TunnelBear Review

Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support.  Readers can learn more about how I conduct my reviews, my methodology, etc – here.  More information on review badges here.

This review’s roll was #10 (at the time of the roll, TunnelBear)

A quick note about speed tests in my reviews: I have decided to cut out the mobile speed tests for a few reasons.  Mainly to save time – as you might expect, the results are almost always consistently just a slower version of the desktop ones.  They are also not recorded on the charts anywhere anyway.  Just know that if you’re planning mainly for mobile, the on the fly encryption needed for a secure protocol will tax your mobile hardware and compared to PC hardware, will of course be relatively slower.  The methodology page has also been updated to reflect this.  On with the review!

Written November 10, 2017

Signing up for the service: The TunnelBear website is pretty standard.  It is adorned with marketing on the home page and your basic options to view pricing, purchase service, etc.  While the plan signup page showed that Bitcoin was a payment option, at first glance this was nowhere to be seen on the actual payment page.  Upon closer inspection, the option to pay by Bitcoin is ONLY available when purchasing an entire year of service, but not a single month’s worth.  This is not ideal.  Missing from all plans was the option to pay with Paypal (which, while it isn’t great option for privacy reasons, it’s also pretty much standard in the industry), so not having at least the choice to use it will be inconvenient for many.

When choosing a plan, you are presented with a free option, a pay-by-the-month option, and a year option.

Paying for a full year gives a steep discount (50%), but when you look at the un-discounted monthly price, you realize the price cut really lowers the price to around what their competitors are already charging in most cases for a typical month of service.  Companies will often do this in an attempt to pressure people to commit to longer terms, and while there’s nothing wrong with offering a discount for a longer term of service – conceptually – deep discounts like this typically indicate a concerted effort to deter month-to-month subscribership.  Bottom line is that month-to-month subscriptions give the customer the most recourse if and when something doesn’t work as advertised – and as you will see in the terms of service section below, this is especially critical to remember in the case of TunnelBear.

While I was not enthused by my experience on the site, visible in the lower left of the page is a message box announcing a recent security audit, which is nice and rare to see from a VPN company – so credit where credit’s due.

Configuring the service: Clicking the download button takes you to a page to download the TunnelBear client for Windows, MacOS, Android, and Chrome and Opera browser extensions.  Absent from the main download page however was the ability to get ovpn files for manual configuration.  After searching for a little while, I eventually found (buried in an old blog post) a link to download the manual ovpn config files in the aptly named, “TunnelBear Befriends Penguins with Limited Linux Support” entry (emphasis mine).

I would have liked to see a more readily available link for the manual config bundle, or at least in a more obvious place.  Also, it isn’t the worst thing I could mention, but in the manual config download section, there was no generator or option to change port numbers or protocols for configs.  However, you can do such things manually, if you know what TunnelBear supports.

Speed & Stability tests: Speeds were all over the place, and they barely transcended the minimum to be called broadband speeds (with US speeds consistently around 25 mbps, and international servers slow and unstable – the UK and Hong Kong servers rarely being able to even  complete a test on either beta.speedtest.net or a backup test on fast.com.  (All tests run using AES-256 UDP).  I wasn’t too impressed.  As I was using a “Free” account, I double checked in the account portal that this was not simply caused by running out of free data on the other speed tests.  (This was not the case and there WAS data remaining on the trial).  Note the trouble I had with the UK and Hong Kong servers as most tests just timed out.

Speed Tests – TunnelBear
    Latency Download Upload
No VPN Trial 1 32 ms 89.08 mbps 10.62 mbps
Trial 2 32 ms 82.92 mbps 10.59 mbps
Trial 3 32 ms 89.89 mbps 10.57 mbps
Average 32 ms 87.30 mbps 10.59 mbps
USA Trial 1 73 ms 27.70 mbps 9.89 mbps
Trial 2 75 ms 24.66 mbps 9.97 mbps
Trial 3 75 ms 25.10 mbps 9.89 mbps
Average 74 ms 25.82 mbps 9.92 mbps
Comp to Bench +42 ms 29.58% 93.61%
UK Trial 1 294 ms 1.82 mbps 6.73 mbps
Trial 2 0 ms 0.00 mbps 0.00 mbps
Trial 3 0 ms 0.00 mbps 0.00 mbps
Average 98 ms 0.61 mbps 2.24 mbps
Comp to Bench +66 ms 0.69% 21.18%
Hong Kong Trial 1 0 ms 0.00 mbps 0.00 mbps
Trial 2 0 ms 0.00 mbps 0.00 mbps
Trial 3 0 ms 0.00 mbps 0.00 mbps
Average 0 ms 0.00 mbps 0.00 mbps
Comp to Bench -32 ms 0.00% 0.00%
Australia Trial 1 329 ms 5.19 mbps 3.09 mbps
Trial 2 329 ms 5.13 mbps 3.71 mbps
Trial 3 329 ms 4.99 mbps 3.89 mbps
Average 329 ms 5.10 mbps 3.56 mbps
Comp to Bench +297 ms 5.85% 33.64%

Getting support: I reached out to support with some basic questions and also a request for a link to the manual configs (which I already knew) to find out how much their support team knew about them, since that part of the process felt like an afterthought.  A support rep replied later the following morning (still within 24 hours) with an explanation that they don’t currently provide a manual VPN connection – which contradicts their website’s blog entry mentioned earlier (from 2014), which says, “While we aren’t quite ready to build a full application for Linux, we are now offering settings and instructions for manual configuration of a connection to the TunnelBear network.”  (Yes, the configs you can download here should theoretically work for other platforms besides Linux, so my guess is the support rep was probably just unaware.  I gave them one more chance, asking them if they were SURE, and a different rep replied reinforcing what the former had (wrongly) stated.

Getting a refund: As per TunnelBear’s Terms of Service, the company offers no refunds!  Buyer beware!  (As I was using the Free trial, I didn’t need to ask for one, thankfully).  This becomes a potentially big problem, as TunnelBear goes to great lengths to wash their hands of all responsibility to their customers, as you will see below in their Terms of Service.

Concerns in Terms & Conditions / Privacy Policy: TunnelBear has several detailed sections breaking down the kinds of data they store and why, which is a good indicator of a company that has given some thought to their setup.  One thing I do like in TunnerlBear’s terms of service is that they have a condensed version of each block that gives you a quick idea of what is being said, for those who want to avoid the legalese.  I like this idea for the convenience of a potential customer, but dislike it because I feel that legalese is that way for a reason, and there is a lot of nuance to phrasing that can get lost by trying to condense it like that.  It’s a tough balance.

Overall, the terms themselves are JUST at what I’d call obtuse (for length/complexity and unfavorability reasons), also, sometimes the section recaps are a bit too silly, and again, sometimes fail to cover some important terms in their respective sections.

TunnelBear is not responsible for any failures to maintain the confidentiality, security, accuracy or quality of your data, messages or pages whether or not related to interruptions or performance issues with the Service.

The first cop-out clause of many.

You agree that TunnelBear, in its sole discretion, for any or no reason, and without penalty, may terminate or suspend your use of the Service at any time. TunnelBear may also in its sole discretion and at any time discontinue the Services in their entirety, or any part thereof, with or without notice.

The condensed phrase for this one: “We reserve the right to euthanize your TunnelBear”… just from a marketing standpoint, this tone clashes pretty hard with the established cutesy brand – but at least it’s straightforward?

Many issues can contribute to sub-optimal performance (ISP, location, censorship, settings, etc). The TunnelBear team goes to exceptional lengths to satisfy users who experience sub-optimal performance or the occasional outage. However, TunnelBear does not offer financial reimbursement due to these issues.

We just got done explaining how great our product is with cartoons on the front page, but we won’t warrant our product in any way, shape, or form. Try to forget that though and look at this adorable bear cub doing something whimsical!

TunnelBear makes no representation, warranty, or guarantee as to the reliability, timeliness, quality, suitability, availability, accuracy or completeness of the Services. TunnelBear does not represent or warrant that (a) the use of the Services will be secure, timely, uninterrupted or error-free or operate in combination with any other hardware, software, system or data, (b) the Service will meet your requirements or expectations (c) errors or defects will be corrected, or (d) the Services are free of viruses or other harmful components. The Service is provided by TunnelBear on and “as is” “as available” basis without warranties of any kind, either expressed or implied, including without limitation, any implied warranty of metchantability, fitness for a particular purpose, or non-infringement of third-party rights, are hereby disclaimed to the maximum extent permitted by law. You expressly agree that use of the Services is at your sole risk.

I’m not sure how many ways there are to express that a company doesn’t back up its product, but I think we’re getting there.

These terms just goes on like this, but if I keep pasting blocks of text, I might as well just make you go and read it all yourself… suffice it to say that they make no absolutely no warrant or guarantees when it comes to their service.

Final thoughts: TunnelBear put up much less of an offering than I’d have expected from their heavy presence online.  I see deals and promotions concerning their service littered all over the web, and it becomes pretty obvious that they are entrenched in a marketing strategy that extensively involves affiliate advertising.  While they do have affiliate terms that forbid spam, requires ethical copy & full and prominent disclosure from their resellers – they all but ignore such behavior, and allow it to go unchecked.

This includes partnering with a VPN affiliate that in the past stole my work and posted it on their own website.  In my opinion, it isn’t enough to say that you expect good behavior of your partners and then turn a blind eye to the detriment of the potential customer – including those who don’t wish to be bombarded by native advertising in social media, don’t wish to have their work stolen, and who want honest reviews written by someone who isn’t getting a kickback.

I cannot in good conscience recommend using TunnelBear.  Their pricing model and terms are not friendly to those wishing for a short term or privacy-minded and consumer-conscious solution (namely a reasonable price for a month-to-month service payable in Bitcoin).  Catering to the enthusiast privacy crowd (users of Linux who want to tweak connection settings, etc) feels like an afterthought. The website, while not the worst I’ve seen, felt disjointed, with certain critical pages (download manual configs, etc) not obvious, or linked to in a logical manner.

Speeds were consistently subpar, when the servers I tested worked at all.  International connections were unstable for me even when using multiple speed test tools.  Finally, TunnelBear’s terms of service are unfriendly to the consumer and boldly shies away from responsibility by offering no warrant or refund.  By the end, the branding and copious use of the cartoon bear gimmick started to feel more like a distraction by a company that doesn’t want to draw attention to the finer details of the service.

JURISDICTION Based In (Country) Canada
Fourteen Eyes? Five
Enemy of the Internet No
LOGGING Logs Traffic No
Logs DNS Requests No
Logs Timestamps No
Logs Bandwidth Yes
Logs IP Address No
ACTIVISM Anonymous Payment Method Email
Accepts Bitcoin Yes
PGP Key Available No
Gives back to Privacy Causes Yes
Meets PrivacyTools IO Criteria No
LEAK PROTECTION 1st Party DNS Servers Yes
IPv6 Supported / Blocked Yes
  Offers OpenVPN Yes
OBFUSCATION Supports Multihop
Supports TCP Port 443
Supports Obfsproxy Yes
Supports SOCKS Yes
Supports SSL Tunnel
Supports SSH Tunnel
Other Proprietary Protocols
P2P Yes
SPEEDS US Server Average % 29.58
Int’l Server Average % 2.18
SERVERS Dedicated or Virtual
SECURITY Default Data Encryption AES-256
Strongest Data Encryption AES-256
Weakest Handshake Encryption RSA-4096
Strongest Handshake Encryption RSA-4096
AVAILABILITY # of Connections 5
# of Countries 18
# of Servers 20
Linux Support (Manual) Yes
WEBSITE # of Persistent Cookies 3
# of External Trackers 1
# of Proprietary APIs 3
Server SSL Rating A+
SSL Cert issued to Self
PRICING $ / Month (Annual Pricing) $4.99
$ / Connection / Month $1.00
Free Trial Yes
Refund Period (Days) 0
ETHICS Contradictory Logging Policies
Falsely Claims 100% Effective
Incentivizes Social Media Spam Yes
POLICIES Forbids Spam Yes
Requires Ethical Copy Yes
Requires Full Disclosure Yes
AFFILIATES Practice Ethical Copy No
Give Full Disclosure No

If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.

Popular Posts

The Next Big Step(s) for That One Privacy Site

Written Dec 6, 2018 A few years ago, my desire for privacy grew and I started trying to change my digital habits. During this transformation, I discovered the need to opt out of unlawful mass surveill...

Read more

PayPal is a Kafkaesque Nightmare

“Hey, TOPG, what the heck?  You’ve been off the radar for a couple of months, when’s the next review?”  Quick version – “Life has been hectic (in part due...

Read more