There is a variety of good reasons why customers and experts alike question the claims VPN providers make about the security of their networks. Just in the past few years, there have been so many cases of security breaches, VPN providers selling users’ browsing data or even infecting their systems with malware.
This has been hard to watch for people behind TunnelBear, who tried everything they can to keep their business working the way it should, from being diligent about security to respecting people’s privacy. And now, while they aren’t capable of bringing back the trust in all VPN services, they have realized that they can do more to make their customers believe in them.
TunnelBear has completed the consumer VPN industry’s first 3rd party, public security audit.
Today they are announcing the completion of the Consumer VPN industry’s first 3rd party, public security audit. Their auditor, Cure53, has published their findings on their website.
Back at the end of 2016, TunnelBear hired Cure53 to do a complete audit of their servers, applications, and infrastructure.
The respected security company was given full access to their systems and code. They first planned to use the findings of the tests to see how secure they are making the browsing of their customers to be, but once the security breaches started happening and the industry gained a bad reputation, they decided that the information they have gotten their hands on should be made public. They are now sharing a complete audit which contains both the results from last year and the results from the current audit.
Back at 2016, the audit executed at the time showed vulnerabilities in their Chrome extension that has been made public although TunnelBear wasn’t very fond of the idea of public’s knowledge about the fault. Despite that, the company is hoping that their transparency will be appreciated by the security community and their efforts to strengthen it.
All findings discovered in the 2016 audit were immediately addressed by TunnelBear’s engineering team and verified to be fixed by Cure53.
This year’s June audit left TunnelBear happier with the results than the previous audit. All vulnerabilities represented low-risk findings. As Cure53 said, the company deserves recognition for achieving a better level of security for both the servers and infrastructure as well as the clients and browser extensions for multiple platforms.
TunnelBear’s plan is to earn people’s trust and bring more transparency into the VPN industry. Unlike many VPN companies that insist on obscurity, the company hopes that by completing the industry’s first 3rd party, public security audit, experts and consumers alike can be sure that TunnelBear delivers on its security promises.
TunnelBear’s team says that they have learned that good security needs constant reevaluation. They plan on making annual public audits a normal thing and believe those will aid them to quickly identify vulnerabilities and demonstrate transparency in an industry where trust is sorely lacking.
They plan on sharing more announcements, insights, and how-tos in the coming months.