Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I conduct my reviews, my methodology, etc – here. More information on review badges here.
This review’s roll was #10 (at the time of the roll, TunnelBear)
A quick note about speed tests in my reviews: I have decided to cut out the mobile speed tests for a few reasons. Mainly to save time – as you might expect, the results are almost always consistently just a slower version of the desktop ones. They are also not recorded on the charts anywhere anyway. Just know that if you’re planning mainly for mobile, the on the fly encryption needed for a secure protocol will tax your mobile hardware and compared to PC hardware, will of course be relatively slower. The methodology page has also been updated to reflect this. On with the review!
Written November 10, 2017
Signing up for the service: The TunnelBear website is pretty standard. It is adorned with marketing on the home page and your basic options to view pricing, purchase service, etc. While the plan signup page showed that Bitcoin was a payment option, at first glance this was nowhere to be seen on the actual payment page. Upon closer inspection, the option to pay by Bitcoin is ONLY available when purchasing an entire year of service, but not a single month’s worth. This is not ideal. Missing from all plans was the option to pay with Paypal (which, while it isn’t great option for privacy reasons, it’s also pretty much standard in the industry), so not having at least the choice to use it will be inconvenient for many.
When choosing a plan, you are presented with a free option, a pay-by-the-month option, and a year option.
Paying for a full year gives a steep discount (50%), but when you look at the un-discounted monthly price, you realize the price cut really lowers the price to around what their competitors are already charging in most cases for a typical month of service. Companies will often do this in an attempt to pressure people to commit to longer terms, and while there’s nothing wrong with offering a discount for a longer term of service – conceptually – deep discounts like this typically indicate a concerted effort to deter month-to-month subscribership. Bottom line is that month-to-month subscriptions give the customer the most recourse if and when something doesn’t work as advertised – and as you will see in the terms of service section below, this is especially critical to remember in the case of TunnelBear.
While I was not enthused by my experience on the site, visible in the lower left of the page is a message box announcing a recent security audit, which is nice and rare to see from a VPN company – so credit where credit’s due.
Configuring the service: Clicking the download button takes you to a page to download the TunnelBear client for Windows, MacOS, Android, and Chrome and Opera browser extensions. Absent from the main download page however was the ability to get ovpn files for manual configuration. After searching for a little while, I eventually found (buried in an old blog post) a link to download the manual ovpn config files in the aptly named, “TunnelBear Befriends Penguins with Limited Linux Support” entry (emphasis mine).
I would have liked to see a more readily available link for the manual config bundle, or at least in a more obvious place. Also, it isn’t the worst thing I could mention, but in the manual config download section, there was no generator or option to change port numbers or protocols for configs. However, you can do such things manually, if you know what TunnelBear supports.
Speed & Stability tests: Speeds were all over the place, and they barely transcended the minimum to be called broadband speeds (with US speeds consistently around 25 mbps, and international servers slow and unstable – the UK and Hong Kong servers rarely being able to even complete a test on either beta.speedtest.net or a backup test on fast.com. (All tests run using AES-256 UDP). I wasn’t too impressed. As I was using a “Free” account, I double checked in the account portal that this was not simply caused by running out of free data on the other speed tests. (This was not the case and there WAS data remaining on the trial). Note the trouble I had with the UK and Hong Kong servers as most tests just timed out.
| Speed Tests – TunnelBear | |||||||
| Latency | Download | Upload | |||||
| No VPN | Trial 1 | 32 | ms | 89.08 | mbps | 10.62 | mbps |
| Trial 2 | 32 | ms | 82.92 | mbps | 10.59 | mbps | |
| Trial 3 | 32 | ms | 89.89 | mbps | 10.57 | mbps | |
| Average | 32 | ms | 87.30 | mbps | 10.59 | mbps | |
| USA | Trial 1 | 73 | ms | 27.70 | mbps | 9.89 | mbps |
| Trial 2 | 75 | ms | 24.66 | mbps | 9.97 | mbps | |
| Trial 3 | 75 | ms | 25.10 | mbps | 9.89 | mbps | |
| Average | 74 | ms | 25.82 | mbps | 9.92 | mbps | |
| Comp to Bench | +42 | ms | 29.58% | 93.61% | |||
| UK | Trial 1 | 294 | ms | 1.82 | mbps | 6.73 | mbps |
| Trial 2 | 0 | ms | 0.00 | mbps | 0.00 | mbps | |
| Trial 3 | 0 | ms | 0.00 | mbps | 0.00 | mbps | |
| Average | 98 | ms | 0.61 | mbps | 2.24 | mbps | |
| Comp to Bench | +66 | ms | 0.69% | 21.18% | |||
| Hong Kong | Trial 1 | 0 | ms | 0.00 | mbps | 0.00 | mbps |
| Trial 2 | 0 | ms | 0.00 | mbps | 0.00 | mbps | |
| Trial 3 | 0 | ms | 0.00 | mbps | 0.00 | mbps | |
| Average | 0 | ms | 0.00 | mbps | 0.00 | mbps | |
| Comp to Bench | -32 | ms | 0.00% | 0.00% | |||
| Australia | Trial 1 | 329 | ms | 5.19 | mbps | 3.09 | mbps |
| Trial 2 | 329 | ms | 5.13 | mbps | 3.71 | mbps | |
| Trial 3 | 329 | ms | 4.99 | mbps | 3.89 | mbps | |
| Average | 329 | ms | 5.10 | mbps | 3.56 | mbps | |
| Comp to Bench | +297 | ms | 5.85% | 33.64% | |||
Getting support: I reached out to support with some basic questions and also a request for a link to the manual configs (which I already knew) to find out how much their support team knew about them, since that part of the process felt like an afterthought. A support rep replied later the following morning (still within 24 hours) with an explanation that they don’t currently provide a manual VPN connection – which contradicts their website’s blog entry mentioned earlier (from 2014), which says, “While we aren’t quite ready to build a full application for Linux, we are now offering settings and instructions for manual configuration of a connection to the TunnelBear network.” (Yes, the configs you can download here should theoretically work for other platforms besides Linux, so my guess is the support rep was probably just unaware. I gave them one more chance, asking them if they were SURE, and a different rep replied reinforcing what the former had (wrongly) stated.
Getting a refund: As per TunnelBear’s Terms of Service, the company offers no refunds! Buyer beware! (As I was using the Free trial, I didn’t need to ask for one, thankfully). This becomes a potentially big problem, as TunnelBear goes to great lengths to wash their hands of all responsibility to their customers, as you will see below in their Terms of Service.
Concerns in Terms & Conditions / Privacy Policy: TunnelBear has several detailed sections breaking down the kinds of data they store and why, which is a good indicator of a company that has given some thought to their setup. One thing I do like in TunnerlBear’s terms of service is that they have a condensed version of each block that gives you a quick idea of what is being said, for those who want to avoid the legalese. I like this idea for the convenience of a potential customer, but dislike it because I feel that legalese is that way for a reason, and there is a lot of nuance to phrasing that can get lost by trying to condense it like that. It’s a tough balance.
Overall, the terms themselves are JUST at what I’d call obtuse (for length/complexity and unfavorability reasons), also, sometimes the section recaps are a bit too silly, and again, sometimes fail to cover some important terms in their respective sections.
TunnelBear is not responsible for any failures to maintain the confidentiality, security, accuracy or quality of your data, messages or pages whether or not related to interruptions or performance issues with the Service.
The first cop-out clause of many.
You agree that TunnelBear, in its sole discretion, for any or no reason, and without penalty, may terminate or suspend your use of the Service at any time. TunnelBear may also in its sole discretion and at any time discontinue the Services in their entirety, or any part thereof, with or without notice.
The condensed phrase for this one: “We reserve the right to euthanize your TunnelBear”… just from a marketing standpoint, this tone clashes pretty hard with the established cutesy brand – but at least it’s straightforward?
Many issues can contribute to sub-optimal performance (ISP, location, censorship, settings, etc). The TunnelBear team goes to exceptional lengths to satisfy users who experience sub-optimal performance or the occasional outage. However, TunnelBear does not offer financial reimbursement due to these issues.
We just got done explaining how great our product is with cartoons on the front page, but we won’t warrant our product in any way, shape, or form. Try to forget that though and look at this adorable bear cub doing something whimsical!
TunnelBear makes no representation, warranty, or guarantee as to the reliability, timeliness, quality, suitability, availability, accuracy or completeness of the Services. TunnelBear does not represent or warrant that (a) the use of the Services will be secure, timely, uninterrupted or error-free or operate in combination with any other hardware, software, system or data, (b) the Service will meet your requirements or expectations (c) errors or defects will be corrected, or (d) the Services are free of viruses or other harmful components. The Service is provided by TunnelBear on and “as is” “as available” basis without warranties of any kind, either expressed or implied, including without limitation, any implied warranty of metchantability, fitness for a particular purpose, or non-infringement of third-party rights, are hereby disclaimed to the maximum extent permitted by law. You expressly agree that use of the Services is at your sole risk.
I’m not sure how many ways there are to express that a company doesn’t back up its product, but I think we’re getting there.
These terms just goes on like this, but if I keep pasting blocks of text, I might as well just make you go and read it all yourself… suffice it to say that they make no absolutely no warrant or guarantees when it comes to their service.
Final thoughts: TunnelBear put up much less of an offering than I’d have expected from their heavy presence online. I see deals and promotions concerning their service littered all over the web, and it becomes pretty obvious that they are entrenched in a marketing strategy that extensively involves affiliate advertising. While they do have affiliate terms that forbid spam, requires ethical copy & full and prominent disclosure from their resellers – they all but ignore such behavior, and allow it to go unchecked.
This includes partnering with a VPN affiliate that in the past stole my work and posted it on their own website. In my opinion, it isn’t enough to say that you expect good behavior of your partners and then turn a blind eye to the detriment of the potential customer – including those who don’t wish to be bombarded by native advertising in social media, don’t wish to have their work stolen, and who want honest reviews written by someone who isn’t getting a kickback.
I cannot in good conscience recommend using TunnelBear. Their pricing model and terms are not friendly to those wishing for a short term or privacy-minded and consumer-conscious solution (namely a reasonable price for a month-to-month service payable in Bitcoin). Catering to the enthusiast privacy crowd (users of Linux who want to tweak connection settings, etc) feels like an afterthought. The website, while not the worst I’ve seen, felt disjointed, with certain critical pages (download manual configs, etc) not obvious, or linked to in a logical manner.
Speeds were consistently subpar, when the servers I tested worked at all. International connections were unstable for me even when using multiple speed test tools. Finally, TunnelBear’s terms of service are unfriendly to the consumer and boldly shies away from responsibility by offering no warrant or refund. By the end, the branding and copious use of the cartoon bear gimmick started to feel more like a distraction by a company that doesn’t want to draw attention to the finer details of the service.
| FROM THE VPN COMPARISON CHART | ||
| CATEGORY | VPN SERVICE | TunnelBear |
| JURISDICTION | Based In (Country) | Canada |
| Fourteen Eyes? | Five | |
| Enemy of the Internet | No | |
| LOGGING | Logs Traffic | No |
| Logs DNS Requests | No | |
| Logs Timestamps | No | |
| Logs Bandwidth | Yes | |
| Logs IP Address | No | |
| ACTIVISM | Anonymous Payment Method | |
| Accepts Bitcoin | Yes | |
| PGP Key Available | No | |
| Gives back to Privacy Causes | Yes | |
| Meets PrivacyTools IO Criteria | No | |
| LEAK PROTECTION | 1st Party DNS Servers | Yes |
| IPv6 Supported / Blocked | Yes | |
| Offers OpenVPN | Yes | |
| OBFUSCATION | Supports Multihop | |
| Supports TCP Port 443 | ||
| Supports Obfsproxy | Yes | |
| Supports SOCKS | Yes | |
| Supports SSL Tunnel | ||
| Supports SSH Tunnel | ||
| Other Proprietary Protocols | ||
| PORT BLOCKING | Auth SMTP | No |
| P2P | Yes | |
| SPEEDS | US Server Average % | 29.58 |
| Int’l Server Average % | 2.18 | |
| SERVERS | Dedicated or Virtual | |
| SECURITY | Default Data Encryption | AES-256 |
| Strongest Data Encryption | AES-256 | |
| Weakest Handshake Encryption | RSA-4096 | |
| Strongest Handshake Encryption | RSA-4096 | |
| AVAILABILITY | # of Connections | 5 |
| # of Countries | 18 | |
| # of Servers | 20 | |
| Linux Support (Manual) | Yes | |
| WEBSITE | # of Persistent Cookies | 3 |
| # of External Trackers | 1 | |
| # of Proprietary APIs | 3 | |
| Server SSL Rating | A+ | |
| SSL Cert issued to | Self | |
| PRICING | $ / Month (Annual Pricing) | $4.99 |
| $ / Connection / Month | $1.00 | |
| Free Trial | Yes | |
| Refund Period (Days) | 0 | |
| ETHICS | Contradictory Logging Policies | |
| Falsely Claims 100% Effective | ||
| Incentivizes Social Media Spam | Yes | |
| POLICIES | Forbids Spam | Yes |
| Requires Ethical Copy | Yes | |
| Requires Full Disclosure | Yes | |
| AFFILIATES | Practice Ethical Copy | No |
| Give Full Disclosure | No | |
If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.