PC Magazine - USA (2021-02)

customers to usage, so we’re unable to provide law enforcement with anything
not in our Privacy Policy.” The maintains a robust privacy report, which
FRQ¿UPVLWKDVQRWSURYLGHGLQIRUPDWLRQWRODZHQIRUFHPHQWEH\RQGFRQ¿UPLQJ
an individual had an account with the company.

TunnelBear has the notable distinction of having completed not just one but
three independent code audits and has publicly released the results of those
audits. That’s great, and I’m pleased to see that TunnelBear is committed to an
annual public review process. A company representative described these audits
to me as, “security audits of our whole stack, which includes our backend
servers, our VPN servers and VPN clients.”

Additionally, TunnelBear says that it has taken steps to limit the damage a
successful attack on its server infrastructure might cause. The servers
WKHPVHOYHVFRQWDLQQRLGHQWL¿DEOHLQIRUPDWLRQDERXWXVHUVDQGWKHGULYHVDUH
encrypted. Some companies now run their servers “RAM only,” and TunnelBear
should consider doing the same. TunnelBear says it would “expedite the
communication of any breach or risks” to its customers, should they occur.