Full Report
TunnelBear is one of our favorite free VPNs, thanks to its secure encryption, access to over 40 servers, and access to most features with a free plan.
Analysis Summary
# TunnelBear VPN Security and Feature Analysis
## Key Points
- TunnelBear is highlighted as an affordable VPN with a functional free plan, notable for its secure encryption and access to servers in 47 countries for free users.
- The free plan is limited by a 2GB/month data bandwidth cap, which might hinder streaming or large downloads.
- The application uses an 'Auto' protocol setting by default, but supports WireGuard, OpenVPN, and IKEv2 protocols, all considered secure.
- A crucial privacy feature mentioned is **VigilantBear** (the kill switch), which blocks internet access if the VPN connection drops, preventing IP/DNS exposure. This feature is available on PC and Android, but *not* on iOS.
- Leak tests confirmed TunnelBear did not expose IP and DNS requests when VigilantBear was active, indicating strong anonymity capabilities.
- The software includes **SplitBear**, allowing users to route only specific applications or websites through the VPN connection.
- The service maintains a no-logs policy regarding user searches and IP addresses.
## Threat Actors
- No specific threat actors or external malicious entities are mentioned in relation to this product review. The focus is on the security posture and reliability of the service provider itself.
## TTPs
- **Encryption/Tunneling:** Utilizes secure protocols including WireGuard, OpenVPN, and IKEv2.
- **Connection Integrity:** Implements a kill switch mechanism (**VigilantBear**) to prevent accidental exposure during connection loss.
- **Selective Routing:** Feature (**SplitBear**) allows users to bypass VPN routing for certain traffic.
- **Anonymity Maintenance:** Successfully prevented IP and DNS leaks during testing.
## Affected Systems
- Affected systems relate to the user's ability to utilize the service optimally:
- **PC/Android:** Full access to the VigilantBear (kill switch) feature.
- **iOS:** Lacks the VigilantBear kill switch functionality.
- **Streaming Services:** Access may be intermittently blocked on specific sites despite the service's capabilities.
- **Free Users:** Restricted by a 2GB/month data bandwidth limit.
## Mitigations
- **Protocol Selection:** Users should monitor the connection and ensure the optimal protocol is selected (though 'Auto' is recommended).
- **Kill Switch Enforcement:** Ensure **VigilantBear** is enabled on PC and Android devices to prevent IP address exposure during connection drops.
- **Troubleshooting Connectivity:** If service fails, users should try switching servers, updating the app, reinstalling the app, and ensuring antivirus software is not blocking TunnelBear processes.
- **Data Management:** Free users must manage usage due to the 2GB monthly data cap.
## IoCs
*No technical Indicators of Compromise (IoCs) such as malicious file hashes, domains, or IP addresses are associated with this analysis, as it pertains to a service review.*
## Conclusion
TunnelBear is assessed as a safe and trustworthy VPN service, utilizing strong encryption and maintaining a privacy-focused no-logs policy. Its primary trade-offs are the data cap on the free tier and the absence of the core kill switch feature (VigilantBear) on iOS devices. For users prioritizing ease-of-use and basic security without extensive customization, it is a strong candidate, though advanced users may find it too basic compared to alternatives listed (like NordVPN).