TunnelBear VPN
VPNs can seem like a complicated technology, packed with low-level geeky details that hardly anyone understands, but check the TunnelBear site and you'll quickly realize this service does things differently.
The Canadian-based, McAfee-owned company doesn't drown you in jargon. There's little talk of protocols, no mention of encryption types, barely any technical terms at all. Instead, the site focuses on the fundamentals, such as clearly explaining why you might want to use a VPN in the first place.
This approach won't work for everyone. If you're an experienced user and want to get down to the technical details of the service, for instance, you're likely to be disappointed. Search for DNS on the ExpressVPN site, for instance, and right now you'll get 47 hits; search at Tunnelbear and you'll get four.
- Want to try TunnelBear? Check out the website here
The service specs are relatively basic, too. The network has a mid-sized 46 countries, and there are apps for Windows, Mac, iOS and Android, as well as extensions for Chrome and Firefox. But again, there's not a lot for demanding users, with no significant help for getting the service working on routers, games consoles, Chromebooks, Linux, with OpenVPN, or anything else.
Still, if you're happy with the regular apps, TunnelBear's support for up to five simultaneous connections means you'll be able to have most of your devices running at the same time.
TunnelBear pricing
TunnelBear's free account provides a horribly limited 500MB of traffic a month, barely enough to run even a single basic speed test. But it's a simple way to check out the interface and make sure you can connect.
Its monthly plan gives you unlimited data for a reasonable $9.99 a month, though. The price drops to an effective $4.88 a month on the annual plan, or $3.33 if you sign up for three years.
These are competitive prices which beat most providers, although there are a few with cheaper deals. Private Internet Access asks $2.19 a month on its three-year plan, ZenMate’s three-year plan is priced at a monthly $1.64, and opting for Ivacy's five-year plan cuts the cost to a supercheap $1.33.
If you do sign up for TunnelBear, keep in mind that there's no money-back guarantee. The small print says: "While all amounts paid are non-refundable, certain refund requests for subscriptions may be considered by TunnelBear on a case-by-case basis." Presumably, you might get a refund if you've had really bad service, but it's entirely up to the company to decide. Not quite as friendly as the cuddly cartoon bears suggest, then.
There's a small plus in TunnelBear's Bitcoin support. This is limited, though – it's available with the one-year plan only, not the monthly or three-year options – and elsewhere, there's no PayPal support; it's strictly card-only.
Privacy and logging
TunnelBear's privacy policy is one of the most thorough we've seen from any VPN provider, with in-depth information on everything the service collects, and everything it doesn't. We do mean thorough, too – the details go right down to the names, purposes and expiry dates of the cookies used by TunnelBear.com.
The logging policy is clearly described, with TunnelBear explaining that it does not collect "IP addresses visiting our website", "IP addresses upon service connection", "DNS Queries while connected", or "Any information about the applications, services or websites our users use while connected to our Service." As a result, the company says, it can't link any of its users to an action carried out by a specific IP address. Sounds good to us.
The service does record what it calls 'operational data', updating this when you connect to the network. That includes the OS version of your device, TunnelBear app version, whether you've been active this month and the bandwidth you've used. Not quite zero logging, then, but it's far less than we've seen elsewhere, and there's nothing here that anyone could use to begin to link you to a specific online action.
While that looks great, there's normally no way to tell whether you should trust what a VPN provider is telling you. But TunnelBear is a little different. The company now has independent specialists Cure53 run an annual public security audit covering many different areas of the service. The fourth audit, covering 2020, included the mobile and Windows clients, browser extensions, the service infrastructure, backend and frontend systems, and the public website.
The last audit results weren't perfect (we would have been suspicious if they were), and the report detailed five vulnerabilities: two low, two medium and one high risk. These didn't compromise users, though, and were more about ways TunnelBear systems could be attacked.
For instance, Cure53 spotted a way that an attacker could prevent someone logging into Tunnelbear if they knew the victim's account email address. Annoying? Yes. A disaster? No.
Issues like this are no surprise when a service puts itself under this level of scrutiny (a Cure53 audit is seriously thorough), and all issues are now fixed. And the only reason we know about this at all is that unlike many providers who have security audits, TunnelBear's report is available to read online (it's a PDF linked from this blog post).
Overall, we must applaud TunnelBear for its level of transparency. Most VPNs have never had any form of security audit, and the providers who have actually made some movement in this direction typically have one-off audits with a far narrower scope. That's just not good enough, and it's great to see TunnelBear leading the way.
Torrents
VPNs usually don't like to shout about their torrent support, and it's not difficult to see why. Torrent users are likely to gobble up much more bandwidth than others, and if that involves downloading illegal stuff, it could provoke more attention from the copyright police.
TunnelBear takes this quiet approach to an extreme, though, with barely any references to P2P and torrents on the entire TunnelBear website.
Undaunted, we raised a query with the support team, and a polite response soon arrived. TunnelBear supports torrents at all locations, the agent explained, but they also recommended specific tunnels (Canada, US, UK, Romania, Netherlands, Germany, Sweden) if we had problems elsewhere.
We've no idea how likely it is that you'll have 'problems', so we tried downloading torrents from three of the other locations: Cyprus, India and New Zealand. Despite not being on TunnelBear's 'recommended' list, they all completed without any issues.
Client setup
Getting started with TunnelBear begins by handing over your email address to create an account. Accept the free option or hand over your cash for one of the paid plans, and you're offered a choice of apps for Windows, Mac, iOS and Android, as well as browser extensions for Chrome, Firefox and Opera.
If you're looking for anything more advanced, you're going to be disappointed. There's nothing for routers, or games consoles, or smart TVs, or anything else. There are no links to installation guides or troubleshooting advice. Bizarrely, the page doesn't even link to TunnelBear's OpenVPN configuration files, to help you set up other devices manually. These are available, but you have to look very hard to find them (we tracked them down in a blog post about Linux support).
If you're happy with TunnelBear's main apps, you're unlikely to notice any issues (if anything, the focus on the major platforms makes the website easier to navigate). But given that TunnelBear does have useful setup information regarding Linux, OpenVPN and more, we think the website should make this more accessible to the small number of people who might need it.
Windows client
TunnelBear's Windows VPN client opens with a grey world map, centered on your current location, with all the other VPN locations highlighted.
Map interfaces can look good, but they're not very practical to use, and this one is no exception. There's no zoom option to help you get an overview, for instance, and although you can click and drag to move your viewpoint, this won't wrap around. Scroll in any direction and you'll soon bump into the map edge and have to scroll back. If you like the idea of a map interface, check out IPVanish; it's far better.
You can also select your location in a more conventional way, by clicking the current destination at the top of the screen and choosing something else from a drop-down list. That's simple, but very plain; it's just a simple text list, with no indications of server load, ping time or anything else.
Once you've chosen a location, clicking 'On' gets you connected, and the client displays a 'connection' animation, panning the screen and plotting a line across the map to your destination. This looks good, but the client goes into overload if you choose one server while connected to another, as it pointlessly scrolls and displays animations at all three locations (previous, physical and the new location).
Connection times were reasonable for us at 2-10 seconds, depending on the distance to the server. The client displays native Windows desktop notifications when it connects or disconnects, ensuring you always know when you're protected, and when you're not.
The client's protocol handling is a little, well, unusual. It supports OpenVPN primarily, with IKEv2 as a backup option, but you don't get to choose; the client decides, based on who-knows-what rules, and the interface doesn't tell you what that decision was. So, although there's an option to use OpenVPN TCP rather than UDP connections, if the client is using IKEv2, it'll have no effect at all.
The client doesn't have many settings, but the few you get are very useful. You can have it load when Windows starts, for instance, then automatically activate the VPN whenever you access a wireless network which isn't on a custom Trusted Network list (everywhere but home and work, say).
The Obfsproxy-based GhostBear attempts to make your activities look more like regular internet traffic, perhaps helping you connect in countries like China which try to detect and block the use of VPNs.
A VigilantBear setting is essentially a kill switch, blocking all internet traffic if the VPN drops to prevent any identity leaks. We found this had some issues in extreme situations – the kill switch could fail if the app crashed, for instance, but it performed well in simpler tests.
Overall, TunnelBear's Windows client is easy to use, but there's clearly scope for improvement, and the basic feature list could disappoint experienced users.
Mobile apps
TunnelBear's Android and iOS apps have a very similar look and feel to the Windows client. There's a world map with VPN locations highlighted, a list of locations as a simpler alternative, a small number of useful settings, and not much else.
The map works a little better than the desktop version. It wraps as you expect, for instance (you can keep swiping left or right and get back to where you started). There's still no zoom, but the Android app can at least switch from portrait to landscape to give you a better view.
Server selection looks much the same, as you're able to choose locations from the map or the location list. Connections take a similar time (2-10 seconds) as on the desktop, but with less of the pointless scrolling and map animations that we saw on the desktop.
Settings deliver most of the benefits of the desktop client, like auto-connect whenever you're not accessing a trusted network, the VigilantBear kill switch, and GhostBear to try and avoid VPN blocking.
There's a welcome bonus in SplitBear (aka split tunneling), where you can choose apps which will always use your regular connection, rather than be routed via TunnelBear. You may never use this feature, but if you find the VPN breaks a particular app, you'll be glad it's there.
TunnelBear's iOS app has a similar look and feel to its Android cousin, though unfortunately with the same annoying connection animations as the desktop builds.
It drops most of the more advanced features from the other platforms. You can forget SplitBear's split tunneling, GhostBear-type obfuscation or the VigilantBear kill switch. There's a valuable extra in the ability to connect automatically for untrusted networks, though, along with somewhat less important options to enable or disable Bear Sounds, and choose a custom app icon.
Put it all together and our verdict on the mobile VPN apps is much the same as the desktop client. They get the job done and they're fine for simple use, but there are plenty of better and more feature-rich VPN apps around.
Browser extensions
Installing TunnelBear's browser extensions can make the service easier to operate, by allowing you to choose a location, connect and disconnect from inside your browser. The extensions work as proxies and so only protect your browser traffic, but if that's all you need, the extra convenience could make them worth a try.
The Chrome extension added an icon to our address bar, and tapping this enabled choosing new locations from a drop-down list.
Hit the 'Connect' button and, as usual with proxies, you're connected instantly. A tiny map updates to show your location, similar to the regular apps.
There are no extra features, no WebRTC or tracker blocking or anything else. But the extension does have a small usability plus in its keyboard shortcut support. If you want to keep your hands off the mouse, pressing Ctrl+Shift+U connects you to the VPN, and pressing it again will toggle the connection off when you're done. (A separate Alt+Shift+N shortcut toggles the connection on and off in Incognito mode.)
We checked the Firefox extension to see if it had any more options, but no, it looked and worked much the same as the Chrome version.
The browser extensions follow a very similar pattern to the apps, then – they are short on features, but relatively simple, and fine for the target audience of casual users.
Performance
To check out TunnelBear's performance, we first connected to our nearest server from a UK data center and a US location, each with 1Gbps test connections.
We then measured our download speeds multiple times using several benchmarking services – SpeedTest's site and command line app, nPerf and others – and then repeated each test in an evening session.
US download speeds reached 330-350Mbps, while UK results lagged behind a little at 230-280Mbps. These are good results for OpenVPN, and compare well with big names like IPVanish (140-180Mbps) NordVPN (190Mbps) and ExpressVPN (310Mbps).
While that sounds great, the problem is TunnelBear only supports the OpenVPN protocol, and most top providers now offer WireGuard or some custom turbocharged system of their own. ExpressVPN's Lightway reached a much faster 570-580Mbps, for instance, while CyberGhost, IPVanish and NordVPN all managed 750Mbps and above.
How much that matters depends on your devices and your network setup, of course. If you're planning regular heavy downloading via a wired network connection and a 1Gbps broadband line, then WireGuard will be useful. But if you're just looking to protect your mobile traffic when you access public Wi-Fi, TunnelBear's OpenVPN speeds should be more than enough.
Netflix and streaming
One of the major selling points of a VPN is that it can make you appear to be visiting a website from another country, perhaps giving you access to content you wouldn't be able to view otherwise. But this doesn't always work, so we test all VPNs with Netflix and more to see if they can give us access to various streaming sites.
We logged into TunnelBear's UK location and tried accessing BBC iPlayer. We had no luck with three different IPs, which is disappointing as Tunnelbear unblocked iPlayer in our last review.
It was the same story with US Netflix. Whatever we did, Netflix refused to give us access to US content.
There was a little good news when Tunnelbear unblocked Amazon Prime Video with each of our test IPs. But normal below-par service was resumed when we couldn't access Disney Plus, no matter which locations we tried.
One site unblocked out of four is a poor result, especially as TunnelBear succeeded with three sites in its last review. And many providers do even better than that: CyberGhost, ExpressVPN, Hide.me, Private Internet Access, ProtonVPN, Surfshark, and others all unblocked 100% of our test sites.
Support
TunnelBear support starts with its web-based help site. This is presented in a clear and simple way, with large icons pointing you to key areas (Getting Started, Troubleshooting, Accounts), and basic articles on the most common questions ('Why should I trust TunnelBear?', 'Why can't I access the content I want?', 'Does TunnelBear keep logs?').
Go searching for answers and you'll find TunnelBear's knowledgebase doesn't have a lot of content, but what you get is well presented and gives you a decent range of information. The Connection Issues page doesn't just offer generic 'reinstall'-type ideas, for instance. It links you to TunnelBear's Twitter page to look for service information, suggests trying out the service on another network, and points you to settings which might help.
Despite its beginner-oriented approach, there's also room for just a few more advanced tweaking ideas, with recommendations for ports which should be opened in some circumstances.
There's no live chat support, but if you need more in-depth help, a Contact page allows you to send a message to the support team. This prompts you for the type of problem, affected locations, operating system and so on, a smart way to ensure beginners provide all the key information.
We kept our test question simple, and had a friendly, helpful and accurate reply in three and a half hours. We would still prefer the near-instant response of quality live chat – because if your problem is complex and requires a lot of back and forth, questions and answers, it could take a very long time to find a solution – but as email support goes, TunnelBear isn't bad at all.
TunnelBear review: Final verdict
It's not the largest, fastest or most powerful of VPNs, but TunnelBear's ease of use and strong focus on opening up its systems to scrutiny deserve a lot of credit. We hope it fixes the Windows kill switch issue soon, but otherwise TunnelBear is worth a look, particularly for newbies.
- We've also highlighted the best VPN
0 comments:
Post a Comment