Bears and VPNs exist in two very different worlds, but they both have something in common. Bears love the privacy of their caves, and likewise, VPN services too are getting increasingly serious about the privacy of their users. The number of VPN services is constantly rising. While some of them need elaborate configurations, others tend to confuse novice users with an array of options and settings. Canada-based TunnelBear Inc. borrows the bear's philosophy on online privacy and solves these problems with a minimalist VPN service called TunnelBear VPN.

Review Summary


TunnelBear Review: The Company


Company Rating: 3.5/5 


As a company, TunnelBear is quite candid about security and privacy as evident from their Twitter stream. Yet, we could not ignore the fact that it is a Canadian company. Canada is a Five Eyes country, which is considering passing Bill C-51 to increase government oversight and surveillance.


tunnelbear-vpn

Founded in June 2011 by Ryan Dochuk and Daniel Kaldor, TunnelBear Inc. is based out of Canada. Their team has an experienced group of network engineers, cryptography experts, and information security experts. The selection of the name TunnelBear is quite intuitive too, as tunneling is synonymous with VPN services and Canada is known for its sizable Grizzly Bear population.

TunnelBear was bootstrapped with $500, and over the last few years, its user base has grown from one million users to over 13 million users. It is one of the most popular startups in Canada.

We asked TunnelBear

How does Bill C-11 and C-51 affect TunnelBear?

TunnelBear

C11 and C51 haven't had any noticeable effect on TunnelBear. Unlike ISPs, TunnelBear operates under a strict no-logging policy and doesn't collect information that could identify you or your IP address. You can read more from our co-founder's perspective here

TunnelBear co-founder Ryan Dochuk is serious about online privacy, and it is evident from the causes he supports and his various interview. He is also one of the signatories of an open letter to the Canadian PM demanding that Bill C-11 be repealed.

TunnelBear Review: UI and Features


UI and Features Rating: 4/5 


A friendly UI can do wonders to the user experience. We loved TunnelBear's simplistic UI, and their bear notifications are not intrusive at all. This is a well-done interface. The features are easy to use, and TunnelBear has an excellent network of servers across locations.


TunnelBear takes pride in its simple UI. The minimal and simplistic interface takes a lot of options away from you, but if you are beginning with VPN services and do not understand a lot of those settings, TunnelBear makes your job easier.

TunnelBear-connect

Tunnelbear Servers

With TunnelBear, you have access to 700+ tunneling servers spread across 20 countries.

tunnelbear-countries

Region

Countries

Asia

India, Singapore, Hong Kong S.A.R, Japan

Africa

No servers

Oceania

Australia

Europe

Norway, Sweden, Denmark, Ireland, UK, Netherlands, Germany, France, Switzerland, Italy, Spain

North America

USA, Canada, Mexico

South America

Brazil

Simultaneous Connections

TunnelBear-chrome-extension

Tunnelbear allows five simultaneous connections across devices, which is a unique feature. You can use one TunnelBear account at the same time on five different desktop, iOS or Android devices, or browser extensions. But, it is important to note that multiple connections can impact your VPN speed.

Security and Privacy Features

As far as VPN protocol is concerned, TunnelBear uses OpenVPN for the Android and desktop clients, and IPSec/IKEv2 for the iOS client. You can read more about OpenVPN and IKEv2 protocols.

TunnelBear-kill-switch-on

Privacy

TunnelBear has various privacy features.

  • No logging- TunnelBear does not log your originating IP address. It does not maintain a log of the websites you are visiting either, and anonymizes and scrambles your connection.
  • Anonymous Payments- TunnelBear supports anonymous payments through Bitcoin. With Bitcoin, you can make payments without supplying your personal information like in traditional payments.
  • Shared IP- TunnelBear uses shared IPs thereby putting you on the same IP address as many other users who connect to the same Tunnelbear server.
  • Opt-out policy- TunnelBear complies with Canadian laws, and when you use TunnelBear, you agree to those laws. However, they also have an opt-out policy that lets you opt out of implied consent on any of your personal information collected by TunnelBear via. your payment method. This enables you to be in control of your personal information. Read more on opt-out at the consent section here.
  • DNS Leak protection- Once TunnelBear connects to a server, it sends all further DNS requests over the tunnel and also encrypts them. This protects you from a DNS leak where your actual IP ends up making a public DNS query.

Security

TunnelBear has an excellent breakdown of their security features on the official TunnelBear blog. This is also a transparent disclosure which impressed us a lot. TunnelBear uses strong AES-256 encryption.

Device

Protocol

Data encryption

Authentication

Key Exchange

Windows, Mac OS, Android

OpenVPN

AES-256 bit

256-bit SHA2

4096-bit Diffie-Hellman

iOS 9 and above

IPSec/IKEv2

AES-256 bit

256-bit SHA2

2048-bit Diffie-Hellman

iOS 8 and below

IPSec

AES-128 bit

160-bit SHA1

1548-bit Diffie-Hellman

We asked TunnelBear

Who hosts TunnelBear tunneling servers? How does TunnelBear select hosts in different countries with different data retention laws?

TunnelBear

Although our physical servers are located in many different countries around the world, TunnelBear does not store personally identifiable information outside of Canada’s physical borders. In addition, all of our servers are fully disk-encrypted, to keep out prying eyes.

TunnelBear's security on Desktop and iOS 9 and above are pretty hardened. Yet, iOS 8 and below uses a weak encryption with AES 128-bit, a weak authentication with SHA-1 and a weak key exchange with 1548-bit Diffie-Hellman, all of which have been broken in the last few years by security researchers and the NSA.

TCP Override

We observed in our tests that TunnelBear uses the QUIC protocol for transport. However, this can cause choppy connections for reasons like:

  • Slow Internet connection- QUIC does not guarantee the order of packet delivery. 
  • Firewall- Your Internet connection ​has a firewall that blocks UDP based protocols.

Situations like these can result in your audio and video streams appearing broken. TCP override saves the day by ensuring reliable packet delivery.

However, TCP override did not change the protocol from QUIC to TCP or any TCP variant in our tests. We have reached out to TunnelBear support on this and are waiting for a reply.​

Update: TunnelBear came back to us with a beta version client where this issue with TCP override was fixed. This fix will be out with their next stable release.

​VigilantBear: The Kill-switch

It is common for VPNs to lose connection to their servers occasionally, and this is the brief period when your Internet connection is unsecured. This causes a serious privacy leak called IP leak and defeats the purpose of using a VPN service altogether. The VigilantBear feature blocks your Internet connection till the time TunnelBear reconnects to its server automatically after losing connection.

GhostBear​: The Stealth Mode

GhostBear is TunnelBear's stealth mode, and it is very helpful for people who want to bypass Government and ISP censorship. Some users have reported that TunnelBear's GhostBear feature works in China which is great news. This means you can access Netflix, Spotify and BBC iPlayer sitting in China, or even tune in to your favorite NFL or soccer feed. TunnelBear became hugely popular during anti-government protests in Turkey. When Turkey tried blocking VPN access, GhostBear allowed Turkish citizen access to Twitter and YouTube, and TunnelBear joined this anti-censorship revolution by offering free unlimited data to users in Turkey.

We asked TunnelBear

How does GhostBear work? Is it still OpenVPN underneath? If yes, what additional security is added to OpenVPN?

TunnelBear

GhostBear is TunnelBear's advanced anti-censorship features which address several different censorship techniques. This includes blocking TunnelBear's domains and the use of Deep Packet Inspect (DPI) to detect OpenVPN/IPSec traffic and then throttle or block that traffic. We integrated and developed proxy and obfuscation technologies which help our VPN data look like regular https traffic, making it more difficult to block. Obfuscation is performed by adjusting the packet inter-arrival times and transport protocol packet length distribution.

GhostBear uses TPKT protocol. TPKT is a remote desktop protocol and is harder to block as many applications depend on this protocol. We also noticed that TunnelBear uses Obfsproxy to scramble the TLS handshake, thereby making it difficult to determine that a VPN connection is being established with the server. This feature worked perfectly fine.

Split Bear

tunnelbear-android-split-connection

SplitBear is a feature that lets you ​tunnel specific applications on mobile devices. This feature can come in handy in two situations.

  1. When you are on the free TunnelBear plan and want to use a VPN for critical activities, this feature can save your bandwidth.​
  2. When you are connected to a slow TunnelBear server, SplitBear can let you stream videos at normal speeds through the YouTube app, while securing the rest of your web-browsing activities.

TunnelBear once had interesting features like IntelliBear and Maul Tracker that were discontinued later. It also stopped allowing torrents on its network for reasons explained here.

It is important to note that although TunnelBear lets you change these settings when you are already connected to a server, the changes do not take effect until you reconnect to the server.

TunnelBear Review: Speed Test


Speed Rating: 2.5/5 


While there were a few servers that were consistently fast, many TunnelBear servers were quite slow throughout our tests. We were not impressed by TunnelBear's speed.


When you let TunnelBear connect to a server automatically, it selects the fastest server based on the ping time, but this is not necessarily the fastest server. The speed can depend on multiple factors besides ping time and latency. At Tom's VPN, we have a six-step guide to testing VPN speeds, and we applied this test to TunnnelBear. Here are the results.

Read our detailed and scientific approach to test VPN speeds.​

TunnelBear Speed Test Results

During our TunnelBear review we tested server speeds at four different times over a one-day period. The best and most consistent speeds throughout the day are available in Singapore, Germany, and the UK.

tunnelbear-speed-test-result

We also calculated the day average at these three locations based on the percentage of base speed.​

Country

Average Speed as percentage of base Internet Speed

Singapore

66.5%

UK

39.7%

Germany

23.25%

​Besides, here are the best one-time speeds we got from TunnelBear server in the course of our tests.

Server location

Best speed in Mbps

Singapore

18 Mbps

France

14 Mbps

Italy

13 Mbps

India

12 Mbps

UK

11 Mbps

Two additional TunnelBear features affected the speed consistently.

  • GhostBear- GhostBear caused a ​25% reduction in speed.
  • Simultaneous connections- When connected to the same Wifi network, a second connection caused a 30% drop in speed. However, this was not the case when we connected from the same TunnelBear account but over different Wifi networks.

TunnelBear Review: Security Test


Security Rating: 3/5 


Great encryption, perfect forward secrecy, a real stealth mode and good performance in various leaks tests were positive signs. However, TunnelBear leaves a lot to its users like being vigilant in turning off torrent clients before connecting to TunnelBear, and a kill-switch, which did not work on one of our test machines. TunnelBear still has some work to do when it comes to security.


Tom's VPN Security Lab Tests

At Tom's VPN, we ​perform a detailed packet capture through our test machines to check all the security features that any VPN promises as part of its service.

Expand to check our test results

Other Online Security Tests

IPv4, IPv6, DNS and WebRTC Leak Test​

Doileak is an excellent online tool that combines a number of leak tests into one. We checked TunnelBear for IPv4 leak, DNS leak and WebRTC leak at Doileak test and all these tests passed with good results.

This online test is something ​that you too can carry out after connecting to any VPN service.

TunnelBear Review: Support


Support Rating: 5/5 


They say the first step to solving a problem is acknowledging that there is one. TunnelBear understands this philosophy well. Their responsive and cheerful support gets full stars from us.


contact-tunnelbear-suuport

TunnelBear has an active support team. We had to go back and forth in communication with TunnelBear for various questions, suggestions, and issues that we found during our review and their response time has been around 24 hours. The responses are courteous, have a personal touch, and they also provide you with links to further technical details when needed.

TunnelBear-report-issue

TunnelBear support can be reached in three ways.

  1. Directly at their official supportbear@tunnelbear.com email
  2. The support page on their website
  3. From inside the TunnelBear client application

The TunnelBear help page has a vast treasure of commonly asked issues and questions and is worth reading.

However, we were disappointed at the fact that there was no live chat option on the support page, which is a very common support feature nowadays.

TunnelBear Review: Pricing


Pricing Rating: 4.5/5 


A free monthly plan that isn't a time-limited trial, mobile-only plans at reduced prices and an unlimited plan with attractive yearly rates impressed us. However, TunnelBear does not offer refunds once you have made your purchase. Apart from this caveat, it's a good deal.


tunnelbear-pricing

TunnelBear comes in three usage plans- Little, Giant, and Grizzly. Additionally, there are mobile-only plans- the Mobile Giant and Mobile Grizzly. We recommend the Grizzly Plan; it is value for money.

Little Bear Plan

  • Free signup and usage
  • 500 MB free monthly data
  • 1 GB of additional data topup
  • Free to use on mobile

Giant Bear Plan

  • $7.99 per month
  • Monthly payments
  • Unlimited usage bandwidth
  • Mobile plan at $3.99 monthly

Grizzly Bear Plan

  • $4.17 per month
  • Yearly payment of $49.99
  • Unlimited usage bandwidth
  • Mobile plan at $29.99 yearly

The Little plan offered by TunnelBear is a free subscription. This makes TunnelBear one of the few VPN providers with a free usage plan, which lets you try it out for free before buying it. The free plan comes with reasonable bandwidth limits but has access to most TunnelBear features and servers. Additionally, it also allows you to top-up your monthly TunnelBear bandwidth by 1 GB of data for free with a simple tweet to @theTunnelBear. Effectively, you can use TunnelBear for free every month for basic usage. If you need unlimited bandwidth, The Giant and Grizzly plans will serve your purpose.

We asked TunnelBear

Is there any speed/feature difference between the free and paid subscriptions?

TunnelBear

The paid subscription allows you to access certain countries that aren't available in the free version. In addition, the free version is capped at 500 MB and doesn't get priority support.

You can pay for a TunnelBear subscription using Visa, MasterCard, American Express and anonymously through Bitcoins. However, there is one problematic issue when it comes to refunds.​ TunnelBear mentions in its Terms of Service that although users can cancel their subscription anytime, TunnelBear does not offer refunds.

TunnelBear Review: Our Verdict


Overall Rating: 3.7/5 


Over the three weeks that we spent reviewing TunnelBear, we fell in love with their UI. The availability across devices and browser extensions is impressive. To add to that, TunnelBear allows five connections from the same account. The pricing schemes will not burn a hole in your pocket either, and their security standards are updated too. TunnelBear definitely gets extra credits for its responsive and cheerful support team, which has been a delight to talk to.

If we ignore the fancy app for a second, TunnelBear does have a few security issues. VigilantBear (the kill-switch) did not work in one of our tests. There is no warning for leaking BitTorrent connections and we found a bug in TunnelBear where TCP override was not working for us. To add to these problems, we noticed that TunnelBear servers offered below average speed and we managed a best consistent speed at 66.5% of our ISP's connection speed.


Is TunnelBear VPN Worth Paying For?


TunnelBear clearly mentions in its ToS that it does not support BitTorrent protocol. Hence, unless you want to download torrent files, TunnelBear is a good choice for basic usage where speed is not a priority. A business is based on good relations, and TunnelBear support will make you feel at home.

They also care about privacy and supported activists in Turkey, which recently tried to block social media websites. Overall, TunnelBear is a good choice for basic everyday usage but it is not ideal for streaming videos.

We recommend TunnelBear VPN for:

  • Basic web-browsing
  • Political and social activism
  • Mobile-only usage
  • VPN use during travel

Let us know about your experience with TunnelBear in the comments below.

About the author

Chinmoy

I take a deep interest in finding out why things work the way they work. I also write about VPN services, anonymity tools, and privacy tools here at Tom's VPN.

Leave a Comment

3 Comments

  • Hi Chinmoy, I must say this is the most detailed review I came across. I need a help.

    Does Tunnel bear support Netflix? If so, what is the Netflix video quality on Tunnelbear VPN? I am connecting from Qatar.

  • Not just in Turkey, TunnelBear also made their VPN free for everyone in Venezuela a few years ago. Looks like it is part of their modus operandi. Great review, BTW. Those are some thorough security tests. Cheers.