Home / Commentary / TunnelBear: Cuddly or Dangerous?

TunnelBear: Cuddly or Dangerous?

Tunnel Bear

There are two kinds of bears: the cuddly, teddy-bear type and the vicious, sneaky bear that will eat you alive if you’re not careful. TunnelBear, one of the biggest players in the freemium VPN market, is a little bit of both.

TunnelBear has gotten increased press in the past few months, for which we can blame one single entity: the BBC. By releasing popular series like Downton Abbey and Sherlock in the UK weeks before making them available to US audiences, thousands upon thousands of American users have taken to the internet to find out how to catch up with Sherlock, Watson, and the Dowager Countess without waiting for the American release.

These are the types of casual computer users who don’t understand how a VPN works; all they know is someone on the internet told them that Tunnelbear will make it look like their laptop is in the UK, and that means they can watch their favorite BBC series online.

(Officially, from TunnelBear: “TunnelBear does not support the use of our software to: spam, violate copyright, share pirated software, unlicensed audiovisual material, or to access illegal content”).

Of course, this also means that there will be plenty of users who hop on to TunnelBear and expose themselves to all kinds of security risks, simply because they do not know how to protect themselves. These are the users who are unlikely to have effective internet security software installed on their laptops or home computers; the group that is likely to download items that contain malware or malicious code.

None of this is TunnelBear’s fault, and in fact the company is continuously installing new security safeguards to protect its users. Most recently, TunnelBear installed “vigilant mode.” Here’s The Next Web with a description of what this security protection entails: “When turned on, this blocks all unsecured data from being transmitted while a computer is not connected to Tunnelbear. So, if your connection to the service is broken, for even just a minute, it will keep unsecured items offline until it reconnects.”

TunnelBear also took the time to protect its users from social data leaks; specifically, the personal information that social networks leech out of online communication in order to fuel targeted advertising and other services.

As TunnelBear CEO Ryan Dochuk told Wired:

“A lot of people don’t realize that when you come across a social button on a website, whether you interact with it or not information is sent back to that social network. And because these buttons are everywhere, that means that Facebook or Twitter can really build a detailed record across your entire browser history.”

TunnelBear’s goal is to protect people’s privacy and safeguard their data, whether they are a political activist in a country with monitored internet, or an average user visiting a lot of sites with cookies attached. This is where TunnelBear goes from being a cuddly internet friend to a potential threat. As the Wired article notes, using TunnelBear does not actually protect what you do online. The trail of information is still there; to quote Wired directly:

“if the NSA is taking a serious interest in you, as was demonstrated in the case of the Dread Pirate Roberts, even the most stringent security measures may be unwound.”

And TunnelBear certainly won’t protect you if they ever decide to come after all of those illicit BBC-watchers.


Have you ever used TunnelBear? Would you recommend it to other users? Let us know!


About Daniele Besana

Daniele is a freelancer consultant with 15 years of experience in network security, customer support, Linux and Salsa. He worked for Juniper Networks in Netherlands, providing support and consultancy on security projects across Europe and Middle-East.

Check Also


Software Defined WAN: the Wide Area Network is getting a facelift

The Networking world is being bombarded by so many “new” technologies that it is difficult …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.