TunnelBear VPN Review

TunnelBear collects some information to maintain its service: your email address, device information (OS version and app version), whether you’ve been active in the previous month, and total data used (deleted at the end of each month).

This level of data collection is relatively common for a VPN service and can be justified, but it holds TunnelBear back from being a top-rated no-logs VPN, like PIA or Perfect Privacy.

TunnelBear is also based in Canada, which is an awful location for user privacy. However, its logging policy means that it’s unable to provide the IP addresses and browsing history of its users, even if it were forced to.

TunnelBear operates its own zero-log DNS servers, and it doesn’t record any of the websites you visit. This also ensures your ISP isn’t able to monitor your web browsing activity.

Who Owns TunnelBear?

TunnelBear was established in 2011 by Daniel Kaldor and Ryan Dochuk. In 2018, it was acquired by antivirus software company McAfee.

The VPN company still operates a separate team within McAfee, meaning the same employees continued to work on the VPN post-acquisition.

McAfee was also previously owned by Intel, but was sold to a number of private equity firms in March 2022, including Advent International and Permira.

Cooperated with Authorities to Help Confirm a User

In 2020, TunnelBear cooperated with US authorities by confirming a user’s account via their email address. Crucially, no further identifiable information was handed over to the authorities.

While it’s a good sign that TunnelBear didn’t share any activity or connection logs, this incident highlights the drawbacks of a Canadian jurisdiction.

Moreover, TunnelBear used to issue an annual transparency report detailing any government requests for user data. Since the incident, the company hasn’t released any further transparency reports.

That means it’s impossible to know whether it’s received more requests for user data, and whether it has confirmed more users with accounts.

Subject to Canadian & US Data Laws

While TunnelBear’s headquarters are in Toronto, its new ownership means that it’s also subject to US data laws.

Both the US and Canada form an integral part of the Five Eyes data-sharing alliance, an organization designed for powerful nations to collect and share surveillance intelligence.

Moreover, both jurisdictions are known to prosecute for minor copyright violations, which is important information if you want to use a VPN for torrenting.

While TunnelBear can be subpoenaed by Canadian and US authorities, it has a robust logging policy that prevents your IP address and browsing history from being leaked.

TunnelBear Is Not Completely Private

To summarize, we trust TunnelBear to protect our activity logs and IP address, but you shouldn’t trust it if you need to hide your VPN usage from the authorities.

Its privacy policy is better than the average VPN. TunnelBear doesn’t record any activity logs or identifying data, but it’s not a zero-logs VPN. Furthermore, its privacy-unfriendly Canadian jurisdiction, corporate ownership, and lack of a warrant canary work against it.

If you prioritize maximum privacy, an alternative no-logs VPN that has never confirmed a user’s identity is Private Internet Access (PIA).

Using a 100Mbps internet connection to gather VPN speed data, we tested TunnelBear Premium’s speeds on six continents. Here are our results:

As you can see, TunnelBear’s speeds are very impressive on local connections, only dropping to 95Mbps. You can expect similar results when connecting to nearby servers wherever you’re located.

TunnelBear’s international speeds are also impressive. We experienced an average international speed of 88Mbps when connecting to countries abroad.

These speeds are more than enough for browsing, streaming full HD 1080p video content, and mobile gaming.

You can compare TunnelBear’s local and international speeds to other leading VPNs in the bar chart below:

TunnelBear Free Speed Tests

TunnelBear Free is very fast for a free VPN. Connected to the nearest server in New York, we measured a local speed loss of just 5% – identical to the paid version.

It’s similarly good for long-distance connections. For example, our normal internet speed only dropped by 26% when connecting to Australia – 10,000 miles away.

One major advantage to TunnelBear Free is that you get access to its entire paid server network, which is extremely rare for a free VPN. In comparison, Atlas VPN Free only gives you access to three locations.

Low Ping for Lag-Free Gaming

Both TunnelBear’s paid and free apps are ideal for mobile gaming. It performed exceptionally well in our ping tests — even beating ExpressVPN, the top-rated VPN for gaming.

While connected to a local VPN server, we recorded consistent ping times below 6ms, which is excellent for a free service.

That said, we did experience occasional disconnects from the TunnelBear server while mobile gaming, which could be improved.

Although its speeds are exceptional, TunnelBear Free only offers 500MB of monthly data, which simply isn’t enough for regular gaming. AtlasVPN is faster and also offers 4.5GB more data.

Here are the results of our streaming tests when using TunnelBear:

TunnelBear is a mixed bag when it comes to streaming. Its paid version does work to unblock region-restricted content on US Netflix, HBO Max, and BBC iPlayer.

However, the VPN service’s free version only unblocks a couple of UK streaming services and YouTube. There are other free VPNs that are much better at bypassing geo-restrictions — try Windscribe and PrivadoVPN instead.

Tested: TunnelBear Unblocks US Netflix

In our tests, TunnelBear VPN unblocked American Netflix on nine of its 13 US servers. A majority of servers worked with Netflix, but you might have to cycle through a few if you find one that doesn’t work.

The following TunnelBear server locations were immediately blocked by Netflix: Dallas, New York, San Jose, and Seattle. We weren’t even able to login with these IP addresses.

TunnelBear Unblocks Disney+ & HBO Max

TunnelBear also works with a handful of other US streaming services. Using it, we managed to stream geo-restricted content on Disney+, HBO Max, and YouTube.

However, we weren’t able to stream Amazon Prime Video — TunnelBear was detected and blocked on multiple US servers.

TunnelBear Free Doesn’t Unblock US Streaming Platforms

In our streaming tests, TunnelBear Free didn’t perform as well as its paid version, which is to be expected.

Its free version was blocked from accessing every US streaming service, including US Netflix, HBO Max, Disney+, and Hulu.

It does work with some UK services including All4 and ITVX, but it does not work to unblock BBC iPlayer.

Since TunnelBear Free only offers one server in each country, we weren’t able to use a back-up server to unblock BBC iPlayer, either.

The worst thing about streaming with TunnelBear Free is that it has a 500MB monthly data cap, which won’t let you stream for long.

The one positive is that free TunnelBear data accumulates instead of refreshing from scratch every month. So if you don’t use it for a few months, you’ll have far more data to stream.

Torrenting Attribute	TunnelBear Paid (Sweden)	TunnelBear Free (Sweden)
Average Download Bitrate	2.8MiB/s	4.2MiB/s
No. of P2P Servers	0	0
Logging Policy	No Identifying Data	No Identifying Data
Kill Switch	Yes	Yes
Port Forwarding	No	No

TunnelBear is an extremely unreliable VPN for torrenting. We tested both paid and free versions with qBittorrent and servers in seven different countries (recommended by TunnelBear).

In each test, our download was either stalled or slower than the average VPN.

TunnelBear recorded an average bitrate of only 2.8MiB/s. This is poor compared to IPVanish’s download bitrate of 9.9MiB/s, and ExpressVPN’s download bitrate of 9.4MiB/s.

Despite TunnelBear claiming to allow torrenting on all of its servers, we suspect torrenting traffic might be throttled or suspended on specific servers. In an email, TunnelBear confirmed that some locations ‘may have stricter ports for security reasons’.

There was only one server and settings combination that worked for torrenting files: a Sweden server and OpenVPN protocol, with VigilantBear disabled (though we advise enabling a kill switch whenever you torrent a file).

Unlike other VPNs, which offer a faster download speed for a paid service, TunnelBear Free was actually 1.4 MiB/s faster while torrenting than its paid counterpart. But the 500MB/month data allowance prevents you from downloading many files.

Even worse, TunnelBear doesn’t support port forwarding on any of its servers, which would make uploading or ‘seeding files’ faster.

If you’re planning to purchase or use a free VPN for torrenting, we highly recommend checking out PIA or Windscribe Free instead.

You can see the full selection of encryption and technical features that TunnelBear has below:

Despite its playful design, TunnelBear takes its security seriously. This is a secure VPN — for the most part.

Both the free and paid versions use the AES-256 cipher for Windows, macOS, iOS and Android.

The OpenVPN protocol is used by default and the WireGuard, IPSec, and IKEv2 protocols are also available on iOS and Windows.

Both WireGuard and OpenVPN are secure and reliable VPN protocols, though WireGuard is the current industry-standard and our preferred protocol.

Worrying HTML5 Geolocation leaks

IP and DNS leaks can expose personal information like your IP address, physical location, and browsing activity.

Using our IP and DNS leak test tool, we found TunnelBear passed our IPv4/IPv6 leak tests, DNS leak test, and WebRTC test, but it failed to mask our geolocation.

We’re extremely disappointed that even when using TunnelBear’s web browser extension, our HTML5 geolocation was exposed. All top-tier VPNs have some sort of leak-protection or geolocation spoofing in browser extensions and clients to prevent this from happening.

Leaking HTML5 geolocation information is very concerning, but it’s not as severe as leaking your IP address or DNS requests. As a worst case scenario, it means users will be blocked from more streaming services and won’t perform well in regions with online censorship.

Ultimately any sort of information leak disqualifies Tunnelbear from ever being a top-tier VPN.

However, it’s not completely beyond salvaging, as you can deny permission for websites to collect your HTML5 geolocation.

TunnelBear Owns its Bare-Metal Servers

All TunnelBear servers are physical (bare-metal), rather than virtual. They are physically located where you expect them to be.

Furthermore, TunnelBear owns its entire server network, including private DNS servers, so no additional third parties are involved in the maintenance of its servers.

Controlling your server infrastructure goes a long way in preventing security incidents. The NordVPN hack proved that using third-party data centers can pose significant risks.

A report by the Center for Democracy & Technology revealed that each TunnelBear server is protected by full disk encryption, malware scans, and intrusion protection software.

Not many VPNs own their entire server network, let alone an entire bare-metal server network based in the correct locations, which makes TunnelBear stand out among other mid-tier VPNs.

Effective VigilantBear (Kill Switch)

TunnelBear’s VPN kill switch is called “VigilantBear.” It blocks web traffic if the VPN connection gets disrupted. This prevents your true IP address from being exposed, and is an essential feature of any top-tier VPN.

VigilantBear is available on Windows, Mac, and Android devices, but not on iOS devices.

This is common due to Apple’s strict guidelines, but it’s still disappointing as it’s not impossible and VPNs like PIA and NordVPN offer a kill switch on iOS.

Additional Security Features

Another useful feature is TunnelBear’s GhostBear protocol. It’s designed to mask your VPN traffic as ‘normal’ HTTPS traffic, making it harder for governments, businesses, and ISPs to detect and block your VPN connection. It will slow your traffic, though.

There’s also RememBear (password manager) and SplitBear (split tunneling) for Android.

Regular Security Audits Keep TunnelBear Safe

To prove its commitment to transparency and user safety, TunnelBear has undergone multiple independent security audits.

TunnelBear commissioned cybersecurity company Cure53 to carry out five yearly independent security audits since 2017. These audits looked into TunnelBear’s apps, code, and infrastructure.

In 2019, Cure53 discovered 12 vulnerabilities of varying severity, and helped TunnelBear fix them and future-proof them. The audit concluded that TunnelBear is “a clear frontrunner among its VPN competitors when it comes to security.”

In 2020, there were “two low, two medium and one high-risk vulnerability” identified. TunnelBear claimed to fix the high-risk vulnerability immediately.

In 2021, Cure53 found four low, nine medium, three high, and three critical-risk vulnerabilities – many more vulnerabilities than the year before.

Importantly, the critical vulnerabilities were found in TunnelBear’s admin platform. They would’ve let attackers hijack admin accounts to “create a new administrator and thereby fully access both the TunnelBear and PolarBear admin portal.”

Cure53 also found one unresolved low risk vulnerability that they had previously reported on in 2018 but was still present in 2021.

While it’s great that TunnelBear commissions regular security audits and addresses most issues quickly, we are concerned that the Cure53 continues to find more critical, high risk, and medium risk vulnerabilities each year.

Missing Technical Features We’d Like to See

TunnelBear is missing some security features we’ve come to expect from premium VPN services. Here are some featured we’d like TunnelBear to add:

On paper, TunnelBear has the right tools to bypass strict web censorship, especially in China.

In reality, it doesn’t always beat aggressive web censors, unlike the best anti-censorship VPNs. We manually tested TunnelBear with our remote desktop in China and found mixed results.

Interestingly, we weren’t able to download the TunnelBear Windows app from its website once in China. Usually, we are able to connect to Astrill and then download a chosen VPN installer via its website.

Whereas with TunnelBear, the download was stalled and canceled three times. This is extremely rare and suggests a minor issue with TunnelBear’s website.

Instead, we had to preemptively download the TunnelBear installer on a different device, send it to ourselves via email, and download the TunnelBear installer from there. Using this method, we downloaded TunnelBear’s Windows app without any issues and much faster.

Once installed, we enabled GhostBear and attempted to connect to multiple servers. We failed to connect to servers in South Korea and Taiwan, but successfully connected to a server in Japan.

Despite being able to connect to YouTube, our speeds were much slower than usual, which we suspect might be due to server congestion.

Its obfuscation feature, GhostBear, is still good for connecting out of less aggressively-censored countries like Turkey or Iran.

The GhostBear protocol disguises (obfuscates) VPN traffic to bypass deep packet inspection (DPI) and VPN blocks. The protocol is built into the app and included on Windows, macOS, and Android.

To enable the GhostBear feature, access the settings menu and navigate to Security > GhostBear and make sure the box is ticked.

TunnelBear doesn’t offer live chat support. There used to be an automated chatbot, but we haven’t been able to access it in 2023.

The best way to contact customer support is to email via an online form. But you have to be an already existing TunnelBear customer. The good thing is you can sign up for a free account and use that to contact support.

For a VPN aiming to provide a simple experience for beginners, the inability to provide immediate customer support or answer questions is disappointing.

Many premium VPN services like ExpressVPN offer 24/7 live chat to help troubleshoot user queries.

Reliable Ticketing System

At least the company’s ticketing system works well. We received full responses in a fast, polite, and friendly manner.

While TunnelBear says it aims to reply within 48 hours, for the initial email we waited just 10 minutes for a response. All follow-up emails then received responses in about an hour.

That said, it’s certainly not as convenient as instant live chat support.

Online Resources

There is also an online help section covering troubleshooting, FAQs, and billing.

The focus is on VPN newbies, so there’s not much information regarding protocols, encryption, or technical implementation.

The connection issues page does contain information about ports and tethering, but there’s no in-depth information to be found.