Privacy & Logging Policy
A safe VPN despite its jurisdiction
TunnelBear VPN does not log usage data that can lead back to you.
Its logging policy is simple, privacy-friendly, and transparent, listing all the data collected alongside reasons for doing so.
To summarise, TunnelBear logs:
- Bandwidth usage.
- OS version.
- App version.
- Whether or not you have used the VPN in a given month.
- Total data used each month.
- Operational events (e.g. created an account, made a payment, online ad referrals).
Close to being no-logs
Crucially, TunnelBear doesn’t keep browsing history records, DNS requests, originating IP address, or connection timestamps. In other words, the service is close to being completely no-logs.
The only personally identifiable information TunnelBear logs is your email address, to prove you have an account. There are no logs that reveal which websites you’ve visited.
TunnelBear’s transparency reports
The company also issues an annual transparency report detailing any government requests for user data.
Worryingly, TunnelBear admits to confirming a user’s email address to authorities, although it has never handed over usage information.
No server breaches or logging scandals
There have been no known incidents of server breaches or logging scandals associated with TunnelBear.
TunnelBear is based in Canada
TunnelBear was established in 2011 in Canada by Daniel Kaldor and Ryan Dochuk. It was subsequently acquired by antivirus software company McAfee in early 2018.
The VPN company still operates a separate team within McAfee, meaning the same employees continue to work on the VPN post-acquisition.
“Use your information according to Canada’s laws, regardless of which country you are located in.”
Subject to Canada and US data laws
While TunnelBear’s headquarters are in Toronto, its new ownership means that it’s also subject to US data laws.
Both the US and Canada form an integral part of the Five-Eyes data-sharing alliance, an organization designed for powerful nations to collect and share surveillance intelligence.
Moreover, both jurisdictions are known to prosecute for minor copyright violations, which is important information if you want to use a VPN for torrenting.
While TunnelBear can be subpoenaed by Canadian and US authorities, its robust logging policy and regular transparency reports prove it’s still a trustworthy and private VPN.
Independent audits prove TunnelBear is safe
To prove its commitment to transparency and user safety, TunnelBear has undergone several independent security audits.
In January 2017, Byte 255 looked into TunnelBear’s code and published the results on Hacker Noon. The article concluded the VPN has no privacy flaws and doesn’t collect any unnecessary telemetry data.
TunnelBear also commissioned cybersecurity company Cure53 to carry out four yearly independent security audits since 2017. These audits looked into TunnelBear’s apps, code, and infrastructure.
In 2019, Cure53 discovered 12 vulnerabilities of varying severity, and helped TunnelBear fix them and future-proof them. The audit concluded that TunnelBear is “a clear frontrunner among its VPN competitors when it comes to security.”
In 2020, there were “two low, two medium and one high-risk vulnerability” identified. TunnelBear claimed to fix the high-risk vulnerability immediately.
While it’s great that TunnelBear commissions regular audits, we are concerned that the auditor continues to find vulnerabilities.
Speed & Reliability
Both premium and free are surprisingly fast
TunnelBear has been slow in the past, but our most recent speed tests show promising improvements.
On local connections, TunnelBear is even faster than top VPNs like ExpressVPN, IPVanish, and Surfshark.
Surprisingly, the free version of the VPN is just as fast as the premium version, if not faster at times.
To test the VPN service’s speeds manually, we recorded our internet speed before and after connecting to TunnelBear.
Local Speed Test results before using TunnelBear VPN:
- Download Speed: 96.24Mbps
- Upload Speed: 99.52Mbps
- Ping: 1ms
Local Speed Test results with TunnelBear VPN:
Download speed loss when TunnelBear VPN is running: 8%
In essence, TunnelBear’s speed performance has been improving over time, with fast speeds on both local and international connections.
However, we did experience some connection drops during testing, and it generally took a number of seconds for the app to connect.
Long distance speed tests
TunnelBear’s international speeds are very strong. We recorded a speed loss of just 30% connecting from the UK to the US.
This UK-to-US speed loss is similar to what the fastest VPNs deliver.
TunnelBear’s speeds connecting to Europe are also very fast, which is optimal for streaming European video content buffer-free.
Below are the average download and upload speeds we recorded connecting from the UK to global servers:
- Download: 67Mbps
- Upload: 16Mbps
- Download: 81Mbps
- Upload: 91Mbps
- Download: 54Mbps
- Upload: 20Mbps
- Download: 56Mbps
- Upload: 10Mbps
Connecting to Australia was slower – a 43% drop – but this is typical considering the distance, and is actually a very good result.
Equally, just 15% speed loss connecting to Germany from our UK location is very strong.
TunnelBear’s speeds aren’t the best international ones we’ve tested – Hotspot Shield’s are even quicker. Nevertheless, they’re more than fast enough for smooth HD streaming.
TunnelBear’s speed compared to rival VPNs
We tested TunnelBear’s speed manually, but we also run automated speed tests using our in-house speed test tool.
The graph below shows TunnelBear’s average download speed loss compared to rival VPNs. The lower the percentage the better.
These results are based on daily tests we run on our New York server. We cap speeds at 100Mbps to recreate a typical home internet connection.
As you can see from the chart above, TunnelBear is lagging behind top VPNs both in speed and consistency. At times, speed loss was as high as 45%.
The ideal VPN is consistently fast, like ExpressVPN, with only 5% speed loss.
TunnelBear’s ping score over this period isn’t good, either. Latency was as high as 71.48ms. On the other hand, NordVPN’s was only 3.03ms.
Works with US Netflix but not with BBC iPlayer, Disney+, or Hulu
TunnelBear is a mixed bag when it comes to streaming. It does manage to unblock region-restricted content on US Netflix and HBO Max, but it fails when it comes to Disney+, BBC iPlayer, and Hulu.
All other Netflix libraries, and other platforms we tested, all detected that we were using a VPN or proxy.
If the US server that streams Netflix stops working, the lack of city-level server locations means there are no backup options.
Clearly, TunnelBear hasn’t invested any resources into unblocking streaming services.
However, we did have success streaming from US-exclusive HBO Max and Amazon Prime Video. If you’re fans of these platforms you can use TunnelBear. But we can’t guarantee its reliability.
TunnelBear Free Streaming: Unblocks US Netflix
TunnelBear Free is currently able to access US Netflix – one of the only free VPNs to do so. It can also get around HBO Max georestrictions and UK blocks to access BBC iPlayer, All 4, and ITV Hub.
The problem is its 500MB data cap that won’t allow you to stream for long.
The one positive is that free TunnelBear data accumulates instead of refreshing from scratch every month. So if you don’t use it for a few months, you’ll have far more data to stream.
We don't recommend TunnelBear for torrenting
Although you can torrent on any TunnelBear server, the VPN is not very good for torrenting. None of the service’s servers are optimized for P2P.
Officially, if the company believes you have violated copyright law, it retains the right to terminate your account without notice.
The company’s support team clarified to us that users should be able to share files on the network. They recommended using servers in Canada, US, UK, Romania, Netherlands, Germany, or Sweden.
We tested TunnelBear’s torrent speeds using qBittorrent and uTorrent. The VPNs torrent speeds were much slower than the top-rated torrenting VPNs.
TunnelBear recorded an average bitrate of only 2.9MiB/s. This is poor compared to IPVanish’s download bitrate of 9.9MiB/s, and ExpressVPN’s of 9.4MiB/s.
At least the VPN’s kill switch, “VigilantBear,” worked well on Windows, macOS, and Android devices. It kept our IP address concealed during sudden VPN connection drops.
We also didn’t detect torrent IP leaks, plus the VPN’s logging policy is private enough for safe torrenting.
Torrenting is also permitted on TunnelBear’s free VPN. But the 500MB/month data cap prevents you from downloading many files.
Security & Extra Features
Solid Security But Lacking Configurability
|Protocols||Available in TunnelBear VPN|
|Encryption||Available in TunnelBear VPN|
|Security||Available in TunnelBear VPN|
|DNS Leak Blocking||Yes|
|IPv6 Leak Blocking||No|
|Supports TCP Port 443||No|
|VPN Kill Switch||Yes|
|WebRTC Leak Blocking||No|
|Advanced Features||Available in TunnelBear VPN|
|Tor over VPN Server||No|
Despite its playful design, TunnelBear takes its privacy seriously. This is a secure VPN.
Both the free and paid versions are highly encrypted, using the AES-256 cipher for Windows, macOS, and Android.
OpenVPN protocol is default and the WireGuard and IKEv2 protocol is also available on iOS and Windows.
Both IKEv2 and OpenVPN are secure and reliable VPN protocols, though OpenVPN is the current industry-standard.
IP, DNS, or WebRTC leaks
IP and DNS leaks can expose personal information like your IP address, physical location, and browsing activity.
Using our IP and DNS leak test tool, we can confirm TunnelBear passed all our VPN leak tests.
The kill switch also worked to shield our IP address on Windows, macOS, and Android.
TunnelBear operates its own zero-log DNS servers and it doesn’t record any of the websites you visit. This also ensures your ISP isn’t able to monitor your web browsing activity.
When Mozilla released Firefox 73.0, many VPN browser add-ons began to leak WebRTC requests. So did TunnelBear’s, but the service’s engineers fixed the issue almost immediately. Now all of TunnelBear’s browser extensions are leak-free.
Full disk encryption and private DNS servers
A report by the Center for Democracy & Technology also reveals that each TunnelBear server is protected by full disk encryption, malware scans, and intrusion protection software.
TunnelBear VPN also uses private DNS servers, perfect forward secrecy and a secure Diffie-Hellman key exchange. The latter ensures you’re connecting to a verified TunnelBear server every time you use the VPN.
Narrow range of good security features
TunnelBear offers a small selection of advanced security features, including:
VigilantBear (Kill Switch)
TunnelBear’s VPN kill switch is called “VigilantBear.” It blocks web traffic if the VPN connection gets disrupted. This prevents your true IP address from being exposed, and is an essential feature of any top-tier VPN.
VigilantBear is available on Windows, Mac, and Android devices, but not on iOS devices.
This is very common due to Apple’s strict guidelines, but it’s not impossible and VPNs like Private Internet Access offer a kill switch on iOS.
Another useful feature is TunnelBear’s GhostBear protocol.
It’s designed to mask your VPN traffic as ‘normal’, making it harder for governments, businesses, and ISPs to detect and block your VPN connection. It will slow your traffic, though.
There’s also RememBear (password manager) and SplitBear (split tunneling) for Android.
Missing extra tools
Aside from the features above, TunnelBear isn’t very configurable and lacks more advanced security settings.
For example, there is no port forwarding or double (multihop) VPN, and you can’t control your encryption settings.
Trackers, malware, and permissions
We used the εxodus tool to scan TunnelBear’s Android app for trackers and dangerous permissions.
Reassuringly, we can confirm the Android app contains no trackers whatsoever.
This result is ideal for privacy and isn’t as common as you’d think. Some of the best VPNs contain marketing and bug trackers – even NordVPN has seven.
While TunnelBear might need to wait for users to report crashes instead of actively tracking them, this method is preferable for those seeking the highest levels of privacy.
The app also uses eight permissions, none of which are of concern. Finally, we put TunnelBear through a virus and malware scan to test for any malicious software it may contain, and we found none.
Servers in 47 countries
TunnelBear has a reasonable server network that covers 47 countries.
You’ll find servers in the the most popular server locations: US, UK, and Australia, as well as France, Germany, and the Netherlands.
There are also servers in Japan and Singapore, and limited options in Mexico and Brazil. TunnelBear has no VPN servers at all in Africa.
TunnelBear removed its India servers after the country introduced a law demanding VPNs log user data as well as its Ukraine server following the Russian invasion.
If you want a large number of server locations, then we don’t recommend choosing TunnelBear. It’s not terrible, but we’ve tested top VPNs that operate servers in upwards of 100 countries. For example, Private Internet Access has servers in 84 countries.
Undisclosed number of servers and IP addresses
TunnelBear isn’t transparent about the exact number of servers or IP addresses it maintains. There is no way of knowing how well distributed traffic is in any given location.
City-level servers in the US & Canada
TunnelBear has city-level choices in the US and Canada only. This is an improvement as it used to have no choices at all. But a large country like Australia would also benefit from city-level options.
TunnelBear owns its bare-metal servers
All TunnelBear servers are physical (bare-metal), rather than virtual. They are physically located where you expect them to be.
Furthermore, TunnelBear owns its entire server network, so no additional third parties are involved in the maintenance of its servers.
Controlling your server infrastructure goes a long way in preventing security incidents. The NordVPN hack proved that using third-party data centers can pose significant risks.
Bypassing Web Censorship
GhostBear obfuscation tool available
On paper, TunnelBear has the right tools to bypass strict web censorship, especially in China.
In reality, it can’t beat aggressive web censors, unlike these anti-censorship VPNs.
Its obfuscation feature, GhostBear, is still good for connecting out of less aggressively-censored countries like Turkey or Iran.
In fact, as part of an anti-censorship initiative, TunnelBear has offered 10GB of free data to its Iranian, Venezuelan, and Belarusian users.
The GhostBear protocol disguises (obfuscates) VPN traffic to bypass deep packet inspection (DPI) and VPN blocks. The protocol is built into the app and included on Windows, macOS, and Android.
To enable the GhostBear feature, access the settings menu and navigate to “security.” Here, check the box marked “GhostBear.”
Device & OS Compatibility
Limited device compatibility
TunnelBear comes with native VPN apps for Windows, macOS, iOS, and Android devices. The VPN can also be manually installed on Linux devices, too.
Both the free and paid versions of TunnelBear allow you to use up to five simultaneous devices using just one subscription, which is the standard limit for VPN services.
No router support and no Fire TV Stick app
It’s not possible to set up TunnelBear on a router. There are also no apps for Amazon Firestick or Android TV, and no Smart DNS tool.
Basically, you won’t be able to use TunnelBear on games consoles, Apple TV, Roku and smart TVs.
This disappointing lack of compatibility clashes with its user-friendly image.
A TunnelBear plan includes browser extensions for:
Both browser add-ons are easy to add to your browser with no manual configuration necessary.
There used to be an Opera one, but that was stopped.
Remember that browser extensions only encrypt web traffic from your browser, while the full VPN client encrypts all traffic to and from your device.
It’s shame that TunnelBear’s browser extensions don’t include any extra features like an ad-blocker, for example. However, the company operates a standalone ad-blocker extension simply called Blocker.
Ease of Use
Simple apps easy to install
How to Install & Set Up TunnelBear VPN
TunnelBear’s apps are extremely simple and easy to use.
The small number of advanced features on offer may not satisfy experienced users, but if you’re just getting started with using a VPN it makes the process easier.
Setup is also very easy for the custom apps – just download the software from the TunnelBear website and sign in. It’s a little more complicated for Linux, but there are simple step-by-step instructions for Linux installation on the TunnelBear website.
All the TunnelBear apps use the same design, so you’ll have a familiar experience no matter which device you’re using.
That said, there is some variability in the features available on each platform. The iOS app has no VPN kill switch or obfuscation technology, and there is no option to switch between protocols on macOS.
We’d like to see a server search function to help users easily find their closest location. Basic information such as load and ping time would also be an excellent addition for usability.
Overall, TunnelBear opts for a unique approach that’s best suited to beginners. The mobile and desktop applications are practical and fine for simple use, but there are lots of better and more feature-rich VPNs available. Experienced users looking for lots of advanced settings might be happier with a different provider.
By default, TunnelBear’s Windows client only shows you what’s absolutely necessary: your location, the tunnel you’re using, and the location you’re connected to.
The main screen consists of a large black and white map with green tunnel icons where each of TunnelBear’s servers are located. You can click on the tunnels to connect to a particular server, or use the drop-down list at the top of the app. There’s also the option to connect to the ‘Fastest’ server, which is usually the one closest to your physical location.
When the VPN is connected the slider at the top will turn orange and say ‘On’, and the map will change to full color. To disconnect, just click the slider.
By clicking on the cog symbol on the left-hand side of the app you can access TunnelBear’s settings menu.
The client doesn’t have many settings, but the few you get are useful. There’s obfuscation and a VPN kill switch, along with the option to load the VPN automatically when Windows starts. You can also set the client to automatically connect whenever you use a WiFi network that you haven’t marked as “trusted”.
TunnelBear has improved its Windows app as you can now change protocols via its settings. This wasn’t possible before.
Overall, TunnelBear’s Windows client isn’t bad. If your needs are simple you might find it’s the perfect way to encrypt your connection without any hassle. However, there’s lots of scope for improvement and the client’s interface and basic feature list could disappoint more experienced users.
TunnelBear’s macOS client is a menu bar app, which isn’t as easily accessible as the other free-standing apps on offer.
It’s much like the Windows app with a colorful map and bear animations, making it much easier on the eye compared to other VPN apps.
You’ll find the the same features in the settings menu too, which include:
- Trusted Networks
- TCP override
However, you still cannot change your protocol on macOS.
The Android app is almost exactly the same as TunnelBear’s desktop apps, but with even fewer settings. There’s obfuscation and a VPN kill switch, but no Trusted Networks or TCP Override.
The ability to use split tunneling is unique to the Android app, though. This feature allows you to select apps or services to route outside of the VPN tunnel, which can be useful for websites that need access to your real location.
There are also a couple of features that add to TunnelBear’s cutesy approach to online security. There are Bear Sounds and Cloud settings, which enables cloud graphics to float over the map.
As is usually the case with VPN iOS apps, TunnelBear’s iOS client is the most stripped-back of all its native applications.
The only settings on offer are Trusted Networks and Bear Sounds. There’s no VPN kill switch or obfuscation technology. The iOS app also automatically selects the VPN protocol – either OpenVPN or IKEv2.
No live chat support
|Customer Support||Available in TunnelBear VPN|
|24/7 Live Chat Support||No|
|24/7 Email Support||No|
|Live Chat Support||No|
|Email Support via Online Form||No|
|No Support Available||No|
TunnelBear does not offer live chat support. Instead, there is a chatbot incapable of answering many simple questions.
Alternatively you can send an email via an online form. But you have to be an already existing TunnelBear customer.
For a VPN aiming to provide a simple experience for beginners, the inability to provide immediate customer support or answer questions is disappointing.
Many premium VPN services like ExpressVPN offer 24/7 live chat to help troubleshoot user queries.
Good ticketing system
At least, the company’s ticketing system works well. We received full responses in a fast, polite, and friendly manner. That said, it’s certainly not as convenient as the instant support live chat provides.
There is also an online help section covering troubleshooting, FAQs, and billing.
The focus is on VPN newbies, so there’s not much information regarding protocols, encryption, or technical implementation.
The connection issues page does contain information about ports and tethering, but there’s no in-depth information to be found.
Price & Value
Expensive with no refund guarantee
The paid version of TunnelBear has three subscription plans:
US$9.99/moBilled $9.99 every month
US$4.99/moBilled $59.88 every year
US$3.33/moBilled $120.00 every three years
There is no free trial without data caps, or a money-back guarantee. TunnelBear had removed its one-month plan but has reintroduced it.
There are two other plans available: a yearly plan that costs $4.99 per month, and a three-year plan that costs $3.33 per month.
These prices are towards the low end of the typical VPN price range. However, we think the VPN is overpriced given its number of weaknesses.
There is a student discount available, however, which very few VPN services offer.
Payment & refund options
You can pay for a TunnelBear subscription the following ways:
- American Express
TunnelBear accepts a limited number of payment methods, including credit and debit cards and Bitcoin.
We like the option to pay via anonymous cryptocurrency. But you can’t pay using PayPal, which is uncommon for a VPN service.
There isn’t an option to use other international methods like AliPay or UnionPay, either.
The Bottom Line
A VPN for newcomers only
TunnelBear is a fun, well-designed, and safe VPN. It makes a great choice for newcomers looking to secure their traffic and hide their IP address at home or on public WiFi.
It’s a good choice for privacy with top-notch encryption, multiple security audits, and a solid logging policy. That said, its Canadian jurisdiction and identified vulnerabilities might put some of the most privacy-conscious users.
Though secure, TunnelBear is not aimed at VPN experts. There’s a limited number of server locations, a lack of advanced security features, and it doesn’t work in highly-censored countries like China.
For entertainment needs it fails, too – it cannot unblock Netflix, BBC iPlayer, or Hulu, and it isn’t compatible with routers or other streaming devices like Fire TV Stick or Apple TV.
We’d like to see improvements to TunnelBear’s iOS app, automated live support, and overall platform compatibility.
If you’re an advanced user looking to stream content from overseas or play with lots of configurable settings, we’d recommend looking elsewhere.
If you’re a beginner and you simply want to securely hide your IP address for a half-decent price, TunnelBear might be the VPN for you.
Additional research by David Hughes
Alternatives to TunnelBear VPN
Unlike TunnelBear, CyberGhost is great for streaming, with dedicated servers that unlock Netflix, BBC iPlayer, and more. It has more configurable options but is still very easy to use. You can install CyberGhost on routers, too. Read CyberGhost review
Surfshark is another beginner-friendly VPN, and it provides over double the number of server locations that TunnelBear has. It also works well with streaming services and devices. Read Surfshark review
Was this content helpful?