According to TechRadar, the new VPN service Obscura has just passed its first independent security audit with flying colors. The audit was conducted over 20 days by the renowned firm Cure53, focusing on the macOS app, its network extension, and its core protocol design. The report, published in early 2025, found “no major security vulnerabilities” within Obscura’s defined threat model. Only two low-impact issues were identified, both of which have since been fixed. Founder Carl Dong stated the audit independently verifies the “best-in-class privacy guarantees” of their unique 2-Party Relay system. Obscura, which only launched on February 11, 2025, is currently available just on macOS and iOS.
The Multi-Hop Advantage
Here’s the thing that makes Obscura really interesting: its entire model is built on a principle of enforced separation. It’s not just another VPN that pinky-swears not to log your data. Instead, it uses a multi-hop system where two completely independent providers handle your connection. Obscura encrypts your traffic first using WireGuard, then passes it off to its partner, Mullvad VPN, which acts as the exit node to the public internet. The genius here is that no single entity ever has the full picture. Obscura knows who you are (your account) but can’t see what you’re doing. Mullvad can see the traffic exiting to the web, but has no idea which Obscura user it came from. It’s a clever way to architect privacy right into the system’s bones.
Why This Audit Matters
Look, any new privacy service can make big claims. An audit, especially from a firm as respected as Cure53, is how you back them up. For a tool that’s only been live for a matter of months, this is a huge credibility win. It basically tells potential users, “Hey, we’re not just winging it.” The fact that the audit covered not just the app but the underlying protocol design is crucial. It means they’re checking the foundational ideas, not just the implementation. And let’s be real—finding only minor issues that were promptly fixed is about the best result a young company could hope for. It signals diligent engineering from the start, which is rare.
The Road Ahead and Market Fit
But there’s a catch, right? There always is. Obscura is macOS and iOS only. That’s a tiny slice of the overall VPN market. For a service built on such a compelling privacy architecture, that limited availability is a major roadblock to widespread adoption. Their business model seems focused on deep privacy advocates first, which is smart for building a reputation. But the real test will be scaling that model—and maintaining that audit-clean engineering—as they potentially expand to Windows, Android, and other platforms. Can they keep the same level of scrutiny and separation? That’s the million-dollar question. For now, they’ve done the hard work to prove their core tech is sound. In the world of digital privacy, that’s half the battle. You can read their full take on the audit over on their blog.
