Is TunnelBear Safe in 2019? We Investigate the Free and Premium VPN

Last Updated by Adam Wagner on September 24, 2019

Trusting your online security to any VPN can be tough, especially in today’s world. Everyone from governments, advertisers, hackers, to internet service providers (ISP) seem to have an eye on what you’re doing while surfing the web. And while a VPN can hide and protect your traffic, you need a service that’ll do what it’s supposed to.

There are more than a handful of shady and ineffective VPNs out there. Trusting the wrong one could lead to loads of problems. This is especially true if you happen to be in a country with strict internet censorship.

Since online security is so important, we looked into the claims of one of the major players in the VPN industry — TunnelBear. With a free and premium version, TunnelBear is pretty appealing. But if you have some doubts in this VPNs ability to keep you secure, you’re not alone. Due to some pretty glaring problems, like being located in a Five Eyes country, for example, we decided to put this service to the test.

Using our strict parameters, we figured out once and for all, is TunnelBear safe?

TunnelBear free version vs the premium version

As far as security goes, the free version of TunnelBear is pretty much identical to the premium version. Both versions offer the same features, servers, and encryption. So you may be wondering, why even bother paying for the service at all?

The answer to this question lies in the amount of data that you’re given. Free users only get a measly 500MB of data each month, while paying customers are given an unlimited amount. You can earn an extra 1GB of free data by Tweeting about the service. However, doing so could compromise your security by linking your VPN account to your private Twitter account.

Get extra data by tweeting about TunnelBear

TunnelBear’s 1GB Twitter promotion

The encryption used by TunnelBear

When it comes to encryption, TunnelBear doesn’t disappoint. The service uses AES 256-bit. This is the same encryption that’s used by the US government, and leading VPN services that we’ve reviewed, such as ExpressVPN.

On top of TunnelBear’s awesome encryption, the service also offers something called GhostBear. When enabled, it hides that you’re even using a VPN to encrypt your data. This is great if you’re somewhere where there are restrictions against using a VPN, like Russia or China.

Get TunnelBear Today

Is TunnelBear safe from the view of the Five Eyes?

While researching VPNs, you’ve likely read about the Five Eyes. But just in case you need a refresher, the Five Eyes is a term used for an alliance between the US, Canada, New Zealand, the UK, and Australia. These nations monitor and share the communications of billions of people worldwide. For this reason, ideally, you want to use a VPN service that’s outside the reach of these countries.

Unfortunately, this is one area that TunnelBear fails massively. Acquired by McAfee in 2018, TunnelBear is based in the US. This could put your data at risk if one of these governments decided to go after you.

TunnelBear has dealt with this by enacting a “no-logs”’ policy. Basically, this means that the company only keeps track of, or logs, information that’s essential to keep the service running. This means stuff like your payment info (although you can pay with Bitcoin to maintain anonymity), and your email address. Your IP address, first and last name, and DNS queries are never stored by the company.

Even in cases where law enforcement or other government organizations have reached out to TunnelBear about the activities of a customer, the company has had very little to give them. So while the US isn’t the most secure place for your VPN to be located, TunnelBear still does a pretty good job of guarding your identity.

Security audits you can read

TunnelBear is the only VPN provider that performs annual end-to-end security audits through an independent company and makes the results public. This is a pretty bold move, but the company has been doing it since 2017.

These audits are handled by the cybersecurity company Cure53, who is given full access to all systems and code to be tested for threats. Any suspicious threat that’s found is immediately dealt with by TunnelBear’s engineering team, and Cure53 verifies that everything has been fixed after. In the 2018 audit, two critical, five high priority, and three medium priority issues were found, all of which were posted online.

While these issues existing at all may be a bit worrisome, the fact that TunnelBear is so open about it is refreshing. No VPN service is perfect, but most aren’t nearly as willing to share any security issues so publicly.

Cure53 Security Audit of TunnelBear

Cure53’s public security report

Additional features to keep you secure

Below are some of the other security features you’ll get when using TunnelBear. All are available to both free and premium customers.

  • Kill Switch (VigilantBear): Should your VPN get disconnected, all your traffic will be blocked until your connection is safely re-established.
  • Trusted Networks: TunnelBear will connect and disconnect to networks that you’ve listed as trustworthy.
  • Always On: Your VPN will automatically launch when you start your computer to make certain you’re always protected.
  • Closest Tunnel: If you’re not sure which server to connect to, this feature will pick the best secure location for you.
  • All Devices: You can connect up to five devices to TunnelBear at the same time, keeping everything from your smartphone to your PC safe. Available for Android, Windows, Mac, and iOS

How about streaming?

If you’re using TunnelBear for streaming content, you may want to look elsewhere. While this VPN is able to stream through some services, it failed miserably when we tested it on Netflix. This doesn’t come as a huge surprise, as in recent years Netflix has become quite good at detecting — and blocking — lots of VPN services.

So if you’re trying to stream, you’re probably better off using ExpressVPN, which was able bypass Netflix’s rather powerful geo-restrictions during the extensive our detailed ExpressVPN review.

TunnelBear doesn't work bypass Netflix Proxy Error

If you try TunnelBear to access content on Netflix, expect to see this

Our final takeaway

Overall, we found TunnelBear to be a pretty solid VPN. However, there were a couple of issues that we didn’t care for. Mainly, we weren’t happy about the company’s location (within the US) and its inability to stream Netflix. But it wasn’t all bad.

TunnelBear’s commitment to transparency with the public security audits is refreshing, and pretty much unheard of in this industry. The no-logging policy is also nice, as it should keep you safe in the unlikely circumstance that someone comes looking for you. But, in the end, there are more reliable VPNs out there for the same price.

Fortunately, you can take advantage of this service without paying a dime. While you may not get much data as a free user, it’s more than enough if your needs are minimal or you simply want to give it a test run. So is TunnelBear safe? Mostly. But is it worth your hard-earned cash? Probably not.

Adam Wagner
Adam is a web security writer and digital nomad. He has written extensively on freelancing, VPNs, website building, and other topics that interest him