Rawwwr! Even Stronger Encryption
The world has changed since TunnelBear was introduced four years ago. Edward Snowden’s documents gave us all a glimpse into the global surveillance dragnet, millions of users have joined TunnelBear trying to escape an Internet bogged down with increasing censorship and online privacy has never been more of a concern for the average person. The TunnelBear team constantly reevaluates our threats and assumptions and we don’t take chances with your privacy. Below is an overview of our encryption upgrades.
These updates are already live. If you’ve downloaded the latest apps, then you are already using our new, stronger encryption.
So what encryption does TunnelBear use now?
Encryption is a complicated topic and it’s often not as simple as comparing bit rates and selecting the highest number. Below is an overview of TunnelBear’s new encryption setup. If you aren’t familiar with encryption at all, it’s not a bad idea to have a quick read of Wikipedia’s encryption wiki.
A Virtual Private Network (VPN) like TunnelBear is comprised of a protocol and multiple types of encryption:
Protocols
- TunnelBear uses two different VPN protocols on our network. If you’re using Windows, Mac OS X or Android, you’ll be using OpenVPN. OpenVPN is an industry standard, open source protocol. If you’re using an iOS device you’ll be using IPSec/IKEv2 which works best on iOS devices.
Data encryption
- This is the symmetric encryption that TunnelBear performs on the data that leaves your computer or device before it travels across TunnelBear’s network and out to the Internet. 256 bit symmetric encryption is the default encryption in the current version of our client apps and is generally considered extremely strong.
Data authentication
- Any information that is sent or received from your computer must be authenticated before it can be decrypted. Data authentication is used to ensure you are who you are and prevent things like a Man in the Middle Attack.
Handshake encryption
- An encryption handshake prevents you from unwittingly connecting to an attacker who is impersonating a TunnelBear server.
Detailed breakdown:
Device type | Protocol | Data encryption | Data authentication | DH group |
Windows/Mac OS X/Android | OpenVPN | AES-256-CBC | SHA256 | 4096 bit DH group |
iOS 9 and later | IPSec/IKEv2 | AES-256-CBC | SHA256 | 2048 bit DH group |
iOS 8 and earlier | IPSec | AES-128-CBC | SHA-1 | 1548 bit DH group |