You've probably heard the buzz about quantum computing. Maybe you've seen headlines calling it the next technological revolution, or a sci-fi concept still decades away.

While there is some debate on what quantum computing means for the Internet, one of the most serious quantum-era threats to your privacy isn't waiting for quantum computers to arrive - It's already underway. The VPN industry, including TunnelBear, needs to talk about it honestly.

Your encrypted data is already being collected

When you connect to TunnelBear, your internet traffic gets wrapped in a secure encrypted tunnel. That means anyone spying on your connection - whether it's your ISP, a hacker on a public Wi-Fi network, or a government surveillance program - sees nothing but scrambled, unreadable data. That's the whole point.

Quantum computers aren't here yet, but the attack on your privacy already is.

Modern encryption is extraordinarily strong. Breaking it with today's computers would take longer than the age of the universe. So your data is safe, right?

For now, yes. But here's where things get interesting...

Sophisticated adversaries, including many nation-state surveillance programs, have been running a long game. The strategy is simple: collect encrypted internet traffic today, store it, and decrypt it later, once quantum computers powerful enough to break today's encryption finally exist.

This strategy even has a name: Harvest Now, Decrypt Later, or HNDL for short.

What is Harvest Now, Decrypt Later?

Think of it like this. Imagine someone can't open your safe today — the lock is too strong. But instead of giving up, they take a photo of the safe and wait, knowing that a master key is being built in a lab somewhere. Once that key is ready, they'll come back to their archive of photos and open every single one.

That's exactly what HNDL is. Like it's name implies, your encrypted traffic is currently safe. The "photo" is like taking a copy of your encrypted data, in which it is being stored somewhere on a server. The "master key" is like a quantum computer capable of breaking the encryption that protects your data. It might not be ready today, but there is a very real threat that the key may be created one day in the future.

Your private data doesn't have to be valuable today to become valuable later. The HNDL threat is about patience, and some adversaries have a lot of it.

The threat isn't theoretical. The collection phase is happening right now, and the concerning part is that the data at risk isn't just what you do online today - it's anything sensitive that travels over the internet for years to come: private messages, financial information, confidential documents, medical records. Data with a long shelf life is particularly exposed, because it only needs to remain sensitive until a quantum computer eventually becomes available to decrypt it.

How does this impact VPNs?

Most modern VPNs (such as TunnelBear) use VPN protocols, such as WireGuard, to establish your encrypted tunnel. WireGuard (for example) is fast, lean, widely respected in the security community, and brings genuinely better privacy to millions of VPN users.

But WireGuard, like virtually every VPN protocol, was designed for a world where quantum computers don't exist. The cryptographic foundation it relies on for establishing a secure connection is exactly the type of math that a sufficiently powerful quantum computer could eventually break.

This doesn't mean WireGuard or other common protocols are broken today - they aren't. But it does mean that encrypted sessions established over standard WireGuard connections are, in principle, vulnerable to the Harvest Now, Decrypt Later attack. If someone is collecting your encrypted VPN traffic today with the intent to decrypt it with more powerful technology in the future, WireGuard's current design doesn't stop them.

That's a gap that the VPN industry has an obligation to close.

What it means to achieve a quantum-safe future

Researchers and cryptographers have been working hard on this problem. The result is a new generation of cryptographic techniques - sometimes called post-quantum or quantum-safe cryptography - that are designed to be secure even against quantum computers.

Quantum-safe VPN protocols work by swapping out the vulnerable parts of the connection handshake (the process where your device and a VPN server agree on how to encrypt your traffic) and replacing them with mathematical problems that quantum computers are not able to solve efficiently.

The good news is that the encryption used to protect your actual data once a tunnel is established (the part that scrambles your browsing, messages, and files in transit) is already far more resistant to quantum attacks. It doesn't need to be replaced, just reinforced. The real priority is hardening the handshake (the moment encryption keys are agreed upon) because that's where today's VPN protocols are most exposed to the HNDL threat.

You don't have to sacrifice one era of security for the other.

Hybrid approaches are emerging as the most practical path forward; they combine existing, battle-tested cryptography with new quantum-resistant techniques. The result is a connection that remains secure both today and in a post-quantum world.

The U.S. National Institute of Standards and Technology (NIST) has been leading a global effort to standardize these new quantum-safe algorithms, and the first wave of official standards was finalized in 2024. That's a meaningful milestone, and it means the building blocks for quantum-safe VPNs are no longer experimental. They're real, they're standardized, and they're ready to be built with.

Why this matters to TunnelBear

At TunnelBear, we believe that privacy is a right, not a privilege. That belief isn't just a line in a mission statement - it's what drives every technical decision our engineering team makes.

Our bears have always been a little obsessed with building things the right way, even when the right way is harder. We were among the first VPN providers to commit to annual independent security audits, long before it was an industry standard. We architected our systems so that we genuinely have no useful data to hand over if authorities come calling - not because we say so, but because it's technically impossible for us to provide it. That's the kind of privacy-by-design thinking that we're proud of.

The quantum threat is exactly the kind of challenge that gets our bears excited. It's complex, it's long-term, it's genuinely important, and addressing it requires the kind of careful and thoughtful work that our team lives for. Building a better, safer internet isn't just a job description for us. It's the whole point.

It's not acceptable for a privacy-first VPN to look at the Harvest Now, Decrypt Later threat and say "we'll deal with it when quantum computers actually arrive." By then, years of user data could already be sitting in someone's archive, waiting to be unlocked. The time to act is before the threat is fully realized, not after.

Big news coming soon

We're not ready to share all the details just yet, but our bears are already deep in the work of making TunnelBear quantum-safe.

The engineering team has been studying the latest research, evaluating the NIST-standardized algorithms, and quietly laying the groundwork for what we believe will be a meaningful step forward in user privacy. We are genuinely excited about what's coming, and proud of the work being done behind the scenes.

When we're ready to share more, you'll hear it here first. Because you deserve to know exactly what we're doing to protect you. Not just today, but in every future we can imagine.

Stay safe, stay informed, and commence tunneling.

the TunnelBear Team

The TL;DR (too long; didn't rawr)

A threat known as Harvest Now, Decrypt Later exists - in which your encrypted traffic is being collected by third-parties in the hopes that they can decrypt it in the future with quantum computing. Most VPN protocols are not designed to resist this threat, and it's becoming more important for VPN providers (like TunnelBear) to openly discuss and plan for protecting user data with quantum-safe VPN protocols.

Read more about quantum threat models for WireGuard in a research paper by one of our bears.