The drawback for this VPN is that it is based in Canada. It also provides very average connection speeds, which may leave some people wishing for more.
- Good encryption
- Minimal connection logs
- Five simultaneous connections
- Reasonable speeds
- Email support only
Pricing and Plans
In keeping with its image and sense of humor, TunnelBear provides consumers with three different payment plans: Little, Giant, and Grizzly.
The Little plan is free and permits subscribers to make use of 500 MB of free data every month. Free users get access to every server apart from Australia (so 19 locations in total).
Giant is TunnelBear’s monthly plan. It gives subscribers unlimited use of its service for $9.99 per month. For best value for money, the firm has Grizzly – its best-selling plan. It gives users access to all of its services for just $4.99 per month ($59.88 per year).
One thing worth bearing in mind, is that unlike many VPNs, TunnelBear doesn’t offer any refunds. This is fair, because VPN users are able to trial the service on the Little plan. With that in mind, we recommend that people considering TunnelBear test the service for free before jumping in at the deep end.
Payment can be made via credit card or bank card. Sadly PayPal is no longer accepted. The good news, however, is that subscribers can pay by Bitcoin if they wish.
TunnelBear is a Toronto-based VPN that is endorsed by some high profile websites such as LifeHacker. The firm popped up in 2011 when it was founded by Ryan Dochuk and Daniel Kaldor.
TunnelBear has servers in 20 countries. This means people can pretend to be in any of those places in order to bypass geo-restrictions. Users enjoy access to all of the servers on the paid plans (including places such as the US, UK, Canada, Singapore, Japan, and Brazil). The Australian server is only available to paid users.
You can access TunnelBear’s global network from a desktop PC, laptop, smartphone, tablet, or router. In fact, you could connect via all of those options at the same time, because TunnelBear permits five simultaneous connections.
VigilantBear (Kill Switch)
A kill switch means that no data is leaked outside of the VPN tunnel, should the VPN connection drop out. This stops any unencrypted data from leaking to the Internet Service Provider (ISP) and telling them what you were up to.
TunnelBear is based in Canada, so has a strict no P2P policy. For this reason, if you want a VPN for BitTorrenting, this is not the VPN service for you.
GhostBear is TunnelBear’s version of what most VPNs call ‘stealth mode.’ It is a feature that disguises OpenVPN traffic in order to get around firewalls (such as the Great Firewall of China). It does this by implementing obfsproxy as a SOCKS proxy. This makes the encryption less detectable to governments, ISPs, and businesses – by making it appear to be regular traffic (which avoids it being noticed and blocked).
Leaving GhostBear disabled doesn’t particularly make you any less secure – it is not really a security feature, but a way to bypass firewalls. It is a stealth mode that stops ISPs from detecting the use of a VPN (which can lead to the ISP throttling – cutting the bandwidth – of the connection).
A slight drawback with using GhostBear is that it can slow down your internet traffic (though I didn’t actually find it to do so). Either way, if possible it is better to stick to regular OpenVPN User Datagram Protocol (UDP), without GhostBear on, if you want to get the best speeds.
Security and Privacy
TunnelBear keeps some connection logs for a month. This is what TunnelBear says about having to comply with the Canadian authorities:
“In the event TunnelBear is required to comply with law enforcement where subpoenas, warrants or other legal documents have been provided, valid under Canadian jurisdiction, the extent of disclosure is limited to the Personal information you provided upon registration as well as overall number of connections, overall MBs used that month.”
That is a trivial amount of data about users, which is not time-stamped and so cannot be used to mount a time correlation attack (in order to link a user to a particular crime, for example). What it does do, however, is allow TunnelBear to pinpoint users who are likely to be breaking its no P2P clause.
This means that subscribers don’t need to worry about what they use the VPN for, as the authorities can never use the information to reveal what any one individual user does.
Canada has been found to be snooping on citizens several times in recent years. However, a zero logs policy means that even if approached by the authorities, TunnelBear will have no usage or connection logs to hand over. As such, the most that the authorities should be able to get from the company is your name, email address, and payment details.
However, it worth bearing in mind that TunnelBear does pretty much wash its hands of any responsibility for providing privacy for its users in this part of its terms of service:
Furthermore, TunnelBear clearly states that users can’t:
As such, this VPN is not recommended for P2P use. It also asks users to always abide by the laws of their own country and of the country that they tunnel into. All points that are definitely worth bearing in mind (especially because it is based in Canada).
When it comes to encryption, TunnelBear provides access to two different VPN protocols on its network. Windows, Android and Mac OS X use OpenVPN. iOS users get the choice of either Layer 2 Tunneling Protocol (L2TP)/Internet Protocol Security (IPsec) or Internet Key Exchange version 2 (IKEv2). As such, anybody wishing to connect via OpenVPN on iOS will need to do so using the third party OpenVPN Connect software (which is free).
Strong 256-bit Advanced Encryption Standard (AES) encryption with SHA256 authentication is used across the platforms, apart from iOS 8 and earlier (which is encrypted with 128-bit AES encryption and uses SHA-1 for data authentication).
All this information is available on TunnelBear’s blog, which is something of a rarity. We applaud TunnelBear for its transparency. We are also happy to see that TunnelBear is one of those VPNs that has done away with Point-to-Point Tunneling Protocol (PPTP) – a pervasive form of VPN encryption that is highly insecure.
In addition, a kill switch cuts the subscriber’s internet connection if the TunnelBear VPN drops out – an excellent security feature.
Please remember that TunnelBear clearly states that it does not support P2P on any of its servers, so if torrenting is why you want a VPN, please head over to best VPNs for torrenting.
TunnelBear has a really amusing, well-crafted website that is easy to navigate and is brimming with bear puns. The homepage is filled with images and isn’t overly dense on information, which is both calming and disarming. This is a nice change from many VPNs, which throw everything (and the kitchen sink) at you as soon as you arrive.
From the homepage, it is easy to navigate to other clearly labeled pages in order to find out more about the service. At the bottom of the front page, you will find tabs leading to: Download, Features, Pricing, Help, My Account, and About Us.
What’s more, there are dedicated pages for each supported platform and links to TunnelBear’s social media pages. At the bottom of each page, there is an extra navigation menu in small print, so if you want to jump directly to their blog, for instance, you can do so there.
The TunnelBear blog in a nice addition. Although not updated terribly frequently, it has the necessary articles and explanations of key aspects of both VPNs in general and the service that TunnelBear provides. As such, this is a valuable resource for customers, which serves more as an educational area (rather than a VPN and digital privacy ‘news resource’).
TunnelBear has a dedicated Help page that consists of articles on Status Updates, Getting Started, Accounts & Payments, Browser Extension Help, Windows App Help, Mac OS X App Help, iOS App Help, and Android App Help. These articles are easy to find thanks to the page’s search button. This saves users from having to read through dozens of articles to find the information they need.
If you can’t find the answer you require on the TunnelBear help page, you can contact the company directly. Unfortunately, the only way to do so is via an online contact form. It would be nice if TunnelBear considers adding live chat in the future.
To test out the TunnelBear customer support, I sent them a question regarding encryption via the online contact form. A message informed me that I would receive a response within 24 hours.
This turned out to be true – I did receive the response within a day. The reply had all the details I required and was friendly and helpful. Great service all round.
Signing up to TunnelBear VPN is incredibly straightforward. For the free version, all that is needed is an email address and password, and the site automatically redirects you to its downloads page. Here you can choose from the different platforms and get the VPN software. Obviously, subscribers to paid plans will also need to pay via credit card or bitcoin (PayPal not supported).
Once at the download page, click the download for the platform you require. Downloading the software takes only seconds and a setup wizard walks you through the process. Once it has installed, you will need your email and password to log in.
A nice extra (and welcoming) feature is that, once you have logged in, TunnelBear gives you a quick walkthrough about what a VPN can do. Lastly, it prompts subscribers to check their inbox for an account confirmation email. Having verified the account, users can open TunnelBear and begin using the VPN.
Due to the fact that TunnelBear’s impressive, free ‘Little’ plan does not restrict users in terms of access or connection speeds, I was able to test this VPN without subscribing to a paid plan (a massive rarity).
The TunnelBear Windows VPN Client
Right from the get-go, it is clear that the TunnelBear Windows VPN has been very carefully designed. The client is sleek and oozes fun. It is nice to look at and is incredibly easy to use. It also features plenty of amusing bears! TunnelBear is set to connect to a random server (close to you) by default. If you have a specific location in mind, your first job is to select a server location from the list.
In the upper left corner of the software you will find a drop-down menu where you can navigate to Settings. Under General, you can set TunnelBear to start up when you turn on your computer. In addition, you can ask the client to send you notifications.
In the Security tab you will find a feature called VigilantBear (which is the kill switch) and the GhostBear (stealth mode) feature for bypassing firewalls. Using the kill switch is recommended at all times when privacy is essential. GhostBear should only be used when absolutely necessary, as it does slow down speeds (so isn’t ideal for streaming, for example).
Under Trusted Networks, you can add known networks and enable TunnelBear to connect to a VPN server every time you connect to an unknown network (perfect for guaranteeing your safety on public WiFi hotspots).
Finally, the Account tab can be used to manage your account, request support via the ticket system, or log out of TunnelBear VPN.
Performance (Speed, DNS, WebRTC, and IPv6 Tests)
I tested TunnelBear for connection speeds using testmy.net. I tested the UK and Netherlands VPN servers from a UK test server. Then I tested the US server using a NewYork test server. I tested the VPN on a 50 Mbps fiber connection (which as you can see from the base test results wasn’t performing at optimal levels – averaging at about 40 Mbps).
All in all, I found the connection speeds to be much better this year compared to when we tested TunnelBear last time. The VPN definitely provides speeds that are good enough to stream. The US server was the slowest that I tested, but it still couldn’t be considered slow – average, perhaps.
One bit of good news is that there didn’t appear to be any difference in speeds with GhostBear stealth mode enabled. All great news, considering users can enjoy TunnelBear for free.
I didn’t detect any Domain Name System (DNS) leaks whatsoever using TunnelBear, which is great news. In fact, I didn’t detect any Internet Protocol version 4 (IPv4), IP leaks, or Web Real-Time Communication (WebRTC) leaks either – success all round. Those tests were performed using ipleak.net. Remember that it is good practice for VPN users to do these tests themselves once in awhile. Sadly, I was unable to test for IPv6 leaks on my system because my ISP connection is incompatible.
In addition to the Windows client that I tested, TunnelBear is also available for OS X, Android, and iOS. The client is very similar all the across platforms. In fact, they all look and behave identically (other than iOS not having OpenVPN encryption). All the clients provide ease of use and identical connection speeds.
TunnelBear also has a browser extension that is free to download and can be used with either Chrome or Opera (but not Firefox). The browser extension is just as nicely designed as the standalone clients. In addition, it is multi-platform (works with Linux, Chrome OS, OS X, and Windows). However, unlike the full VPN, it only encrypts data within the browser.
TunnelBear Review: Conclusion
- Five simultaneous connections
- Great customer support
- Servers in over 20 countries
- Strong encryption implementation
- Zero logs policy
- Optional GhostBear (stealth) feature
- Browser extension
- Easy to use on all platforms
- Reasonable speeds
I wasn’t so sure about:
- Based in Canada
- Limited support options
- Doesn’t unblock Netflix US