Editor's Note: What immediately follows is a rundown of the latest changes and additions since this review was last updated.
- 23 countries available, Finland being the newest addition.
TunnelBear is a VPN provider founded in Canada in 2011 and acquired by McAfee in 2018.
The free plan limits you to one connection per account and only 500MB of monthly traffic. On the other hand, the premium service enables you to connect up to five devices at the same time and has no bandwidth restrictions. While many of its competitors support installation on routers, thus extending coverage beyond this limitation, TunnelBear doesn’t.
It has an undisclosed number of servers in 22 countries.
The commonly sought-after capability for unblocking geographically limited services like Netflix isn’t available with TunnelBear. However, if you’re only trying to view restricted content on YouTube, you’ll have no problems.
Same goes for P2P file exchange with some servers providing better speeds for such purposes than others. If you ask, the helpful Support Bears at the company will let you know which those are.
There are quite a few practical features. One of them is GhostBear, which makes your VPN traffic on Windows, Mac, and Android platforms less noticeable to governments and ISPs. In other words, it makes it harder for these elements to block TunnelBear in certain countries.
Plans and pricing
There are only two paid subscription options - monthly and yearly. The former is available at the price of $9.99, while the latter costs $4.99 per month ($59.88 billed annually). If you’re interested in getting a VPN protection for your team, you should check out the corresponding group options starting at $207 per year if the team counts three people. You can test the team services during a 7-day free trial.
The individual subscriptions don’t have a free trial but the free plan might as well count as one, if not briefly to see if the service is the right fit for you. TunnelBear accepts payments made by credit cards and Bitpay (Bitcoin), although you can’t use the latter to pay for the monthly plan.
Getting your money back if anything goes wrong depends entirely on TunnelBear’s team. There is no explicit mention of a money-back guarantee except that it “may offer refunds on a case-by-case basis”. This isn’t very reassuring and sounds rather arbitrary.
Privacy and logging
TunnelBear’s apps implement multiple strong security mechanisms. First and foremost is the high-grade 256-bit encryption which works together with OpenVPN and IKEv2 connection protocols to keep you safe from snoopers and malicious third parties. In the Windows and iOS clients, these two protocols race each other to see which will connect first and users have no choice in the matter. Mac and Android users are limited to OpenVPN only.
To prevent malicious activities such as the man-in-the-middle attacks, TunnelBear uses the SHA1-HMAC data authentication with a Secure Hash Algorithm (160bit).
Furthermore, an encryption handshake keeps you safe from accidentally connecting to an attacker pretending to be a TunnelBear server. This is done using the TLS 1.2 certificate signed with SHA356, with a 2048-bit Ephemeral Diffie-Helman key exchange and 2048-bit RSA certificate for verification.
The mobile clients are equipped with a SplitBear which allows you to ‘split’ your apps into those you want to run with the VPN and those you want to leave on your regular connection.
On top of that, all clients allow you to add wireless networks of your choice to the Trusted Networks list, meaning they’re safe enough to not require an automatic VPN connection.
A kill switch feature called VigilantBear is there to watch over your connection and keep all your sensitive information private from leaking during connection failures and automatic reconnection attempts. It is currently available on Windows, Mac, and Android.
The no-logging policy states that TunnelBear will never log IP addresses, DNS queries, or websites, apps, and services opened while using its platform. It openly lists the information that is collected for operational purposes, like which apps were opened, which OS was used, how much traffic was passed, and whether TunnelBear was used in the past 30 days.
These are no empty promises either. For the second year in a row, the provider has hired an outside company, Cure53, to conduct a check of its platform and issue a publicly available report. The auditors found no major problems.
TunnelBear is compatible with Windows, Mac, Android, and iOS for which it has native clients. It can also be enabled on Linux with the help of a support document and configuration files provided on the website. No additional devices like routers or smart TVs are supported.
Browser extensions can be downloaded for Chrome, Opera, and Firefox. The installation process is straightforward and uncomplicated, but if you do run into trouble, the website and customer support can help.
In terms of connection times and errors, TunnelBear performs very well. It connects every time within a few seconds. Download speeds are also above-average, although not so much for the local servers in the US. Specifically, on our tested 475Mbps connection, we got a maximum of only 95Mbps.
A decent volume of support articles is available in the website’s help section. Here you’ll find content covering various parts of the service, such as ‘Getting Started’, ‘Troubleshooting’, ‘Billing & Payments’, and ‘Announcements’. For even more information, head over to the company’s blog and read titles such as ‘TunnelBear and the GDPR’ and ‘Rawwwr! Even Stronger Encryption’.
TunnelBear is a small VPN service primarily dedicated to ensuring and protecting users’ privacy and anonymity online. While it is limited in some areas, like platform support, unblocking of geo-locked streaming services, and subscription plans, it excels in others. Users can enjoy above-average performance and connection stability for most locations, as well as impenetrable security. For users who value privacy, keep in mind that the provider is one of the rare ones in the industry that has subjected its privacy platform to independent testing.