Rawwwr! Even Stronger Encryption
The world has changed a lot since TunnelBear was introduced eight years ago. Countless personal information breaches have made online privacy more of a concern for the average person than ever before. As the threats to online privacy evolve, the TunnelBear team is constantly reevaluating our assumptions so we don’t take chances with your privacy. Below is an overview of our encryption upgrades.
These updates are already live. If you’ve downloaded the latest apps, then you are already using our new, stronger encryption.
So what encryption does TunnelBear use now?
Encryption is a complicated topic and it’s often not as simple as comparing bit rates and selecting the highest number. Below is an overview of TunnelBear’s new encryption setup. If you aren’t familiar with encryption at all, it’s not a bad idea to have a quick read of Wikipedia’s encryption wiki.
A Virtual Private Network (VPN) like TunnelBear is comprised of a protocol and multiple types of encryption:
Protocols
- Depending on the device you use, we currently support 3 VPN protocols for TunnelBear; WireGuard, OpenVPN, and IKEv2. We also support an Auto option, which just means you prefer to let your Bear decide which protocol you should use (this is the default selection for TunnelBear).
Data encryption
- This is the symmetric encryption that TunnelBear performs on the data that leaves your computer or device before it travels across TunnelBear’s network and out to the Internet. 256 bit symmetric encryption is the default encryption in the current version of our client apps and is generally considered extremely strong.
Data authentication
- Any information that is sent or received from your computer must be authenticated before it can be decrypted. Data authentication is used to ensure you are who you are and prevent things like a Man in the Middle Attack.
Handshake encryption
- An encryption handshake prevents you from unwittingly connecting to an attacker who is impersonating a TunnelBear server.
|
Device type |
Protocol |
Data encryption |
Data authentication |
DH group |
|
Windows | ||||
|
Android | ||||
|
macOS | ||||
|
iOS 12+ | ||||
These protocols and encryption were selected after extensive research and real-world performance testing. So when TunnelBear is “On” you should feel safe and snug knowing you’re in a (very strongly encrypted) bear hug.
*IKEv2 on Windows will fallback to AES-256-GCM, AES-256, or AES-128 should other encryption not be available