Free VPN integrated in Opera for better online privacy(opera.com)
opera.com
Free VPN integrated in Opera for better online privacy
http://www.opera.com/blogs/desktop/2016/04/free-vpn-integrated-opera-for-windows-mac/
132 comments
Isn't that fairly standard amongst the privacy respecting VPNs?
We store nothing / log nothing.
We'll comply with law enforcement as far as we're able (ie not at all beyond billing, email and perhaps bandwidth used).
So that seems to say they'll perhaps be able to tell when you were logged in, who you are + payment info, and perhaps volumes transferred. Where and on which ports? No clue officer.
Private Internet Access seems similar: https://www.privateinternetaccess.com/pages/privacy-policy/
We store nothing / log nothing.
We'll comply with law enforcement as far as we're able (ie not at all beyond billing, email and perhaps bandwidth used).
So that seems to say they'll perhaps be able to tell when you were logged in, who you are + payment info, and perhaps volumes transferred. Where and on which ports? No clue officer.
Private Internet Access seems similar: https://www.privateinternetaccess.com/pages/privacy-policy/
But what happens if law enforcement specifically ask them to start recording more information?
My information is a couple of years out of date (I left in August 2013), but that would be hard(ish) for SurfEasy to do, and doing so would affect the entire system (all users), because we didn’t user-level pen-tapping capabilities into the system.
The proxy/VPN machines were designed to be disposable (to potentially cycle IP addresses for various reasons) and to record a minimum of information. It would have required non-trivial effort to make it so that we could do a pen-tap on just one individual given that they could end up on a different server each time. Additionally, I believe that the proxy/VPN machines had no information on the user's identity, just the device's identity (devices were given unique, derived identities when they were created; we could work that information backwards to some degree of accuracy with enough effort, precisely for LE purposes).
I don’t always use a proxy or VPN, but when I do, I trust what my former employer wrote precisely because I know what we didn’t do then, and didn’t believe would be right for us to do. Nothing I have heard from the SurfEasy team since suggests that this has changed.
The proxy/VPN machines were designed to be disposable (to potentially cycle IP addresses for various reasons) and to record a minimum of information. It would have required non-trivial effort to make it so that we could do a pen-tap on just one individual given that they could end up on a different server each time. Additionally, I believe that the proxy/VPN machines had no information on the user's identity, just the device's identity (devices were given unique, derived identities when they were created; we could work that information backwards to some degree of accuracy with enough effort, precisely for LE purposes).
I don’t always use a proxy or VPN, but when I do, I trust what my former employer wrote precisely because I know what we didn’t do then, and didn’t believe would be right for us to do. Nothing I have heard from the SurfEasy team since suggests that this has changed.
I think this assumption is true of every VPN provider:
If the courts or intelligence services tell them to capture a username's data, or access to specific websites from all users, they will do it.
If the choice is between keep quiet and do it, or potentially get shutdown or arrested, you have to assume that almost everyone will do as they are told.
If the courts or intelligence services tell them to capture a username's data, or access to specific websites from all users, they will do it.
If the choice is between keep quiet and do it, or potentially get shutdown or arrested, you have to assume that almost everyone will do as they are told.
Is that a fair assumption? I guess at that point you are simply biding time because if it ever comes out or there is even just a suspicion that you are lying your business is dead as word spreads across the internet
As word spreads across the internet that... what? That you comply with the law?
Isn't it worse if word gets out that you deliberately evade legal compliance frameworks? When a bank is found to be skirting regulations around money laundering, the reaction is not typically 'good on them, standing up for our rights against the man!'.
Isn't it worse if word gets out that you deliberately evade legal compliance frameworks? When a bank is found to be skirting regulations around money laundering, the reaction is not typically 'good on them, standing up for our rights against the man!'.
If all your customers are criminals, then yes, your reputation hinges on not complying (or not yet having to comply) with the law.
Well IANAL, but I'm happy with that.
Doesn't it then bring us to where we are with all other matters - wiretaps, breaking into a home with a search warrant?
Law enforcement has to get suspicion of a crime, probable cause, a warrant or what have you and be subject to all the assorted checks and balances the justice system has evolved.
That's vastly different to having all internet activity tied to an IP/account/person in vast, ever increasing, NSA/GCHQ/lots of other databases then going on a big back trawl every time a name comes up.
Doesn't it then bring us to where we are with all other matters - wiretaps, breaking into a home with a search warrant?
Law enforcement has to get suspicion of a crime, probable cause, a warrant or what have you and be subject to all the assorted checks and balances the justice system has evolved.
That's vastly different to having all internet activity tied to an IP/account/person in vast, ever increasing, NSA/GCHQ/lots of other databases then going on a big back trawl every time a name comes up.
I've got a few questions, and their puffy news post doesn't answer them:
* Is this a real VPN service, or simply an HTTP/HTTPS proxy?
* Is DNS resolution also securely handled through the tunnel, or does this stay in the clear?
* What region(s) is their VPN service located in?
* Is it possible for other software to use this tunnel in any way?
Upon first reading, this doesn't seem very different from their old "accelerator proxies" which compressed HTTP traffic into a binary format, and reduced image detail/resolution, but with a new marketing spin and those old features removed or disabled.
* Is this a real VPN service, or simply an HTTP/HTTPS proxy?
* Is DNS resolution also securely handled through the tunnel, or does this stay in the clear?
* What region(s) is their VPN service located in?
* Is it possible for other software to use this tunnel in any way?
Upon first reading, this doesn't seem very different from their old "accelerator proxies" which compressed HTTP traffic into a binary format, and reduced image detail/resolution, but with a new marketing spin and those old features removed or disabled.
Just installed it, and looks like you get, Canada, US, and Germany as options for the VPN. Tiny text below the enable button has this:
"Secure proxy provided by SurfEasy Inc., an Opera company based in Canada. By using the service you accept the Terms of Service. VPN connects to other servers around the world so your connection speed might be affected."
My only gripe with it so far is the VPN is across all tabs, so I have to switch it off to access some of my office VPN sites
"Secure proxy provided by SurfEasy Inc., an Opera company based in Canada. By using the service you accept the Terms of Service. VPN connects to other servers around the world so your connection speed might be affected."
My only gripe with it so far is the VPN is across all tabs, so I have to switch it off to access some of my office VPN sites
Interesting, how did you try it?
I just installed the Opera developer version and can't seem to find anything to enable or configure VPN usage.
I just installed the Opera developer version and can't seem to find anything to enable or configure VPN usage.
Top left 'Menu'-> Settings -> Privacy & security, about middle of that page has 'Enable VPN'
After you do that it shows up in the address bar beside the SSL lock
After you do that it shows up in the address bar beside the SSL lock
[deleted]
DNS is not leaked, it's a https proxy and opera passes URL there without any local resolution.
Is there a source for this claim (e.g., document from Opera, personal testing such as with Wireshark, etc.)?
Are the OS overrides for DNS entries (e.g., hosts file) used at all in this case?
Are the OS overrides for DNS entries (e.g., hosts file) used at all in this case?
Source is tcpdump on my Linux localhost.
Host file is parsed and honored.
After one start Opera can work even with empty resolv.conf
that would be really handy if browser listens a port to proxify other applications
Couple with native adblocking I'm very tempted to switch browsers (from FF) and probably do so when available. But it just sounds too good, what is the catch?
I switched to opera on Linux recently as Chrome and then Firefox had gotten a bit slow or unstable for me as of late. Have to say, I am very pleased. It's tidy, fast and integrates in pretty well on Linux. It's also featured packed without the agonizingly long startups Chrome was giving me.
I know they monetize with ads and such, but I haven't found them intrusive at all. I think one of their major sources is that they have a kind of Flipboard-esque feed of news articles on your home screen at the bottom. If that is where they do their advertising then it's a model of how to do it IMO. I've found that the articles it shows are genuinely things I want to read and it's not intrusive at all; in fact I'd miss it if it was gone.
I know they monetize with ads and such, but I haven't found them intrusive at all. I think one of their major sources is that they have a kind of Flipboard-esque feed of news articles on your home screen at the bottom. If that is where they do their advertising then it's a model of how to do it IMO. I've found that the articles it shows are genuinely things I want to read and it's not intrusive at all; in fact I'd miss it if it was gone.
Yeah people give the new Opera a pretty unfair rap, it's a good browser.
I'm not a specialist, but you can start by researching how the Opera company makes money.
It would seem to me a possible future "catch" would be that they could charge selected advertisers to let their ads through...
From their own FAQ: http://www.operasoftware.com/press/faq
From their own FAQ: http://www.operasoftware.com/press/faq
"How Opera makes money"
Opera provides cloud-based mobile services and
solutions to operators, publishers and advertisers
and enables hundreds of millions of consumers, via
the Company's global cloud infrastructure, to
connect to the internet content and services that
matter most to them. Along those lines, Opera has
different revenue models, depending on the
customer type:
*Operators.*
Opera's revenue sources from this
hosted solution include active user fees, data
fees, NRE/development fees, hosting services,
advertising and maintenance, and support.
*Mobile consumers*
(via partnerships with search
providers and advertisers). The primary driver of
mobile consumer revenue is revenue from mobile
search, the Opera Mobile Store and active user
growth.
*Mobile publishers and advertisers.*
Revenue comes
from Opera's mobile advertising services and
technology solutions, offered to premium and
performance advertisers, ad agencies, publishers
and developers.
*Device OEMs.*
Revenue comes through license
agreements with a wide range of
consumer-electronic-device OEMs.
*Desktop consumers.*
Revenue comes primarily from
search and e-commerce partnerships.Thanks, this same announcement says though that Opera now has Support for adding a personal ad blocker list. I don't think they would add this feature to just circumvent later, imho it would do more harm than good for their business.
If they don't want to push me using their other services putting their hands on and selling my data, while working on secure and anonymous browser that would be really nice. Sadly I don't see there is money in a product/service like that.
If they don't want to push me using their other services putting their hands on and selling my data, while working on secure and anonymous browser that would be really nice. Sadly I don't see there is money in a product/service like that.
Yeah, it's becoming more and more interesting. What would kill my interest is if it ends up being bought by a Chinese company, though.
It has been... See https://news.ycombinator.com/item?id=11177438
Add inherited from Chrome dev console and awesome logo! ;) I'm trying to use it as main browser today. Only annoying thing is [x] button on the left side of the tab.
"a native, unlimited and free VPN client, right inside your browser!"
Serious question: Money wise, how are they able to afford this?
Serious question: Money wise, how are they able to afford this?
Data of course! Opera (the company) are one of the big players in mobile advertising. They have their own mobile ad platform [0], and a few years ago acquired a couple of agencies that specialise in mobile advertising [1].
[0] http://operamediaworks.com/
[1] http://techcrunch.com/2012/02/16/opera-snaps-up-mobile-theor...
[0] http://operamediaworks.com/
[1] http://techcrunch.com/2012/02/16/opera-snaps-up-mobile-theor...
If they can support a secure, adless, anonymous desktop browser for PR exposure by relying on the mobile version displaying ads I would be ok with that.
This is exactly what I fear. It's still a useful service but I believe Opera should say clearly what they do with the data they handle.
Connection is encrypted
To their servers.. Allowing any non end-to-end encrypted information to be harvested at Opera's VPN point.
Or your provider, or Opera, or own server with VPN. For majority of people setting up own server is too complicated, so it's much better than nothing, especially when you are in place where you can use only non-secure wifi network.
As of now it's working in China. I'm able to access Facebook/Twitter/Youtube/Google without my normal vpn or ssh tunnel. Will be pretty useful if it stands up to the constant changes. Great work!
I bet it will be blocked soon.
Doesn't this just move trust from your ISP to whomever runs the VPN?
Yes, but if you live somewhere that definitely surveils your communications or prevents you from accessing certain content, a VPN is a good way to browse as though you were physically located somewhere more permissive.
"If you're not paying for the product..."
If country is blocking websites, they probably will block that VPN service as well (and possibly Opera website).
Why this thing is called VPN anyway? It looks like HTTP proxy should be enough for browser.
Why this thing is called VPN anyway? It looks like HTTP proxy should be enough for browser.
What stops someone from making a Firefox plugin that (ab)uses Opera's free VPN?
Ultimately, nothing. They could still aggregate your usage data, though, and not necessarily be out anything investment-wise, compared to using the Opera client proper.
There’s a few things that would (probably) stop this from working, but it is possible that the new Opera-based implementation is different than when we implemented it (the proxy version) as a custom Firefox browser back in 2011–2013.
Just tried out the developer version (http://www.opera.com/developer - built-in VPN and ad blocking is currently only available in the developer version of Opera). Both the ad blocking and the VPN works great in the few sites I tested. I especially love that turning the VPN on doesn't require any type of login.
"This is why we today have more engineers than ever before working on new features for our desktop browser."
Is this true or just PR BS? Because my understanding is that they had laid off most of the desktop browser team a few years ago and there were only a few left working on it.
Is this true or just PR BS? Because my understanding is that they had laid off most of the desktop browser team a few years ago and there were only a few left working on it.
Now they're based on Blink, so the they don't have to work on the core features of a browser engine. I imagine that means they have more engineers working on what they class "features for our desktop browser" as in user facing features, rather than W3C spec implementation.
Opera does still contribute quite a lot to blink/chromium (check out https://operasoftware.github.io/upstreamtools/ which lists them), though the gist of what you've said still stands.
They laid off most of their presto team but they did higher more for the new blink browser. It doesn't matter anyway I'm sure the Chinese buying would have given them a temporary revenue
To sell your web history themselves.
The VPN is also in Canada, a https://en.wikipedia.org/wiki/Five_Eyes country, so in addition to selling your web history they'll also turn it over to any govt agency with no warrant or even notifying you.
An interesting angle is that this might prevent big companies, government agencies, schools etc to disallow just of opera if it was ever possible in the first place. Poor they'll just block the IPs with their usual web filter software and none of these promises behind true. Might work for private use in non-repressive countries, but anywhere else it will face the same blocking as any other VPN. Still a great initiative!
I think this is a great idea, in part because it makes it super easy for the less technically minded to secure their public internet traffic. It also brings VPNs and network security discussion more into the public eye.
There's another article at https://news.ycombinator.com/item?id=11540648, which discussion we merged hither.
I have been using this build today and like it. My only minor gripe is the selection of only 3 locations for the VPN. This one doesn't so far from what I see but then again, it is free.
The "VPN" feature doesn't get through my work's firewall, so I guess that works mostly in your own home or less secure public networks...
With the VPN enabled, I am able to resolve local network computer names and domains that reside in my work's local DNS only?
How is this resolution working?
How is this resolution working?
The performance is quite bad at the moment. It takes 5-7 seconds to load google.com using either the Germany or US location - from Sweden...
I know they have no incentive to do this, but it would be nice if they let you configure alternate VPN providers. This is a really clean VPN UX.
Just to sell All your web history themselves.
Sounds pretty good, but I still wouldn't trust it with anything more than a YouTube video.
Definitely slows down browsing but it is simple/easy/free so I would expect as much.
There are too many reasons to keep VPN separate from a browser to list here.
In VPN mode I got 184.75.221.xxx - Toronto
In Turbo mode 107.167.108.xxx - US
slightly off topic, but does anyone know a good proxy-as-api service? the ones I've seen are either really bad, or really, really expensive.
How does the Chromium Opera compare to Chrome?
Very slow in US
I love this.
Better online privacy? Ridiculous!!! It is just a honeypot. As the most notorious company which good at stealing people's privacy, in China no one trust Qihoo360 (opera is acquired by Qihoo360). Qihoo360 is the pet and lackey of Chinese communist party. Go to hell!
We detached this comment from https://news.ycombinator.com/item?id=11541610 and marked it off-topic.
Ridiculous!!! It is just a honeypot. As the most notorious company in China, no one trust Qihoo360 (opera is acquired by Qihoo360). Qihoo360 is the pet and lackey of Chinese communist party. Go to hell!
This comment breaks the HN guidelines. If you want to make a point here, please do so civilly and substantively.
https://news.ycombinator.com/newsguidelines.html
https://news.ycombinator.com/newswelcome.html
We detached this comment from https://news.ycombinator.com/item?id=11540857 and marked it off-topic.
https://news.ycombinator.com/newsguidelines.html
https://news.ycombinator.com/newswelcome.html
We detached this comment from https://news.ycombinator.com/item?id=11540857 and marked it off-topic.
I really want to like Opera, but I won't be using it until its open source, full stop.
Free as in free 500MB and then you have to pay.
Source? The article says it's unlimited.
This is a game changing feature and I hope other browsers follow suit, I would love to see it implemented in the mobile version especially.
Really? I am all for it, but in 2016 putting an extra server in the middle of my request isn't really a game changer. Brave is leading the charge with extensions as a service, and I love them for it. However, I just can't see it being profitable. Brave can def make money, but I don't think people care about privacy. The other usecases make sense, but between opera or brave (both totally unknown companies to non tech crowd) Brave would for sure win that.
In Opera's case, one more person would get "all" the data. In all other cases, 1-3 companies get all the data. So it's good, I just can't call it a game changer.
In Opera's case, one more person would get "all" the data. In all other cases, 1-3 companies get all the data. So it's good, I just can't call it a game changer.
"Game changing"? No. This doesn't actually change the game at all.
Any specifics of what type of VPN protocol its using?
>Any specifics of what type of VPN protocol its using?
According this chart of vpn's, OpenVPN
That One Privacy Guy's VPN Comparison Chart
https://docs.google.com/spreadsheets/d/1FJTvWT5RHFSYuEoFVpAe...
edit: Name of the service is SurfEasy
According this chart of vpn's, OpenVPN
That One Privacy Guy's VPN Comparison Chart
https://docs.google.com/spreadsheets/d/1FJTvWT5RHFSYuEoFVpAe...
edit: Name of the service is SurfEasy
Thanks!
If they are bought out by the Chinese, does using this mean the new Chinese owners will see all your traffic?
Since Opera is still a norwegian company, they still will need to abide by norwegian data privacy laws.
SurfEasy (the provider of the service) is a Canadian company, so it follows Canadian data privacy laws (which are pretty good; when I worked there, Michael Geist was an advisor).
They were--see tomkwok's comment above.
If the traffic is encrypted then they wouldn't see into it, but it would go through their servers, so in worst case scenario you'd be surfing from behind the Great Chinese Firewall
The traffic is encrypted between you and the server. They control that server, where it gets decrypted to be sent out over the public internet (where it may be encrypted or not depending on the site). You've introduced a man in the middle. You must trust that man (but that man also already controls the source code for your browser, which can also see all your traffic).
[deleted]
Is this the same Opera that was recently purchased by a shady Chinese consortium? [1]
1:https://www.theguardian.com/technology/2016/feb/11/browser-m...
1:https://www.theguardian.com/technology/2016/feb/11/browser-m...
I am thinking that announcing this feature may be a tactic to win back consumer trust or in the least attract new customers who are not familiar with the potential buyout.
It hasn't been purchased yet; the buyout deal is yet to go through AFAICT.
So I guess this an attempt to add value to push the deal through.
Opera has a long history of adding innovative browser features. There's no reason to think that this has some kind of ulterior motive related to a rumored sale.
The VPN is operated by "SurfEasy Inc., an Opera company based in Canada".
Just tested it and it worked flawlessly to watch a YouTube video that has been blocked in my country. [Edit: Netflix seems to block SurfEasy already. Sad.]
Just tested it and it worked flawlessly to watch a YouTube video that has been blocked in my country. [Edit: Netflix seems to block SurfEasy already. Sad.]
They didn’t exactly get a standing ovation the last time¹ they were mentioned on here though (for good reason… if they’re offering a service to help protect people’s privacy, it seems a bit odd that they’d opt to compromise said people’s privacy by having multiple trackers on their website).
――――――
¹ — https://news.ycombinator.com/item?id=10700792
――――――
¹ — https://news.ycombinator.com/item?id=10700792
I'd mainly be worried how said VPN is using the subscriber data and what is their policy on storing access logs. But even they promise to not track you how would one even hold them to account considering that they must have an interest in the data due to their adtech part of how the parent/sister Opera company makes its money.
BTW, apparently in order to purchase anything (e.g. to try out YouTube Red -- which checks your Google Payments data) you may still need a credit card matching the country.
This bit me when I tried purchasing foreign versions of games on Steam before (which pre-digital distribution was possible via imports but now tends to suffer from region locking).
This bit me when I tried purchasing foreign versions of games on Steam before (which pre-digital distribution was possible via imports but now tends to suffer from region locking).
As far as Steam is concerned I used Entropay for virtual pre-paid debit cards. I live in the middle east and it happily validated any US address. Entropay does take a 5% commission if you top-up with a credit/debit card however.
If I use this though, will Netflix block me from accessing any content?
Netflix blocks you from accessing all content if you are behind any sort of proxy or VPN.
How do they detect that you are using a VPN?
They have a list of VPN providers.
Probably they also have some heuristics that look closely at people who geoip in a different country than their billing records, and whose IP address seems to be in a colo rather than a DSL subscriber block.
Probably they also have some heuristics that look closely at people who geoip in a different country than their billing records, and whose IP address seems to be in a colo rather than a DSL subscriber block.
>Probably they also have some heuristics that look closely at people who geoip in a different country than their billing records
I have paid for American Netflix for years and years but I'm forced now to watch Dutch Netflix because I live there. It's not based on where you pay but where you are.
I have paid for American Netflix for years and years but I'm forced now to watch Dutch Netflix because I live there. It's not based on where you pay but where you are.
This is why I would love to see a Visa card that anonymises you to corporations, but not necessarily the government - and available to those overseas. Don't suppose such a thing exists?
Edit: Scratch that. What I'd like is a high speed consumer cable account that I could proxy into.
Edit: Scratch that. What I'd like is a high speed consumer cable account that I could proxy into.
What you need is a friend abroad and a raspberry pi.
I have a raspberry pi attached to the wall of a home which is not my own. It's in a country where I occasionally want to be (in a geoip sense of "be"). The rpi maintains a VPN connection to me, so I can reach it even though it's behind a NAT middlebox that knows nothing about it.
I have a raspberry pi attached to the wall of a home which is not my own. It's in a country where I occasionally want to be (in a geoip sense of "be"). The rpi maintains a VPN connection to me, so I can reach it even though it's behind a NAT middlebox that knows nothing about it.
You realise that you could have just given HN a new startup?
I'd gladly pay someone to access a portion of their bandwidth - at least enough that I could stream content.
I'd gladly pay someone to access a portion of their bandwidth - at least enough that I could stream content.
That's great.
Potential founders should consider the costs of providing tech support for a tunnel that crosses two NATboxes, both controlled by strangers.
Potential founders should consider the costs of providing tech support for a tunnel that crosses two NATboxes, both controlled by strangers.
If you can remotely login to the box, it wouldn't be that bad. And if you can lock down the box physically then it would be pretty tamper proof.
Anyway, it was just a thought. It's possible it's impractical :-)
Anyway, it was just a thought. It's possible it's impractical :-)
A danger is that stranger will abuse your connection to send spam or even worse things. And you might have a visit from police. Also, I'm sure, reselling your home connection is forbidden by your provider. So it's kind of grey zone.
It could be restricted to a set of domains and only allow HTTP and DNS traffic.
"AirVPN"!
See illuminati vpn network.
Just buy a Visa or Amex gift card with cash. It's a normal credit card number you can use online and some of them can be reloaded. Sometimes not reloading is best, so your subscriptions won't auto-renew and you can cut your paper trail by opening a new account with a new credit (gift) card.
Just discovered Netflix gift cards, delivered through email. Awesome!
https://www.amazon.com/gp/product/B00YD563L8/gcrnsts
https://www.amazon.com/gp/product/B00YD563L8/gcrnsts
I am running a VPN on my own server to access content, and the server is on the same timezone.
I stopped my Netflix subscription a month ago because they started blocking me.
I would say the IP checking against datacenter block is the most plausible, but I also remember seeing a link on HN showing how to detect VPN usage through MTU size, so that could be a possibly more involved solution ... It would probably be way too much work to implement on top of their infrastructure though, when IP block checking must be good enough.
I stopped my Netflix subscription a month ago because they started blocking me.
I would say the IP checking against datacenter block is the most plausible, but I also remember seeing a link on HN showing how to detect VPN usage through MTU size, so that could be a possibly more involved solution ... It would probably be way too much work to implement on top of their infrastructure though, when IP block checking must be good enough.
your browser timezone isn't going to change just coz you're using a VPN
On Firefox you can use Random Agent Spoofer:
https://addons.mozilla.org/en-US/firefox/addon/random-agent-...
https://addons.mozilla.org/en-US/firefox/addon/random-agent-...
If not already, probably soon. Being free and probably popular...this service will hit the radar for Netflix, Cloudflare captcha hell, etc, in fairly short order.
SurfEasy does not store users originating IP address when connected to our service and therefore cannot identify users when provided IP addresses of our servers. Additionally, SurfEasy cannot disclose information about the applications, services or websites our users consume while connected to our services; as SurfEasy does not store this information.
However, further down, you have this:
SurfEasy is required to comply with law enforcement where subpoenas, warrants or other legal documents have been provided. We may collect and disclose personal information, including your usage data, to governmental authorities or agencies, including law enforcement agencies, at their request or pursuant to a court order, subpoena or other legal process, if there is a good faith belief that such collection or disclosure is required by law.
At this point I'm not quite sure what to make of the above two combined together.
[0]: https://www.surfeasy.com/privacy_policy/