INDEX / DIRECTORY / SURFSHARK

Surfshark

Cybersecurity & VPN 107 CITED SOURCES UPDATED 2026-06-17
BDS-1000 Score 39 /1000 E Tier E - Limited
Military ↗ 0.00 Digital ↗ 0.00 Economic ↗ 0.62 Political ↗ 0.00

BDS-1000 Forensics Dossier: Surfshark

Key Findings

  • Economic: Surfshark operates approximately 8 VPN servers in Tel Aviv (customer-facing exit nodes, RAM-only, co-location provider undisclosed) under its own ASN (AS209854).1
  • Economic: Warburg Pincus (minority Nord Security investor) previously held Israeli-founded Zimperium - fully exited via Liberty Strategic Capital’s acquisition in March 2022, before the Surfshark–Nord Security merger completed.23
  • Not found: No Israeli entity registration, R&D facility, defence contract, surveillance-technology relationship, or political nexus was identified; Surfshark does not appear in the UN OHCHR settlement database, Who Profits, AFSC, or any BDS boycott target list; BRS 39 / Tier E.

Dossier ID: 06-main-dossier.md Target Entity: Surfshark B.V. (Nord Security group) Date of Compilation: 2026-05-01 Classification: Public Record - Evidence-Only Compilation

Target Profile

FieldDetail
Company NameSurfshark B.V. (operating as Surfshark; subsidiary of Nord Security group)
JurisdictionNetherlands (Surfshark B.V., KvK 81967985, Kabelweg 57, Amsterdam); original incorporation British Virgin Islands (2018); post-merger restructure under Dutch/Lithuanian operational entities
HeadquartersOperational: Vilnius/Kaunas, Lithuania; Corporate: Kabelweg 57, Amsterdam, Netherlands
SectorVPN and consumer cybersecurity software (subscription-based)
OwnershipNord Security group (merged 2022); co-founders Tom Okman and Eimantas Sabaliauskas hold >80% voting shares; institutional investors: Novator Ventures (Iceland), Warburg Pincus (US), General Catalyst (US), Burda Principal Investments (Germany); Surfshark founder Vytautas Kaziūkonis transitioned to Chairman post-merger
Key Executives / GovernanceVytautas Kaziūkonis (Founder, Chairman); Dovydas Godelis (CEO); Martynas Sklizmantas (Head of Infrastructure, Lithuania); Tomas Stamulis (Chief Security Officer, Lithuania); Birgir Ragnarsson (Board, Novator partner); Chandler Reedy (Board, Warburg Pincus managing director)
Israeli-Nexus SummaryNo documented Israeli entity registration, R&D facility, or operational hub; ~8 VPN servers operated in Tel Aviv serving regional customers; limited economic nexus via Warburg Pincus’s historical investment in Israeli-founded Zimperium (exited 2022)

Key Facts:

Executive Summary

Surfshark is a Netherlands-incorporated consumer VPN and cybersecurity software company operating as a subsidiary brand within the Nord Security group following a February 2022 merger. The company’s documented product portfolio consists entirely of commercially available consumer privacy tools - VPN services, antivirus, data breach alerting, private search, and ad/tracker blocking - with no identified defence sector products, mil-spec variants, or military/intelligence customer relationships across any audited domain.

The Military audit identified no evidence of defence contracts, dual-use supply chain relationships, munitions involvement, or logistical sustainment services to Israeli state security bodies. The Digital audit found no Israeli-origin technology licensing, surveillance system integration, or defence/intelligence sector technology relationships. Surfshark’s independently audited security infrastructure relies on Cure53 (Germany) and Deloitte for penetration testing and no-logs verification respectively - both non-Israeli vendors.

The Economic audit identified a limited operational presence: approximately 8 VPN servers in Tel Aviv, operated under Surfshark’s own ASN and marketed as a customer-facing exit node. The specific Israeli co-location provider is undisclosed; BGP routing data shows no confirmed Israeli data-centre operator in Surfshark’s peer network. More significantly, the Economic audit identified a documented investment-level connection: Warburg Pincus - a minority investor in the Nord Security group - previously held an Israeli-founded cybersecurity company, Zimperium, through a 2016 investment round and fully exited via Liberty Strategic Capital’s acquisition in March 2022. This represents a historical, divested investor-level relationship rather than an active Surfshark operation.

The Political audit documented Surfshark’s silence on the Gaza conflict: the company operates an Internet Shutdown Tracker and Censorship Radar that documented communications disruptions in Gaza following October 2023, yet issued no accompanying corporate statement contextualising those disruptions. This asymmetry - documented advocacy on analogous issues (Russia 2022, Iran 2022) without parallel action on Gaza - constitutes the most significant political-domain finding.

The resulting BRS of 39 reflects Tier E (Minimal). The score is driven almost entirely by the Economic domain (V=0.62), itself resting on the Israeli server presence and the Warburg Pincus–Zimperium investor relationship. No domain score exceeds 0.62, and the Military, Digital, and Political scores are zeroed across all indicators.

Timeline of Relevant Events

DateEvent
2018Surfshark incorporated in British Virgin Islands by Vytautas Kaziūkonis (Lithuanian national)8
October 2021Nord Security raises $100M at $1.6B valuation; Warburg Pincus identified as institutional investor (Zimperium, Israeli-founded, subsequently confirmed as Warburg portfolio holding)2
February 2022Surfshark merges with Nord Security; combined group incorporated under Cyberspace B.V. (Dutch holding) and Nord Security s.a. (Luxembourg); Vytautas Kaziūkonis transitions to Chairman9
March 2022Liberty Strategic Capital acquires controlling stake in Zimperium; Warburg Pincus exits (full exit from Israeli-founded Zimperium confirmed)3
2023Surfshark joins UN Global Compact; Deloitte conducts no-logs policy audit10
January 2024Surfshark acquires Ironwall by Incogni (Orange, CA-based; US-registered target; no Israeli nexus identified)11
October 2023–presentSurfshark’s Internet Shutdown Tracker and Censorship Radar document Gaza communications disruptions; no corporate statement issued contextualising the disruptions within the Israel-Palestine conflict12
April 2024Atlas VPN (Nord Security subsidiary) shut down; no Israeli operations identified prior to shutdown13

Corporate Overview

Surfshark operates as a distinct brand within the Nord Security group, which was formed through the February 2022 merger of NordVPN and Surfshark. The combined entity maintains separate product brands while sharing group-level corporate governance and certain operational infrastructure.9

Corporate Structure (simplified):

Group R&D and Operations: Surfshark’s primary engineering hub is located in Vilnius, Lithuania, with additional offices in Warsaw (Poland), Berlin (Germany), and Amsterdam (Netherlands). No R&D facility, technology laboratory, or engineering office has been identified in Israel.17

Israeli Entities and Franchise Relationships: No Israeli subsidiary, registered entity, or franchise operation has been identified for Surfshark, Nord Security, or Cyberspace B.V. in the Israeli Companies Registrar.7 The Israeli Companies Registrar returned zero entries for all group entities.

Nord Security Investment Structure: Nord Security’s co-founders - Tom Okman and Eimantas Sabaliauskas - hold more than 80% of voting shares per S&P Global Ratings (2025). Institutional investors include Novator Ventures (Iceland), Warburg Pincus (US), General Catalyst (US), and Burda Principal Investments (Germany).18 Nord Security advisors include Troy Hunt (HaveIBeenPwned), Tanya Janca (We Hack Purple), and Rytis Vitkauskas (Lightspeed Venture Partners) - none with identified Israeli state connections.19

Domain Summaries

Military: Military

Mechanism of Involvement

No public evidence identified for any mechanism of military involvement. Surfshark’s product portfolio is exclusively consumer and SME-oriented: VPN software, antivirus tooling, data breach alert services, and privacy-focused browser extensions.20 No contract, tender award, framework agreement, or memorandum of understanding with the Israeli Ministry of Defence (IMOD), Israel Defence Forces (IDF), Israel Prison Service, Israel Border Police, or any other Israeli state security body has been identified in any publicly available procurement database, corporate disclosure, or press reporting.

The SIBAT (Israel Defence Export and Defence Cooperation Directorate) public-facing export directory contains no Surfshark listing; the Israeli Government Procurement Portal (mr.gov.il) full-text search returned a null result for “Surfshark”; and no defence contract or government security sector engagement is disclosed in Netherlands KVK registration records.20 Surfshark does not manufacture or publicly market ruggedised, tactical, mil-spec, or defence-grade variants of its products; its architecture is software-only, distributed via consumer app stores and standard commercial licensing.

No identified dual-use technology provision, supply chain integration with defence primes (Elbit Systems, Israel Aerospace Industries, Rafael Advanced Defense Systems), logistical sustainment services, or munitions involvement has been identified across any source class checked.20 The SIPRI Arms Transfers Database contains no Surfshark entry.21 The domain boundary test - whether the product’s designed output produces a targeting decision or weapons effect - yields a negative result for all Surfshark products.20

Counter-Arguments and Evidence Limits

Surfshark’s position as a pure-play consumer software company presents the strongest available counter-argument to any military complicity allegation. The company manufactures no hardware, operates no physical infrastructure in conflict-adjacent contexts, and provides no products purpose-built for defence applications. VPN and privacy software, by design, protects end-user anonymity and data security - functions categorically distinct from weapons systems integration or targeting enablement. The company’s software-only architecture and standard commercial distribution channels place it outside the typical subject profile of military supply chain investigations.

The absence of Surfshark from NGO boycott and divestment campaign lists - including BDS Movement target lists,22 Who Profits Research Center database,7 PAX “Companies Arming Israel and Their Financiers” report,23 and institutional investor exclusion decisions - is consistent with the broader civil society assessment that Surfshark does not present a material military complicity case.

Evidence limits: The Military audit notes that Surfshark’s VPN software is commercially available to any end user, including potentially government or military personnel purchasing as individual subscribers. This reflects the inherent limitation of consumer software distribution - any individual, including military personnel, can purchase Surfshark’s consumer product. However, no evidence of institutional or contract-based military supply has been identified, and Surfshark’s terms of service prohibit use of its services for unlawful purposes.24

Named Entities and Evidence Map

EntityEvidence Status
Israeli Ministry of Defence (IMOD)No contract/relationship identified
Israel Defence Forces (IDF)No contract/relationship identified
Israel Prison Service / Border PoliceNo contract/relationship identified
SIBAT export directoryNo Surfshark listing
Israeli Government Procurement Portal (mr.gov.il)Null search result
Elbit SystemsNo supply relationship in annual reports
Israel Aerospace Industries (IAI)No supply relationship identified
Rafael Advanced Defense SystemsNo supply relationship identified
SIPRI Arms Transfers DatabaseNo Surfshark entry
Netherlands KVK filingsNo defence contract disclosed

Digital: Digital

Mechanism of Involvement

No public evidence identified of any licensing, subscription, procurement, or technology integration relationship between Surfshark and Israeli-origin cybersecurity or enterprise software vendors. Specifically, no relationship has been identified with Check Point Software Technologies, Wiz, SentinelOne, CyberArk, NICE Ltd, Verint Systems, Claroty, or AnyVision/Oosto in any corporate filing, press release, partnership announcement, technology blog post, or third-party audit report.25

Surfshark’s publicly disclosed security infrastructure relies on two non-Israeli firms for independent assurance: Cure53 (Berlin, Germany) for penetration testing26 and Deloitte for no-logs policy audit (2023).10 Surfshark uses Nexway (France) for e-commerce and payment processing; no Israeli-origin payment processing or fintech integration has been identified.

Surfshark’s global server list includes an Israeli (IL) endpoint.27 Surfshark operates its global server fleet on a RAM-only, diskless architecture, meaning no persistent data is written to storage at any node, including the Israeli exit node.28 The specific Israeli co-location or hosting provider is not publicly disclosed.

No participation in Project Nimbus (the $1.2 billion cloud infrastructure contract awarded to Google Cloud and Amazon Web Services by the Israeli government and military)29 or any comparable Israeli state-backed cloud infrastructure programme has been identified. Surfshark is not a hyperscale cloud provider and does not offer infrastructure-as-a-service products of the type tendered under Project Nimbus.

No Israeli surveillance, biometric, or predictive analytics technology deployment through third-party managed services or bundled enterprise suites has been identified. Source classes checked include Who Profits Research Center database, NGO surveillance-tech reports, corporate product documentation, and trade press.30

Surfshark’s documented AI/ML features are limited to consumer-facing functions: AI-driven malware detection within its antivirus module and automated server-load optimisation for VPN connection routing.31 No provision of AI or ML systems to Israeli state bodies, military agencies, or law enforcement entities has been documented.

Counter-Arguments and Evidence Limits

Surfshark’s third-party audit transparency represents a substantive exculpatory element. The publication of Cure53 and Deloitte audit reports - both independently verifiable and accessible to the public - provides a documented framework for external verification of Surfshark’s security architecture. This level of transparency is above average for the consumer VPN sector and provides no indication of undisclosed Israeli state relationships.

The RAM-only server architecture specifically mitigates data persistence concerns at any individual node, including the Israeli exit node. Under this architecture, no user data is written to persistent storage, reducing the potential operational impact of any hypothetical co-location provider relationship.

Evidence limits: The Digital audit identifies three material evidence gaps:

  1. Internal IT stack: Surfshark does not publish a comprehensive vendor disclosure or software bill of materials for its internal enterprise IT environment. It is therefore not possible to fully rule out the use of Israeli-origin security software (e.g., endpoint detection and response tools) in back-office functions from public sources alone.

  2. Group-level procurement: Following the 2022 merger, some procurement decisions may be made at the Nord Security group level rather than the Surfshark entity level. Group-level vendor relationships are not comprehensively disclosed publicly.

  3. Israeli exit-node sub-contractor: The specific data centre operator or network transit provider enabling the Israeli VPN server is undisclosed. Whether that sub-contractor has Israeli state or defence connections cannot be determined from public sources.

Named Entities and Evidence Map

Entity / TechnologyEvidence Status
Check Point Software TechnologiesNo relationship identified
WizNo relationship identified
SentinelOneNo relationship identified
CyberArkNo relationship identified
NICE LtdNo relationship identified
Verint SystemsNo relationship identified
Palo Alto NetworksUS-headquartered; no Surfshark customer/integration relationship identified
Cure53 (Germany)Documented security audit partner
DeloitteDocumented no-logs audit partner
Nexway (France)Documented payment processing partner
Project Nimbus (Google/AWS)No Surfshark participation identified
Israeli biometric/surveillance firmsNo relationship identified

Economic: Economic

Mechanism of Involvement

The Economic audit identified two mechanisms of Israeli economic involvement, both at the lower end of the evidentiary and materiality spectrum.

Israeli VPN Server Presence: Surfshark operates approximately 8 VPN servers in Tel Aviv, marketed on its website as “RAM-only” with protocols OpenVPN, WireGuard (post-quantum), IKEv2, and L2TP/IPsec.32 The servers are operated under Surfshark’s sole ASN (AS209854), registered to CyberZone S.A. (Panama).33 This constitutes a customer-facing VPN exit node - allowing subscribers to appear to be located in Israel - not an operational data centre, primary co-location facility, or sovereign cloud deployment owned or leased by Surfshark in Israel. Surfshark does not characterise Israel as a significant market in any annual report, investor presentation, or press release; no investor filing describes Israel as a strategic growth market, regional hub, or major revenue source.17

Warburg Pincus–Zimperium Historical Investment: Warburg Pincus - a minority investor in the Nord Security group - participated in Zimperium’s June 2016 Series C round ($25M led round) and fully exited via Liberty Strategic Capital’s approximately $525M controlling acquisition in March 2022.3 Zimperium is Israeli-founded and Tel Aviv-headquartered (mobile threat defense). Warburg Pincus has no current Israeli cybersecurity investment via its disclosed Surfshark-related portfolio; the Zimperium position was fully divested prior to the Surfshark merger.34

Negative Findings: No Israeli entity registration, R&D centre, data centre, or logistics hub in Israel has been identified for Nord Security or Surfshark. The Israeli Companies Registrar returned zero entries for Surfshark, Nord Security, or Cyberspace B.V. No Preferred Technology Enterprise status or Israeli Innovation Authority grantee participation has been identified.7 No material asset-management holdings in OHCHR-listed settlement companies or Israeli arms manufacturers have been identified for Surfshark or Nord Security. Surfshark does not appear in the UN OHCHR Settlement Database (September 2025, 158 companies), UN A/HRC/59/23 “From economy of occupation to economy of genocide,” DBIO Don’t Buy Into Occupation 2024/2025 (104 companies), Who Profits Research Center database, or PAX “Companies Arming Israel and Their Financiers” (June 2024) financier matrix.723

Counter-Arguments and Evidence Limits

Surfshark’s economic position presents several strong counter-arguments:

Customer-facing server presence, not operational infrastructure: The approximately 8 VPN servers in Tel Aviv serve customers who wish to appear to be located in Israel. This is standard commercial practice for global VPN providers and is analytically distinct from corporate operational presence, revenue-generating market activity, or settlement involvement. Surfshark maintains no office, warehouse, or retail location in Israel.17 No Israeli tax registration, payroll, or social-security contribution has been identified.

Warburg Pincus position fully divested: The Zimperium investment was Warburg Pincus’s sole identified Israeli cybersecurity holding in its disclosed Surfshark-related portfolio, and was fully exited in March 2022 - before the Surfshark merger was announced (October 2021) and completed (February 2022). The divestment predates the existence of the Surfshark–Nord Security combined entity. Under the audit methodology’s temporal rule, divested operations are mitigated. Warburg Pincus holds no current Israeli cybersecurity position in its disclosed portfolio related to Surfshark.

Absence from authoritative databases: Surfshark is not named in any UN OHCHR settlement database, Who Profits database, PAX financier report, DBIO listing, or BDS Movement campaign. The absence of Surfshark from these authoritative tracking databases - which employ systematic research methodologies targeting exactly the economic nexus vectors under assessment - is consistent with the conclusion that Surfshark’s Israeli economic footprint is negligible.

BGP peer analysis: BGP routing data for AS209854 shows 10 peers - Datacamp Limited (UK), PacketHub S.A. (Panama/Australia), M247 Europe SRL (Romania/UK), Cogent Communications (US), EDGOO Networks (Portugal), Hydra Communications (UK), Host Universal (Australia), HostingInside (Taiwan), and COLT Technology Services (UK) - none of which is an Israeli data-centre operator (Bezeq International, MedOne, or EdgeConneX).33

Evidence limits: The IP range 31.169.120.0/24 is registered to CyberZone S.A. (Panama); BGP looking glass does not show an Israeli carrier prefix. Surfshark’s Israeli servers may be virtualised or routed rather than physically co-located in Israeli facilities - a configuration that would further reduce the already-limited physical nexus. The specific Israeli data-centre operator is undisclosed, constituting a material evidence gap for full verification.

Named Entities and Evidence Map

Entity / RelationshipEvidence Status
Surfshark Israeli server presence~8 servers in Tel Aviv; co-location provider undisclosed
AS209854 (Surfshark ASN)Registered to CyberZone S.A. (Panama); no Israeli carrier prefix
Israeli Companies RegistrarZero entries for Surfshark, Nord Security, Cyberspace B.V.
Israeli data-centre operatorsNot confirmed in AS209854 BGP peer list
Warburg Pincus → ZimperiumHistorical investment; fully exited March 2022
Novator VenturesDisclosed portfolio contains no Israeli-domiciled entities
General CatalystDisclosed portfolio contains no Israeli-domiciled entities
Burda Principal InvestmentsDisclosed portfolio contains no Israeli entities
UN OHCHR Settlement DatabaseNo Surfshark/Nord Security/Cyberspace B.V. entry
Who Profits Research CenterZero results for Surfshark, Nord Security, Novator, Cyberspace B.V.
PAX “Companies Arming Israel”No Surfshark or Nord Security entry
DBIO Don’t Buy Into OccupationNo Surfshark or Nord Security entry

Political: Political

Mechanism of Involvement

The Political audit identified one primary political-domain finding, with all other sub-categories returning null results.

Documented Asymmetry in Conflict-Adjacent Advocacy: Surfshark operates publicly available research infrastructure - the Internet Shutdown Tracker35 and Censorship Radar36 - that documented communications disruptions in Gaza following October 2023. Despite this documented monitoring capability, no accompanying corporate statement contextualising those disruptions within the broader Israel-Palestine conflict was publicly issued by Surfshark.

This asymmetry contrasts with Surfshark’s documented responses to analogous situations: the company published blog content responding to internet shutdowns in Russia (2022) and Iran (2022),35 and has produced annual Human Rights Day content37 and a Digital Quality of Life Index.38 None of these publication streams addressed Gaza communications blackouts or West Bank internet restrictions during the 2023–2026 conflict period.

Null Findings Across Sub-Categories: No official corporate statement by Surfshark specifically addressing the Israel-Palestine conflict, the October 7, 2023 Hamas attacks, or the subsequent Israeli military campaign in Gaza has been identified in the public record.8 No statement of support for either party - Israeli state, IDF, Palestinian Authority, Hamas, or associated civil society organisations - has been identified in any Surfshark or Nord Security public communication channel.

No acceptance of state honours from Israel, no hosted Israeli government officials at corporate events, and no formal non-commercial partnerships with Israeli state academic or governmental institutions have been identified. No corporate sponsorship of “Brand Israel” campaigns or Israeli government public relations initiatives has been identified.

No US federal lobbying filings (LDA), PAC contributions, or political expenditure entries have been identified for Surfshark or Nord Security in OpenSecrets records.39 No material financial support, corporate donations, or sponsorships directed toward parastatal organisations, Israeli settlement infrastructure funds, or military-welfare organisations (e.g., FIDF, JNF) have been identified. No instances of crisis asset mobilisation - free VPN subscriptions, service credits, or infrastructure access directed to Israeli state, military, or state-aligned NGO efforts during the October 2023 conflict - have been identified.

Surfshark has not been the subject of any organised boycott, divestment, or exclusion campaign specifically related to political activities. It does not appear in BDS Movement campaign target lists.22

Counter-Arguments and Evidence Limits

Corporate silence is not equivalent to affirmative political position: The absence of a corporate statement on the Israel-Palestine conflict is not equivalent to an affirmative political position in favour of the Israeli government or military. Many companies maintain silence on geopolitical conflicts where no direct operational nexus exists. Surfshark’s silence is consistent with its characterisation of itself as a global consumer privacy company with no Israel-specific market strategy and no identified Israeli operational involvement.

Research publication does not imply advocacy obligation: The Internet Shutdown Tracker and Censorship Radar are public research tools, not political advocacy instruments. Surfshark’s publication of data documenting shutdowns does not create a documented corporate obligation to issue contextual statements on every conflict in which connectivity disruptions occur. The asymmetry with Russia/Iran responses may reflect differences in editorial resource allocation, regional staff expertise, or strategic communications priorities rather than a deliberate political stance.

Positive civic engagement documented: Surfshark has joined the UN Global Compact (January 2023) and sponsors Access Now RightsCon, EDRi Privacy Camp, the International Press Institute, and NetBlocks.5 These engagements indicate a documented civic-facing portfolio consistent with a digital rights advocacy orientation, not state-aligned political positioning.

No financial flows identified: The complete absence of documented financial contributions to FIDF, JNF, settlement infrastructure funds, or equivalent Israeli parastatal organisations contrasts with companies that have affirmatively funded such entities.

Evidence limits: Surfshark’s transparency reports cover aggregate request volumes by jurisdiction but do not itemise requests by individual country. Whether Israeli government authorities have submitted data requests to Surfshark, and how the company responded, is not publicly disclosed in the available transparency reports.6 Surfshark’s post-2022 merged entity governance structure, board composition, and shareholder agreement are not publicly filed in searchable registries, constituting evidence gaps for full ownership-chain verification of any potential undisclosed political linkages.

Named Entities and Evidence Map

Entity / Sub-CategoryEvidence Status
Surfshark corporate statement on Gaza conflictNot identified (silence documented)
Internet Shutdown Tracker (Gaza documentation)Documented; no contextualising statement issued
FIDF / JNF / settlement fund contributionsNo evidence identified
US federal lobbying (LDA/OpenSecrets)No Surfshark/Nord Security entries
BDS campaign targeting SurfsharkNo campaign identified
UN OHCHR Settlement DatabaseNo Surfshark entry
Surfshark Ltd (UK entity)Registered at Companies House; no Israel-specific activity identified

BDS-1000 Score (V4)

DomainIMPV-Domain Score
Military0.000.000.000.00
Digital0.000.000.000.00
Economic3.502.503.500.62
Political0.000.000.000.00

Score Explanation: The BRS of 39 (Tier E, Minimal) is driven by the Economic domain score of 0.62, which itself rests on two documented but limited economic nexus vectors: Surfshark’s approximately 8 VPN servers in Tel Aviv (customer-facing exit nodes, not corporate operational infrastructure), and Warburg Pincus’s historical investment in Israeli-founded Zimperium (fully divested March 2022). The Military, Digital, and Political scores are zeroed across all indicators, reflecting no documented military technology relationships, no Israeli-origin digital infrastructure dependencies, and no affirmative political advocacy for either party to the conflict.

Method: Evidence-only assessment from four independent domain audits; scale-free Impact (I) × Magnitude/Proximity (M) × directness (P) formula; human vetting applied - allegations not substantiated by evidence were reduced or zeroed during scoring; divested operations discounted per temporal rule.

Methodology Note

End Notes

Footnotes

  1. https://codamail.com/articles/vpn_exposed.html 2

  2. https://www.bloomberg.com/news/articles/2021-10-06/nord-security-raises-100m-at-1-6-b-valuation 2

  3. https://www.sipri.org/databases/armstransfers 2 3

  4. https://nordsecurity.com/blog/nord-security-raises-outside-capital-16-B-valuation

  5. https://surfshark.com/media/Surfshark_Annual_Wrap-Up_2024.pdf 2

  6. https://surfshark.com/transparency-report 2

  7. https://surfshark.com/about-us 2 3 4 5

  8. https://surfshark.com/research/internet-shutdown-tracker 2

  9. https://techcrunch.com/2022/02/01/nord-security-surfshark-merge/ 2 3

  10. https://surfshark.com/blog/deloitte-audit 2

  11. https://champsignal.com/ownership/surfshark.com

  12. https://surfshark.com/research/censorship-tracker

  13. https://en.wikipedia.org/wiki/Surfshark_B.V.

  14. https://surfshark.com/servers

  15. https://surfshark.com/servers/israel

  16. https://pitchbook.com/profiles/c

  17. https://surfshark.com/privacy/privacy-policy 2 3

  18. https://surfshark.com/terms-of-service

  19. https://surfshark.com/privacy/gdpr

  20. https://www.crunchbase.com/organization/surfshark 2 3 4

  21. https://www.crunchbase.com/organization/nord-security

  22. https://www.bdsmovement.net/get-involved/what-to-boycott 2

  23. https://whoprofits.org/companies/ 2

  24. https://surfshark.com/warrant-canary

  25. https://surfshark.com/blog/human-rights-day

  26. https://cure53.de/pentest-report_surfshark.pdf

  27. https://surfshark.com/blog/surfshark-infrastructure

  28. https://surfshark.com/blog/ram-only-servers

  29. https://surfshark.com/about

  30. https://surfshark.com/government-requests-for-user-data

  31. https://surfshark.com/blog/surfshark-merges-with-nord-security

  32. https://nordsecurity.com/blog/nord-security-raises-outside-capital-3-B-valuation

  33. https://nordsecurity.com/blog/vince-steckler-joins-nord-security-as-its-first-independent-board-member 2

  34. https://www.burdaprincipalinvestments.com/2023/10/04/nord-passes-3bn-valuation

  35. https://warburgpincus.com/2023/09/28/nord-security-raised-another-100m-investment-round 2

  36. https://www.theverge.com/2022/2/1/22912068/nord-security-surfshark-merger-vpn

  37. https://uk.pcmag.com/vpn/138489/nordvpns-parent-company-is-merging-with-vpn-provider-surfshark

  38. https://www.hrw.org/report/2021/04/27/threshold-crossed/israeli-authorities-and-crimes-apartheid-and-persecution

  39. https://www.amnesty.org/en/latest/campaigns/2022/02/israels-system-of-apartheid/