Canada’s Tunnelbear claims to have around 22 million users, placing it among North America’s biggest Virtual Private Networks (VPNs). And it’s easy to see why. Solid encryption, a generous free trial package, and a simple, really accessible client add up to an appealing product, especially for entry-level VPN users.
However, could those bells and whistles be hiding some nasty security-related surprises? Many VPNs seem great on paper. Their marketing could be professional, with flash graphic design, catchy taglines, and good-looking interfaces. But when you dig under the surface, some worrying facts can appear. So is TunnelBear safe? Let’s see if it has what it takes to serve as a reliable entry-level privacy tool.
Introducing TunnelBear: Core features in the security department
One thing readers should know right off the bat: TunnelBear is no longer an “independent” VPN. In 2018 McAfee, one of the world’s biggest online security companies, bought TunnelBear. That’s not necessarily good or bad, but it’s essential to know about.
Having said that, the core features available with TunnelBear haven’t changed much. Here’s what it has to offer in the security department:
- Encryption that lives up to the standard
TunnelBear’s 256-Bit AES encryption is what you’d hope for from an elite VPN. So you can expect your traffic to be very hard to unpack, even if snoopers are around.
- “Always on” settings
This is a good idea that all VPNs should think about adding. You can set TunnelBear to load automatically as part of your OS startup. That way, you won’t have to rely on remembering to fire up your VPN client before surfing the web.
- Vigilant Mode
TunnelBear’s version of the Kill Switch, Vigilant Mode will cut off your connection momentarily if your VPN coverage fails for any reason.
- No advertising
Even the TunnelBear free version doesn’t include ads, which can’t be said about many free VPNs. Instead, the company currently makes all of its revenue from paid subscriptions, so there’s less incentive to implant tracking cookies or use services to track user activity.
- Anonymous payments
Some VPNs only allow customers to pay via conventional methods like credit cards or – at a push – PayPal. None of those means are very private, which is why TunnelBear lets users pay via Bitcoin as well.
- DNS leak protection
TunnelBear uses its own DNS servers, which should ensure that your ISP has no idea of what sites you visit.
- The OpenVPN protocol
The protocols used by VPNs to transfer data have a major impact on your safety, and OpenVPN is as safe as it gets.
- Independent auditing
Another feature that sets TunnelBear apart – their code is independently checked to ensure it meets security standards. And they have published the audit outcomes to prove they mean what they say.
There’s a lot to love here, and some ideas that are extremely innovative. Not many VPNs are transparent about auditing, which is a breath of fresh air. And the nuts and bolts are all here: good encryption, their own DNS servers, and OpenVPN protocols.
Does TunnelBear keep logs? Investigating their “no logs” policy
The claims made by TunnelBear certainly suggest that you’ll be in safe hands when you use their VPN. As they explain on their website, TunnelBear operates a strict no-logs policy, stating that “At no point, and under no circumstances will TunnelBear log or sell your personal/usage data.”
- The IP address you use to access Tunnelbear servers
- Any IP addresses of users visiting the Tunnelbear website
- DNS queries made while using TunnelBear (ie the sites you visit)
- Data regarding the services or apps used by users while they are logged on
TunnelBear does collect a range of “personal data” relating to users, including their email address, payment details, Twitter ID (if applicable) and the package they have purchased. And the VPN records total data consumed per month by all users, not just free users (who are restricted to 500MB per day).
Moreover, the TunnelBear website uses an army of cookies, including Google Analytics trackers. But in reality, these are fairly harmless. For instance, they might sense which class of package you’ve signed up for so that TunnelBear can tailor its graphics.
Is there anything more sinister we should know about TunnelBear?
Given this information, the answer to “does TunnelBear keep logs?” would be yes, but not logs of activity inside the network. The logs are data obtained about accounts. However, this may be enough to compromise the service for some people. There are a couple of reasons for this.
Firstly, the VPN states that personal data will be provided to authorities “In the event TunnelBear is served with a valid subpoena, warrant or other legal document.”
Secondly, the VPN says that they “may send data to third-party service providers” for “understanding website analytics” – which could mean almost anything.
There are some other concerns as well. For instance, TunnelBear is located in Canada, a “5 eyes” country. So sharing data with American government agencies could be a worry.
On top of this, McAfee have taken over as the VPN’s parent company. John McAfee, the company founder once called his own antivirus tools “the worst products on the f**king planet”. But on the plus side, he’s militantly against NSA spying.
The verdict: Is TunnelBear Safe?
Basically, buyers are right to be worried about questions like “does TunnelBear keep logs?”, but don’t let anxieties get out of hand. We didn’t find too many major holes in their privacy and security policies. And the basic setup has plenty of handy features to keep users safe and sound.
Overall, TunnelBear compares favorably to other VPNs in its class, and you can see why it has so many admirers. But with the recent buyout, the Canadian location, and some fuzziness in their logging policies, we advise a healthy dose of skepticism.