![]() Overall, we must applaud TunnelBear for its level of transparency. Anyone interested can access it directly from the company's blog post. And unlike some VPNs, TunnelBear hasn't hidden its audit report from potential customers. Cure53 described this as worrisome, but it's better to discover these from an expert auditor than after you've been hacked. Cure53 found 32 issues in total, including two critical and eight high-severity security vulnerabilities. Unfortunately, the results weren't great. ![]() Auditors Cure53 spent 42 days drilling down into the detail, one of the largest projects we've seen. These aren’t just words either, TunnelBear backs up its claims with ultra-comprehensive annual audits of its apps, browser extensions, service infrastructure, backend and frontend systems, and the public website. Not quite zero logging, then, but it's far less than we've seen elsewhere, and there's nothing here that could link you to any online action. That includes the OS version of your device, TunnelBear app version, whether you've been active this month, and the bandwidth you've used. The service does record 'operational data', updating this when you connect. As a result, the company says, it can't link any of its users to an action carried out by a specific IP address. The logging policy is clearly described, with TunnelBear explaining that it does not collect IP addresses visiting their website, IP addresses upon service connection, DNS Queries while connected, or any information about the applications, services, or websites users use while connected to the Service. We do mean thorough, too – the details go right down to the names, purposes, and expiry dates of the cookies used by. TunnelBear's privacy policy is one of the most thorough we've seen from any VPN provider, with in-depth information on everything the service collects, and everything it doesn't. TunnelBear has hired independent specialists to run security audits on its site and services (Image credit: TunnelBear) Privacy and logging With no PayPal, either, it’s now strictly card-only. TunnelBear used to support Bitcoin payments for its annual plan, but no more. Not quite as friendly as the cuddly cartoon bears suggest, then. The small print says: "While all amounts paid are non-refundable, certain refund requests for subscriptions may be considered by TunnelBear on a case-by-case basis." Presumably, you might get a refund if you've had really bad service, but it's entirely up to the company to decide. If you do sign up for TunnelBear, keep in mind that there's no money-back guarantee. ![]() Hand $60 to Ivacy and you're protected for five. To put that in perspective, handing $59.88 to TunnelBear gets you one year of coverage. Private Internet Access asks $2.03 a month on the first term of its three-year plan, and opting for Ivacy's five-year plan cuts the cost to a supercheap $1. These are competitive prices that beat many providers, although there are some with cheaper deals. The price drops to an effective $4.99 a month on the annual plan, or $3.33 if you sign up for three years. Its monthly plan gives you unlimited data for a reasonable $9.99 a month. It's ideal if you're looking for a simple way to check out the apps before you buy. This doesn't restrict the number of locations you can use, though, unlike most of the free competition. It’s better than it was, but only enough for very occasional use. TunnelBear's free account offers only 2GB of traffic a month. Recent welcome additions include a kill switch for iOS (something you won't often see elsewhere), more reliable split tunneling, and handy usability pluses such as a Search box for the location list. TunnelBear has been busily enhancing its apps, too. Many otherwise more technically advanced VPNs don't support ECH yet. We noticed a surprising technical improvement in support for ECH (Encrypted Client Hello), a valuable feature that protects the initial key exchange between the app and VPN server to keep it safe from snoopers. TunnelBear has dropped its ‘five simultaneous connections’ limit, and you can now install and use the service on as many devices as you like. There’s more good news for paying customers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |