Every time you connect to the internet, multiple third parties can potentially track your activities, intercept your data, block you from accessing content, or redirect you to websites without your knowledge. These include hackers, your internet service provider (ISP), government agencies, and the companies that own the websites you visit.
The solution is a virtual private network (VPN), which encrypts your data, masks your physical location, and helps prevent cyberattacks. A VPN also allows you to access geo-blocked content, which can range from streaming movies not licensed in your country to visiting government-blocked websites.
TunnelBear is consistently rated as a top VPN software choice. We’ll go under the hood to see if it lives up to the hype and answer a fundamental question: Is TunnelBear safe for you and your company to use?
Who is TunnelBear VPN for?
Founded in 2011 and based in Canada, TunnelBear provides VPN applications for consumers and businesses, including multiple security protocols, desktop downloads and apps, a kill switch, and an ad blocker. It has over 1,800 servers in 26 countries.
Unlike many of its competitors, TunnelBear offers both free and multiuser plans. While it’s simple to use, TunnelBear lacks some advanced features such as router installations and the option to choose specific server locations within countries.
TunnelBear VPN’s features
TunnelBear VPN creates an encrypted tunnel that protects your personal data and activities while you’re on the internet. This enhances endpoint security when you’re on public Wi-Fi networks with varying levels of security. A VPN also disguises your IP address, which identifies your physical location.
Consumers frequently use VPNs to access geo-blocked content such as movies and shows whose availability varies by country due to licensing restrictions, but TunnelBear VPN doesn’t unblock Netflix or most other major streaming services.
VPNs also allow journalists and social activists to communicate within and from countries with limited privacy protections. Companies use VPNs to protect proprietary knowledge and other confidential records.
We’ll take a close look at TunnelBear VPN’s core features: encryption protocols, different applications, kill switch, data masking, and split tunneling.
VPNs employ multiple encryption protocols — both open-source and proprietary with their own pros and cons — depending on specific operational environments. TunnelBear uses two VPN protocols with AES-256 bit key encryption:
- OpenVPN: This open-source protocol offers strong encryption but slower data speeds on Windows, macOS, Android, and iOS devices.
- Internet Key Exchange version 2 (IKEv2): This protocol excels at reestablishing connections after a temporary loss and switching connections across different network types, such as from cell to Wi-Fi, for Android and macOS devices.
TunnelBear encryption also prevents Domain Name System (DNS) leaks. These occur if a third party intercepts a DNS request to convert an alphanumeric web address to a numeric string — a man-in-the-middle attack — and blocks access to the website you’re trying to go to, redirects you to a different site, or steals your personal data.
TunnelBear doesn’t — yet! — offer WireGuard, a new open-source VPN designed for improved connection stability and faster data speeds.
Downloads, apps, and browser extensions
Your VPN is as useful as the devices you can install it on, and TunnelBear VPN download options are standard but not exhaustive:
- Desktop downloads: macOS and Windows
- Mobile apps: Android and iOS
- Browser extensions: Chrome, Firefox, and Opera
TunnelBear’s VPN interface is simple: After launching the application, your location is shown on a map — using a sheep icon if your VPN is turned off or a bear in a tunnel if it’s on — along with the nearest VPN access points by country.
A separate ad blocker browser extension is free. I check multiple news sites during the day, and while I have sympathy for the financial plight of news outlets, wading through multiple intrusive ads is annoying when you visit one. In the screenshot below, for example, TunnelBear’s Blocker extension blocked 11 ads and two scripts at The Washington Post homepage.
One word of warning: After I installed the TunnelBear Blocker extension in my Chrome browser, Chromebook apps such as Slack wouldn’t open until I turned it off.
A significant issue, however, is the inability to install TunnelBear on a network router. Most VPN providers restrict how many devices can simultaneously use their applications — TunnelBear limits you to five — but one workaround is to install the software on a router. If you can do that, all the devices on the network enjoy VPN protection while counting as one connection against your plan’s cap.
A common VPN problem is dropped connections, which leaves you vulnerable online. Even worse, you may not know this has happened. When this occurs, TunnelBear’s VigilantBear kill switch automatically blocks network and internet access until your VPN is reconnected.
While you should use a VPN whenever you’re on a public network, TunnelBear’s Trusted Network feature lets you identify secure networks, such as at your home or office, where VigilantBear automatically cuts off when you’re connected. This prevents it from blocking internet access if your connection drops on a safe network.
Information is transmitted across the internet in data packets with unique features that differentiate an email from video streaming from a VPN. TunnelBear’s GhostBear further protects your online data by disguising your VPN during deep packet inspections (DPIs) by third parties such as your ISP or government agencies.
DPI is like an X-ray machine at an airport: It doesn’t reveal the exact contents of your luggage but allows educated guesses about what’s in it. A garment bag, for example, probably has clothes in it while a briefcase might show the outline of a laptop.
Without getting stuck in a tech talk ditch, GhostBear masks your data so it looks more like “regular” internet traffic. Depending on what country you’re in, you may never need GhostBear, but some places, such as Iran, Turkey, and China, use DPI to enforce restrictive internet access policies.
China tries to block VPNs, but if you install GhostBear before traveling there, you should have access to sites blocked by the Chinese government (such as Facebook, Twitter, and Wikipedia) on Windows, macOS, or Android devices.
Similar to trusted networks, which reduce the need to use your VPN 24/7, every app doesn’t have to use TunnelBear. The SplitBear split tunneling feature allows you to pick and choose which apps are routed through it. For example, if I’m away from the office, a VPN is essential for business email and access to web-based company applications. But to play Words With Friends? Not so much.
Split tunneling offers two major advantages:
- Fewer VPN data bottlenecks
- Simultaneous access to private and public networks
The tradeoff is that third parties can potentially intercept data not routed through your VPN. If your business is going to employ split tunneling, a defined policy about when, where, and how to use it is essential.
SplitBear is available only on Android devices, while most of TunnelBear’s competitors offer split tunneling across multiple platforms.
TunnelBear VPN’s ease of use
VPNs have a reputation for being hard to set up and manage, but that’s not a problem with TunnelBear. Its interface is engaging, and many decisions — such as which VPN encryption protocol to use — are made for you. Tech novices will have their VPN running in no time, which is helpful if your company has a remote work policy.
TunnelBear’s simplicity has a distinct drawback: a lack of advanced functionality and features. You can’t choose server locations within countries, only two VPN protocols are offered, features such as SplitBear and GhostBear aren’t available on all TunnelBear applications, and you can’t install it on a network router.
TunnelBear does what it does well, but it’s hard to identify its target market. Casual internet users will benefit from the baseline security features, but advanced users will want a VPN with a greater degree of configuration customization.
TunnelBear’s Teams plan allows multiuser remote employee management, but the inability to install it on routers means larger office environments could require extra subscriptions as each one includes just five connected devices.
TunnelBear VPN’s pricing
TunnelBear VPN’s three plans include:
- Free: Supports a single user and includes 500MB of data bandwidth per month, five connected devices, VigilantBear, GhostBear, and SplitBear for Android devices.
- Unlimited: At $9.99/month for one user, the Unlimited plan adds unlimited bandwidth and priority customer service.
- Teams: Running $207/year for three users, the Teams plan adds a dedicated account manager and centralized team billing and management.
You can receive 1GB of extra bandwidth for a month with the TunnelBear Free plan if you tweet about using it and you get a substantial discount on the Unlimited plan with a one-year or three-year subscription. The Teams plan has a seven-day free trial.
TunnelBear VPN’s support
TunnelBear offers email support but no customer service via live chat or telephone. If you submit an email help request, TunnelBear asks a series of questions to better direct your message, which is typically answered within 24 hours.
Self-service resources include a knowledge base with information about initial setup, troubleshooting, and billing and payments. The TunnelBear blog has frequent posts about different product features, tutorials, and general anti-censorship news.
Benefits of TunnelBear VPN
Since 2017, TunnelBear has used Cure53, a German cybersecurity firm, to perform annual security audits of its entire codebase, technical infrastructure, website, and applications. These reports are available online at Cure53’s website, and after each audit, TunnelBear blog posts cover subsequent mitigation efforts.
This contrasts with many of its VPN competitors, who may not have performed any external security audits or made detailed findings public.
Despite the transparency of annual security audits, some privacy experts worry about the strength of TunnelBear’s overarching privacy. TunnelBear is based in Canada and owned by American cybersecurity company McAfee.
Canada and the U.S. belong to the 5 Eyes (FVEY) security alliance, whose other members include Australia, the U.K., and New Zealand, and routinely monitor and share citizens’ online activities either covertly or via subpoenas.
If government surveillance is an issue for you or your business, you’re better off using VPN providers based in Switzerland, the British Virgin Islands, or Panama because they won’t share information with FVEY countries or related security alliances.
A good starter VPN
TunnelBear VPN is a good option if you’re a tech novice: Its easy setup will have you online in no time, and you don’t have to worry about complicated security settings. If you want advanced features and more control over your VPN’s configuration, however, you may quickly outgrow it.