Over the past year, the Internet has been buzzing with news about machine learning and artificial intelligence; terms such as OpenAI, ChatGPT, deepfake, AI-generated art, and more have become popular topics and new additions to all of our vocabularies.

Technology is changing and evolving over time. While there are certainly risks, there are also exciting opportunities to explore.

A few months back, we decided that it was time for us to dig into how we could use AI to help support and benefit our users. How feasible was it for us to build our very own artificial Bear that could help troubleshoot common issues, answer questions about TunnelBear, or even provide bear facts on request?

Turns out, it's actually pretty feasible.

Introducing RoboCub

We're incredibly excited to introduce RoboCub, which can now be accessed on select pages on the TunnelBear website.

RoboCub is TunnelBear's very own AI chat tool meant to help you (more quickly) get answers to all of your TunnelBear questions. Consider it your personal AI assistant.

Built using OpenAI as a framework, RoboCub pulls information about TunnelBear from a database we manage ourselves. Of course, we can't predict the scope of every question folks may ask, so RoboCub will also search the Internet to help fill in knowledge gaps where appropriate.

What can RoboCub do?

1. Share information pulled directly from our FAQs
2. Help troubleshoot common VPN issues
3. Fill in knowledge gaps with information from the Internet
4. Answer questions about VPN features and technology
5. Send links to online resources to help answer questions
6. Share bear facts and even write bear haikus
7. Speak in many languages (though it's still learning)

RoboCub will not...

1. Provide opinions or recommendations on other services
2. Rate services, apps, or tools
3. Generate or share graphical/digital content (text only)
4. Help you perform illegal activities
5. Help you access inappropriate content

While RoboCub does represent TunnelBear, we've done our best to ensure that it's a Bear you can trust - the information it provides is as unbiased as possible.

Why AI?

RoboCub provides us with a unique opportunity to make it even easier for users to understand what we offer and how TunnelBear works. It has a lot of potential in helping people navigate our app, and we intend to use it to make TunnelBear even more accessible than before.

That said, there is still some uncharted territory when it comes to relying on AI, so we do recommend that users be mindful of the following:

1. Since RoboCub will fill some knowledge gaps from the Internet, information can sometimes be inaccurate or missing context.
2. It's difficult to train branding, tone, and emotion. It doesn't quite feel like a real Bear yet.
3. It's not meant to be a replacement for Support. If you need assistance from a real life support Bear, please contact us directly.

TunnelBear has always had a focus on being innovative while keeping our apps as simple and easy-to-use as possible. While it's been a challenge to maintain that purpose as we grow our service; it's also been exciting to add new features that make TunnelBear a more robust, secure, and competitive VPN.

RoboCub is ready to serve the public trust, protect the innocent, and uphold the claw.

We're happy to announce that TunnelBear officially supports the WireGuard protocol for all of our apps!

Okay... not entirely accurate.

TunnelBear has actually supported WireGuard on both Windows and iOS since early 2022. However, as of our most recent macOS and Android updates, WireGuard is officially available for all platforms!

This is pretty big news for our Bears, and we'd like to talk about why supporting WireGuard is so important.

First, what exactly is a VPN protocol?

A VPN protocol is a series of technical rules that govern how your device can securely reach the VPN servers, validate your access to the requests you make online, and encrypt your browsing traffic so that only you can see what you are doing on the web.

Essentially, it controls your entire VPN connection. That's a pretty serious responsibility.

Depending on which app you use, TunnelBear currently supports the following protocols; WireGuard, OpenVPN, and IKEv2. We also support an Auto option, which just means you prefer to let your Bear decide which protocol you should use (this is the default selection for TunnelBear).

Even if you were unaware, you've always used a VPN protocol. Whenever you connect TunnelBear, your Bear is busy working in the background - deciding which protocol is best for the network and device you are using.

The TL;DR (too long; didn't rawr)

1. Allows your device to establish a secure connection to the VPN server
2. Encrypts your browsing traffic so that unauthorized entities can't see what you do online
3. Authenticates and validates your connection to the VPN server
4. Helps circumvent internet censorship tactics used by ISPs, governments, and other censors

Why is it then, that WireGuard is so important?

Simply speaking, the more VPN protocols TunnelBear has, the better. By creating redundancy with the technologies we support, we ensure that TunnelBear remains one of the most robust and flexible VPN apps available - able to help users connect across a variety of different networks.

That being said, there are some fundamental benefits to specifically using WireGuard. As the newest available VPN protocol on the market, WireGuard is an extremely simple yet fast technology that utilizes state-of-the-art cryptography; this means that secure networking can be very high-speed.

The benefits

1. Extremely fast at establishing a VPN connection
2. Uses more modern, up-to-date cryptography
3. Requires less code to maintain, reducing attack surface
4. Improves browsing speed and latency
5. Has a much smaller impact on device battery life
6. It's newer, and less likely to be blocked or censored

Note: It's important to stress that OpenVPN and IKEv2 are still absolutely secure to use, and in many cases, may be preferable. Every user's network is a little different, and no solution fits all.

A smarter, better, stronger Bear

It isn't enough to simply support the latest protocols (no matter how good they might be). We couldn't just introduce WireGuard to the app, pat the back of our fur, and call it a day.

We had to also make sure the TunnelBear app was smart.

WireGuard, despite it's many benefits, still has some limitations. There are millions of people that rely on TunnelBear to help keep their data secure online, and we couldn't be content introducing a technology without first backing it up with the smartest Bear logic.

Introducing WireGuard to TunnelBear also meant ensuring that our apps knew when to use it.

When you connect to TunnelBear using the "Auto" protocol, it's another way of saying that you will let TunnelBear control your connection. In most cases, this means you will connect using WireGuard first. Should WireGuard fail, your Bear is smart enough to then try OpenVPN and IKEv2 subsequently.

We refer to this as protocol fallback. It's meant to ensure that should your network be more restrictive than usual, TunnelBear is equipped to push through and help get you connected.

More control over how you connect

WireGuard? Check.

Protocol fallback? Check.

Protocol selection? Also check.

Yeah, you read that right. Alongside support for WireGuard and our own in-house protocol fallback logic, we also decided to introduce our new VPN Protocol Selection feature for all TunnelBear apps.

We realize that as time goes on and we introduce more VPN protocols to the TunnelBear app, more and more users will become comfortable with managing their own VPN connection. As such, it's important we provide them with that option.

To manage your VPN protocol

1. Desktop: Open your TunnelBear settings menu and simply select the Connections tab. You will be able to adjust your VPN protocol here.
2. Mobile: You need only open your TunnelBear settings menu. You can tap on the Protocol Selection feature listed to change which VPN protocol you use.

It's as simple as that!

This wraps up another announcement from the TunnelBear sleuth this year, but we're far from done. We have more news and updates coming soon, so please bear with us while we get them ready.

Stay tuned,

Over six years ago, TunnelBear became the first ever consumer VPN to publish a third-party security audit to the public. At the time, we were hoping to influence the entire VPN industry by setting a new standard for transparency and open communication. This is something that we are happy to have seen become a new benchmark for which VPN providers worldwide are now measured against.

That said, there is still lots of work remaining. We’re planning on introducing even more new features to the TunnelBear app, we have a much larger focus on supporting anti-censorship technologies than ever before, and we’ve been conducting our own internal security audits and improvements which we hope to share more about soon.

In 2016, the TunnelBear team made a commitment to continue conducting public security audits every year, and we are happy to finally share the results from 2022.

Conducting the audit

To begin, we owe a massive thank you to Cure53, the independent cybersecurity firm that has been conducting our audits since 2016. An extensive effort was also put forth by our own Pixel Bear and PhytoBear, who helped prepare secure testing environments, access to code, and support during the auditing process. Without these individuals, our 2022 security audit would not be possible

The scope was well-prepared and transparent... The TunnelBear team delivered excellent test preparation and assisted the Cure53 team...

Cure53’s security audit officially began in October 2022 - lasting a total of 42 days and comprising of eight security researchers from their team. Cure53 went through each of the TunnelBear applications, our entire VPN infrastructure and backend, our frontend and public sites, the TunnelBear AWS infrastructure, and various technologies we employ on our network.

Reviewing the results

Upon completion of their audit, Cure53 flagged a total 32 issues. While 17 of the detected issues were considered to be of minor risk and severity, that still left 15 security vulnerabilities to be addressed by the TunnelBear team. As of today, 27 of the reported vulnerabilities have been resolved, leaving only five remaining issues.

One of the highlights from the audit was our frontend performance. While Cure53 did provide hardening recommendations, the TunnelBear applications (specifically our mobile apps) and website were commended for their security and protective measures.

However, it’s important to note where we need to improve, and Cure53 highlighted some critical areas in which we can do so.

Cure53 strongly recommends that the TunnelBear team invests ample time and resources into further developing its security design concepts...

Even though more than half were of minor severity, 32 found issues is still a lot. This showcases a greater need for more care and attention as we expand our infrastructure and introduce new capabilities. Additionally, many of the more critical issues found revolved around network hardening - a need to reduce the surface area in which attackers could target our VPN infrastructure.

You can read the full report by Cure53 here.

So what’s next for TunnelBear?

We intend to continue conducting these audits and we have already scheduled our 7th audit from Cure53 later this year.

It’s important to understand that the responsibility to maintain a secure VPN infrastructure doesn’t simply start and stop with third-party audits. Alongside Cure53’s efforts to help improve our service, we’ve been running our own internal security and privacy audits as well. We intend to share our findings and improvements once complete.

As always, we want to thank Cure53 for their detailed reporting, and the members of our team that helped resolve the vulnerabilities found in 2022.

See you next time, and stay safe.

It’s been a while since the last update from the TunnelBear anti-censorship team! While there are a lot of exciting changes that we’re not quite ready to share just yet, one thing we are happy to announce is that TunnelBear officially supports Encrypted Client Hello (ECH) for our Android app.

ECH is an important technology to support, and we wanted to take the time to share this accomplishment and discuss the challenges and impact of helping users maintain access to a more open and secure internet.

First, it's important to understand what exactly ECH is.

What is ECH?

Encrypted Client Hello (ECH) is the latest technology available that helps keep the connection to our backend infrastructure private from third parties (ISPs, governments, hackers, etc.) that might otherwise intercept or observe your network connection.

ECH is an extension of the TLS protocol. It aims to secure the TLS handshake portion of the protocol by encrypting the name of the websites you visit, which was previously in plain-text.

A TLS handshake is important to protect because it provides a secure/encrypted connection between the TunnelBear app and our backend servers. These servers are important because they help manage your account and authenticate your connection to the VPN.

The importance of ECH

Not only is supporting the latest anti-censorship technologies important in securing user connections, but ECH also helps reduce existing TLS handshake shortcomings.

While we do support other TLS extensions such as ESNI (Encrypted Server Name Indicator), this technology was the community's first attempt in closing some of the gaps on the SSL/TLS protocol, and there are some limitations as a result.

Unfortunately, the internet was not designed with privacy in mind.

So what does all of this mean? Though TunnelBear helps keep your browsing traffic private, it's still possible for censors to fingerprint and block that traffic if they detect that a VPN is being used. ECH can help make this more difficult for them to achieve.

By combining many different tools and supporting more technologies, we can further reduce the rate at which users are blocked from connecting to TunnelBear and accessing an open internet.

Development efforts

Since ECH is still in it's infancy, documentation and dev support are sparse. We've had to do a lot of testing against Cloudflare's implementation to try and verify our results. Furthermore, essential libraries used for the TLS protocol do not support ECH, meaning we had to modify this ourselves.

While this did make for a more difficult development cycle, we were able to push through these challenges by breaking development into 2 crucial parts; making an ECH request, and gauging its effectiveness.

Making an ECH request:

1. To make an ECH request we used a fork of OpenSSL developed by the DEfO project (Developing ECH for OpenSSL).
2. We integrated this into our Android networking library (OkHttp) by modifying Google’s Conscrypt and BoringSSL libraries.
3. Once this was done, we leveraged Cloudflare’s TLS terminating server by creating the ability to parse its DNS record for its ECH configurations and pass it to our modified libraries.

With this, we were able to send requests to our backend with the SNI encrypted!

Gauging its effectiveness:

1. We validated the SNI encryption by inspecting the network traffic as well as using Cloudflare’s trace API.
2. To verify the impact of our ECH solution, we implemented a test where we make 3 types of requests: a standard request, a request with our existing anti-censorship technologies, and a request with ECH.
3. Each request has a special identifier to differentiate the technology used and allows us to compare them against each other for effectiveness.

This step provided us with insight into how often ECH was used in countries known for censorship, and how successful the connection attempts were.

Helping users access a more open internet

Unfortunately, ECH by itself isn't a perfect solution for users experiencing censorship. As such, it's important that we support as many anti-censorship technologies as possible.

Since adding support for ECH to our Android client, we have achieved approximately 100,000 daily requests that are successfully made to our backend (using ECH). These requests allow users to log in to their accounts, update credentials, obtain their VPN bandwidth, and more.

We have found that in countries where ECH is enabled for users, it increases the likelihood that these API requests are successfully made by approximately 20%. That said, not every user requires ECH in order to use TunnelBear, and there are some countries that are more successful at blocking this technology.

Given the number of successful backend API calls being made, our support has demonstrated that ECH enabled requests have been very effective at bypassing some censorship techniques for many TunnelBear users.

The future of ECH adoption

For ECH to be truly effective as a technology, it needs to be more widely adopted. The more people or services that utilize ECH, the more successful it will be at defeating censorship and building a democratic internet for all.

If you want to help speed up it’s adoption, you can try enabling ECH for your browser (though word of caution, browser support is experimental at this time):

• Firefox: Instructions for enabling ECH on Firefox can be found here
  - Enter about:config
  - Search network.dns.echconfig.enabled and set to true
  - Search network.dns.use_https_rr_as_altsvc and set to true
• Edge: Instructions for enabling ECH on Edge can be found here
  - Right-click the Edge desktop icon
  - Select Properties > Target
  - Update the Target to: edge.exe --enable-features=EncryptedClientHello
• Chrome: Not supported at this time, currently in development

Our own ECH support is by no means complete. We plan on making further improvements to our Android app, Windows support is currently in the works, and we will begin efforts to support ECH for our macOS and iOS apps in the near future.

We're committed to continue working with censorship researchers worldwide, and we can’t wait to share our next team update soon!

Sincerely rawrs,

A lot has changed since our last Year in Review post, back in 2020. We’ve experienced life through a global pandemic, we’ve made it through lockdowns which kept us away from our favourite coffee shops and restaurants, we made the transition to working remotely, and so much more. Finally, in 2022 we saw a glimpse of what our new normal could look like. We’ve been able to venture out of our homes (and caves), embrace friends and family, and feel slightly less self-conscious when sneezing in public.

Changes around the Bear Cave

Here at TunnelBear, 2022 was a big a year. Our team grew, adding 16 amazing bears to the Sleuth. If you’re familiar with our release notes, that’s about 40% more bears.

Another big change for our team in 2022 was the closure of our office in Toronto. While we enjoyed having a place to congregate, we’ve fully transitioned to working remotely. Instead of catching up over coffee in Kensington Market, now we keep in touch over lunch playing Geoguessr.

Now, onto what we’re all really here for. Our bears were busy in 2022 and we wanted to highlight just a few of the Sleuth’s many accomplishments over the last year.

Bandwidth Support

In 2020, we were privileged to have the opportunity to announce our Bandwidth Support program. This program has allowed us to work closely with many NGOs, monitor censorship events across the globe, and more quickly take action to enable TunnelBear free of charge for those who need it most. We continue to provide bandwidth support for users experiencing censorship crises in over 20 countries around the world.

In 2022 we were able to add 5 additional countries to the program, allowing users in those regions access to a higher data limit, and to a more open internet.

WireGuard Release

One of our biggest updates of 2022 was the addition of the WireGuard VPN protocol. A VPN protocol is a set of rules and conditions that governs how your VPN connection works and performs. What makes WireGuard such a big win for our team, is that this protocol is known for its speed, reliability, and ability to bypass many censorship tactics. WireGuard is currently the default tunneling protocol for Windows, iOS and macOS, and is coming soon to Android!

Protocol Selection

With the addition of a new tunneling protocol, we figured it was time to give our users more control over their connection. With our new VPN Protocol Selection feature, you can now choose which tunneling protocol you want your Bear to use, directly in the TunnelBear app. Of course, if you’d still like us to manage that for you, just leave it set to Auto. Your Bear will handle the rest.

City Selection

Ever thought to yourself, “I wish I could connect directly to Toronto”? Wait no longer! In 2022, our bears released city-level selection across all platforms. Paid users can now choose from 3 cities in Canada and 13 cities in the USA, giving you even more control over where you connect to.

SplitBear

For over 6 years, our Android users have been lucky enough to have access to SplitBear, our very own split tunneling feature. In early 2022, we released SplitBear on iOS, and our team has since been hard at work putting the finishing touches on SplitBear for our desktop apps as well.

For those not in the know, SplitBear allows users the option to select apps and/or websites that they wish to exclude from their secure VPN tunnel. Netflix giving you trouble while connected to TunnelBear? SplitBear will let you exclude it from the tunnel, allowing you to keep the remainder of your device traffic secure while enjoying your favourite shows.

Captcha Support

In 2022, our bears upped our secure payments game behind the scenes. While we’ve always boasted an encrypted and secure payment process, we’ve gone one step further to prevent fraudulent payments from being made on our website. With the introduction of CAPTCHA support, we are able to prevent and stop automated payment scripts from making payment attempts. Not to worry, we've implemented our CAPTCHA in a way that won't interfere with our quick and easy payment process.

Conducted our 6th Annual Cure53 Security Audit

In 2017, TunnelBear was the first consumer VPN to commission a third-party security audit by Cure53 and publish the results to the public. We made a commitment to continue doing these audits every year and in 2022, we completed our 6th Cure53 audit. Our team has been hard at work making necessary fixes identified by Cure53, and we look forward to sharing the results soon!

2022 was a busy year for us at TunnelBear and we’re jumping into 2023 with a full team, big ideas, and the drive to continue fighting for a more open internet.

Sincerely rawrs,
The TunnelBear Team

It's 2022, and this needs to be stated. Women deserve equal rights.

While there are many examples over the past year that showcase the need to make this statement, we want to highlight the current protests in Iran.

September 16, 2022

On September 16, 2022, Mahsa Amini died after being beat and detained for three days by Iranian morality police. Her crime was failing to wear a hijab properly in public.

For this, she was murdered.

Following her funeral, many Iranians have joined together and protests have begun to spread across the country. They have been met with live ammunition, tear gas, beatings, and arrests. Hospitals have been forbidden from attending to protestors. Internet access has been heavily censored and power has been shut-off in cities where the protests are occurring.

Over 70 people have since died, protesting for better rights for women.

Our hearts go out to the victims of these crimes. To the protestors and demonstrators; you are our family, our friends, and our neighbours. While we are not there, we stand beside you.

Censorship in Iran

At TunnelBear, we do our best to monitor censorship events worldwide, using public data provided by wonderful organizations such as the Open Observatory of Network Interference (OONI) and Internet Outage Detection and Analysis (IODA). Combining the data provided from these institutes with our own internal analysis on VPN censorship, we are able to see that networks in Iran are heavily restricting access to not just the internet, but VPN services as well.

While it's not possible for our team to circumvent every type of network censorship employed by ISPs and Governments, we do work hard to keep TunnelBear available where needed the most.

With a considerable uptick in censorship coming from Iran, we're happy to share that TunnelBear VPN is still effective on most devices, with thousands of connections coming in from Iran every day.

Remaining connected

Amidst the strict internet censorship coming from the Iranian Government, it's important for people in Iran to know what they can do in order to maintain access to a free and open internet.

A couple of years ago, we created what we call our TunnelBear Bandwidth Program. As part of this program, we determine countries most at risk of severe internet censorship, and add additional service or bandwidth to all users connecting from that country - free of charge. Iran was the catalyst for what started this program, and will remain a member for the foreseeable future. This means that...

...TunnelBear is entirely free to use in Iran.

If you are in Iran, you will have 100GB of service for free applied to your account every month. Simply sign-in to TunnelBear and connect, the data will be added automatically. No need to pay. Just stay safe.

To gain access to TunnelBear in Iran, you can use the following options:

• Paskoocheh website
• Paskoocheh Telegram Bot
• Paskoocheh Email responder - [email protected]
• Toosheh app

Tips for staying safe online

• If using a VPN, enable obfuscation features. For the TunnelBear app, this means turning on GhostBear. This will help make it more difficult for networks to know whether you are using a VPN.
• Ensure that your VPN is using OpenVPN or WireGuard protocols (which are more resilient against certain forms of censorship). Many VPNs will allow you to select the protocol you use; you can read about which protocols we support here.
• Download and install the Tor browser. Make sure to also enable Snowflake circumvention when using Tor.
• Use messaging apps that are heavily encrypted (Signal, Telegram) or apps that don't rely on a persistent internet connection in order to communicate with others (Briar, Berkanan, Bridgefy).

TunnelBear stands with the people of Iran and we send our unyielding support. Please stay safe.

Sincerely,

It's been well over 5 years since we conducted our first independent security audit for TunnelBear, back in 2016. The world has experienced a lot of hardship over these last few years: internet shutdowns, infringements on fundamental rights, unprovoked acts of war, a global pandemic, and so much more.

But there has been lots of good in the world too: Pet adoption from shelters has increased by over 200% globally, worker's rights and reform is on the rise, and folks from around the world have joined together in support of BLM. Even in the wake of these unprecedented times, there are still many things to celebrate and work towards.

While the world has posed some challenges for the Bear Cave in the past year, we're happy to finally share the results from our 2021 security audit.

TunnelBear's preparation, documentation, and general support throughout the testing phase was comprehensive, with no stone left unturned.

2021 Testing

As with previous years, we've continued to use Cure53 to conduct our security audits. 2021's testing began in November. A total of 9 testers and 47 days were spent by the Cure53 team as they combed through every inch of our TunnelBear applications, SDKs, and VPN infrastructure.

2021 Results

Through their testing, Cure53 found four low, nine medium, three high, and three critical-risk vulnerabilities.

While these results were higher than previous years, the increased scope of our audits allowed Cure53 to cover more ground in testing our systems than ever before. With the reporting of these issues by Cure53, all medium, high, and critical vulnerabilities were quickly resolved by the TunnelBear team. Upon assessment and prioritization, low-risk vulnerabilities were also addressed.

You can read the full report by Cure53 here.

To Transparency, and Beyond

One key takeaway from 2021's audit is the ever growing importance to continue to conduct annual security audits for VPN services. This is something that TunnelBear is committed to continue doing.

We want to thank every Bear that contributed to last year's audit and Cure53 for their efforts and honest reporting. We're excited to continue improving the security and privacy of TunnelBear.

TunnelBear allows users to browse the internet safely without fear of network restrictions or surveillance. We’re exploring what the often abstract concept of censorship looks and feels like for those on the ground experiencing it. Digital Society Africa is an organization focused on strengthening communities with digital security training and capacity building. They spoke to us about how they prepared for the Zambia election, and how they dealt with the social media blockages that followed.

TunnelBear: Tell us about how Digital Society Africa works to strengthen the resilience of activists?

Digital Society Africa: We seek to achieve this (strengthening resilience) using a holistic security approach through a range of activities that include: holding discussions with organizations we seek to help where we identify the threats and risks they face in their work; we then develop and implement an action plan focused on ways to mitigate and minimise the impact of these risks; we also conduct security workshops to organised groups, individuals and general citizens where we share how they can better secure their information both online and offline; and lastly, we provide technical support to small to medium civil society organisations within the Southern African region.

Was there a feeling leading up to the election in Zambia that you might experience internet disruptions?

Definitely yes, there was a strong feeling that there would be internet disruptions. Unfortunately in previous elections in Africa we have seen and learnt of the internet being disrupted during elections, a tactic which is being copied by other leaders in the continent.

How did you prepare for the election? Do you do this for all regional elections?

We have developed an “elections digital security roadmap”, which includes several steps and actions that need to happen at minimum one year before the elections. Some of the steps involved include but are not limited to conducting risk assessments for main civil society organizations that work around human rights and elections including journalists; conducting digital security training; developing secure communication strategies; implementing secure data collection platforms and setting up incident response mechanisms.

We unfortunately cannot do this with all regional elections because of funding requirements, but we’ve started to build a local presence in countries that are far from our country of residence, so we can lead the implementation of this roadmap as we support folks remotely.

When Facebook, Twitter, and WhatsApp were blocked, can you explain what the feeling on the ground was like? What is it like for you?

Honestly, it was just a thing that we all expected and there was no real panic but just unfortunate confirmation of what we had anticipated. Ultimately we were sad to realize that African leaders are normalising internet disruptions during election periods.

As for me, I was just happy that we were well prepared for this. As much as it was not a great thing to happen, I was excited to see sections of the “roadmap” being implemented and was a bit nervous if the organisations and individuals we had trained would still be able to activate the discussed measures. It was comforting to see our preparation pay off.

Internet freedom is something that we are fighting for and we will keep fighting for until a time when the internet can be accessed by all, and repressive governments do not restrict its use to cover human rights abuses that happen within their countries.

Did your network mobilize when social media was blocked? How did this happen?

I would not say it was mobilization but rather just a check-in and confirmation. Note that all our network members had the OONI probe running and TunnelBear or Psiphon or NordVPN installed. I was just responsible for calling each team lead to confirm blockage and asking if they had noticed it and had activated VPN use.

How would you describe the idea of internet freedom to those who’ve always felt like they have it?

It might be obvious to everyone that being on the internet is a basic need and also a common thing that everyone should have in their homes. Unfortunately this is not the case in most developing countries as this is either too expensive or not easily available simply because of lack of infrastructure or coverage. In the cases where individuals have the internet but no internet freedom, that's when you see governments doing whatever they want.

For example, when protests happen they can just instruct ISPs to block certain platforms, usually social media platforms which ordinary citizens use on a daily basis to communicate with their family and friends. They can also throttle internet speeds and in the worst cases shut down the whole internet . These internet access restrictions can last as long as the protests are still happening, and this might mean individuals and companies cannot access the internet for days and in some cases months. This situation makes it hard and even traumatic for a lot of people who are now cut off from connecting with family and friends and the rest of the world. In this situation people then rely on other unsecure platforms like SMS or direct calls to be catching up with family, friends and colleagues which then increases their cost of communication significantly.

Internet freedom is something that we are fighting for and we will keep fighting for until a time when the internet can be accessed by all, and repressive governments do not restrict its use to cover human rights abuses that happen within their countries.

Is there anything you’d like to see the internet freedom community and digital policymakers do more of?

To the internet freedom community: I believe there is great need to form better and stronger collaborations amongst the different players within the different spaces. For example those who work with the actual frontline or grassroots members and those who develop tools or platforms. Such collaborations will ensure that the best solution is created and also can enable extended resource support (human, financial or emotional). Recent situations have proven that where there is relationship and collaboration, this will positively benefit not just the activist but also the general citizen.

To digital policy makers: There is a great need for simplified and more country-specific contextual examples when you discuss the importance of digital rights and policy. The sad reality is that it’s only a few individuals and organizations that actually fully understand digital rights and policies and it's simply because of the language and terms being used. Simplification and deliberate involvement of all stakeholders including general citizens will positively change the view around digital policies.

With greater collaboration between key players and wider understanding of how digital policy shapes our day-to-day life, the dream of internet freedom can more easily be reached.

Sincerely rawrs,

TunnelBear is a very simple virtual private network (VPN) that allows users to browse the web privately and securely. It secures browsing from hackers, ISPs, and anyone that is monitoring the network. TunnelBear believes you should have access to an open and uncensored internet, wherever you are.

Welcome to part two in our encryption series. This time around we’re going to talk about some of the fine work people are doing in Europe to help increase protections for privacy rights. Specifically, the debate on “backdoor” encryption and whether or not law enforcement should be allowed to force companies to give them a set of keys to their encryption. Most recently, Apple has announced plans to add an on-device scanning function for Child Sexual Abuse Imagery (CSAM) so they can send the results to law enforcement. Many critics say this is the first step to backdoors becoming the norm, but let’s take a look at what’s being done to stop this level of surveillance.

Encryption Europe

Encryption Europe is an industry alliance of European SMEs committed to making encryption simple, useful, and stable for everyone. Much of their recent work has revolved around fighting backdoor encryption legislation. Several months ago, they held a panel discussion looking for insight from the technology community about the pros and cons of backdoor encryption.

Their recent panel discussion focused mainly on a legal framework that should be used for Law Enforcement Agencies, education of public authorities, and political decision makers. There also needs to be work done that would ensure oppressive regimes are unable to use backdoors against citizens, companies, and public authorities all around the world.

There are really two sides to this argument, the first being that lawful access to information could help prevent child abuse, drug smuggling, or terrorist threats, is widely perceieved as a positive for society.

The second is that it’s inevitable that any mechanism allowing lawful decryption will be leaked onto the internet sooner than later. Once the keys are “in the wild”, nothing will stop criminals from using those keys to target people, businesses, or even law enforcement agencies, with attacks on their easily decrypted data.

What does backdoor encryption mean?

Backdoor encryption is a global push to force companies that protect data with encryption—from cell phone manufacturers to messaging apps—to add some way to turn off encryption if law enforcement asks.

In theory, this would go something like; a known criminal sends a text to another known criminal, but because the text is encrypted, law enforcement can’t read it when they try to intercept it. They go to the messaging app maker and ask for access to two specific accounts and the messages sent on a specific day. The app maker then hands over the encryption keys, or decrypts the texts and hands over the texts.

The downside to backdoor encryption

There are a lot of downsides to backdoor encryption. First; anyone relying on an encryption system that can be turned off at will is facing the same problem as communication without any encryption at all. They have no guarantee that their communications are ever encrypted, or that they might be decrypted at any time.

Second; any system with backdoors is just waiting to be hacked. 2020 taught us that there are a lot of really smart people out there, constantly looking for ways to exploit software and hardware bugs. If turning off encryption is a feature, it won’t take long for someone to find, or buy those keys and share them with the rest of the internet.

Third; personal privacy laws exist specifically to stop mass surveillance programs. Even with privacy laws, law enforcement has access to petabytes (that’s a lot) of data that people give away freely, every day. You’d be shocked at how often people post confessions and evidence on social media. Phone telemetry data is available from ISP. If your car has GPS, you guessed it, someone can find out where you are at all times.

What is Encryption Europe doing about this?

Our friends at Encryption Europe hold regular open panels and workshops on the importance of encryption. In light of growing concerns in Europe about the European Council’s Resolution calling for a “balanced” approach to encryption. During the panel, Timothée Rebours had this to say, "Encryption is a fundamental tool to protect the confidentiality of personal data and the security of the information systems, specifically enshrined in article 32 of the GDPR." Similarly, Gregory Wawszyniak added, "Encrypting data represents a way to ensure confidentiality of personal data and strengthen the resilience of processing systems. An appropriate and effective encryption solution can in fact be a means of demonstrating compliance with the security requirements of the GDPR."

The fight for online privacy

There are a number of organizations fighting for online privacy rights, all over the world. Some notable ones are:

• EFF
• OTF
• Open Media
• Access Now
• CDT

The links provided will take you to their websites, so you can learn more about how to help protect online privacy rights.

Protect your privacy

You can help make privacy rights the next big election issue, no matter where you live, by contacting your local and federal governments. Together, we can keep strong encryption the standard.

Warm rawr-gards,

TunnelBear joins companies and rights organizations to call on governments and the private sector to do the bear minimum by working to promote and deploy strong encryption that protects us all. Statement originally published on GlobalEncryptionDay.

Strong encryption is a critical technology that helps keep people, their information, and communications private and secure. It underpins online trust, protects members of vulnerable communities, and safeguards the data of governments, businesses, and everyday citizens from criminals and hostile governments.

However, some governments and organizations are pushing to weaken encryption, which would create a dangerous precedent that compromises the security of billions of people around the world. Actions in one country that undermine encryption threaten us all.

On Global Encryption Day, we call on governments and the private sector to reject efforts to undermine encryption and instead pursue policies that enhance, strengthen, and promote use of strong encryption to protect people everywhere. We also support and encourage the efforts of companies to protect their customers by deploying strong encryption on their services and on their platforms. Strong encryption is a critical tool toward a safer world for us all.

Signatories

AccessNow

Africa Media and Information Technology Initiative (AfriMITI)

African Declaration on Internet Rights and Freedoms Coalition

African Freedom of Expression Exchange (AFEX)

Alianza por el Cifrado en Latinoamérica y el Caribe (AC-LAC)

Apple.Inc

AP2SI – Associação Portuguesa para a Promoção da Segurança da Informação

Arenberg Crypto

Association for Progressive Communications – APC

Association for Proper Internet Governance

Baltic Internet Policy Initiative

Bangladesh NGOs Network for Radio and Communication (BNNRC)

Big Brother Watch

Blacknight

Canadian Civil Liberties Association

CCAOI

Centro Latinoamericano de Investigaciones Sobre Internet (CLISI)

Collaboration on International ICT Policy for East & Southern Africa (CIPESA)

Comisión para la Colaboración del Desarrollo de Internet en las IES

Committee to Protect Journalists

Cybersecurity Advisors Network (CyAN)

Derechos Digitales

Diamond Alternative Legal Services

Digital Empowerment Foundation

Digital Rights Watch

dmarcian

Donuts Inc.

Echoworx

E-Governance and Internet Governance Foundation for Africa (EGIGFA)
Electronic Frontier Foundation

Electronic Frontiers Australia, Inc

ENCRYPT UGANDA

Encryption Europe

Escola Profissional de Campanhã

Facebook

Function X Foundation

Fundación Cibervoluntarios

Fundación Karisma

Global Partners Digital

Global Voices

Human Rights Journalists Network

IDDLAC
IFEX

Ikigai Innovation Initiative

Indic Project

Innovation Solution Lab

Institute for Internet and the Just Society

Instituto Beta: Internet & Democracia – IBIDEM

Instituto de Referência em Internet e Sociedade – IRIS

Instituto Liberdade Digital

Instituto Nacional para el Desarrollo de la Ciberseguridad

INSM Network

International Civil Liberties Monitoring Group

International Press Institute (IPI)

Internet Australia

Internet Freedom Foundation

Internet Governance Project

Internet Society

Internet Society Belgium Chapter

Internet Society Brazil Chapter

Internet Society Cameroon Chapter

Internet Society (Canada) Manitoba Chapter

Internet Society Catalonia Chapter

Internet Soceity Chad Chapter

Internet Society Colombia Chapter

Internet Society Congo Chapter

Internet Society Cote d’Ivoire Chapter

Internet Society Ghana Chapter

Internet Society Guatemala Chapter

Internet Society Haiti Chapter

Internet Society Hong Kong

Internet Society India Chennai Chapter

Internet Society India Hyderabad Chapter

Internet Society Japan Chapter

Internet Society Kenya Chapter

Internet Society Kolkata Chapter

Internet Society Liberia Chapter

Internet Society Madagascar Chapter

Internet Society Namibia Chapter

Internet Society New York Chapter

Internet Society Nicaragua Chapter

Internet Society Nigeria Chapter

Internet Society Norway Chapter

Internet Society Philippines Chapter

Internet Society Portugal Chapter

Internet Society Puerto Rico Chapter

Internet Society Rwanda Chapter

Internet Society Senegal Chapter

Internet Society Singapore Chapter

Internet Society Somalia Chapter

Internet Society Sri Lanka Chapter

Internet Society Trinidad and Tobago Chapter

Internet Society UK England Chapter

Internet Society Zimbabwe Chapter

Internet Users Forever iki.fi society

Interpeer Project

IPANDETEC Central America

Jakkolabs Banjul

JCA-NET

Kijiji Yeetu

Law and Technology Research Institute of Recife – IP.rec

LAYLO

LGBT Technology Partnership

Lusófona University

MEGA

Media Foundation for West Africa (MFWA)

Media Rights Agenda (MRA)

Mnemonic

Nameshop

New America’s Open Technology Institute

New Zealand Council for Civil Liberties

Nitrokey GmbH

NUTS Technologies

Nym Technologies

ONG Acción Constitucional

OpenMedia

Open Governance Network for Europe

OPTF

Paradigm Initiative

PEN America

Post Graduate Department of Computer Science & IT, DAV College Amritsar, Punjab

Privacy & Access Council of Canada

Privacy International

Praxonomy

Prostasia Foundation

Proteus Technologies Limited

ProtonMail

Pundi X Labs

Quantum Leap Development

Ranking Digital Rights

Reform Government Surveillance

Relaycorp

Restore The Fourth

SeeZam S.A.

SFLC.in

Simply Secure

Stiftung Neue Verantwortung e. V.

Surfshark Ltd.

Swathanthra malayalam Computing

TechHerNG

Tech for Good Asia

The Dialogue

The Tor Project

Tresorit

TunnelBear

Tutanota

Ubunteam

Uribe100.com

Venchamax Company

V.I. Okonkwo & Company

West Africa ICT Action Network

World Wide Web Consortium (W3C)

WO=MEN Dutch Gender Platform

Youth Forum for Social Justice

With so much happening in the world, and so many people finding it harder and harder to stay connected, the Bears have been working extra hard to get tunnels to places that need them most.

Today, we’re excited to announce that new tunnels have been dug to Kenya, Nigeria, and South Africa. With internet shutdowns and content bans happening more frequently across Africa, it’s more important than ever to have access to close, fast, and secure connections.

People everywhere deserve the right to access information and protect their privacy while doing it. We hope these new tunnels will help get more people online safely so they can stay in touch with their friends and families.

How do I connect to the new tunnels?

Install the latest version of TunnelBear

You can download the latest version of TunnelBear for Windows or macOS from our website. For Android, you can get the app from Google Play.

For Windows and macOS

Once you’ve downloaded the app, double click on the install file and follow the prompts. You’ll have to sign in with your TunnelBear account login when you open the app for the first time.

For Android

Google Play will automatically install the app when the download is finished. You’ll have to sign in with your TunnelBear account login when you open the app for the first time.

If your app is already up-to-date, the new tunnels should show up automatically in the list of countries. You can also find them on the map.

TunnelBear for iPhone & iPad

If you haven’t already downloaded the latest versions for iPhone or iPad, you can download them from the App Store.

After you've downloaded the app, finish the install by signing in with your TunnelBear account information and agree to let TunnelBear set up a VPN profile. An iOS popup window will open asking you if you would like TunnelBear to “add VPN Configurations”. Tap “Allow” and TunnelBear will finish installing.

If your app is already up-to-date, the new tunnels will show up automatically in the list of countries, and on the map.

Happy tunneling,

TunnelBear is a very simple virtual private network (VPN) that allows users to browse the web privately and securely. It secures browsing from hackers, ISPs, and anyone that is monitoring the network. TunnelBear believes you should have access to an open and uncensored internet, wherever you are.

TunnelBear allows users to browse the internet safely without fear of network restrictions or surveillance. We’re exploring what the often abstract concept of censorship looks and feels like for those on the ground experiencing it. The Open Observatory of Network Interference (OONI) is a community of censorship measurement researchers that track global censorship events in real-time. OONI measurements are published on their Explorer and API, which help inform their reports and insights on internet censorship. They’re an integral player in the internet freedom community, and were gracious enough to share their story.

TunnelBear: Tell us about OONI, how did it come to be? Can you shed some light on the scale of the project?

OONI: OONI was born out of the Tor Project 10 years ago, back in 2011. At the time, a few Tor developers (including my colleague Arturo, who’s OONI’s project lead) started writing scripts to check Tor reachability, and they soon expanded those scripts to a number of other network measurement tests with the goal of understanding various forms of network interference.

This inspired the creation of OONI -- an attempt to create the first open framework that would enable anyone around the world to independently investigate internet censorship.

The general idea behind OONI was to create open methodologies that anyone could review and help improve upon for tests designed to measure internet censorship and other forms of network interference. These tests would then be shipped as part of a free and open source tool that anyone could install and run to independently investigate and detect internet censorship on their network. These test results would automatically get submitted to OONI servers, processed, and openly published.

In short, we created a global crowdsourced system for monitoring, detecting, and increasing transparency of internet censorship around the world -- a decentralized internet censorship observatory, powered by the people worldwide. Over time, we built this system in a way where anyone with a smartphone could easily install the app and run the tests with the click of a button, which led to significant expansion of censorship measurement.

We created a global crowdsourced system for monitoring, detecting, and increasing transparency of internet censorship around the world

Since 2012, we have openly published more than 447 million measurements collected from 22.7 thousand AS networks in 239 countries and territories. Today, OONI Probe is run in around 200 countries and territories every month. All these measurements -- which are now openly published in near real-time -- have supported research and advocacy efforts around the world.

What would be a typical situation in which someone would want to run an OONI Probe test?

We have seen that people typically feel more motivated to run OONI Probe tests when they experience internet censorship, like when they notice a website they care about is blocked, or popular social media apps (such as WhatsApp or Facebook Messenger) that they rely on for information and communication. Measurement data can confirm whether these services are actually blocked, which can also help serve as evidence of blocking for internet freedom activists and researchers.

With the OONI Probe app, you can run tests to measure:

• Blocking of websites;
• Blocking of instant messaging apps (WhatsApp, Facebook Messenger, Telegram, Signal);
• Blocking of circumvention tools (Tor, Psiphon, RiseupVPN);
• Network speed and performance;
• Video-streaming performance.

In general, we see different tests run at different moments in time, depending on what local internet users are experiencing and the questions they’re attempting to answer through OONI Probe tests. There’s also a large part of the OONI community that enables automated testing on their OONI Probe app and runs tests every day, irrespective of experiencing internet censorship.

Internet freedom requires freedom from censorship. At minimum, we need to have transparency about what is blocked, where, why, and how

We strongly recommend running OONI Probe regularly (regardless of whether you actually experience internet censorship or not) because:

• Censorship is often politically motivated and can therefore change depending on political events (we have also seen this in Europe).
• If censorship starts taking place in your country, you’ll have data to prove it (and previous data to compare it against).
• Many cases of internet censorship can go unnoticed, such as the blocking of minority group websites.
• Internet censorship can differ from network to network within a country. Perhaps internet services that are accessible on your network are blocked on others.
• It’s not always clear if an internet service is intentionally blocked, or if it’s inaccessible due to other reasons such as network issues.
• As long as there is no transparency, governments and Internet Service Providers (ISPs) can potentially seek plausible deniability, especially if it’s not clear that a service is intentionally blocked.
• We consider it good practice to keep those in power to account.
• By contributing measurements, you are helping to create a public archive on network interference worldwide. You will enable future generations to see what was happening on the network level of the internet.

What role does measurement play in the fight for internet freedom?

Internet freedom requires freedom from censorship. At minimum, we need to have transparency about what is blocked, where, why, and how (the “how” part can potentially inform circumvention strategies). Censorship measurement enables the public to achieve this.

Censorship measurement offers a practical way to collect empirical data that can potentially serve as evidence of internet censorship. It enables the public to actively monitor, detect, confirm, and respond to internet censorship events around the world.

In practice, OONI Probe is used by researchers and human rights defenders worldwide to monitor and report on emerging censorship events. OONI data supports the #KeepItOn campaign, a global coalition of more than 240 human rights organizations fighting internet shutdowns around the world.

Is there a particular story from you or OONI members you’d like to share that’s influenced your strategy?

About seven years ago, we met talented developers from Venezuela who were collaborating with local journalists and human rights organizations. Even at the time, independent news media websites were blocked in the country. They wanted to use OONI Probe to measure the blocking of websites across many different networks and regions of Venezuela, through coordination with local volunteers. But at the time, OONI Probe was just a command line tool, making it difficult to engage volunteers. To adapt to this need, we collaborated on a Raspberry Pi distribution for OONI Probe, enabling volunteers to easily have tests run automatically by just connecting certain Raspberry Pis to power and WiFi.

Venezuelan community members also informed us that, sometimes, websites are blocked intermittently, requiring rapid testing (rather than daily testing through Raspberry Pis). We then pivoted to create OONI Run, through which they could generate a sharable mobile deep link for coordination with volunteers and rapid OONI Probe testing. This was helpful during the political crisis in Venezuela, when independent news media and political opposition websites were blocked intermittently. Digital rights groups in Venezuela used OONI Run to coordinate with communities across the country on testing of those websites as blocks emerged.

In countries that experience pervasive forms of censorship, the use of VPN is essential for accessing platforms like Facebook or WhatsApp, which are their main sources for information and communication

Because our community is so essential to our work, our strategies have always been informed directly by community needs. We develop new OONI Probe tests and ship new features based on community needs and censorship trends.

You’re involved in a lot of collaborative projects with OONI members in censored environments, would you be able to shed some light on what their day-to-day looks like given those circumstances?

Many human rights defenders in censored environments rely on VPN like TunnelBear to circumvent blocks and access online information and communications platforms. In countries that experience pervasive forms of censorship, the use of VPN is essential for accessing platforms like Facebook or WhatsApp, which are their main sources for information and communication.

In Myanmar, for example, access to Facebook remains blocked on several networks, which makes the use of VPN even more essential. Up until recently, internet users in Uganda could not use online social media platforms without paying the OTT tax (commonly referred to as the “social media tax”) -- this has now been replaced by a new tax on data packages.

In both Myanmar and Uganda, ISPs blocked a number of VPNs as well, likely in an attempt to prevent internet users from circumventing censorship. Similarly, we have observed blocking attempts against a number of circumvention tool websites in Azerbaijan, where numerous independent news media websites are blocked. Around the world, we observe the blocking of VPNs in correlation with other major censorship events (often involving the blocking of social media or news media). But it’s often unclear whether such blocks are effective, as circumvention tools sometimes include built-in circumvention techniques. This is why we think that it’s important to measure the reachability of circumvention tools (OONI Probe currently includes tests for Tor and Psiphon).

Human rights defenders in restrictive countries also use tools like Tor for online privacy, security, and anonymity; GPG for encrypted emails; Signal for encrypted instant messaging -- in addition to a variety of other digital security tools.

What do you think is needed to further support the censorship measurement community?

Thanks for asking! I think the best way to support the censorship measurement community is to get involved. There are many ways you can get involved with OONI censorship measurement (depending on your skills, background, and time availability):

• Run OONI Probe. Regardless of technical skills, you can install OONI Probe, tap a button to run tests, and contribute measurements. By enabling automated testing in the app settings, you can contribute measurements every day without having to remember to run OONI Probe.
• Translate the OONI Probe apps. By translating (or reviewing existing translations of) the OONI Probe apps, you can enable more communities to measure internet censorship.
• Suggest URLs for testing. The censorship findings are only as interesting as the websites that are tested. You can help us improve the quality of measurements by adding websites that you think should be tested for censorship.
• Contribute a network measurement test for OONI Probe. OONI Probe was created based on open methodologies and frameworks to enable community members to contribute their own network measurement tests. If you are a developer and this interests you, please reach out to the OONI team for coordination.
• Tell censorship stories through OONI data. If you are a researcher, advocate, or journalist, we encourage you to dig through OONI data, discover untold censorship stories, and share them with the public. OONI measurements from across the globe are openly published in near real-time, enabling you to track and respond to censorship events as they unfold!

There are also a number of other great censorship measurement projects that you can get involved with and support. For example, Censored Planet publishes open data on censorship measurement collected through remote measurement techniques. The Internet Outage Detection and Analysis (IODA) project provides near real-time alerts on internet outages around the world.

Sincerely rawrs,

TunnelBear is a very simple virtual private network (VPN) that allows users to browse the web privately and securely. It secures browsing from hackers, ISPs, and anyone that is monitoring the network. TunnelBear believes you should have access to an open and uncensored internet, wherever you are.

This op-ed is authored by Tunnelbear’s Shames Abdelwahab and CDT Chief Technology Officer Mallory Knodel, and first appeared on OpenGlobalRights on July 2, 2021.

When U.S. President Joe Biden met Russian President Vladimir Putin in Geneva last month, the White House said “a full range of pressing issues” were on the agenda, including the Kremlin’s involvement in global cyberattacks and mis- and disinformation campaigns. During those talks—and at the Summit of Democracies—where Biden has pledged to convene with allies, it would have been crucial for the U.S. to acknowledge that internet freedom is under siege worldwide. Now is the time to challenge cyber sovereignty and press for urgent protections to ensure people can communicate with one another and access the information they need to be safe, healthy, and informed.

We can’t let cyber sovereignty— the idea that countries need to exert sovereignty over the internet within their borders— become a substitute for cybersecurity. Illiberal state actors use sovereignty as a defense for the local censorship of content on global platforms, often to seek tighter control over internet gateways. Cyber sovereignty also leads to technology and policies that are called “information controls.” The potential to stifle free expression and the right to information is perhaps one reason why democratic cybersecurity framings tend to avoid information controls framed by cyber sovereignty. However, that shift to center information and data, rather than people, is being made.

Restrictions to internet freedom have been accelerating globally, posing serious threats to human rights and safety. Recent military takeovers in Myanmar led to internet shutdowns that not only cut off access to the outside world for residents but also prevented the rest of the world from knowing what atrocities were occurring within the country’s borders. The COVID-19 pandemic’s effects have put the mental, physical, and economic health of less-connected communities in even deeper peril.

International human rights watchdog Freedom House recently reported that we’re seeing more governments exert influence to censor news and communications from beyond their borders. The report’s focus on 2020 highlights that governments are even using the pandemic as an excuse to shut down information they don’t want circulated.

Amidst this historically challenging time, policymakers have the opportunity to empower the internet freedom movement through investment that reasserts the democratic principles of the global governance of the internet through cybersecurity that centers people, builds alliances, and strengthens infrastructure.

Policymakers have the opportunity to empower the internet freedom movement through investment that reasserts the democratic principles of the global governance of the internet.

It’s noteworthy that many concerns might justify states’ interventions in information security. Democratic countries (including the United States, Japan, and much of the EU) propose to govern data flows in an effort to battle disinformation and, they say, to protect public safety. But disinformation is also often used as a reason for internet bans. These examples both borrow from cyber sovereignty. The aim of addressing disinformation is often well-intended, but it needs to be done thoughtfully, otherwise we risk opening a door for bad state actors to legitimize harmful online censorship.

The internet freedom community is best placed to navigate this delicate balance between cybersecurity and cyber sovereignty. But it needs support from democratic countries and corporations if the internet is to live up to its promise of being a great force for good while also remaining a secure and democratic space.

Global internet freedom allies should focus on three specific areas that require real interest and investment. This agenda will promote strong cybersecurity practices while also encouraging freedom of thought on the internet.

First, mainstream digital literacy is an important part of day-to-day civic life. Rather than hyping myriad online threats, we need wider understanding that there is no such thing as a quick cybersecurity solution. However, there are tools available that help improve digital security, such as VPNs and password management. Our research found that one in four users across the globe are not familiar with VPN technology. Rooted in the idea that the internet transcends national borders, VPNs offer citizens a way around cyber sovereignty while also helping to protect their cybersecurity.

As it stands, access to these tools is mostly a consumer’s or a company’s choice; but given their importance, we urge policymakers to consider their responsibility to educate institutions and the public about the benefits of circumvention tools so that censors cannot use them as a tool in their defense.

Second, it’s essential to protect and fund community-building groups like the Open Technology Fund (OTF) and its grantees, who allow billions of people across the globe to safely browse the internet free from censorship and surveillance. It’s important that the internet freedom community never again faces funding shortfalls, such as the ones experienced in 2020, the effects of which are detrimental to advancing human rights technologies.

Finally, we should foster alliances, from governments to tech companies, to join civil society in the fight for internet freedom, so that we may ensure an enduring international commitment to the free, open, and democratic use of the internet. A diverse funding model involving tech companies, human rights groups, and governments would foster cybersecurity by keeping key players accountable, which empowers internet freedom communities to continue their important work.

We have a responsibility to protect the free and open ideals that the internet was built upon while tackling modern challenges. It is important to remember that cyber sovereignty frames issues as belonging to the state only, and cybersecurity requires everyone to cooperate. With cooperation in mind, we can strengthen the internet freedom movement if we put our minds to it.

TunnelBear recently submitted a comment to the Canadian government on the role of online intermediaries (ISPs, cloud services, web hosting services) in battling copyright infringement. In the comment, TunnelBear strongly advocates against website blocking and service suspension as a means to curb online piracy.

You can read our full comment below:

The Honourable Francois-Philippe Champagne
C.D. Howe Building
235 Queen Street
Ottawa, Ontario K1A 0H5

RE: Consultation on a Modern Copyright Framework for Online Intermediaries
28 May 2021

Dear Mr. Champagne, I am writing to you on behalf of TunnelBear LLC, a Canadian Virtual Private Network (VPN) company that values the democratic principles of an open and uncensored internet. Our team works towards providing our users around the world with stable, reliable internet connections that are free from network restrictions and surveillance.

The TunnelBear team works with the digital rights and internet freedom community to implement technologies that help individuals access a stable internet connection in their day-to-day life and in critical situations for their community, including when they face internet disruptions as a result of different geopolitical events like elections or protests. In many cases, these disruptions are carried out by online intermediaries like ISPs.TunnelBear is concerned about the government’s Consultation on a Modern Copyright Framework for Online Intermediaries, particularly in relation to the introduction of website blocking and service suspension by online intermediaries as a means to curb copyright infringement. We are particularly concerned that:

• This is an unnecessary and punitive approach to addressing the issue ofcopyright infringement; using intermediaries as enforcement powers is a slippery slope
• The proposal to weaken providers’ safe harbour protections incentivizes service providers to protect themselves by building aggressive blocking systems
• Blocking systems can unintentionally hurt the lawful access of materialsprotected by rights holders, like when using BitTorrent
• Building these blocking systems would incur high consumer costs, who wouldeffectively be responsible for funding a censorship mechanism

Respecting the Internet’s Integrity
Our work in the internet freedom space has led us to witness egregious wrongs ininternet governance from undemocratic states, many of them committed by service providers who were mandated to do so by their government. While the goal ofprotecting copyright owners is well-intentioned, and one that TunnelBear supports, it is worth noting that according to prominent academic Michael Geist, Canada already hasmany legal provisions in place to protect rights-owners and “some of the world’stoughest anti-piracy provisions”. With that in mind, the proposals to introduce websiteblocking and service suspension are completely unnecessary.

Second, and more importantly, this approach’s effects on net neutrality and the internet’s openness would far outweigh any merits. The CRTC describes that “all traffic on the internet should be given equal treatment by ISPs”; giving enforcement powers to service providers achieves just the opposite. It instead asks service providers to build a censorship ecosystem that goes against their incentive to uphold net neutrality,especially when we take into consideration the consultation’s suggestion to modifyonline intermediaries’ safe harbour protections.

Risk of reducing safe harbour protections
Safe harbour protections shield online intermediaries from facing legal action from rightsholders. If these protections are reduced, service providers would likely take every action possible to minimize their risk and liability. This can include building complex technical website blocking systems that are willing to over-block or even suspend users so as to avoid legal action.

Unintended consequences
Over-blocking could have disastrous effects on users who rely on platforms that are often associated with copyright infringement, yet are in reality often used to distribute lawful materials approved by copyright holders. An example of this occurred in the United States (a country the proposal in consideration notes it has drawn inspirationfrom) only two months ago when a user received a cease and desist notice for downloading an official Ubuntu ISO package. In this particular case, the rights holders relied on an automated system to detect instances of piracy on BitTorrent, which struggled to differentiate between legal and illegal use. We can then see how the type of enforcement proposed can lead to lawful materials on mixed use platforms being blocked. Should a similar example occur in Canada when ISPs are mandated to consider website blocking or service suspension, the government of Canada would then be responsible for unjustly limiting a user’s access to the internet.

Costs of complex blocking systems
Should these proposals pass, whatever name we decide to give the project that follows -website blocking system, censorship ecosystem, copyright enforcement architecture -all stakeholders can certainly agree that this will be an expensive undertaking for online intermediaries, which could result in high consumer costs. As with any change in policy that affects the budgets of working families, we have a responsibility to consider how these costs would affect the most marginalized communities in Canada.

It is also worth noting that despite its high cost and sophistication, website blocking is easily circumventable. From a technical standpoint, the website blocking we have witnessed is done through Protocol-based blocking, DNS-based blocking, and Deep Packet Inspection-based blocking. Tools like VPN, the Tor browser, and more can be used by even beginner-level consumers to access the internet in more permissive environments. As such, going through with these proposals could mean that consumers incur the costs of their own censorship as well as circumvention.

Conclusion
There are many challenges associated with the proposals under consideration. These include

• Risk to upholding internet integrity
• Risk of over-blocking which can lead to unintended consequences
• Consumers paying for expensive blocking schemes

It is important to remember that a mere three years ago, the CRTC rejected a proposal to enlist a website blocking agency to curb piracy. The same principles that led the government to reject FairPlay should apply today. Website blocking and service suspension as a means to curb online piracy are dangerous and unnecessary. There is no justification for a “Canadian Internet firewall”.

Sincerely yours,

TunnelBear is a very simple virtual private network (VPN) that allows users to browse the web privately and securely. It secures browsing from hackers, ISPs, and anyone that is monitoring the network. TunnelBear believes you should have access to an open and uncensored internet, wherever you are.

We're so happy to release the results of our 4th annual independent security audit. It seems like just yesterday when we sent our Bears in for their very first security checkup in 2016, but here we are. 2021. Boy, have things been weird this last year (and counting).

2020 impacted the world in so many ways; we're still feeling the effects in 2021. Globally, people transitioned to life online for work and to stay connected to the world outside. However, as more people work from home than ever before, the internet has shown just how vulnerable the internet's infrastructure, companies, and people are.

Workers that would typically count on the safety of their office networks have had to rely on unsecured home routers to protect confidential information. Working from home suddenly meant scrambling to buy new computers, secure routers, anti-virus software, and a VPN to help protect all of that data from threats they'd never considered.

The move to life online has inspired us to work even harder to make sure the TunnelBear network can help keep your private data safe and sound. Let's look at this year's results.

2020 Testing

2020's testing started in October, and for 40 days, nine members of Cure53 scoured through every nook and cranny of TunnelBear's apps, code, and infrastructure. This year marks the fourth time we've worked with Cure53 to release a public audit. With several years of working experience together, they're able to assess TunnelBear's security quickly, resulting in more time to find and fix any issues that might appear.

Granting Cure53 "white-box" access to TunnelBear means clear visibility into how TunnelBear works, what technologies we use, and what we've done to harden security.

Given its breadth, the absence of highly-rated issues is a great achievement.

2020 Results

We're happy to announce that after 40 days of testing, Cure53 found two low, two medium and one high-risk vulnerability. This year's report is the best report we've seen so far because even the vulnerability marked as high was easily fixed. A key highlight of the report states, "Given its breadth, the absence of highly-rated issues is a great achievement. As such, this project's results also underscore the benefits of continuous engagement with external security examinations as the working mechanism towards reducing flaws."

You can read the full report on Cure53's website. (Link goes to a pdf hosted on Cure53.de)

Another year, another audit

We want to thank all the hard-working Bears that contributed to last year's audit and Cure53 for their attention to detail and honest reporting. We've always enjoyed working together to make TunnelBear a better app for people who depend on a secure connection to access the internet every day.

See you next year!