Tunnelr Review

Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support.  Readers can learn more about how I conduct my reviews, my methodology, etc – here.  More information on review badges here.

This review’s roll was #129 (at the time of the roll, Tunnelr)

Last Updated Nov 20, 2016

Signing up for the service: Tunnelr was easy to sign up for.  After providing an email address, the service starts you out right away on free trial.  This was appreciated and saved me time having to submit any payment before having tried the service.  Downloads were easy to find, but a little clunky to download and store in the same place.  A pseudo file generator allows you to choose server location and VPN protocol, but misses features like specific ports and TCP/UDP.  You can manually change these things in the config files, but it’s so much more user friendly when you can use a generator tool to do it for you.

Configuring the service: The downloaded config files had pros and cons.  The pros were that the config included paths to the cert and key files, so when I imported the main ovpn file, the others were automatically put into place.  This saved a lot of time setting up the configurations.  The cons are that I suspect the encryption was weak, but can’t confirm because the type being used wasn’t exposed in the config file.

Config files seemed a bit rough.  They did not work in Android right away, but instead returned a “could not import” error.  I tried copying and pasting certs and key blocks in-line, but this still did not work.  I contacted support regarding this.  (Response below).  As the generator tool did not provide many options, I’m tempted to give Tunnelr a “Basic” demerit, but since several more advanced features can be tweaked in the ovpn files manually, I’ll spare it this time.

Speed & Stability tests: Speeds appeared fast at the start, however as mentioned, config files do not expose the level of encryption being used.  I suspected that encryption is quite week and later confirmed this in the FAQ section, where it’s revealed Blowfish is being used (I would suspect Blowfish-64 based on peak speeds, but can’t prove that).  Either way, I don’t feel comfortable using even Blowfish-128 for security purposes of any kind.  Speeds were also varied for every server tested.  Don’t let these speeds fool you!

Speed Tests – Tunnelr – Desktop
    Latency Download Upload
No VPN Trial 1 23 ms 95.65 mbps 12.76 mbps
Trial 2 20 ms 96.98 mbps 12.05 mbps
Trial 3 21 ms 93.90 mbps 12.20 mbps
Average 21 ms 95.51 mbps 12.34 mbps
USA Trial 1 68 ms 91.01 mbps 10.11 mbps
Trial 2 73 ms 71.09 mbps 9.92 mbps
Trial 3 68 ms 85.00 mbps 10.56 mbps
Average 70 ms 82.37 mbps 10.20 mbps
Comp to Bench +48 ms 86.24% 82.65%
UK Trial 1 287 ms 16.94 mbps 5.14 mbps
Trial 2 292 ms 21.64 mbps 2.53 mbps
Trial 3 287 ms 45.41 mbps 4.50 mbps
Average 289 ms 28.00 mbps 4.06 mbps
Comp to Bench +267 ms 29.31% 32.88%
Switzerland Trial 1 290 ms 27.63 mbps 4.20 mbps
Trial 2 303 ms 16.36 mbps 2.23 mbps
Trial 3 299 ms 9.42 mbps 2.68 mbps
Average 297 ms 17.80 mbps 3.04 mbps
Comp to Bench +276 ms 18.64% 24.61%
Singapore Trial 1 412 ms 15.65 mbps 1.75 mbps
Trial 2 412 ms 8.88 mbps 1.49 mbps
Trial 3 412 ms 15.37 mbps 1.87 mbps
Average 412 ms 13.30 mbps 1.70 mbps
Comp to Bench +391 ms 13.93% 13.81%

(Android Speed Test Results Unavailable – See Below)

Getting support:  I contacted support regarding the issues mentioned above (configuring the service in Android).  Support responded by the next day with some additional questions (fair ones).  I provided some additional data and they said they’d get back to me again later.  I requested an extension on my free trial, which they happily granted for several more days which was very good.  Unfortunately, after several days of waiting, I didn’t hear anything back, so I was never able to connect via Android.

Getting a refund: As a free trial is granted immediately upon signup, I did not need to request a refund for Tunnelr service.  A point in Tunnelr’s favor.

Concerns in Terms & Conditions / Privacy Policy: Tunnelr’s policies were broken up into a few different FAQ sections.  These sections contained a lot of technical details which was nice to see (things like port lists, protocol comparisons, etc).  Surprisingly, no terms in this section seemed too abhorrent.  As a result, this section will be short, which is rare.  Had Tunnerlr’s privacy policy and terms of service been clearly broken out, the service might have gotten the “Elegant” badge.  As is, these terms are a little tricky to find and are blended in with other information.  Not a bad thing, just not as removed from other content as I’d expect.  Only one thing I noticed, which has already been mentioned:

OpenVPN uses blowfish

I do not care for the the Blowfish encryption standard (specifically Blowfish-128), I think it is too weak for security/privacy purposes.

Final thoughts: Tunnelr is an interesting bag.  The FAQs section and support responses really make it seem like there are competent technical minds at work in the company – while on the other hand, the lack of prepackaged inline config files and a light config file generator make the experience feel a bit more rough.  Same goes for the inconsistent speeds and non transparent encryption being used.  Support showed promise at first with a responsive, seemingly knowledgeable representative, but I quickly felt forgotten.  Long story short – I’ve seen worse, but I’ve also seen better.  If it existed, Tunnelr would earn the “Meh” badge.

Fourteen Eyes? Five
Enemy of the Internet Yes
LOGGING Logs Traffic No
Logs DNS Requests
Logs Timestamps
Logs Bandwidth
Logs IP Address
ACTIVISM Anonymous Payment Method Email
Accepts Bitcoin No
PGP Key Available No
Meets PrivacyTools IO Criteria No
LEAK PROTECTION 1st Party DNS Servers No
IPv6 Supported / Blocked No
  Offers OpenVPN Yes
OBFUSCATION Supports Multihop
Supports TCP Port 443
Supports Obfsproxy
Supports SOCKS Yes
Supports SSL Tunnel
Supports SSH Tunnel
Other Proprietary Protocols
SPEEDS US Server Average % 86.24
Int’l Server Average % 20.63
SERVERS Dedicated or Virtual
SECURITY Default Data Encryption Blowfish-128
Strongest Data Encryption AES-256
Weakest Handshake Encryption
Strongest Handshake Encryption
AVAILABILITY # of Connections 5
# of Countries 9
# of Servers 15
Linux Support (Manual) Yes
WEBSITE # of Persistent Cookies 1
# of External Trackers 0
# of Proprietary APIs 4
Server SSL Rating A
SSL Cert issued to Self
PRICING $ / Month (Annual Pricing) 5
$ / Connection / Month 1
Free Trial Yes
Refund Period (Days) 3
ETHICS Contradictory Logging Policies
Falsely Claims 100% Effective
Incentivizes Social Media Spam
POLICIES Forbids Spam
Requires Ethical Copy
Requires Full Disclosure
AFFILIATES Practice Ethical Copy
Give Full Disclosure

If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.

Popular Posts

The Next Big Step(s) for That One Privacy Site

Written Dec 6, 2018 A few years ago, my desire for privacy grew and I started trying to change my digital habits. During this transformation, I discovered the need to opt out of unlawful mass surveill...

Read more

PayPal is a Kafkaesque Nightmare

“Hey, TOPG, what the heck?  You’ve been off the radar for a couple of months, when’s the next review?”  Quick version – “Life has been hectic (in part due...

Read more