised to track the entire flow of a user's traffic. As we plan to broaden the scope of our SDN functionality, the already minimal amount of traffic a malicious actor could extract from a single compromised server will be further decreased.
Also, to ensure the infrastructure’s security, we recently completed an independent audit by SecuRing and implemented post-quantum security across most major platforms.
Rachita Jain: Beyond encrypting payloads, what concrete steps are you taking in 2026 to defend against traffic correlation, fingerprinting, and timing attacks, and how do these protections affect real-world users?
Karolis Kaciulis: We are continuing to extend our work on Nexus, a technology that connects all our existing VPN servers together, and our teams will focus on projects that will enhance this even further, aiming to improve network performance for all our users.
Rachita Jain: Are you planning any protocol-level changes or departures in 2026, beyond OpenVPN or WireGuard, or any significant modifications to how these protocols are used? What limitations of current protocols are driving those decisions?
Karolis Kaciulis: Our focus remains on continuously enhancing our services and elevating the overall product experience. In 2026, we will continue to explore options for user experience enhancements, much like our 2025 introduction of features such as FastTrack and Everlink, which were designed to ensure uninterrupted connections and deliver improved speeds.
Rachita Jain: As censorship, deep packet inspection, and AI-driven traffic analysis improve in 2026, what specific techniques are you deploying to make VPN traffic harder to identify or classify, and are any of these changes user-configurable or enabled by default?
Karolis Kaciulis: We have introduced new features such as Multi IP and Rotating IP to offer users advanced privacy options tailored to their specific needs, alongside having modern obfuscation techniques.
Rachita Jain: How are you changing abuse-prevention, fraud-detection, and operational monitoring systems in 2026 to avoid creating hidden logs, persistent identifiers, or long-lived behavioral profiles?
Karolis Kaciulis: Will focus on Nexus, our Software-Defined Networking (SDN) based technology, to create a more agile, resilient, and high-performance network to enhance anonymity and prevent persistent tracking or fingerprinting. Also, for this reason, we have already implemented solutions like Multi IP and Rotating IP. These features ensure the traffic routing constantly shifts, providing superior privacy.
Rachita Jain: Several governments are openly restricting or blocking VPN use. In 2026, are you changing how your network detects, routes around, or responds to blocking attempts, and where do you draw the line between legal compliance and technical resistance?
Karolis Kaciulis: Attempts to block VPNs are typically a concerning effort to restrict users’ digital rights. Historically, governments have used internet shutdowns to control and silence journalists, activists, and the public.
Internet blackouts can be dangerous, especially during critical events such as elections, protests, or other political turmoil. Losing internet access makes it harder to stay in touch with family members, access critical news outlets, and share urgent information with the world about unfolding events.
Since internet access is now essential to basic human rights, Surfshark provides an Emergency VPN, for journalists, NGO representatives, and activists facing such restrictions.
Rachita Jain: Some governments argue VPNs should help enforce age limits, content restrictions, or online-safety rules. What is your position on this in 2026? How does it influence your product, UI, or infrastructure decisions, and how do you prevent such systems from weakening user privacy?
Karolis Kaciulis: Our primary focus is on securing users from the rapidly growing online threats. To address this, we have implemented new features, including an email scam checker that helps users flag potentially dangerous emails and a web content blocker designed to protect users from malicious content. Looking ahead to 2026, we are committed to continuously enhancing our product suite to further help users in the fight against emerging online threats.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular