Rawwwr! Even Stronger Encryption

Rawwwr! Even Stronger Encryption

The world has changed since TunnelBear was introduced four years ago. Edward Snowden’s documents gave us all a glimpse into the global surveillance dragnet, millions of users have joined TunnelBear trying to escape an Internet bogged down with increasing censorship and online privacy has never been more of a concern for the average person. The TunnelBear team constantly reevaluates our threats and assumptions and we don’t take chances with your privacy. Below is an overview of our encryption upgrades.

These updates are already live. If you’ve downloaded the latest apps, then you are already using our new, stronger encryption.

So what encryption does TunnelBear use now?

Encryption is a complicated topic and it’s often not as simple as comparing bit rates and selecting the highest number. Below is an overview of TunnelBear’s new encryption setup. If you aren’t familiar with encryption at all, it’s not a bad idea to have a quick read of Wikipedia’s encryption wiki.

A Virtual Private Network (VPN) like TunnelBear is comprised of a protocol and multiple types of encryption:

  • Protocols
  • TunnelBear uses two different VPN protocols on our network. If you’re using Windows, Mac OS X or Android, you’ll be using OpenVPN. OpenVPN is an industry standard, open source protocol.  If you’re using an iOS device you’ll be using IPSec/IKEv2 which works best on iOS devices.
  • Data encryption
  • This is the symmetric encryption that TunnelBear performs on the data that leaves your computer or device before it travels across TunnelBear’s network and out to the Internet. 256 bit symmetric encryption is generally considered extremely strong.
  • *Data authentication *
  • Any information that is sent or received from your computer must be authenticated before it can be decrypted. Data authentication is used to ensure you are who you are and prevent things like a Man in the Middle Attack.
  • Handshake encryption
  • An encryption handshake prevents you from unwittingly connecting to an attacker who is impersonating a TunnelBear server. Detailed breakdown:

Device typeProtocolData encryptionData authenticationDH group
Windows/Mac OS X/AndroidOpenVPNAES-256-CBCSHA2564096 bit DH group
iOS 9 and laterIPSec/IKEv2AES-256-CBCSHA2562048 bit DH group
iOS 8 and earlierIPSecAES-128-CBCSHA-11548 bit DH group
These protocols and encryption were selected after extensive research and real-world performance testing.  So when TunnelBear is “On” you should feel safe and snug knowing you’re in a (very strongly encrypted) bear hug.