Tunnelbear Releases Security Audit Results

[MisterNoodle]

In a blog post today, VPN Service Tunnelbear posted the results of a 2016 independent security audit of their VPN to find vulnerabilities. Cure53, the cybersecurity company that was paid to perform the audit, managed to find "vulnerabilities in the Chrome extension" that they were not happy about, but they hope to improve their VPN and remain transparent about their software.

 

The blog post can be found here: https://www.tunnelbear.com/blog/tunnelbear_public_security_audit/

The results of the security audit can be found here: https://cure53.de/summary-report_tunnelbear.pdf

 

While disappointed in part of the results, I am most pleased to see a company that is willing to be transparent about its security and practices. I am most curious what LTT thinks of Tunnelbear maintaining honesty with the public.

[sazrocks]

Admitting their faults and improving on them definitely helps me trust a company.

 

Edit: OP you might want to add some quotes so this thread doesn't get moved.

[Droidbot]

3 minutes ago, sazrocks said:

Admitting their faults and improving on them definitely helps me trust a company.

So true, they knew they fucked up and yet they actually fix the problems that they had, unlike a lot of VPN vendors (ahem, Hola)

[captain_to_fire]

13 minutes ago, sazrocks said:

Admitting their faults and improving on them definitely helps me trust a company.

This makes me trust Tunnelbear more despite the fact that their headquarters is in Canada which is a member of the Five Eyes intelligence alliance. I wonder what are the results for other VPNs. 

[MisterNoodle]

1 minute ago, hey_yo_ said:

This makes me trust Tunnelbear more despite the fact that their headquarters is in Canada which is a member of the Five Eyes intelligence alliance. I wonder what are the results for other VPNs. 

What results? This is the first known VPN security audit. Many VPNs don't actually care that much about this sorta thing.

[captain_to_fire]

3 minutes ago, MisterNoodle said:

What results? This is the first known VPN security audit. Many VPNs don't actually care that much about this sorta thing.

Well I want to see other VPN providers get their source code audited as well 

[Ginger_]

I agree, I've been on the fence about getting a VPN, but after seeing tunnel bear being open and fixing their problems I'm more convinced to try them

[MisterNoodle]

42 minutes ago, hey_yo_ said:

Well I want to see other VPN providers get their source code audited as well 

Oh I don't disagree at all, my sassy side just wanted to point out that I am doubtful most would care enough. Then again, a competitor (Tunnelbear) just gained some popularity by doing this, and they need to compete in order to stay afloat.

[MrRavens]

Good to hear. Always liked Tunnel Bear and their fun little branding haha. Everything involving bears that is. 

[Ryujin2003]

8 hours ago, hey_yo_ said:

This makes me trust Tunnelbear more despite the fact that their headquarters is in Canada which is a member of the Five Eyes intelligence alliance. I wonder what are the results for other VPNs. 

Five Eyes Intelligence Alliance? You've got to be kidding me.

[GatioH]

28 minutes ago, Ryujin2003 said:

Five Eyes Intelligence Alliance? You've got to be kidding me.

https://en.m.wikipedia.org/wiki/Five_Eyes

 

[Ryujin2003]

4 hours ago, GatioH said:

https://en.m.wikipedia.org/wiki/Five_Eyes

 

I know what FVEY is. I'm stating that this has absolutely nothing to do with Tunnelbear. I was hoping @hey_yo_ would elaborated on his statement.

[LAwLz]

Good on them for doing a security audit and post it publicly.

The only bad thing is that TunnelBear is a terrible VPN provider since they do things such as block all torrenting.

[vanished]

Please update your post in accordance with the posting standards:

 

[Bananasplit_00]

1 hour ago, Ryan_Vickers said:

Please update your post in accordance with the posting standards:

 

Hmmmmm, needs more Amazon ehh? 

[vanished]

9 hours ago, Bananasplit_00 said:

 

Hmmmmm, needs more Amazon ehh? 

 wow, that should not be happening @colonel_mortis @nicklmg

I know there was an issue with the ads previously, looks like it's back?

[Bananasplit_00]

21 minutes ago, Ryan_Vickers said:

 wow, that should not be happening @colonel_mortis @nicklmg

I know there was an issue with the ads previously, looks like it's back?

yah i was the one that originaly reported it i think lol

[Teddy07]

19 hours ago, LAwLz said:

Good on them for doing a security audit and post it publicly.

The only bad thing is that TunnelBear is a terrible VPN provider since they do things such as block all torrenting.

Depends.

I personally never used torrent. I got my VPN mainly to watch BBC content and some champions league games.Oh and of course to circumvent our recent newest anti "hate speech" law that blocked one youtube channel entirely.

[Silverfields]

10 hours ago, Bananasplit_00 said:

-snip-

This got a good laugh out of me, many thanks for that.

[Damascus]

2 hours ago, Ryan_Vickers said:

 wow, that should not be happening @colonel_mortis @nicklmg

I know there was an issue with the ads previously, looks like it's back?

I have this all the time

 

[vanished]

Just now, Damascus said:

I have this all the time

 

Not to drag this off topic any more but the ads are not supposed to interfere with the content of the page, it's just supposed to be additional, like a banner here or a square here, etc.  Blocking out the actual page content is not OK

[mr moose]

I get that people are happy with tunnel bear being honest with their report,  but I have to wonder if they would have released the results had it been worse. Also, given the general consumer doesn't respond well to honesty (there is a reason unethical advertising practices abound in spades),  I wonder if this approach is targeted directly at enthusiast users.

[MasterChromatica]

Im glad they are being open about it.

[Boonji]

7 hours ago, Teddy07 said:

Depends.

I personally never used torrent. I got my VPN mainly to watch BBC content and some champions league games.Oh and of course to circumvent our recent newest anti "hate speech" law that blocked one youtube channel entirely.

What do you use to watch champions league games through your VPN? I always just have to try to find one of those ad-infected streaming sights. Maybe getting a VPN is the way to go.

[Teddy07]

5 hours ago, Boonji said:

What do you use to watch champions league games through your VPN? I always just have to try to find one of those ad-infected streaming sights. Maybe getting a VPN is the way to go.

Switzerland's public TV shows one game each champions league game a day which is kinda nice for me as a German. I think it is not worth buying a VPN only for that because the quality is the same as those pesky ad streams. It just doesn't have ads. 

 

EDIT: Welcome to the forum and gratulations to your first post. I feel a bit honored