Tunnelbear Review 2021 — It’s Free, but Is It Good (and Safe)?

TunnelBear’s team does an excellent job in branding the VPN but is that all it takes to create a great service? With over 300 VPNs out there, the competition is fierce so I had to take it for a test and see if there’s more to it.

I looked into its privacy policy and security features to see if it’s really safe. I ran many tests on its servers, checked the speeds, how many streaming platforms it can unblock, and the mandatory IP and DNS leak tests to see if my data was truly secure.

TunnelBear is good enough to hide your regular traffic, but not if you want to stream international movies and shows or download torrents. You can use it to bypass the Great Wall of China and it’s incredibly easy to use. Its clients are carefully branded, and it can be a good choice if you’re looking for a free, lightweight VPN and you don’t care too much about streaming.

Try TunnelBear Risk-Free For Days!

Short on Time? Here Are My Key Findings

Try TunnelBear VPN Today!

TunnelBear VPN Features — Tested in March 2021

Streaming – TunnelBear Unblocks Netflix, Hulu, Amazon Prime, HBO Max, and Kodi

TunnelBear is not a good VPN for streaming. Even though I could unblock most streaming platforms, the connection was very slow. It doesn’t have specialized streaming servers, and watching any show was almost impossible due to the long loading times.

Unblocked: Netflix, Hulu, Amazon Prime, HBO Max, and Kodi

TunnelBear unblocked Netflix, Hulu, Amazon Prime, HBO Max, and Kodi, but only with GhostBear. However, because of the slow connection, streaming was out of the question. I ran two series of tests to see if the VPN would successfully bypass geoblocks.

On my first test, I connected to its US, Canada, and UK servers. The only streaming services I could unblock were HBO Max and Kodi. Netflix, Hulu, and Amazon Prime identified the VPN and blocked my access, while ESPN, ESPN+, and Disney+ wouldn’t even allow me to view the library.

For the second test, I activated GhostBear – TunnelBear’s stealth feature designed to mask the VPN. I could immediately unblock Netflix, Hulu, and Amazon Prime, but the speeds were terrible. It’s normal to experience a slight drop in speed when you connect to an international server, and if you also activate a feature like GhostBear the connection will be even slower. However, the speed decreased too much with TunnelBear.

TunnelBear unblocked Netflix US, but the quality wasn’t great

GhostBear slows down your connection, as the VPN needs to conceal your traffic so streaming platforms don’t detect it. Because of this, I couldn’t watch anything without heavy buffering.

Blocked By: BBC iPlayer, Disney+, ESPN, and ESPN+

TunnelBear was blocked by BBC iPlayer, Disney+, ESPN, and ESPN+. After successfully unblocking a handful of streaming services, I tried my luck and connected to its US, UK, and Canada servers again. Unfortunately, I was still blocked with and without GhostBear.

Disney+ didn’t even allow me to view its library, so it was impossible to watch something. ESPN and ESPN+ took me back to the login screen every time I tried watching a show.

The BBC iPlayer knew I wasn’t in the UK and blocked my access with the classic message:

“BBC iPlayer only works in the UK. Sorry, it’s due to rights issues. In the UK? Here’s some advice.”

I don’t recommend TunnelBear as a streaming VPN. It doesn’t have any specialized streaming servers and once you establish a long-distance connection, your speed will drop considerably making it impossible to stream any movie or show.

Start Streaming with TunnelBear VPN!

Speeds – Good Speeds, but Only on Local Servers

TunnelBear has great speeds on local servers, but it’s almost impossible to work with the international ones. I performed several speed tests on its network to see if distance makes a difference. I used Ookla’s speed test tool and measured my:

• Ping/latency – measures how fast you get a response from the website or app you’re connecting to. This metric is very important in gaming – a high ping means lag.
• Download speed – this measures the time you need to download files and information from the internet and it’s important for streaming.
• Upload speed – measures the time needed to send files from your device – from messages to images and video files.

Local Speeds

TunnelBear’s local speeds are fast and consistent. I started with a 29.73 Mbps download speed, 28.81 Mbps upload, and a ping of 4 ms. Then, I used TunnelBear’s Fastest Tunnel feature to connect to the best server for my location – this provides me with the fastest connection. My ping increased to 8 ms, which is very good – a ping under 25 is great for gaming, the download speed went down 7%, and the upload decreased by 9%. These results are amazing – I could play video games, stream movies, and load any website within seconds.

Speeds without a VPN (Bucharest, Romania):

• Ping: 4 ms
• Download: 29.73 Mbps
• Upload: 28.81 Mbps

Connected to TunnelBear’s Fastest Server:

• Ping: 8 ms
• Download: 27.67 Mbps (7% decrease)
• Upload: 26.17 Mbps (9% decrease)

TunnelBear’s local servers provided me with a good connection

It’s not unusual for your speed to drop when using a VPN – your connection is being routed through the servers and encrypted. However, a 7% decrease is almost unnoticeable, so TunnelBear did a good job. I could continue all my regular activities while also staying anonymous.

Long-Distance Speeds

TunnelBear’s long-distance speeds are very slow, making it almost impossible to stream movies or play online games. The first test I ran was on a US server. My ping increased to 112 ms, while the download speed decreased to 4.44 Mbps – which is 96% slower than my original speed. The upload was 19.02 Mbps, which was a 44% decrease.

Speeds without a VPN (Bucharest, Romania):

• Ping: 4 ms
• Download: 29.73 Mbps
• Upload: 28.81 Mbps

US Server Location:

• Ping: 112 ms
• Download: 4.44 Mbps (96% decrease)
• Upload: 19.02 Mbps (44% decrease)

This situation is not what I was hoping for – the drop in speed was incredible, and distance really made a difference. 4.44 Mbps is not enough to stream any movie in HD, and torrenting would be very slow.

I also tested TunnelBear’s TCP Override feature. This mode forces the VPN to only use a TCP protocol instead of UDP – TCP is slower, but it checks the files’ integrity, while UDP is faster, but the transmitted data packets may not be complete.

According to TunnelBear’s website, TCP Override is supposed to improve the connection – and it does, but not how you’d imagine. The protocol doesn’t make your connection faster; it makes your connection more reliable so that the information reaches your computer correctly. On the other hand, UDP gives you a faster connection, but you may not receive all the data.

With TCP Override, the download speed dropped to under 0.91 Mbps, which is way too slow to even load a complex website – streaming was completely out of the question.

TunnelBear’s long-distance speeds really slowed me down.

The second TunnelBear server I tested was in the UK, and it’s closer to my location. The ping was 50 ms, download speed around 9.67 Mbps, and upload was 13.06 Mbps. Even though these speeds were slow too, I could still stream movies. However, a multiplayer game would be terrible to play.

Speeds without a VPN (Bucharest, Romania):

• Ping: 4 ms
• Download: 29.73 Mbps
• Upload: 28.81 Mbps

UK Server Location:

• Ping: 50 ms
• Download: 9.67 Mbps (68% decrease)
• Upload: 13.06 Mbps (55% decrease)

TunnelBear’s local servers are fast and consistent, but the international ones don’t provide good enough speeds for streaming or even regular web browsing. Any drop in speed bigger than 30% is a red flag, so if you’re looking for a fast overall VPN, TunnelBear is not it.

Are TunnelBear’s Speeds Fast Enough for Gaming? Yes, but Only on Local Servers

TunnelBear’s local servers are good for gaming, but it’s impossible to play something on a long-distance one. I tested this aspect using Nvidia GeForce Now to see if I could stream and play both single and multiplayer games.

The network test analyzes 3 metrics:

• Bandwidth – measures the maximum amount of transferred data in a given amount of time
• Packet loss – measures the percentage of data lost during file transfer
• Latency/ping – measures the time between the user’s action and the network’s response

Naturally, I need different speeds to play single and multiplayer games. To successfully stream a single-player game from Nvidia’s servers, I need 25 Mbps, while a multiplayer game takes up to 30 Mbps.

On the local server I connected to, all these metrics were within the required intervals. Bandwidth was at 32 Mbps, I had no packet loss, and the latency stood at 29 ms. I could stream and play both single and multiplayer games without any issues. The overall experience wasn’t as smooth as I was hoping for but the speed was good.

I could play single and multiplayer games from TunnelBear’s local servers

When I switched to an international server, the situation took a turn for the worst. I connected to one of TunnelBear’s Netherlands servers, and it was impossible to play any game. The bandwidth was low at 12 Mbps, I had a packet loss of 13.3%, and the ping was 46 ms. I couldn’t stream and play any games.

TunnelBear’s international servers couldn’t provide me with a good connection for gaming

A packet loss this big translates into a lot of lag and the inability to load all the maps and objects correctly. The information wouldn’t successfully reach my computer, and I’d definitely lose an online shooter – the map and textures wouldn’t load correctly.

I can’t recommend TunnelBear as a gaming VPN. Even though the local speeds were good, I couldn’t even load a game on its international servers. If I wanted to play LoL with my friends from a US server, it would’ve been impossible – my character would always be a few seconds behind.

Try Gaming with TunnelBear VPN Now!

Server Network — Small but Secure Server Network

TunnelBear has servers in 25 countries, but the exact number of servers is unknown. This makes it hard to compare it with other VPNs. However, even though the server network is small, it is very secure. TunnelBear has committed to run an audit every year since 2017, and it keeps that promise. This is good to know because this means any security breaches are found and solved before much damage can be done.

Trusted Networks

With TunnelBear’s Trusted Networks feature, you can instruct the VPN to connect to certain networks automatically. If you whitelist your home network when this feature is on, TunnelBear will automatically connect on any unknown networks – but not on your home network. This means that if you visit a coffee shop and use their WiFi, TunnelBear will automatically encrypt your connection.

You can turn this feature on from its settings, in the “Trusted Networks” tab.

This feature is incredibly useful if you want to make sure that your connection is safe anywhere you go. TunnelBear will encrypt your traffic on every unknown network you connect to, thus keeping all your data secure.

Closest Tunnel

The Closest Tunnel feature finds you the fastest server — which is usually the closest to your location. When you open TunnelBear’s server list, it pops up at the beginning. All you need to do is select it and connect. Make sure you keep the VPN open until you see the “Connection Secured” prompt. Sometimes the connection fails, leaving you exposed.

It’s easy to use the Closest Tunnel feature

This feature goes hand-in-hand with TunnelBear’s Trusted Networks. As long as you only want to have a fast and secure connection, it’s ideal.

TunnelBear’s Servers Are Secure

TunnelBear is a secure VPN and independently audited by Cure57 every year since 2017. The audit team analyzes TunnelBear’s codebase, websites, apps, and infrastructure, looking for security flaws and data breaches. This makes it easy to find and solve potential problems, thus keeping the VPN secure.

All the data is public, meaning that TunnelBear is transparent about it. Also, the audits are posted on its website – all the problems and fixes are highlighted. This is a level of transparency not many VPNs have.

TCP Override

The TCP Override mode is useful if your connection slows down after connecting the VPN. The feature is only available for Windows and macOS, and it works by forcing TunnelBear to use the TCP protocol instead of UDT. The TCP protocol is a little slower but more reliable – it checks every piece of data for consistency before passing it through. The UDP protocol is faster, but it doesn’t perform these checks.

It’s important to remember that TCP Override won’t make your connection faster – it will make it more reliable. When I activated it, my speed was actually slower, but the overall connection was stable.

You can activate TCP Override from the General tab.

This feature is useful if your connection is slow and unreliable – for example when you try to load a webpage but you receive a connection error. TCP Override will assure that the data reaches your computer, even if it’s a little slower.

Security – Strong Security Features, and Perfectly Safe to Use

TunnelBear comes packed with some great security features that guarantee your online security. I tested its IP and DNS protection, analyzed its encryption and authentication protocols, and tried its kill switch and stealth mode.

Even though it doesn’t have as many security features as other VPNs I tested, TunnelBear is safe and easy to use, making it perfect for a first-time VPN user or a business person looking for a secure connection during travels.

VigilantBear

TunnelBear’s kill switch is called VigilantBear. You can activate it from the Preferences menu, and it will stop your connection in case the server’s connection fails. This feature is very useful when you’re connected to public networks – in case of a connection problem, your information will be protected.

VigilantBear will protect you in case the VPN fails.

Even the best VPNs can fail, and without a kill switch, you’d be exposing your data to whoever else is connected on that network — we can talk about hackers or certain types of malware. As long as VigilantBear is active, you’ll be protected even on public and unmonitored networks.

Encryption and Protocols

TunnelBear uses military-grade AES-256 encryption along with SHA-256 for authentication. It uses DH key exchange to send cryptographic keys over public networks. It’s the same technology the governments use to encrypt their files, making the VPN very secure.

This technology was created to safely transfer files and information between two parties – either networks or devices. Each party has a code, and it can be public or private. In order for two parties to meet securely, they perform a key exchange. This can be translated in your computer’s connection to the VPN. The VPN has a key, your computer has a different key. When these two meet, a new key is generated, and the newly established connection is secured.

In terms of protocols, TunnelBear implemented:

• OpenVPN – this is the industry-standard, open-source VPN protocol. It’s continuously improved by developers and assures the safest online browsing. Compared to other protocols, OpenVPN is almost impossible to detect because it hides in plain sight. Hackers and government agencies have a hard time identifying it, and with TunnelBear’s obfuscation, it bypasses almost any firewall.
• IKEv2 – when you need to switch between mobile data and WiFi, this protocol is ideal. It was built to continuously reconnect you to the VPN in case of network failures. This protocol is only available for Windows and iOS users.

When you connect to a server, TunnelBear chooses the protocol automatically – there’s no way to switch between them manually. However, on Android and macOS, only OpenVPN is available.

GhostBear

GhostBear is TunnelBear’s stealth mode, which conceals OpenVPN traffic and makes it easy to bypass VPN firewalls – including the Great Firewall of China. When I turned GhostBear on, my whole connection slowed down but this is perfectly normal. Obfuscation needs to hide the fact that you’re using a VPN, and this process takes time and resources.

This feature is available on Windows, macOS, and Android apps, and you can turn it on under TunnelBear’s security settings. IOS users can only use the IKEv2 protocol, so GhostBear is not supported.

GhostBear bypasses most firewalls.

You can use GhostBear to bypass network restrictions. If certain websites are blocked on your school or work network, or you travel in a country with high censorship, it’s ideal. You’ll browse the internet freely, and the VPN won’t be recognized.

SplitBear

SplitBear is TunnelBear’s tunneling feature, and it’s only available on Android devices. I activated it from the “options” menu on my phone and selected the apps I wanted to be routed through the VPN. Unless you turn it on, all your apps are automatically tunneled through TunnelBear’s servers.

Since it’s not available on its desktop clients, all your apps and websites will be routed through its servers, so you have no control over it.

Split tunneling is a very important feature for a VPN, as it gives you more control over your traffic. Because you can’t use it on Windows, macOS, and iOS, you can’t choose to only route certain apps. However, I discovered a trick if you only want to tunnel your browser. TunnelBear has browser extensions, and they will only affect your browser traffic.

IP and DNS Leak Tests

TunnelBear offers IP and DNS leak protection in its apps and browser extensions. In general, DNS requests and IPv6 traffic can expose your IP address and see what you’re doing on the internet. TunnelBear routes all your traffic through its servers and blocks IPv6 traffic. These options are switched on by default, so your identity will be protected at all times.

I tested TunnelBear’s Netherlands, US, UK, Denmark, Germany, and Spain servers for IP and DNS leaks using IPLeak.net. I didn’t encounter any errors at all, and my connection was fully encrypted.

TunnelBear has strong DNS and IP leak protection.

If the VPN you use doesn’t have DNS and IP leak protection, your IP, location, and network may be visible to your ISP and authorities. Since this is exactly what you want to avoid, the VPN you choose needs to be completely secure from this perspective.

Privacy — Enough Features to Keep Your Traffic Private

Even though TunnelBear’s headquarters are in Canada, its no logs policy will keep you anonymous. It doesn’t store your IP address when you connect to its servers, and the Always-On and ad blocker features are very effective. After looking at its privacy policy, I’m confident that TunnelBear doesn’t store sensitive information about you or the websites you access.

Location

TunnelBear’s headquarters are located in Canada, which is part of the Five Eyes Alliance. This is not necessarily great, as the government may require the company to keep some data about its users. On top of that, McAfee bought it in 2018, so the VPN is also under US jurisdiction. If the US or Canadian government demands data from TunnelBear, it will be required to send it.

The good side of all this is that it only keeps the basic info about its customers, so there’s not much TunnelBear could share with the authorities. Even if it sends your email address to the government, they won’t be able to see what you did online.

TunnelBear Doesn’t Keep Unnecessary Logs

TunnelBear keeps some information about its users, but nothing unusual. I analyzed its privacy policy to see what kind of data it sends and what it does with it. TunnelBear keeps:

• Account user data – it stores your email address used for the account confirmation, sending promotional materials, news, and product receipts, and paid user status and date – to provide you with unlimited traffic until your subscription ends. It’s perfectly normal to keep this data, and most VPNs do it.
• Operational data – this data is only saved when you connect to TunnelBear’s network, and it consists of your OS version, client version, total data used, and your activity status – and not your IP. This information is used to improve its customer support and products, and also to determine the network demand. It also keeps the data about operational events, such as referrals, account creations, and payments to identify any problems with the system and to track sales. This kind of information is pretty standard for VPNs and TunnelBear doesn’t store your IP address when you connect to it.
• Payment data – all of TunnelBear’s transactions go through Stripe and PayPal, and it only keeps the name on your card, the date it was used, and the last 4 digits of the credit card. This data is used to prevent fraud and, again, is not unusual to keep.

There’s nothing wrong with TunnelBear keeping this data, and it’s standard practice for VPNs. Besides, it has a strong non-disclosure policy — TunnelBear won’t disclose any personal data to third parties but will send it to its service providers to improve its email support, hosting, payment processing, and analytics. This means that TunnelBear’s hosting platforms and email providers will get to see which pages of the website you visited and how they can send you tailored ads.

Something essential is that TunnelBear doesn’t store your IP address when you connect to its servers, so there’s no way of knowing who did what.

Always On

The Always On feature allows you to set TunnelBear to launch and connect when you turn your device on. I simply activated it from the general settings, and every time I restarted my computer, I was connected to the VPN. This feature is very useful if you’re constantly browsing from public networks or have many files you need to download – the VPN will connect automatically, making file transfers safer.

Even though this feature is mostly reliable, I recommend checking the connection – if it fails, you’ll be exposed.

You can check the box in the General tab and keep TunnelBear on all the time.

A problem I noticed with this feature is that TunnelBear sometimes fails to establish a connection. If you don’t check it, you have no guarantee that your data is encrypted.

Ad Blocker

TunnelBear’s ad blocker is one of the toughest I have tried so far. I downloaded the Chrome extension and tested it on Forbes.com, as I know it has many ads. It successfully blocked all of them, and I wasn’t bothered by pop-ups – it even blocked the redirects I needed.

TunnelBear’s ad blocker is very efficient.

This is quite impressive. Many VPNs have ad blockers that either don’t work, or just block a part of the ads. TunnelBear does a great job at keeping you away from all the ads and malware you may encounter online.

Torrenting — Allows Torrenting, but Doesn’t Have Specialized P2P Servers

TunnelBear allows torrenting on its network but doesn’t have specialized P2P servers. I allowed the VPN to choose the fastest server for me, and then I proceeded to download my file. The speed was good, and I didn’t encounter any problems.

I could download torrents using TunnelBear’s local server.

I also tried torrenting from its Netherlands and US servers – even though it worked, the connection was very slow. TunnelBear is good for torrenting, as long as you don’t want to do it from an international server.

Start Torrenting with TunnelBear VPN

Does TunnelBear Work in China? Yes, With GhostBear

TunnelBear works in China, so you can bypass the Great Firewall of China. Its GhostBear feature has an obfuscation technology, and it masks your VPN traffic, making it look like regular HTTPS – meaning that the ISP won’t see you’re using a VPN.

China’s Great Firewall analyzes your IP and metadata. This metadata doesn’t store the information you send or receive – it’s more like a skeleton. It only shows information about the type of data you transfer. If you send a document over the internet, your metadata will consist of information about that document’s size, date created, and author, but not the actual text.

To mask your metadata, TunnelBear uses obfuscation. This scrambles your metadata, making it impossible for the firewall to decipher. If there’s no data to read, it has no reason to block you.

If you’re traveling to China, remember to download and install the clients before you get there. TunnelBear doesn’t have mirror websites, so you won’t be able to access its download page once you arrive.

GhostBear is only available on Windows, macOS, and Android, so if you have an iPhone or iPad, you won’t be able to use it.

Bypass China’s Great Firewall with TunnelBear VPN