Tenta is a new Android browser with a deep focus on privacy. While most browsers monetize their service through advertising and harvesting user data, Tenta does things differently. Tenta provides OpenVPN within the browser, so that users are completely secure. In addition, Tenta never stores user keys on any of its servers for extra security. Think of a VPN and a browser on incognito mode all rolled into one and you start to get an idea of the browsing experience that Tenta provides.
To say I was excited to give Tenta a try is an understatement. As soon as I heard about it, I was incredibly eager to put it through its paces. Will the free built-in VPN perform at the optimum levels necessary for streaming in HD? Or will it be slow and suitable only for WiFi security and unblocking things like online banking services? Considering it is free, even the latter wouldn’t be that bad. However, I have to admit that I’m hoping that it performs really well. Without a doubt, the seamless integration of privacy tools into a single browser is something that offers great usability and gives Tenta a unique appeal.
- Free VPN with no restrictions
- Can connect to different servers in different tabs
- AES-256 bit encryption for stationary browser data stored on the device
- DNS settings can be changed within the browser
- Strong OpenVPN encryption
- Slow connection speeds
- DNS settings buggy
- No killswitch (in development)
Tenta seems keen on providing the service for free, and, in theory, it is an excellent product. So, the fact that it is available without subscription is pretty awesome. So, what is the catch? The truth is that as far as I can tell there isn’t one! Tenta browser really does give out the software for free, and it only plans to monetize the service by allowing people to upgrade to a pro VPN package (eventually).
That upgrade will be a full-device VPN service that protects all apps rather than just data within the browser. It is those pro-plan subscribers who will create a source of revenue for Tenta’s developers. As such, the browser can be understood to be a loss-leader designed to tempt people into buying the full VPN service.
Not Open Source
One thing that rings alarm bells, is that Tenta browser is closed source. When it comes to security and privacy products this is a big no. This could severely hinder Tenta from being truly accepted for what it claims to be.
Personally, I do feel uncomfortable about it. I don’t see how anyone can verify what Tenta says about itself without being allowed to audit the code. With that said, Tenta is only in beta and when I interviewed Jesse Adams (one of Tenta’s founders) he was very forthcoming with details about encryption on the platform. This is very pleasing and a great sign (see below).
Open Source Eventually?
The good news is that Tenta says it intends to open up the privacy parts of its platform once it is out of beta (and in full circulation). The firm says:
“We do plan to open source the security and privacy code because we know that’s critical to building trust for this type of product. We’re still heads down to get through beta phase though, so it’s just a bit early to take that step. We’re on version 0.99.5 now and once we get out of beta, we will open up the code for 3rd party review”
This is certainly a time that we look forward to, and will be essential if the firm wants to be truly accepted as secure.
In order to start your experience, Tenta asks you to provide a PIN. This means that the browser is secured right from the get-go. Any history, bookmarks, and so forth that you might want to keep are all password protected. What is also good is that, according to the firm, the PIN never gets stored on Tenta’s servers, for added security.
Proprietary Incognito Technology
Another selling point is the fact that Tenta uses Smart Incognito™. This is designed to allow users to access their bookmarks, history, and downloads, and keep windows open between sessions, always incognito.
As such, with Tenta you get the privacy of incognito but the functionality of a regular browser. Founder Jesse Adams comments:
“For Tenta to be successful as a browser, the core feature of browsing privately and securely should be free. And it’s not just your traffic that is encrypted with built-in OpenVPN, but think about all the other browsing data that is traditionally not hidden such as your bookmarks, downloaded files or even keeping tabs open to view later.
“Incognito mode and VPNs do not effectively keep your entire personal browsing experience private. We encrypt and block access to ALL of your browsing data. We take a zero knowledge approach to your data. In fact, your keys are never stored on any servers for additional security, which means we are simply unable to provide access to your account to anyone. And again this is what the free version offers.”
No Limits or Restrictions
What seems truly remarkable is that, unlike most free VPNs, Tenta says it does not intend to put any bandwidth limits or usage caps on the built-in VPN service. This is commendable and certainly could help to propel Tenta’s ingeniously marketed VPN into the limelight (within the highly competitive and crowded VPN market).
One cool feature is the browser’s ability to connect to different VPN servers in different tabs in the browser (referred to as zones). In the beta, there are only four servers to choose from, located in Seattle, Miami, the Netherlands, and Singapore. However, if and when Tenta expands this list of server locations, this could be a really excellent feature that really adds usability value. Imagine, for example, being able to unblock Australian TV while doing geo-restricted internet banking securely on public WiFi, and you get the idea.
Built in DNS Options
As testament to Tenta’s will to be a high-end privacy tool, its designers have even integrated interchangeable DNS settings into the browser. This is a nice addition, and is something that is not the norm in the VPN industry. Jesse Adams says:
“We’re working on adding support for fully custom DNS server selection, allowing you to put in the IP of any DNS server you like, if our options don’t suit you.”
To access it, click on either the flag or the blue pin in a tab to get the drop-down menu.
The Tenta Website
Tenta has a nice-looking website. On the homepage, there is a video presentation about the browser so that people can learn about Tenta without having to dig around. However, despite being well designed, the site isn’t that forthcoming with technical details.
Impressive claims are all well and good, and features like DNS leak protection and OpenVPN do sound great. In addition, the blog section also has plenty of privacy- and security-related articles, which is a useful addition. One can’t help feeling though, that a nice, clear tech implementation page would round off the website perfectly, and make it appeal to tech-minded people as well as casual browsers.
The Tenta Browser Experience
Tenta Browser is still in public beta and is only available on Android. In addition, you have to be logged into the Google Play Store to get access to the free app. The app downloads quickly and installs with ease. It looks great right from the outset. The logo is extremely cool: a digital chip-track-tentacle octopus wearing a stetson – who could argue with that?
The first thing a user has to do is set a PIN. Users are warned not to lose it, or they will be locked out of their Tenta browser. Once a PIN is set, users can begin their browsing experience. By default, the browser is set to local network and works like any other browser in incognito mode. By clicking on settings in the top right of the tab (this appears as a flag when connected, or as a blue pin when on a local network), subscribers get access to a number of setting, including the VPN servers.
Those settings are:
- VPN servers: (Miami, Seattle, Netherlands, and Singapore).
- DNS: (Google DNS, OpenNIC, Level 3, OpenDNS Custom).
- Search engine: (Google, Yahoo, Bing, DuckDuckGo, and StartPage).
- “Download without asking” – can be toggled on or off (comes off by default).
- “Close all tabs now.”
- “Delete zone.”
- “Notification” – manage web notifications.
Tenta is a proprietary VPN system that allows multiple connections to be opened in separate tabs. It does this by firewalling everything but the browser from the VPN tunnel. For this to be a successful product, however, it needs to do those things securely.
Group Sites by VPN Location (Zone)
A cool feature that is built into Tenta is the ability to group pages by location. Tenta calls these groups ‘zones.’ Setting a new one up is as easy as a couple of taps on the touch screen. On its website, Tenta describes the feature as follows:
“Tenta’s Zones are our proprietary method of grouping your tabs by server location. Have one Zone of tabs securely connected to Amsterdam, while another is simultaneously connected to Miami. Or Seattle. You can even have custom settings for each Zone, giving you unparalleled control over your browsing activity. All with just a couple of taps.”
The zones feature is certainly novel, and allows users to connect to different websites in different locations simultaneously. I tested it by setting up a Miami and Netherlands zone and testing with ipleak.net in each zone. I was happy to find that I did get a different (transparent) IP address in each “zone.”
For now, a kill switch is not available, which is a bit of a shame. A kill switch stops any web traffic from traveling outside of the VPN tunnel to stop data traveling to a user’s ISP, should the VPN connection drop out. This is without doubt an important tech feature that will be needed to make Tenta’s security top notch. The good news is that the Tenta developers do have it in the pipeline. However, do bear in mind that until then, if the VPN connection drops, it could lead to unencrypted traffic from a user’s real IP being leaked to their ISP.
Privacy and Security
Due to the fact that Tenta is closed source, I was very keen to ask about the implementation of OpenVPN on the platform. Of course, for now, we only have Jesse Adams’ word for it. However, in my opinion, Adams seemed to really know what he was talking about when he answered my questions. The encryption implementation levels that he described are definitely strong, so I can give Tenta a thumbs up. These are the specs:
- OpenVPN for secure connections and encrypting all inbound and outbound connections to the web (depending on configuration).
- Transit metadata (OpenVPN control channel) – TLS 1.2 DH key exchange, AES-256 with SHA-384 authentication. 2048bit RSA keys.
- Transit data (OpenVPN data channel) – AES-256 with SHA-512 authentication.
- Service APIs: TLS 1.2 Elliptic Curve DH key exchange, AES-256 with SHA-384 authentication. 384bit EC keys.
- As an added security feature, we enforce authentication on ZONE servers, to make sure only Tenta users have access.
Elliptic Curve DH key exchange means that Tenta implements perfect forward secrecy. Considering users get this for free (and that Tenta is still in beta), this is pretty mind-blowing, and certainly puts a lot of established VPNs to shame.
Based in the US
Although Tenta keeps no logs whatsoever, being based in the US is far from ideal. The US is a country that is under the watchful eye of both the NSA and the CIA. Surveillance in the country is at epidemic levels and the nation’s tech firms can be forced to comply with investigations with warrants and gag orders. Due to this, the US is always considered a red flag in terms of location. With that said, a zero logs policy does go a long way and means that if the authorities to go to Tenta for information they will have nothing to hand over.
One thing that I could test for myself is the customizable DNS settings. Available options are: Google, System 3, OpenNIC, and OpenDNS (with Custom also in development). I tested Tenta Secure DNS and OpenNIC using ipleak.net and on both occasions the website detected California Google Business DNS addresses. This worried me a little.
However, a bit more testing revealed it to be a beta bug. Basically, beta users who want to change DNS may need to restart their Android device and then change DNS settings. After that, simply connect to a server and you should have the correct DNS settings (though I do recommend checking to make sure they have changed correctly by using ipleak.net).
Once the DNS has changed successfully, Tenta remembers the setting and I found it to be stable. I also detected no DNS leaks once it was correctly set up.
Although having to restart your device to make sure DNS changes is definitely a bug, Tenta is still in beta, so it can be forgiven. Following my tests, Jesse Adams told me that:
“OpenNIC is the default DNS service provider when connected to any of our VPN locations, for now. We’ll transition to using our Tenta DNS which provides some advantages, including DNS-over-TLS and DNS-over-HTTPS soon. However, we found that our development Tenta DNS servers weren’t capable of handling our production load, which resulted in a mish mash of fallbacks. We’ve unified this to OpenNIC for now, and we’ll be rolling out Tenta DNS as we finish it.
“We also acknowledge that we had OpenDNS mislabeled as OpenNIC in the zone settings. This is fixed in a release going out today/tomorrow. Thanks for pointing this out.”
When I selected OpenNIC I got just one DNS address:
Overall, DNS settings on Tenta are for now a little bit of a concern. This is definitely something to keep an eye on if you intend to use Tenta.
Perhaps the most disappointing thing about the Tenta browser is connection speeds. I tested the servers in Miami and Amsterdam using testmy.net. When I tested it, the download results were really poor. I tested the Miami server using a test server in New York, and the Amsterdam server from a UK test server. As you can see, my base speed test was around the 50 Mbps mark locally, and a little below that using the New York test server. On both occasions, the download speeds using Tenta averaged about 5 Mbps (and were as low as 3 Mbps). As always, I tested each server five times to be sure.
Upload speeds also took a bit of a dive. This is something that Tenta is going to have to seriously upgrade if they want to compete in the crowded VPN market. Most VPNs don’t actually have their own infrastructure of VPN servers. For this reason they rent their servers from trusted providers. The best VPNs rent Tier 1 servers that provide a minimal loss (perhaps 20%) of speed (and even less at times).
With such slow connection speeds, there is no doubt that streaming would be a bit of a nightmare. Still, Tenta is in beta and it is free, so this still remains a good VPN for keeping you secure on public WiFi. However, we can only hope that Tenta manages to upgrade the service before it is out of beta. Not doing so could be a serious pain point.
Tenta Browser: Conclusion
- Free VPN with no restrictions
- Can connect to different servers in different tabs
- Downloads, history, and bookmarks are encrypted by the browser (AES-256 bit encryption for stationary browser data stored on the device)
- DNS settings can be changed within the browser
- Strong OpenVPN encryption
- Browse in incognito mode all the time (but without giving up functionality)
I wasn’t so sure about:
- Only four server locations
- DNS settings are a bit buggy in beta
- No kill switch
- Very slow connection speeds
- Had to turn Android device on and off to change DNS settings and, at times, to connect to servers
It is still early days for Tenta, and until the firm decides to release the code for the security implementation on its platform, using the VPN is still a bit of a gamble. However, if the implementation that the firm told me about is true, then this is certainly a highly interesting free browser with strong integrated OpenVPN.
Sadly, four servers (in just three countries) isn’t really enough to compete in today’s VPN market. However, being able to unblock the US and Netherlands most certainly has its advantages. Unfortunately, speeds are much too slow to compete in the competitive VPN market. Connection speeds are a number one priority to most people, so this is an area that isn’t going to win Tenta many fans.
For free, however, this is an excellent browser that is only set to get better when it straightens out the few kinks it is suffering from. All in all, Tenta is feature-packed, and secure, with carefully considered usability. Definitely one to keep your tentacles on for the future!