A safe VPN despite its jurisdiction
Logging & Jurisdiction
TunnelBear isn't zero logs, but it is a safe VPN. It knows how much data you use but it doesn't know anything identifiable. However, we are concerned by the US-Canada legal jurisdiction and some vulnerabilities identified by auditors.
TunnelBear does not log information that can lead back to your online activity.
Its logging policy is simple, privacy-friendly, and transparent, listing all the data collected alongside reasons for doing so.
To summarise, TunnelBear logs:
- Bandwidth usage.
- OS version.
- App version.
- Whether or not you have used the VPN in a given month.
- Total data used each month.
- Operational events (e.g. created an account, made a payment, online ad referrals).
Close to being no-logs
Crucially, TunnelBear doesn’t keep browsing history records, DNS requests, originating IP address, or connection timestamps. In other words, the service is close to being completely no-logs.
The only personally identifiable information TunnelBear logs is your email address, to prove you have an account. There are no logs that reveal which websites you’ve visited.
TunnelBear’s transparency reports
The company also issues an annual transparency report detailing any government requests for user data.
Worringly, TunnelBear admits to confirming a user’s email address to authorities, although no usage information has ever been handed over.
No server breaches or logging scandals
There have been no known incidents of server breaches or logging scandals associated with TunnelBear.
TunnelBear is based in Canada
TunnelBear was established in 2011 in Canada by Daniel Kaldor and Ryan Dochuk. It was subsequently acquired by antivirus software company McAfee in early 2018.
The VPN company still operates a separate team within McAfee, meaning the same employees continue to work on the VPN post-acquisition.
“Use your information according to Canada’s laws, regardless of which country you are located in.”
Subject to Canada & US data laws
While TunnelBear’s headquarters are in Toronto, its new ownership means that it’s also subject to US data laws.
Both the US and Canada form an integral part of the Five-Eyes data-sharing alliance, an organization designed for powerful nations to collect and share surveillance intelligence.
Moreover, both jurisdictions are known to prosecute for minor copyright violations, which is important information if you want to use a VPN for torrenting.
While TunnelBear can be subpoenaed by Canadian and US authorities, its robust logging policy and regular transparency reports prove it’s still a trustworthy and private VPN.
TunnelBear’s security audits
To prove its commitment to transparency and user safety, TunnelBear has undergone several independent security audits.
In January 2017, Byte 255 looked into TunnelBear’s code and published the results on Hacker Noon. The article concluded the VPN has no privacy flaws and doesn’t collect any unnecessary telemetry data.
TunnelBear also commissioned cybersecurity company Cure53 to carry out four yearly independent security audits since 2017. These audits looked into TunnelBear’s apps, code, and infrastructure.
In 2019, Cure53 discovered 12 vulnerabilities of varying severity, and helped TunnelBear fix them and future-proof them. The audit concluded that TunnelBear is “a clear frontrunner among its VPN competitors when it comes to security.”
In 2020, there were “two low, two medium and one high-risk vulnerability” identified. TunnelBear claimed to fix the high-risk vulnerability immediately. While it’s great that TunnelBear commissions regular audits, we are concerned that the auditor continues to find vulnerabilities.
Paid & free are surprisingly fast
Speed & Reliability
TunnelBear is a fast VPN, both locally and internationally. Its free version is as fast as the premium one, too. It's slower than the best, and far less reliable, but most users won't notice a considerable drop in connection performance.
TunnelBear has been slow in the past, but our most recent speed tests showed promising improvements. On local connections it was even faster than top VPNs like ExpressVPN, IPVanish, and Surfshark.
Surprisingly, the free version of the VPN was just as fast as the premium version – sometimes faster – with next to no slowdown.
To test the VPN service’s speeds manually, we recorded our internet speed before and after connecting to TunnelBear.
Local Speed Test results before using TunnelBear VPN:
- Download Speed: 96.24Mbps
- Upload Speed: 99.52Mbps
- Ping: 1ms
Local Speed Test results with TunnelBear VPN:
Download speed loss when TunnelBear VPN is running: 8%
In essence, TunnelBear’s speed performance has been improving over time, with fast speeds on both local and international connections.
However, we did experience some connection drops during testing, and it generally took a number of seconds for the app to connect.
Long distance speed tests
TunnelBear’s international speeds are very strong. We recorded a speed loss of just 30% connecting from the UK to the US, down from 96Mbps to 67Mbps. This is more or less what the fastest VPNs deliver.
TunnelBear’s speeds connecting to Europe were also very fast. This means you can stream video content from overseas without experiencing significant speed drops.
Below are the average download and upload speeds we recorded connecting from the UK to global servers:
- Download: 67Mbps
- Upload: 16Mbps
- Download: 81Mbps
- Upload: 91Mbps
- Download: 54Mbps
- Upload: 20Mbps
- Download: 56Mbps
- Upload: 10Mbps
Connecting to Australia was slower – a 43% drop – but this is typical considering the distance, and is actually a very good result. Just 15% speed loss connecting to Germany from our UK location is also very strong.
TunnelBear’s speeds aren’t the best international ones we’ve tested – Hotspot Shield’s are even quicker. Nevertheless, they’re more than fast enough for smooth HD streaming.
TunnelBear’s speed compared to rival VPNs
We tested TunnelBear’s speed manually, but we also run automated speed tests using our in-house speed test tool.
The graph below shows TunnelBear’s average download speed loss compared to rival VPN services. The lower the percentage the better. These results are based on tests that run four times a day, every day from the New York server we own. We cap speeds at 100Mbps to recreate a typical home internet connection.
As you can see from the chart above, TunnelBear is lagging behind top VPNs both in speed loss and consistency.
At times, speed loss was as high as 45%.
The ideal VPN is consistently fast, like ExpressVPN, with only 5% speed loss.
TunnelBear’s ping score over this period isn’t good, either. Latency was as high as 71.48ms. On the other hand, NordVPN recorded only 3.03ms.
No BBC iPlayer, Disney+, or Hulu
TunnelBear is not a good VPN for streaming. It can unblock US Netflix, but it cannot get past British restrictions to watch BBC iPlayer, or even stream from Disney+ or Hulu. We have had success unblocking HBO Max, though.
TunnelBear is a mixed bag when it comes to streaming. It does manage to unblock region-restricted content on US Netflix and HBO Max, but it fails when it comes to Disney+, BBC iPlayer, and Hulu.
All other Netflix libraries, and other platforms we tested, all detected that we were using a VPN or proxy.
If the US server that streams Netflix stops working, the lack of city-level server locations means there are no backup options.
Clearly, TunnelBear hasn’t invested any resources into unblocking streaming services.
However, we did have success streaming from US-exclusive HBO Max and Amazon Prime Video. If you’re fans of these platforms you can use TunnelBear. But we can’t guarantee its reliability.
TunnelBear Free is able to get around UK blocks and access BBC iPlayer, All 4, and ITV Hub. The problem is its 500MB data cap that won’t allow you to stream for long.
No P2P servers & based in Canada
TunnelBear's servers permit torrenting but they're not P2P-optimized and we don't recommend this VPN for torrenting. Its bitrate is too low and the company is quite strict when it comes to the sharing of copyrighted material. It's also based in Canada, which is one of the strictest when it comes to copyright law.
Even though you can torrent on all of TunnelBear’s servers, it’s not very good for torrenting.
The company is quite nervous about encouraging the sharing of copyrighted material, so none of its servers are P2P. What’s more, if the company believes you have violated copyright law, it retains the right to terminate your account without notice.
More so, its torrent download speeds are slow compared to the top-rated torrenting VPNs; TunnelBear recorded an average bitrate of only 2.9MiB/s.
This is a poor results compared to IPVanish’s score of 9.9MiB/s, and ExpressVPN’s of 9.4MiB/s.
The company’s support team clarified to us that users should be able to share files on the network. They recommended using servers in Canada, US, UK, Romania, Netherlands, Germany, or Sweden.
On the positive side, the VPN kill switch “VigilantBear” works well on Windows, macOS, and Android devices. This will keep your IP address concealed if your VPN connection drops.
Also, the VPN service’s logging policy is good enough to keep your torrenting activity private. And we didn’t detect any IP leaks using our torrent leak test tool.
Torrenting is also permitted on TunnelBear’s free VPN. But the 500MB/month data cap will prevent you from downloading many files.
Solid Security But Lacking Configurability
Security & Features
TunnelBear's security is safe, and leak-free, but it's not extensive. There are hardly any configuration options or advanced features. However, there is a split tunneling feature on Android.
Despite its playful design, TunnelBear takes its privacy seriously. This is a secure VPN.
Both the free and paid versions are highly encrypted, using the AES-256 cipher for Windows, macOS, and Android.
OpenVPN protocol is default and the IKEv2 protocol is also available on iOS and Windows.
Both IKEv2 and OpenVPN are secure and reliable VPN protocols, though OpenVPN is the current industry-standard.
No major IP address leaks
Using our VPN leak test tool, we didn’t experience any IP address or DNS leaks using TunnelBear’s VPN apps. Your IP address will therefore remain hidden while browsing, streaming and torrenting.
But, the Firefox browser extension did leak our WebRTC address at first, although TunnelBear quickly fixed this flaw.
Full disk encryption & private DNS servers
A report by the Center for Democracy & Technology also reveals that each TunnelBear server is protected by full disk encryption, malware scans, and intrusion protection software.
TunnelBear VPN also uses private DNS servers, perfect forward secrecy and a secure Diffie-Hellman key exchange. The latter ensures you’re connecting to a verified TunnelBear server every time you use the VPN.
Narrow range of good security features
TunnelBear offers a small selection of advanced security features, including:
VigilantBear (Kill Switch)
TunnelBear’s VPN kill switch is called “VigilantBear.” It blocks web traffic if the VPN connection gets disrupted. This prevents your true IP address from being exposed, and is an essential feature of any top-tier VPN.
VigilantBear is available on Windows, Mac, and Android devices, but not on iOS devices.
This is very common due to Apple’s strict guidelines, but it’s not impossible and VPNs like Private Internet Access offer a kill switch on iOS.
Another useful feature is TunnelBear’s GhostBear protocol.
It’s designed to mask your VPN traffic as ‘normal’, making it harder for governments, businesses, and ISPs to detect and block your VPN connection. It will slow your traffic, though.
There’s also RememBear (password manager) and SplitBear (split tunneling) for Android.
Missing extra tools
Aside from the features above, TunnelBear isn’t very configurable and lacks more advanced security settings.
For example, there is no port forwarding or double (multihop) VPN, and you can’t control your encryption settings.
IP, DNS, or WebRTC leaks
IP and DNS leaks can expose personal information like your IP address, physical location, and browsing activity. We test every VPN for IP, DNS, and WebRTC leaks, to make sure it is leak-proof.
TunnelBear passed all of our VPN leak tests. The kill switch also worked to shield our IP address on Windows, macOS, and Android.
TunnelBear operates its own zero-log DNS servers and it doesn’t record any of the websites you visit. This also ensures your ISP isn’t able to monitor your web browsing activity.
When Mozilla released Firefox 73.0, many VPN browser add-ons began to leak WebRTC requests. So did TunnelBear’s, but the service’s engineers fixed the issue almost immediately. Now all of TunnelBear’s browser extensions are leak-free.
Trackers, malware, and permissions
We used the εxodus tool to scan TunnelBear’s Android app for trackers and dangerous permissions.
Reassuringly, we can confirm the Android app contains no trackers whatsoever.
This result is ideal for privacy and isn’t as common as you’d think. Some of the best VPNs contain marketing and bug trackers – even NordVPN has seven.
While TunnelBear might need to wait for users to report crashes instead of actively tracking them, this method is preferable for those seeking the highest levels of privacy.
The app also uses eight permissions, none of which are of concern. Finally, we put TunnelBear through a virus and malware scan to test for any malicious software it may contain, and we found none.
Only 41 countries available
TunnelBear has increased its server list twofold from 23 to 41 available countries, but it's still not competing with the very best VPNs for quantity and spread of locations. There are no city-level options and it's heavily focused on the most popular countries in North America and Europe.
TunnelBear has a very small VPN server network covering just 41.
The most popular server locations among VPN users are present. You’ll find servers in the US, UK, and Australia, as well as France, Germany, and the Netherlands.
There are also servers in India, Japan, and Singapore, and limited options in Mexico and Brazil. However, TunnelBear has no VPN servers at all in Africa.
If you’re looking for a large number of server locations then we don’t recommend choosing TunnelBear. Top VPN services offer at least 60 locations, if not more. Our Private Internet Access review, for example, details the services much larger server network.
Undisclosed number of servers and IP addresses
TunnelBear isn’t transparent about the exact number of servers or IP addresses it maintains. There is no way of knowing how well distributed traffic will be in any given location.
No dedicated streaming or P2P servers
There are also no dedicated servers for streaming or torrenting. Users will therefore have to cycle through locations until they find a server that works for them.
No city-level servers
There aren’t any city-level servers, either. This is particularly frustrating for US users looking to find a server close to home, or users in large countries like Australia.
All TunnelBear servers are physical (bare-metal), rather than virtual. In other words, they are physically located where you expect them to be.
TunnelBear owns its servers
TunnelBear also owns its server network, so there are no additional third parties involved in the management of the servers.
Controlling your server infrastructure goes a long way in helping prevent vulnerabilities. The NordVPN hack proved that using third-party data centers can pose a significant risk.
GhostBear obfuscation tool available
GhostBear is designed to get around strict government censorship, but it's unreliable in China. We do recommend TunnelBear if you're in a country with less robust censorship like Iran, which TunnelBear targets as part of its anti-censorship initiative.
On paper, TunnelBear has the right tools to bypass strict web censorship, especially in China.
In reality, it can’t beat aggressive web censors, unlike these anti-censorship VPNs.
Its obfuscation feature, GhostBear, is still good for connecting out of less aggressively-censored countries like Turkey or Iran.
In fact, as part of an anti-censorship initiative, TunnelBear has offered 10GB of free data to its Iranian, Venezuelan, and Belarusian users.
The GhostBear protocol disguises (obfuscates) VPN traffic to bypass deep packet inspection (DPI) and VPN blocks. The protocol is built into the app and included on Windows, macOS, and Android.
To enable the GhostBear feature, access the settings menu and navigate to “security.” Here, check the box marked “GhostBear.”
Limited device compatibility
Platforms & Devices
TunnelBear has apps for the most popular devices but you can’t install it on router. There are no apps for streaming devices like Fire TV Stick, either. This means that TunnelBear is useless if you want to use a VPN on your Smart TV or games consoles. Consider this VPN only if you want to use it on desktop or mobile.
TunnelBear comes with custom VPN apps for Windows, macOS, iOS, and Android devices. The VPN can also be manually installed on Linux devices, too.
Both the free and paid versions of TunnelBear allow you to use up to five simultaneous devices using just one subscription, which is the standard limit for VPN services.
No router support and no Fire TV Stick app
It’s not possible to set up TunnelBear on a router. There are also no apps for Amazon Firestick or Android TV, and no Smart DNS tool.
Basically, you won’t be able to use TunnelBear on games consoles, Apple TV, Roku and smart TVs.
This disappointing lack of compatibility clashes with its user-friendly image.
A TunnelBear plan includes browser extensions for:
Both browser add-ons are easy to add to your browser with no manual configuration necessary.
There used to be an Opera one, but that was stopped.
Remember that browser extensions only encrypt web traffic from your browser, while the full VPN client encrypts all traffic to and from your device.
It’s shame that TunnelBear’s browser extensions don’t include any extra features like an ad-blocker, for example. However, the company operates a standalone ad-blocker extension simply called Blocker.
Simple apps easy to install
Ease of Use
TunnelBear's design is delightful, and the apps are simple to use. They're not very advanced, which is good for usability but bad for experts. The iOS is especially lacking features.
How to Install & Set Up TunnelBear VPN
TunnelBear’s apps are extremely simple and easy to use.
The small number of advanced features on offer may not satisfy experienced users, but if you’re just getting started with using a VPN it makes the process much easier.
Setup is also very easy for the custom apps – just download the software from the TunnelBear website and sign in. It’s a little more complicated for Linux, but there are simple step-by-step instructions for Linux installation on the TunnelBear website.
All the TunnelBear apps use the same design, so you’ll have a familiar experience no matter which device you’re using.
That said, there is some variability in the features available on each platform. The iOS app has no VPN kill switch or obfuscation technology, and there is no option to switch between protocols on any device.
We’d like to see a search function included to help users easily find their closest location. A list of servers with basic information such as load and ping time would also be an excellent addition for usability.
Overall, TunnelBear opts for a unique approach that’s best suited to beginners. The mobile and desktop applications are practical and fine for simple use, but there are lots of better and more feature-rich VPNs available. Experienced users looking for lots of advanced settings might be happier with a different provider.
Like all of its applications, TunnelBear’s Windows client is very simple. By default, it only shows you what’s absolutely necessary: your location, the tunnel you’re using, and the location you’re connected to.
The main screen consists of a large black and white map with orange tunnel icons where each of TunnelBear’s servers are located. You can click on the tunnels to connect to a particular server, or use the drop-down list at the top of the app. There’s also the option to connect to the ‘Fastest’ server, which is usually the one closest to your physical location.
When the VPN is connected the slider at the top will turn orange and say ‘On’, and the map will change to full color. To disconnect, just click the slider.
By clicking on the cog symbol on the left-hand side of the app you can access TunnelBear’s settings menu.
The client doesn’t have many settings, but the few you get are useful. There’s obfuscation and a VPN kill switch, along with the option to load the VPN automatically when Windows starts. You can also set the client to automatically connect whenever you use a WiFi network that you haven’t marked as “trusted”.
All the settings can be toggled on and off easily, and there are tool tips to help further explain certain features to beginners.
There is no option to change protocol, though you can switch between TCP and UDP connections. Otherwise, the app selects automatically between OpenVPN and IKEv2.
Overall, TunnelBear’s Windows client isn’t bad. If your needs are simple you might find it’s the perfect way to encrypt your connection without any hassle. However, there’s lots of scope for improvement and the client’s interface and basic feature list could disappoint more experienced users.
TunnelBear’s macOS client is a menu bar app, which isn’t as easily accessible as the other free-standing apps on offer.
It’s much like the Windows app with a colorful map and bear animations, making it much easier on the eye compared to other VPN apps.
You’ll find the the same features in the settings menu too, which include:
- Trusted Networks
- TCP override
The Android app is almost exactly the same as TunnelBear’s desktop apps, but with even fewer settings. There’s obfuscation and a VPN kill switch, but no Trusted Networks or TCP Override.
The ability to use split tunneling is unique to the Android app, though. This feature allows you to select apps or services to route outside of the VPN tunnel, which can be useful for websites that need access to your real location.
There are also a couple of features that add to TunnelBear’s cutesy approach to online security. There are Bear Sounds and Cloud settings, which enables cloud graphics to float over the map.
As is usually the case with VPN iOS apps, TunnelBear’s iOS client is the most stripped-back of all its native applications.
The only settings on offer are Trusted Networks and Bear Sounds. There’s no VPN kill switch or obfuscation technology. The iOS app also automatically selects the VPN protocol – either OpenVPN or IKEv2.
No live chat support
TunnelBear's support is disappointing as its hard to get in touch with a human being. The live chat feature is automated, and you have to answer lots of questions before you can get a proper reply, which is only sent to your email. You have to be a subscriber to get any sort of help, including if you just want to contact support through an email form. Online resources aren't extensive, either.
TunnelBear does not offer live chat support. Instead, there is a chatbot incapable of answering many simple questions.
Alternatively you can send an email via an online form. But you have to be an already existing TunnelBear customer.
For a VPN aiming to provide a simple experience for beginners, the inability to provide immediate customer support or answer questions is disappointing.
Many premium VPN services like ExpressVPN offer 24/7 live chat to help troubleshoot user queries.
Good ticketing system
At least, the company’s ticketing system works well. We received full responses in a fast, polite, and friendly manner. That said, it’s certainly not as convenient as the instant support live chat provides.
There is also an online help section covering troubleshooting, FAQs, and billing.
The focus is on VPN newbies, so there’s not much information regarding protocols, encryption, or technical implementation.
The connection issues page does contain information about ports and tethering, but there’s no in-depth information to be found.
No refund guarantee
Price & Value for Money
Considering its flaws, TunnelBear doesn't offer good value for money. It also don't offer a money-back guarantee; it may offer a refund on a case-by-case basis. You can trial the service through its free version, but we think there should be a way for unhappy customers to get their money back.
The paid version of TunnelBear has three subscription plans:
US$9.99/moBilled $9.99 every month
US$4.99/moBilled $59.88 every year
US$3.33/moBilled $99.99 for the first two years
There is no free trial without data caps, or a money-back guarantee.
TunnelBear’s monthly plan is the most expensive, giving you unlimited data for $9.99 per month. The yearly plan costs $4.99 per month while the three-year plan costs $3.33.
These prices are towards the low end of the typical VPN price range. We don’t think it’s particularly great value for money, though, given the VPN’s streaming and P2P issues.
There is a student discount, however, which we don’t see much of.
For businesses of two or more people, you can purchase TunnelBear teams, which costs $5.75 per month.
Payment & refund options
You can pay for a TunnelBear subscription the following ways:
TunnelBear accepts a limited number of payment methods, including credit and debit cards and Bitcoin.
We like the option to pay via anonymous cryptocurrency. But you can’t pay using PayPal, which is uncommon for a VPN service.
There isn’t an option to use other international methods like AliPay or UnionPay, either.
A VPN for newcomers only
The Bottom Line
TunnelBear is a fun, well-designed, and safe VPN. It makes a great choice for newcomers looking to secure their traffic and hide their IP address at home or on public WiFi.
It’s a good choice for privacy with top-notch encryption, multiple security audits, and a solid logging policy. That said, its Canadian jurisdiction and identified vulnerabilities might put some of the most privacy-conscious users.
Though secure, TunnelBear is not aimed at VPN experts. There’s a limited number of server locations, a lack of advanced security features, and it doesn’t work in highly-censored countries like China.
For entertainment needs it fails, too – it cannot unblock Netflix, BBC iPlayer, or Hulu, and it isn’t compatible with routers or other streaming devices like Fire TV Stick or Apple TV.
We’d like to see improvements to TunnelBear’s iOS app, automated live support, and overall platform compatibility.
If you’re an advanced user looking to stream content from overseas or play with lots of configurable settings, we’d recommend looking elsewhere.
If you’re a beginner and you simply want to securely hide your IP address for a half-decent price, TunnelBear might be the VPN for you.
Additional research by David Hughes
Alternatives to TunnelBear VPN
Unlike TunnelBear, CyberGhost is great for streaming, with dedicated servers that unlock Netflix, BBC iPlayer, and more. It has more configurable options but is still very easy to use. You can install CyberGhost on routers, too. Read CyberGhost review
Surfshark is another beginner-friendly VPN, and it provides over double the number of server locations that TunnelBear has. It also works well with streaming services and devices. Read Surfshark review