SurfEasy riding the evolving privacy wave

25 Jun

surfeasy-vpnI had a chance to sit down with Steve Kelly, chief operating officer of Toronto-based SurfEasy, over the weekend, and we had a fascinating conversation that covered both the evolution of a tech startup and the current state of privacy.

SurfEasy started up about two years ago with the idea of making web surfing more private. The company’s initial product was a credit-card-like USB key that plugged into a computer, then launched a secure browser that enabled private surfing. It was ideal for people using unsecured wi-fi hotspots, employees who didn’t want their bosses spying on them at work, or even for regular Canadians trying to access geoblocked services such as Hulu. The browser masked the user’s location, meaning he or she could appear as if they were in the United States.

As nifty as the computer-based service was, the bigger fish to fry always seemed like mobile, and sure enough SurfEasy is now launching a new product for smartphones and tablets. With the ongoing controversy regarding the National Security Agency and its snooping on private citizens’ data without their knowledge or consent, it seems like the right product at the right time.

SurfEasy’s new product is all software based, so it’s easily downloaded onto your computer or mobile device (iOS and Android). That installs an encrypted virtual private network on your computer or device that blocks unwanted tracking or snooping. The plan for one tablet or smartphone costs $2.99 per month or $29.99 a year, while a five-device license costs $4.99 and $49.99, respectively, with unlimited usage in all cases.

What the mobile app won’t protect users from, however, is anything they voluntarily sign into. So, if you’re logged into your Google or Apple account on an Android device or iPhone respectively, those companies will still be able to track whatever you do through their services. Similarly, wireless service providers will still be able to track your phone’s signal itself.

Everything else is up to the user and, if you choose to sign out of those respective Google and Apple accounts, the companies will gather a lot less information about you since all of your data usage is encrypted. Kelly says the product is using 256-bit Advanced Encryption Standard for Apple’s iOS and 128-bit Blowfish for Android, Mac and PC. Those are some pretty tough nuts to crack.

I always find the evolution of startups interesting, since virtually each of them inevitably tells of changing business models. While every company starts based around a good idea, the business eventually morphs as its principals find new, better ways to implement their core concept. SurfEasy is succeeding and growing, Kelly says, since it’s now up to about 20 employees with users in 55 countries.

The company may be hitting its stride at the right time, too, given the NSA’s PRISM scandal. As Ron Diebert, head of the University of Toronto’s Citizen Lab and author of the new book Black Code, mentioned to me last week, privacy concerns may be about to go mainstream as a result. More and more people are awakening to the fact that they’re bleeding huge amounts of information about themselves to companies such as Google and Facebook, which can then be accessed by authorities for no good reason.

Services that deliver corporate-level security – such as SurfEasy and its VPN app competitor HotSpot Shield – to every-day consumers in simple, easy-to-use ways appear to be on the right track.

Where things could get interesting is when Google and the like decide to respond. Encryption and anonymization are the natural enemies of such companies, which need users’ Big Data to thrive. What happens when they try to fight back against encryption?

Kelly and I verged into some fascinating territory here. Google certainly has the resources and the penchant for moon shots to crack encryption if it really wanted to, but as he said, why would the company want to? All corporate and government networks rely on encryption for their own privacy and safety – if somebody created tools to crack all of them, utter chaos would ensue.

Still, as history has shown, scientists are often oblivious to the inevitable results of their actions – many are consumed by the simple pursuit of science itself. The individuals working on the Manhattan Project, for instance, knew what their research would ultimately result in, yet they continued anyway. And still they were shocked when they saw the final product.

As physicist Kenneth Bainbridge said to J. Robert Oppenheimer after the exploding of the first atomic bomb, “Now we are all sons of bitches.” Could those same words be uttered some day somewhere down in Silicon Valley?


Posted by on June 25, 2013 in privacy


5 responses to “SurfEasy riding the evolving privacy wave

  1. VPNut

    June 25, 2013 at 9:03 am

    If you’re moderately technically capable, try this…

    Sign up for a free static domain that points to your home IP; they take care of when your ISP assigns you a new IP address on occasion. I used but there are others. For $20 I bought OS X Server from Apple, used the trivially easy control panel to add the domain, entered a long Shared Secret code, and turned on VPN.

    If your computer is behind a router, which these days most are, then you might need to open ports 1701 for L2TP and 500/4500 for IPSec. I haven’t tested if the Server would use UPnP to automatically open those ports because my older router is affected by the UPnP exploit (see for info).

    Then set up the iPhone/iPad with the matching settings in Settings > General > VPN. You can even set up multiple profiles if you’re so inclined. Once you’re past the login screen at the coffee shop, switch on VPN from the root level of Settings.

    I can’t comment on how easy it would be to set up Windows, Linux, or Android for VPN, but setting up the Apple stuff should be within the capabilities of most people. Setting up the router could be daunting but most gamers open ports all the time.

    Since I wanted OS X Server for other reasons, the total cost of a VPN solution to me is $0 in perpetuity. As everything is built into iOS, there are no additional apps to download and update.

    SurfEasy wants you to pay them to make the process that much easier and to use their bandwidth, which is fair. As we know, reducing the friction to try something goes a long way to ensure adoption.

    I’m all for anything that makes it difficult for the bad guys to mess with us (and I’m including our government).

    • A(nother) Yes Man (@elquintron)

      June 25, 2013 at 2:44 pm

      I agree with this, a home made VPN solution is becoming as easy as setting up your wifi at home. I appreciate what surf easy is doing, but it may be a short term business model, whilst user-made VPNs become common place.

      • VPNut

        June 25, 2013 at 3:55 pm

        Local VPN is great if all you want is security. SurfEasy also provides anonymity and can make you appear to be in another country to allow access to region-restricted content like Netflix U.S. with its larger library, or stream U.S. TV channels from their sites. I don’t think it works with media devices like Apple TV or Roku though. Perhaps I could use SurfEasy on my Mac and then have it act as a proxy for the ATV.

  2. VPNut

    June 29, 2013 at 12:16 pm

    I tried the free trial but it only gives you 500 MB a month. Tested transferring a few files. It appeared a bit slower, but tolerable. But 500 MB is hardly suitable to try streaming shows from U.S. networks or Netflix US, which is my primary motivation as a soon to be cord cutter, so I signed up for the $5/month unlimited plan. I figured, if it didn’t work I’d only lost $5. Looks like I lost $5.

    I tried transferring some large files and it appeared to work for awhile. Not anymore. After 5 attempts at using this for an extended time, it fails within minutes of starting up. Browsing, file transfer and streaming all start fine when it’s initially turned on but the transfer speed bottoms out after a few minutes. Can’t view any new web sites, file transfers slow to a crawl or even halt, streaming stops and times out. Then you can’t resolve any domain. Even disconnecting and quitting SurfEasy doesn’t restore my Mac back to its former health. The only solution is to restart the Mac.

    In addition, it seems to take over your whole network, including your local subnet so that traffic directed from another computer to the computer running SE on the 10.x.x.x network fails. VPN should be smart enough to keep transfers on the local network off the VPN.

    I have a ticket open with their support but since this product has been around for awhile, I suspect it’s not going to be resolved soon. Or perhaps the “unlimited” isn’t really unlimited. Anyway, I’m writing off my $5 investment.

%d bloggers like this: