VPN deals Advertisement

How Safe Is Tenta browser?

What is Tenta browser?

Tenta is a new Android browser with a deep focus on privacy. While most browsers monetize their service through advertising and harvesting user data, Tenta does things differently. Tenta provides OpenVPN within the browser, so that users are completely secure. In addition, Tenta never stores user keys on any of its servers for extra security. Think of a VPN and a browser on incognito mode all rolled into one and you start to get an idea of the browsing experience that Tenta provides.

To say I was excited to give Tenta a try is an understatement. As soon as I heard about it, I was incredibly eager to put it through its paces. Will the free built-in VPN perform at the optimum levels necessary for streaming in HD? Or will it be slow and suitable only for WiFi security and unblocking things like online banking services? Considering it is free, even the latter wouldn’t be that bad. However, I have to admit that I'm hoping that it performs really well. Without a doubt, the seamless integration of privacy tools into a single browser is something that offers great usability and gives Tenta a unique appeal.

Tenta Features

Proprietary Incognito Technology

Another selling point is the fact that Tenta uses Smart Incognito™. This is designed to allow users to access their bookmarks, history, and downloads, and keep windows open between sessions, always incognito.

As such, with Tenta you get the privacy of incognito but the functionality of a regular browser. Founder Jesse Adams comments:

“For Tenta to be successful as a browser, the core feature of browsing privately and securely should be free. And it's not just your traffic that is encrypted with built-in OpenVPN, but think about all the other browsing data that is traditionally not hidden such as your bookmarks, downloaded files or even keeping tabs open to view later. 

"Incognito mode and VPNs do not effectively keep your entire personal browsing experience private. We encrypt and block access to ALL of your browsing data. We take a zero knowledge approach to your data. In fact, your keys are never stored on any servers for additional security, which means we are simply unable to provide access to your account to anyone. And again this is what the free version offers.”

Limits or Restrictions

What seems truly remarkable is that, unlike most free VPNs, Tenta says it does not intend to put any bandwidth limits or usage caps on the built-in VPN service. This is commendable and certainly could help to propel Tenta’s ingeniously marketed VPN into the limelight (within the highly competitive and crowded VPN market).

“Zones”

One cool feature is the browser’s ability to connect to different VPN servers in different tabs in the browser (referred to as zones). In the beta, there are only four servers to choose from, located in Seattle, Miami, the Netherlands, and Singapore. However, if and when Tenta expands this list of server locations, this could be a really excellent feature that really adds usability value. Imagine, for example, being able to unblock Australian TV while doing geo-restricted internet banking securely on public WiFi, and you get the idea.

Built in DNS Options

As testament to Tenta’s will to be a high-end privacy tool, its designers have even integrated interchangeable DNS settings into the browser. This is a nice addition, and is something that is not the norm in the VPN industry. Jesse Adams says:

“We're working on adding support for fully custom DNS server selection, allowing you to put in the IP of any DNS server you like, if our options don't suit you.”

To access it, click on either the flag or the blue pin in a tab to get the drop-down menu.

Setup Tenta Browser

Tenta Browser is still in public beta and is only available on Android. In addition, you have to be logged into the Google Play Store to get access to the free app. The app downloads quickly and installs with ease. It looks great right from the outset. The logo is extremely cool: a digital chip-track-tentacle octopus wearing a stetson - who could argue with that?

The first thing a user has to do is set a PIN. Users are warned not to lose it, or they will be locked out of their Tenta browser. Once a PIN is set, users can begin their browsing experience. By default, the browser is set to local network and works like any other browser in incognito mode. By clicking on settings in the top right of the tab (this appears as a flag when connected, or as a blue pin when on a local network), subscribers get access to a number of setting, including the VPN servers.

Those settings are:

  • VPN servers: (Miami, Seattle, Netherlands, and Singapore).
  • DNS: (Google DNS, OpenNIC, Level 3, OpenDNS Custom).
  • Search engine: (Google, Yahoo, Bing, DuckDuckGo, and StartPage).
  • “Download without asking” - can be toggled on or off (comes off by default).
  • “Close all tabs now.”
  • “Delete zone.”
  • “Notification” - manage web notifications.

Tenta is a proprietary VPN system that allows multiple connections to be opened in separate tabs. It does this by firewalling everything but the browser from the VPN tunnel. For this to be a successful product, however, it needs to do those things securely.

Group Sites by VPN Location (Zone)

A cool feature that is built into Tenta is the ability to group pages by location. Tenta calls these groups ‘zones.’ Setting a new one up is as easy as a couple of taps on the touch screen. On its website, Tenta describes the feature as follows:

“Tenta's Zones are our proprietary method of grouping your tabs by server location. Have one Zone of tabs securely connected to Amsterdam, while another is simultaneously connected to Miami. Or Seattle. You can even have custom settings for each Zone, giving you unparalleled control over your browsing activity. All with just a couple of taps.”

The zones feature is certainly novel, and allows users to connect to different websites in different locations simultaneously. I tested it by setting up a Miami and Netherlands zone and testing with ipleak.net in each zone. I was happy to find that I did get a different (transparent) IP address in each “zone.”

Other Features

For now, a kill switch is not available, which is a bit of a shame. A kill switch stops any web traffic from traveling outside of the VPN tunnel to stop data traveling to a user’s ISP, should the VPN connection drop out. This is without doubt an important tech feature that will be needed to make Tenta’s security top notch. The good news is that the Tenta developers do have it in the pipeline. However, do bear in mind that until then, if the VPN connection drops, it could lead to unencrypted traffic from a user’s real IP being leaked to their ISP.

Is Tenta browser Secure?

Due to the fact that Tenta is closed source, I was very keen to ask about the implementation of OpenVPN on the platform. Of course, for now, we only have Jesse Adams' word for it. However, in my opinion, Adams seemed to really know what he was talking about when he answered my questions. The encryption implementation levels that he described are definitely strong, so I can give Tenta a thumbs up. These are the specs:

  • OpenVPN for secure connections and encrypting all inbound and outbound connections to the web (depending on configuration).
  • Transit metadata (OpenVPN control channel) - TLS 1.2 DH key exchange, AES-256 with SHA-384 authentication. 2048bit RSA keys.
  • Transit data (OpenVPN data channel) – AES-256 with SHA-512 authentication.
  • Service APIs: TLS 1.2 Elliptic Curve DH key exchange, AES-256 with SHA-384 authentication. 384bit EC keys.
  • As an added security feature, we enforce authentication on ZONE servers, to make sure only Tenta users have access.

Elliptic Curve DH key exchange means that Tenta implements perfect forward secrecy. Considering users get this for free (and that Tenta is still in beta), this is pretty mind-blowing, and certainly puts a lot of established VPNs to shame.

DNS Settings

One thing that I could test for myself is the customizable DNS settings. Available options are: Google, System 3, OpenNIC, and OpenDNS (with Custom also in development). I tested Tenta Secure DNS and OpenNIC using ipleak.net and on both occasions the website detected California Google Business DNS addresses. This worried me a little.

However, a bit more testing revealed it to be a beta bug. Basically, beta users who want to change DNS may need to restart their Android device and then change DNS settings. After that, simply connect to a server and you should have the correct DNS settings (though I do recommend checking to make sure they have changed correctly by using ipleak.net).

Once the DNS has changed successfully, Tenta remembers the setting and I found it to be stable. I also detected no DNS leaks once it was correctly set up.

Although having to restart your device to make sure DNS changes is definitely a bug, Tenta is still in beta, so it can be forgiven. Following my tests, Jesse Adams told me that:

“OpenNIC is the default DNS service provider when connected to any of our VPN locations, for now. We'll transition to using our Tenta DNS which provides some advantages, including DNS-over-TLS and DNS-over-HTTPS soon. However, we found that our development Tenta DNS servers weren't capable of handling our production load, which resulted in a mish mash of fallbacks. We've unified this to OpenNIC for now, and we'll be rolling out Tenta DNS as we finish it.

"We also acknowledge that we had OpenDNS mislabeled as OpenNIC in the zone settings. This is fixed in a release going out today/tomorrow. Thanks for pointing this out.”

When I selected OpenNIC I got just one DNS address:

Overall, DNS settings on Tenta are for now a little bit of a concern. This is definitely something to keep an eye on if you intend to use Tenta.

Is Tenta browser fast?

Perhaps the most disappointing thing about the Tenta browser is connection speeds. I tested the servers in Miami and Amsterdam using testmy.net. When I tested it, the download results were really poor. I tested the Miami server using a test server in New York, and the Amsterdam server from a UK test server. As you can see, my base speed test was around the 50 Mbps mark locally, and a little below that using the New York test server. On both occasions, the download speeds using Tenta averaged about 5 Mbps (and were as low as 3 Mbps). As always, I tested each server five times to be sure.

Upload speeds also took a bit of a dive. This is something that Tenta is going to have to seriously upgrade if they want to compete in the crowded VPN market. Most VPNs don’t actually have their own infrastructure of VPN servers. For this reason they rent their servers from trusted providers. The best VPNs rent Tier 1 servers that provide a minimal loss (perhaps 20%) of speed (and even less at times).

With such slow connection speeds, there is no doubt that streaming would be a bit of a nightmare. Still, Tenta is in beta and it is free, so this still remains a good VPN for keeping you secure on public WiFi. However, we can only hope that Tenta manages to upgrade the service before it is out of beta. Not doing so could be a serious pain point.

Conclusion

It is still early days for Tenta, and the firm has only just made its software open source. However, if the implementation all checks out when it is properly audited - then Tenta is certainly a highly interesting free browser with strong integrated OpenVPN.

Sadly, four servers (in just three countries) isn’t really enough to compete in today’s VPN market. However, being able to unblock the US and Netherlands most certainly has its advantages. Unfortunately, speeds are much too slow to compete in the competitive VPN market. Connection speeds are a number one priority to most people, so this is an area that isn't going to win Tenta many fans.

For free, however, this is an excellent browser that is only set to get better when it straightens out the few kinks it is suffering from. All in all, Tenta is feature-packed, and secure, with carefully considered usability. Definitely one to keep your tentacles on for the future!

Written by: Ray Walsh

Ray Walsh is one of BestVPN's resident VPN experts. Ray is currently ranked #1 VPN authority in the world by agilience.com. During his time at BestVPN.com Ray has reviewed some of the world's foremost VPNs. Ray is an advocate for digital privacy, with vast experience writing about the political and social aspects of infosec, cybersec, and data privacy. Find him @newsglug on Twitter.

0 Comments

There is no comments.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.