Quantum computing still lives in the future for most people, but in the security world, the countdown has already started. Surfshark is acting on that reality by adding post-quantum protection to its WireGuard-based VPN connections, a move meant to protect user data not just today, but years from now when encryption standards may no longer hold up.
The new protection is already live on macOS, Linux, and Android. Support for iOS and Windows is on the way. That rollout alone would be notable, but Surfshark paired it with research that makes the timing feel urgent. After analyzing dozens of everyday apps, the company found that only 8 percent currently show any real resistance to future quantum attacks.
That number should give anyone pause.
Most of today’s online security depends on encryption methods that are extremely hard for classical computers to break. The problem is that quantum computers do not play by the same rules. Once they mature, they will be able to solve those same mathematical problems much faster, turning what used to take centuries into something that could take hours. That shift threatens everything from bank transfers to private messages.
What makes the situation worse is that the threat is already being planned for by attackers. Encrypted data can be captured today and stored for years, waiting for the moment when quantum hardware becomes powerful enough to unlock it. When that happens, old data suddenly becomes new again. Passwords, financial records, conversations, and business documents could all be exposed long after people assumed they were safe.
Surfshark’s position is that security needs to be built for that future now, not patched in later. Post-quantum cryptography is designed to survive a world where quantum computers exist outside research labs, and the company is now using it to protect VPN traffic by default on supported platforms.
The problem, however, goes far beyond VPNs.
Surfshark points out that encryption is only as strong as the weakest link in the chain. A user might have quantum-resistant protection on their own device, but if the service they connect to has not upgraded its systems, the data can still be vulnerable. Banks, shopping platforms, and social networks all store enormous amounts of encrypted information, and many of them are still relying on methods that will eventually be outdated.
To measure how serious the gap is, Surfshark reviewed 40 popular apps across social media, messaging, banking, and shopping categories. The findings show that post-quantum readiness is rare. Only a small fraction of apps have implemented quantum-resistant encryption. Around a third are researching or planning upgrades. The majority have not publicly addressed the issue at all.
Banking and shopping apps appear to be the least prepared. None of the reviewed banking apps have implemented post-quantum protection, and only a handful have even signaled intent to do so. Shopping apps follow the same pattern, despite handling payment data and personal information every day.
Social media apps are not much better. TikTok was the only platform identified as having meaningful quantum resistance, while the rest continue to depend on traditional encryption approaches.
Messaging apps show slightly more progress. A small portion already use post-quantum cryptography, and others are actively working on it. Large platform owners like Google and Meta have acknowledged the risk and have started upgrading parts of their messaging infrastructure, but even there the transition is incomplete.
Surfshark’s bet is that early adoption matters. By integrating post-quantum protection into WireGuard now, the company is trying to make sure that encrypted traffic remains safe even as the rules of computing change. WireGuard’s modern design helps keep performance losses minimal, which makes the transition easier for everyday users who might never notice the difference.
The bigger message is that quantum security is no longer a niche topic for researchers. It is becoming a real-world concern for consumers, companies, and governments alike. The data people create today may still exist decades from now, and the choices made about encryption today will determine whether that data stays private or becomes readable history.
Support independent tech journalism
NERDS.xyz is independently owned and operated. If you enjoy my coverage of Linux, AI, hardware, cybersecurity, and tech culture, consider supporting the site on Ko-fi.
Support NERDS.xyz
1 thought on “Surfshark rolls out post-quantum VPN protection as most popular apps remain unprepared”
Comments are closed.