Picture it, you’ve just received a notification as you leave your house. Your phone switches from WiFi to data as you try to view what promises to be a hilarious video. For some reason, your VPN is still trying to reconnect as you wait, one, five, ten seconds, and still no laughs. Frustrated, you put your phone in your pocket and resign yourself to boredom.

Customers want a VPN that connects quickly, so they know they’re protected as soon as it turns on. Waiting longer than expected can mean turning their VPN off altogether, which is the last thing we want you to do at TunnelBear. We pride ourselves on building a service that you don’t have to spend much time tinkering with, but in order to make sure you don’t notice any difference in service when switching from one network to the next, we need to better understand how long it takes the average Bear to connect.

tldr; we’re collecting some new data to make our network better, but as always, we did our homework to make sure we’re not collecting personally identifiable data

Reducing the time it takes to connect, and ensuring you always get the highest throughput connection, means improving our understanding of what’s happening on our network when a connection takes place. Part of this project means collecting anonymous connection information so we can see if our network improvements are working as expected. We wrote this blog post to be transparent and share how we’ve done it in away that respects your right to privacy.

Why we’re collecting this information

Making sure TunnelBear is quick and responsive the world over, not just under ideal conditions, is just as important for our customers as it is for us. Sometimes it’s hard to get an accurate picture of how things are performing from our office in downtown Toronto. We use TunnelBear all day on our office 1Gbps fibre connection, where it feels fast and connects quickly. We also use TunnelBear on our phones, while out and about, but Canada is in the top 20 countries for fastest 4G data speeds, so our experience isn’t exactly representative of most people.

For example, here in the Bear Cave, TunnelBear for Windows typically connects using IKEv2 in just over a second, which we’re pretty happy with. Since we started analyzing data points from connections globally, we’ve found that the average connection time is in fact around five seconds, which is good, but we want to make it even better.

We also want to see if TunnelBear’s additional privacy features like VigilantBear are being used regularly. We want to help make sure people are protecting their privacy and getting the most out of their Bear. Right now, some features don’t seem as popular as we’d like them to be, so it looks like we have some work to make them more appealing and to make sure everyone’s aware of them.

What we’re analyzing

The main thing we’re interested in is how long it takes for people to connect. There are a lot of things that impact connection times, so alongside this metadata, we’re looking at which of our supported VPN protocols successfully connects first and whether features (like GhostBear) are enabled. Here’s the full list of what we’re collecting and why:

Item Why
Date Measure improvement over time.
Session ID Shows if unsuccessful connection attempts are followed by successful ones.
Operating system Comparing performance results across platforms.
Operating system version See which OS versions we need to support.
TunnelBear version Comparing performance results across platforms.
Enabled features (VigilantBear, GhostBear, Trusted Networks, TCP Override, Auto Destination Selection) Gauging feature popularity and possible impact on connection experience.
Destination server Comparing global server responsiveness.
Time taken Time to connect statistics.
Overall result Counting unsuccessful connection attempts.
Protocol used Comparing share of successful connections by protocol.

How we’re protecting your privacy

We take a “privacy-first” approach to everything we do. If we can’t do something in a way that maintains our users’ privacy, we simply don’t do it. To further reduce the risk that combining multiple types of metadata could potentially identify someone, we’ve carefully taken the following steps:

  • We do not store the time of when the connection event happened. Although it might be useful to TunnelBear, we reduced the granularity of the data to be just the day. This significantly reduces the threat that a user could be identified through comparing a 3rd party source of data with TunnelBear data and confirming a user was connected to TunnelBear
  • We do not send any information which identifies an individual user or account. Instead, we randomly generate a “Session ID” when the app is launched, and compare anonymized data only in aggregate
  • We never store data on where users are coming from. While we are storing anonymized data about which countries are connected to, we never store who starts the connection or where they are connecting from.
  • The retention policy for this metadata to 60 days, after which time it will be automatically deleted.

Maintaining compliance

As we build tests and analytics processes, we make sure we stay true to our promise of not keeping any personal data. Our tests only use anonymous data that help us measure how our network is performing globally. We aren’t logging anything that could identify a customer, and we aren’t monitoring anything our customers are doing while they’re on the network that could identify an action while they’re connected.

We have no more of our customers data now than we did before our tests started.

If you’ve already downloaded your account information, you’ll notice that we don’t have any connection information attached to your account. If you haven’t already, or you’d like to download a current version of your account data, you’ll see that nothing has changed. We have no more of our customer's data now than we did before our tests started.

We would love to hear from you if you have any questions about the nature of our analytics tests, or would like to know more about how we measure network speeds. Just reach out to our friendly Support Bears for more information.

Warm rawr-gards,
the TunnelBear Team