TunnelBear’s team does an excellent job in branding the VPN but is that all it takes to create a great service? With over 300 VPNs out there, the competition is fierce so I had to take it for a test and see if there’s more to it.
TunnelBear is good enough to hide your regular traffic, but not if you want to stream international movies and shows or download torrents. You can use it to bypass the Great Wall of China and it’s incredibly easy to use. Its clients are carefully branded, and it can be a good choice if you’re looking for a free, lightweight VPN and you don’t care too much about streaming.
Short on Time? Here Are My Key Findings
- Unblocks most streaming services. TunnelBear unblocked HBO Max, Netflix, Hulu, Amazon Prime, and the Kodi player, but couldn’t get around Disney+, ESPN, and ESPN+. On top of that, the international servers’ speeds are terrible, making it impossible to stream any show. You can take a look at my full analysis here.
- Good speeds, but only on local servers. On local servers, TunnelBear’s speeds are great – very close to my original ones. However, its international servers are too slow to stream or download torrents. I laid out my test results below.
- Strong security features to keep your identity safe. TunnelBear keeps you anonymous on the internet with its VigilantBear and GhostBear features, as well as its military-grade encryption protocols. Take a look at my findings on TunnelBear’s security features.
- Bypasses censorship. Thanks to its GhostBear feature, you can bypass China’s censorship. However, it doesn’t have any servers in China. You can read more about GhostBear and TunnelBear obfuscation here.
- Easy-to-use clients, suitable for any VPN user. TunnelBear’s clients are straightforward, and you’ll have no problems working with them. I wrote everything about its ease-of-use below.
TunnelBear VPN Features — Updated in May 2021
|Number of countries with servers||25|
|Number of servers||2600|
|Number of IP addresses||2600|
|Does VPN keep logs?||No|
|Does VPN include a kill switch?||Yes|
|Number of devices per license||5|
TunnelBear is not a good VPN for streaming. Even though I could unblock most streaming platforms, the connection was very slow. It doesn’t have specialized streaming servers, and watching any show was almost impossible due to the long loading times.
Unblocked: Netflix, Hulu, Amazon Prime, HBO Max, and Kodi
TunnelBear unblocked Netflix, Hulu, Amazon Prime, HBO Max, and Kodi, but only with GhostBear. GhostBear is TunnelBear’s stealth mode which makes the VPN hard to detect. However, it slows down your connection, because it needs to add an extra layer of encryption. Because of this, streaming was out of the question. I ran two series of tests to see if the VPN would successfully bypass geoblocks.
On my first test, I connected to its US, Canada, and UK servers. The only streaming services I could unblock were HBO Max and Kodi. Netflix, Hulu, and Amazon Prime identified the VPN and blocked my access, while ESPN, ESPN+, and Disney+ wouldn’t even allow me to view the library.
For the second test, I activated GhostBear – TunnelBear’s stealth feature designed to mask the VPN. I could immediately unblock Netflix, Hulu, and Amazon Prime, but the speeds were terrible. It’s normal to experience a slight drop in speed when you connect to an international server, and if you also activate a feature like GhostBear the connection will be even slower. However, the speed decreased too much with TunnelBear.
GhostBear slows down your connection, as the VPN needs to conceal your traffic so streaming platforms don’t detect it. Because of this, I couldn’t watch anything without heavy buffering.
Blocked By: BBC iPlayer, Disney+, ESPN, and ESPN+
TunnelBear was blocked by BBC iPlayer, Disney+, ESPN, and ESPN+. After successfully unblocking a handful of streaming services, I tried my luck and connected to its US, UK, and Canada servers again. Unfortunately, I was still blocked with and without GhostBear.
Disney+ didn’t even allow me to view its library, so it was impossible to watch something. ESPN and ESPN+ took me back to the login screen every time I tried watching a show.
The BBC iPlayer knew I wasn’t in the UK and blocked my access with the classic message:
“BBC iPlayer only works in the UK. Sorry, it’s due to rights issues. In the UK? Here’s some advice.”
I don’t recommend TunnelBear as a streaming VPN. On its website, it’s clearly stated that this VPN was not made to unblock online content, but to keep its users private on the internet. On top of that, it doesn’t have any specialized streaming servers and once you establish a long-distance connection, your speed will drop considerably making it impossible to stream any movie or show.
TunnelBear has great speeds on local servers, but it’s almost impossible to work with the international ones. I performed several speed tests on its network to see if distance makes a difference. I used Ookla’s speed test tool and measured my:
- Ping/latency – measures how fast you get a response from the website or app you’re connecting to. This metric is very important in gaming – a high ping means lag.
- Download speed – this measures the time you need to download files and information from the internet and it’s important for streaming.
- Upload speed – measures the time needed to send files from your device – from messages to images and video files.
TunnelBear’s local speeds are fast and consistent. I started with a 29.73 Mbps download speed, 28.81 Mbps upload, and a ping of 4 ms. Then, I used TunnelBear’s Fastest Tunnel feature to connect to the best server for my location – this provides me with the fastest connection.
My ping increased to 8 ms, which is very good – a ping under 25 is great for gaming, the download speed went down 7%, and the upload decreased by 9%. It’s normal to see a decrease of up to 20% when you connect to a VPN because your data needs to go through TunnelBear’s servers first. These results are amazing and I didn’t notice any difference compared to my initial speed – I could play video games, stream movies, and load any website within seconds.
|Download speed||Upload speed||Ping|
|Speeds without a VPN (Bucharest, Romania)||29.73 Mbps||28.82 Mbps||4 ms|
|Speeds connected to TunnelBear’s fastest server||27.67 Mbps(7% decrease)||26.17 Mbps (9% decrease)||8 ms|
TunnelBear’s local servers provided me with a good connectionIt’s not unusual for your speed to drop when using a VPN – your connection is being routed through the servers and encrypted. However, a 7% decrease is almost unnoticeable, so TunnelBear did a good job. I could continue all my regular activities while also staying anonymous.
TunnelBear’s long-distance speeds are very slow, making it almost impossible to stream movies or play online games. The first test I ran was on a US server. My ping increased to 112 ms, while the download speed decreased to 4.44 Mbps – which is 96% slower than my original speed. The upload was 19.02 Mbps, which was a 44% decrease.
|Download speed||Upload speed||Ping|
|Speeds without a VPN (Bucharest, Romania)||29.73 Mbps||28.82 Mbps||4 ms|
|Speeds connected to TunnelBear’s US server||4.44 Mbps (96% decrease)||19.02 Mbps (44% decrease)||112 ms|
This situation is not what I was hoping for – the drop in speed was incredible, and distance really made a difference. 4.44 Mbps is not enough to stream any movie in HD, and torrenting would be very slow.
I also tested TunnelBear’s TCP Override feature. This mode forces the VPN to only use a TCP protocol instead of UDP – TCP is slower, but it checks the files’ integrity, while UDP is faster, but the transmitted data packets may not be complete.
According to TunnelBear’s website, TCP Override is supposed to improve the connection – and it does, but not how you’d imagine. The protocol doesn’t make your connection faster; it makes your connection more reliable so that the information reaches your computer correctly. On the other hand, UDP gives you a faster connection, but you may not receive all the data.
With TCP Override, the download speed dropped to under 0.91 Mbps, which is way too slow to even load a complex website – streaming was completely out of the question.
The second TunnelBear server I tested was in the UK, and it’s closer to my location. The ping was 50 ms, download speed around 9.67 Mbps, and upload was 13.06 Mbps. Even though these speeds were slow too, I could still stream movies. However, a multiplayer game would be terrible to play.
|Download speed||Upload speed||Ping|
|Speeds without a VPN (Bucharest, Romania)||29.73 Mbps||28.82 Mbps||4 ms|
|Speeds connected to TunnelBear’s UK server||9.67 Mbps (68% decrease)||13.06 Mbps (55% decrease)||50 ms|
TunnelBear’s local servers are fast and consistent, but the international ones don’t provide good enough speeds for streaming or even regular web browsing. Any drop in speed bigger than 30% is a red flag, so if you’re looking for a fast overall VPN, TunnelBear is not it.
Are TunnelBear’s Speeds Fast Enough for Gaming? Yes, but Only on Local Servers
TunnelBear’s local servers are good for gaming, but it’s impossible to play something on a long-distance one. I tested this aspect using Nvidia GeForce Now to see if I could stream and play both single and multiplayer games.
The network test analyzes 3 metrics:
- Bandwidth – measures the maximum amount of transferred data in a given amount of time
- Packet loss – measures the percentage of data lost during file transfer
- Latency/ping – measures the time between the user’s action and the network’s response
Naturally, I need different speeds to play single and multiplayer games. To successfully stream a single-player game from Nvidia’s servers, I need 25 Mbps, while a multiplayer game takes up to 30 Mbps.
On the local server I connected to, all these metrics were within the required intervals. Bandwidth was at 32 Mbps, I had no packet loss, and the latency stood at 29 ms. I could stream and play both single and multiplayer games without any issues. The overall experience wasn’t as smooth as I was hoping for but the speed was good.
When I switched to an international server, the situation took a turn for the worst. I connected to one of TunnelBear’s Netherlands servers, and it was impossible to play any game. The bandwidth was low at 12 Mbps, I had a packet loss of 13.3%, and the ping was 46 ms. I couldn’t stream and play any games.
A packet loss this big translates into a lot of lag and the inability to load all the maps and objects correctly. The information wouldn’t successfully reach my computer, and I’d definitely lose an online shooter – the map and textures wouldn’t load correctly.
I can’t recommend TunnelBear as a gaming VPN. Even though the local speeds were good, I couldn’t even load a game on its international servers. If I wanted to play LoL with my friends from a US server, it would’ve been impossible – my character would always be a few seconds behind.
Server Network — Small but Secure and Well Distributed
TunnelBear has servers in 25 countries, but the exact number of servers is unknown. This makes it hard to compare it with other VPNs. However, even though the server network is small, it is very secure. TunnelBear has committed to run an audit every year since 2017, and it keeps that promise. This is good to know because this means any security breaches are found and solved before much damage can be done.
With TunnelBear’s Trusted Networks feature, you can instruct the VPN to automatically connect on certain networks. If you whitelist your home network when this feature is on, TunnelBear will automatically connect on any unknown networks – like coffee shops and libraries. No network is 100% secure — not even your home network. Your ISP can see your internet history, and if your password is not strong enough, there’s no guarantee that no one else is connected to it.
To test this feature, I simply activated it from the settings and then set up a couple of hotspots from my phone and tablet. Whenever I connected to a different WiFi, TunnelBear started up and connected me to the fastest server.
This feature is incredibly useful if you want to make sure that your connection is safe anywhere you go. TunnelBear will encrypt your traffic on every unknown network you connect to, thus keeping all your data secure.
The Closest Tunnel feature finds you the fastest server — which is usually the closest to your location. When you open TunnelBear’s server list, it pops up at the beginning. All you need to do is select it and connect. Make sure you keep the VPN open until you see the “Connection Secured” prompt. Sometimes the connection fails, leaving you exposed.
This feature goes hand-in-hand with TunnelBear’s Trusted Networks. As long as you only want to have a fast and secure connection, it’s ideal.
TunnelBear’s Servers Are Secure
TunnelBear is a secure VPN and independently audited by Cure57 every year since 2017. The audit team analyzes TunnelBear’s codebase, websites, apps, and infrastructure, looking for security flaws and data breaches. This makes it easy to find and solve potential problems, thus keeping the VPN secure.
All the data is public, meaning that TunnelBear is transparent about it. Also, the audits are posted on its website – all the problems and fixes are highlighted. This is a level of transparency not many VPNs have.
The TCP Override mode is useful if your connection is unstable after connecting the VPN. The feature is only available for Windows and macOS, and it works by forcing TunnelBear to use the TCP protocol instead of UDT. The TCP protocol is a little slower but more reliable – it checks every piece of data for consistency before passing it through. The UDP protocol is faster, but it doesn’t perform these checks.
It’s important to remember that TCP Override won’t make your connection faster – it will make it more reliable. When I activated it, my speed was actually slower, but the overall connection was stable.
This feature is useful if your connection is slow and unreliable – for example when you try to load a webpage but you receive a connection error. TCP Override will assure that the data reaches your computer, even if it’s a little slower.
TunnelBear comes packed with some great security features that guarantee your online security. I tested its IP and DNS protection, analyzed its encryption and authentication protocols, and tried its kill switch and stealth mode.
Even though it doesn’t have as many security features as other VPNs I tested, TunnelBear is safe and easy to use, making it perfect for a first-time VPN user or a business person looking for a secure connection during travels.
TunnelBear’s kill switch is called VigilantBear. You can activate it from the Preferences menu, and it will stop your connection in case the server’s connection fails. This feature is very useful when you’re connected to public networks – in case of a connection problem, your information will be protected.
Even the best VPNs can fail, and without a kill switch, you’d be exposing your data to whoever else is connected on that network — we can talk about hackers or certain types of malware. As long as VigilantBear is active, you’ll be protected even on public and unmonitored networks.
Encryption and Protocols
TunnelBear uses military-grade AES-256 encryption along with SHA-256 for authentication. It uses DH key exchange to send cryptographic keys over public networks. It’s the same technology the governments use to encrypt their files, making the VPN very secure.
This technology was created to safely transfer files and information between two parties – either networks or devices. Each party has a code, and it can be public or private. In order for two parties to meet securely, they perform a key exchange. This can be translated in your computer’s connection to the VPN. The VPN has a key, your computer has a different key. When these two meet, a new key is generated, and the newly established connection is secured.
In terms of protocols, TunnelBear implemented:
- OpenVPN – this is the industry-standard, open-source VPN protocol. It’s continuously improved by developers and assures the safest online browsing. Compared to other protocols, OpenVPN is almost impossible to detect because it hides in plain sight. Hackers and government agencies have a hard time identifying it, and with TunnelBear’s obfuscation, it bypasses almost any firewall.
- IKEv2 – when you need to switch between mobile data and WiFi, this protocol is ideal. It was built to continuously reconnect you to the VPN in case of network failures. This protocol is only available for Windows and iOS users.
When you connect to a server, TunnelBear chooses the protocol automatically – there’s no way to switch between them manually. However, on Android and macOS, only OpenVPN is available.
GhostBear is TunnelBear’s stealth mode, which conceals OpenVPN traffic and makes it easy to bypass VPN firewalls – including the Great Firewall of China. When I turned GhostBear on, my whole connection slowed down but this is perfectly normal. Obfuscation needs to hide the fact that you’re using a VPN, and this process takes time and resources.
This feature is available on Windows, macOS, and Android apps, and you can turn it on under TunnelBear’s security settings. IOS users can only use the IKEv2 protocol, so GhostBear is not supported.
You can use GhostBear to bypass network restrictions. If certain websites are blocked on your school or work network, or you travel in a country with high censorship, it’s ideal. You’ll browse the internet freely, and the VPN won’t be recognized.
SplitBear is TunnelBear’s tunneling feature, and it’s only available on Android devices. Split tunneling is a very important feature for a VPN, as it gives you more control over your traffic. However, it’s only available for Android devices. Because of that, on Windows, macOS, and iOS all your apps and websites will be routed through its servers. But, I discovered a trick if you only want to tunnel your browser. TunnelBear has browser extensions, and they will only affect your browser traffic.
I activated it from the “options” menu on my phone and selected the apps I wanted to be routed through the VPN. Unless you turn it on, all your apps are automatically tunneled through TunnelBear’s servers.
IP and DNS Leak Tests
TunnelBear offers IP and DNS leak protection in its apps and browser extensions. In general, DNS requests and IPv6 traffic can expose your IP address and activity. TunnelBear has its own DNS servers and blocks IPv6 traffic, thus keeping you anonymous. These options are switched on by default, so your identity will be protected at all times.
I tested TunnelBear’s Netherlands, US, UK, Denmark, Germany, and Spain servers for IP and DNS leaks using IPLeak.net. I didn’t encounter any errors at all, and my connection was fully encrypted.
If the VPN you use doesn’t have DNS and IP leak protection, your IP, location, and network may be visible to your ISP and authorities. Since this is exactly what you want to avoid, the VPN you choose needs to be completely secure from this perspective.
TunnelBear’s headquarters are located in Canada, which is part of the Five Eyes Alliance. This is not good because the government may require the company to keep some data about its users. On top of that, McAfee bought it in 2018, so the VPN is also under US jurisdiction. If the US or Canadian government demands data from TunnelBear, it will be required to send it.
The good side of all this is that it only keeps the basic info about its customers, so there’s not much TunnelBear could share with the authorities. Even if it sends your email address to the government, they won’t be able to see what you did online.
TunnelBear Doesn’t Keep Unnecessary Logs
- Account user data – it stores your email address used for the account confirmation, sending promotional materials, news, and product receipts, and paid user status and date – to provide you with unlimited traffic until your subscription ends. It’s perfectly normal to keep this data, and most VPNs do it.
- Operational data – this data is only saved when you connect to TunnelBear’s network, and it consists of your OS version, client version, total data used, and your activity status – and not your IP. This information is used to improve its customer support and products, and also to determine the network demand. It also keeps the data about operational events, such as referrals, account creations, and payments to identify any problems with the system and to track sales. This kind of information is pretty standard for VPNs and TunnelBear doesn’t store your IP address when you connect to it.
- Payment data – all of TunnelBear’s transactions go through Stripe and PayPal, and it only keeps the name on your card, the date it was used, and the last 4 digits of the credit card. This data is used to prevent fraud and, again, is not unusual to keep.
There’s nothing wrong with TunnelBear keeping this data, and it’s standard practice for VPNs. Besides, it has a strong non-disclosure policy — TunnelBear won’t disclose any personal data to third parties but will send it to its service providers to improve its email support, hosting, payment processing, and analytics. This means that TunnelBear’s hosting platforms and email providers will get to see which pages of the website you visited and how they can send you tailored ads.
Something essential is that TunnelBear doesn’t store your IP address when you connect to its servers, so there’s no way of knowing who did what.
The Always On feature allows you to set TunnelBear to launch and connect when you turn your device on. I simply activated it from the general settings, and every time I restarted my computer, I was connected to the VPN. This feature is very useful if you’re constantly browsing from public networks or have many files you need to download – the VPN will connect automatically, making file transfers safer.
Even though this feature is mostly reliable, I recommend checking the connection – if it fails, you’ll be exposed.
A problem I noticed with this feature is that TunnelBear sometimes fails to establish a connection. If you don’t check it, you have no guarantee that your data is encrypted.
TunnelBear’s ad blocker is one of the toughest I have tried so far. I downloaded the Chrome extension and tested it on Forbes.com, as I know it has many ads. It successfully blocked all of them, and I wasn’t bothered by pop-ups – it even blocked the redirects I needed.
This is quite impressive. Many VPNs have ad blockers that either don’t work, or just block a part of the ads. TunnelBear does a great job at keeping you away from all the ads and malware you may encounter online.
Torrenting — Allows Torrenting, but Doesn’t Have Specialized P2P Servers
TunnelBear allows torrenting on its network but doesn’t have specialized P2P servers. I allowed the VPN to choose the fastest server for me, and then I proceeded to download my file. The speed was good, and I didn’t encounter any problems.
I also tried torrenting from its Netherlands and US servers – even though it worked, the connection was very slow. TunnelBear is good for torrenting, as long as you don’t want to do it from an international server.
TunnelBear works in China, so you can bypass the Great Firewall of China. Its GhostBear feature has an obfuscation technology, and it masks your VPN traffic, making it look like regular HTTPS – meaning that the ISP won’t see you’re using a VPN.
China’s Great Firewall analyzes your IP and metadata. This metadata doesn’t store the information you send or receive – it’s more like a skeleton. It only shows information about the type of data you transfer. If you send a document over the internet, your metadata will consist of information about that document’s size, date created, and author, but not the actual text.
To mask your metadata, TunnelBear uses obfuscation. This scrambles your metadata, making it impossible for the firewall to decipher. If there’s no data to read, it has no reason to block you.
If you’re traveling to China, remember to download and install the clients before you get there. TunnelBear doesn’t have mirror websites, so you won’t be able to access its download page once you arrive.
GhostBear is only available on Windows, macOS, and Android, so if you have an iPhone or iPad, you won’t be able to use it.