The renouned practical private network (VPN) provider TunnelBear wants to acquire your trust. The association usually announced what it says is a initial third-party open confidence review in a consumer VPN industry. In short, a confidence association looked during TunnelBear’s servers, apps, and infrastructure to see if all was adult to snuff.
The VPN provider hired Germany-based invasion contrast association Cure53. The confidence association was given full entrance to TunnelBear’s systems and formula for 30 days in late 2016 and another 8 in early 2017. The finish outcome was dual audits, that TunnelBear and Cure53 published Tuesday.
During a initial audit, Cure53 found dual vicious vulnerabilities in TunnelBear’s Chrome extension, one of that authorised a antagonistic actor to spin off a extension. The auditors also found a vicious disadvantage in TunnelBear for Mac that could concede a hacker to take over a user’s machine. All 3 vulnerabilities have given been patched.
Cure53 also found 3 high vulnerabilities—since patched—in a TunnelBear API as good as a Android app.
TunnelBear says it wasn’t unapproachable of those results, though during slightest a vulnerabilities were discovered. During a shorter redo this summer, Cure53 pronounced it found 13 other problems, though usually one was of “high” severity. The others were middle to low threats that did not need obligatory fixes.
For some-more information about VPNs, see PCWorld’s essay on best VPNs of 2017.
Why this matters: One of a vicious issues surrounding a VPN, or any program really, is trust. Can we trust a association you’re regulating to strengthen your remoteness and yield we with a secure product? With some VPNs this isn’t such an easy doubt to answer, generally if we can’t even determine who’s using a company. TunnelBear took a large step by publicly releasing a confidence audits—most particularly a 2016 one with all a problems.
The future: More audits
The one thing this review didn’t residence were a essence of TunnelBear’s remoteness policy, such as a no-logging explain for users’ browsing habits. On that issue, it’s still adult to we to confirm either we trust a company.
TunnelBear says a knowledge with Cure53 has desirous it to lift out an annual confidence review from now on.
If we wish to check out a review formula for yourself, we can read a outline on Cure53’s website (PDF).