Like all VPNs, Tunnelbear must collect some information from users if only to charge them for the service, but they collect as little as possible. They feature strong privacy tools including encryption in transit, at rest, and across all network communications, as well as two-factor authentication. In addition, they have a spotless record of no breaches. A bug bounty program and automatic software updates, though, would’ve increased their score.
Encryption
| In Transit |
Yes |
| At rest? |
Yes |
| All network communications and capabilities? |
Yes |
Security Updates
| Automatic, regular software/ firmware updates? |
No |
| Product available to use during updates? |
No |
Passwords
| Mandatory password? |
Yes |
| Two-Factor authentication? |
Yes |
| Multi-Factor authentication? |
No |
Vulnerability Management
Privacy Policy
| Link |
https://www.tunnelbear.com/privacy-policy |
| Specific to device? |
No |
| Readable? |
Yes |
| What data they log |
Payment info, email, browser version, total data used in a month |
| What data they don’t log |
IP addresses, DNS queries, information about the applications, services or websites users use while connected to the service. |
| Can you delete your data? |
Yes |
| Third-party sharing policies |
Shares with third parties that support for payment and email distribution |
Surveillance
| Log camera device/ app footage |
n/a |
| Log microphone device/ app |
n/a |
| Location tracking device/ app |
No |
Parental Controls
| Are there parental controls? |
No |
Company History
| Any security breaches/ surveillance issues in past? |
No |
| Did they do anything to fix it? |
n/a |
Additional Security Features
| Anything like privacy shutters, privacy zones, etc.? |
n/a |
