On Jan 9, 2009, Hal Roberts reported that 3 three of the circumvention tools sells user data. The only one that I reviewed and recommended is GPass, and as I reported, it wasn't really working recently.
I'm not surprised as I never trusted anybody. These guys are the least trust worthy; just one step up from some anonymous person having some server capability hosting a CGI script. I am a little surprised that they publish aggregate data freely on partner websites, and even openly offer to sell confidential data for a fee, and only if you pass THEIR strict screening. This is sad as nobody even have a privacy policy on their websites.
The other confirmed sad news is that they actually store individual user logs, which by law they don't have to. But since they do store, by law LE like FBI can request for it, and they had been cooperating. The advantage of US freedom is again lost. In contrast there are Data Retention law in most EU countries.
Nothing important is lost, as I never use them alone, and I never invite the attention of FBI.