Living as I do in Shanghai (i.e. behind the Great Firewall), and having spent a decade at Mozilla in the browser segment of the technology world, these recent moves by Opera to add VPN features to their browser and to smartphones themselves are very interesting and leave me with a number of questions around data privacy and corporate governance in China.
In April of 2016, Opera added a VPN feature in their browser such that you could route traffic from that one app through Opera’s servers. This month, in May, Opera has released an iOS app which purportedly routes all of your iphone traffic through their servers. This came from Opera’s acquisition of SurfEasy in 2015. I have downloaded both and have tested both and they work as advertised.
This VPN feature is a very smart move by Opera. VPNs are a key feature for many users around the world who need them for various reasons such as using blocked services from China, for watching your Netflix account if you are overseas, more private browsing, etc. More and more web sites and services are using geo-ip checks to prevent fraud and abuse and as such VPNs will only become more important. For those of us in China, VPN access is a regular discussion (whether our VPNs are working well, etc.)
The VPN feature is also a smart move by Opera because browsers are largely interchangeable these days, so having this feature in place is a large differentiation. (One of Chrome’s key differentiation features is their automated translation, which is not easily or cheaply copied.) Commercial VPN services average around $5/mo. but Opera can lower costs of running this feature because they do this already for their Opera Mini service.
It also has been reported that in February of 2016, Opera has been sold to a Chinese consortium including Qihoo 360 (a notorious firm led by an iconoclastic entrepreneur- a longer discussion for a different blog post), Internet firm Beijing Kunlun and investment group Golden Brick and Yonglian. If Opera is now a “Chinese” company (and I don’t know that the deal has closed yet but am writing with the assumption that it will), how will that affect their strategy vis-à-vis these VPN features/products?
If “Foreign-run” VPNs are illegal (at least as reported by the Global Times) in China (as far as I know, even though they are widely used, even recently in public by Fang Binxing the ‘architect’ of the Great Firewall himself) does it matter that a new Chinese consortium is providing a VPN to any user of the Opera browser or to any iPhone user (including the millions of iPhone users in China?) More importantly, to run a VPN is to be able to see the traffic you are routing. Yes, traffic hidden via https is hidden but urls are not. So ‘Opera China’ will have an intimate view of the traffic of their VPN users worldwide, but also specifically of those within China.
I’ve been in the technology industry long enough to know that the vast majority of users care mainly about free services and are quick to give up privacy for free services (see any service that is ad-based.) If you care about your own data privacy, but require VPN services, know that Opera is (will be?) a Chinese entity. With the well-documented increasing pressure the Chinese government is putting on media both online and offline (the April 2016 shutting down of Apple’s media offerings in China is only the most recent and high-profile action) it is unclear to me whether to trust Opera’s VPN services moving forward.
Commercial VPN providers regularly post information about whether they “keep logs” and Torrentfreak has compiled information about popular VPN services. Opera will need to share information about their VPN data-handling practices in the near future to assuage the privacy-paranoid among their users.
Thanks to MB, DG, DL, and CP for their feedback for this piece. All errors are mine alone.