Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I conduct my reviews, my methodology, etc – here. More information on review badges here.
This review’s roll was #129 (at the time of the roll, Tunnelr)
Last Updated Nov 20, 2016
Signing up for the service: Tunnelr was easy to sign up for. After providing an email address, the service starts you out right away on free trial. This was appreciated and saved me time having to submit any payment before having tried the service. Downloads were easy to find, but a little clunky to download and store in the same place. A pseudo file generator allows you to choose server location and VPN protocol, but misses features like specific ports and TCP/UDP. You can manually change these things in the config files, but it’s so much more user friendly when you can use a generator tool to do it for you.
Configuring the service: The downloaded config files had pros and cons. The pros were that the config included paths to the cert and key files, so when I imported the main ovpn file, the others were automatically put into place. This saved a lot of time setting up the configurations. The cons are that I suspect the encryption was weak, but can’t confirm because the type being used wasn’t exposed in the config file.
Config files seemed a bit rough. They did not work in Android right away, but instead returned a “could not import” error. I tried copying and pasting certs and key blocks in-line, but this still did not work. I contacted support regarding this. (Response below). As the generator tool did not provide many options, I’m tempted to give Tunnelr a “Basic” demerit, but since several more advanced features can be tweaked in the ovpn files manually, I’ll spare it this time.
Speed & Stability tests: Speeds appeared fast at the start, however as mentioned, config files do not expose the level of encryption being used. I suspected that encryption is quite week and later confirmed this in the FAQ section, where it’s revealed Blowfish is being used (I would suspect Blowfish-64 based on peak speeds, but can’t prove that). Either way, I don’t feel comfortable using even Blowfish-128 for security purposes of any kind. Speeds were also varied for every server tested. Don’t let these speeds fool you!
|Speed Tests – Tunnelr – Desktop|
|No VPN||Trial 1||23||ms||95.65||mbps||12.76||mbps|
|Comp to Bench||+48||ms||86.24%||82.65%|
|Comp to Bench||+267||ms||29.31%||32.88%|
|Comp to Bench||+276||ms||18.64%||24.61%|
|Comp to Bench||+391||ms||13.93%||13.81%|
(Android Speed Test Results Unavailable – See Below)
Getting support: I contacted support regarding the issues mentioned above (configuring the service in Android). Support responded by the next day with some additional questions (fair ones). I provided some additional data and they said they’d get back to me again later. I requested an extension on my free trial, which they happily granted for several more days which was very good. Unfortunately, after several days of waiting, I didn’t hear anything back, so I was never able to connect via Android.
Getting a refund: As a free trial is granted immediately upon signup, I did not need to request a refund for Tunnelr service. A point in Tunnelr’s favor.
OpenVPN uses blowfish
I do not care for the the Blowfish encryption standard (specifically Blowfish-128), I think it is too weak for security/privacy purposes.
Final thoughts: Tunnelr is an interesting bag. The FAQs section and support responses really make it seem like there are competent technical minds at work in the company – while on the other hand, the lack of prepackaged inline config files and a light config file generator make the experience feel a bit more rough. Same goes for the inconsistent speeds and non transparent encryption being used. Support showed promise at first with a responsive, seemingly knowledgeable representative, but I quickly felt forgotten. Long story short – I’ve seen worse, but I’ve also seen better. If it existed, Tunnelr would earn the “Meh” badge.
|FROM THE VPN COMPARISON CHART|
|JURISDICTION||Based In (Country)||USA|
|Enemy of the Internet||Yes|
|Logs DNS Requests|
|Logs IP Address|
|ACTIVISM||Anonymous Payment Method|
|PGP Key Available||No|
|Meets PrivacyTools IO Criteria||No|
|LEAK PROTECTION||1st Party DNS Servers||No|
|IPv6 Supported / Blocked||No|
|Supports TCP Port 443|
|Supports SSL Tunnel|
|Supports SSH Tunnel|
|Other Proprietary Protocols|
|PORT BLOCKING||Auth SMTP||No|
|SPEEDS||US Server Average %||86.24|
|Int’l Server Average %||20.63|
|SERVERS||Dedicated or Virtual|
|SECURITY||Default Data Encryption||Blowfish-128|
|Strongest Data Encryption||AES-256|
|Weakest Handshake Encryption|
|Strongest Handshake Encryption|
|AVAILABILITY||# of Connections||5|
|# of Countries||9|
|# of Servers||15|
|Linux Support (Manual)||Yes|
|WEBSITE||# of Persistent Cookies||1|
|# of External Trackers||0|
|# of Proprietary APIs||4|
|Server SSL Rating||A|
|SSL Cert issued to||Self|
|PRICING||$ / Month (Annual Pricing)||5|
|$ / Connection / Month||1|
|Refund Period (Days)||3|
|ETHICS||Contradictory Logging Policies|
|Falsely Claims 100% Effective|
|Incentivizes Social Media Spam|
|Requires Ethical Copy|
|Requires Full Disclosure|
|AFFILIATES||Practice Ethical Copy|
|Give Full Disclosure|
If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.