October 8 2020 GM: Difference between revisions
No edit summary |
No edit summary |
||
(10 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
__NOTOC__ | |||
{|class="wikitable" style="float:right; margin-left: 10px; width: 20%; background-color:#A9D743;" | {|class="wikitable" style="float:right; margin-left: 10px; width: 20%; background-color:#A9D743;" | ||
Line 9: | Line 10: | ||
|} | |} | ||
' | This Glitter Meetup, which featured a Q&A with TunnelBear's Director of VPN, Rodrigue Hajjar , is part of our [[IFF_VPN_Village_2020| VPN Village]] The following are the questions and answers from this gathering. | ||
''' | '''Guest Speaker:''' Rodrigue Hajjar, TunnelBear’s Director of VPN. | ||
---- | |||
'''Notes:''' | |||
===Question: What is the culture of TunnelBear?=== | |||
'''ANSWER:''' TunnelBear is all about mission-driven development. We started the service with the idea that the internet would be a better place if everyone browsed the same internet as everyone else, regardless of local censor restrictions. The folks who work with us are all about this mission, and the office is a great place to be | |||
===Question: How did TunnelBear get the name?=== | |||
'''ANSWER:''' At that point in time (2011/2012), most online security apps had shields and a rather intimidating brand image. We wanted to go with a friendlier approach. “Tunnel” obviously for the encrypted tunnel, and “Bear”, because everyone loves Bears and they’re fierce”. The business model is simple, we’re a freemium app, you get a small amount of data for free, and then you have to pay to get unlimited bandwidth. | |||
===Question: How has TunnelBear handled any US legal requests?=== | |||
'''ANSWER:''' Whenever we do get legal requests, we comply with them. Our strategy is to collect as little data as possible in the first place so that legal requests don't put us in an uncomfortable position. We publish the number of requests we get/comply with in our annual transparency report. This is TunnelBear’s [https://www.tunnelbear.com/blog/tunnelbear-transparency-report-for-2019/ 2019 Transparency Report] | |||
===Question: Is there a reason for blocking P2P and any domain that includes the word "torrent" while connected via TunnelBear?'''=== | |||
'''ANSWER:''' TunnelBear doesn’t block P2P or any domain that has the word “torrent”, if there’s a specific port that’s blocked, we might be doing it due to security concerns. However, if you contact support we often get these things figured out. (This question was related to a [https://vpnpro.com/torrenting/tunnelbear-for-torrenting/ past action). | |||
'' | ===Question: How do you handle user data?=== | ||
'''ANSWER:''' We absolutely do not store user logs, and collect as little data as possible to operate our service. Our privacy policy is written in an intentionally no-nonsense and simple way. (TunnelBear's Privacy Policy: https://www.tunnelbear.com/privacy-policy) A commitment to ethical data collection requires constant review. That’s why TunnelBear works with Cure53 to conduct transparency and security audits of our service. We publish these on our blog annually, so you can hold us accountable to our no-logs promises. We also always audit our whole infrastructure, instead of just the clients or parts of it. | |||
''' | ===Question: What is the anti-censorship team focused on at TunnelBear? What's your vision for the latest circumvention techniques you are working towards?=== | ||
'''ANSWER:''' Our anti-censorship team is focused on building anti-censorship capabilities into the TunnelBear service based on a proactive approach. There’s a number of countries that censor VPNs in different ways. Our team tracks this through the lens of our four stages of censorship framework (distribution, API blocking, connecting to a VPN, and maintaining a VPN connection), with the most sophisticated censors blocking at all four stages. The team includes a mix of engineers and community professionals that are focused on this framework. The anti-censorship team was founded just this year and our focus right now is on Iran. The 4 stages framework for thinking about VPN censorship works for most countries including China. | |||
===Question: In general, how do you understand the needs of the community that uses TunnelBear? Do you have user surveys or studies that help inform the development of features?=== | |||
'''ANSWER:''' We do conduct user surveys and take user feedback into consideration. We also work with a number of community partners as part of our anti-censorship initiative and through our NGO Support Network program. These community partners have been kind enough to relay user feedback, which is super useful especially when we consider different local contexts, etc. | |||
===Why not using open source solutions, openvpn, or outline?=== | |||
'''Answer:''' TunnelBear does use OSS, we use OpenVPN amongst other protocols. We contribute back to OSS whenever they can (see ESNI contribution to boringSSL). We will never accept data as a payment form; We used to accept a jar of honey as a payment form. | |||
===Question: TunnelBear recently pulled its servers from Hong Kong in light of their new security law, but in general, how do you reconcile with the laws of the (other) countries where you have your servers in?=== | |||
'''ANSWER:''' As we said in our statement about the HK servers, the integrity of our network infrastructure is of the utmost importance to us. That particular situation introduced risk, so we decided to pull our servers. That same principle applies to other countries where we have servers. If we note a risk to our infrastructure, we owe it to our users to act. | |||
===Question: What is TunnelBear's policy about security-related issues?=== | |||
'''Answer:''' You’ll find through our blog posts how we react to specific vulnerabilities found or external threats, like [https://www.tunnelbear.com/blog/tunnelbear-removes-hong-kong-servers-to-safeguard-vpn-network-infrastructure/ Hong Kong servers removal], the [https://www.tunnelbear.com/blog/tunnelbear-completes-3rd-annual-independent-public-security-audit/ Security Audits] or the | |||
[https://www.tunnelbear.com/blog/heartbleed/ specific vulnerability that could have affected]. We’re also on hackerone where anyone can post and get paid for security vulnerabilities | |||
===Question: I think TunnelBear has the cutest design for a vpn tool, who designed the UI?=== | |||
'''Answer:''' Designers get all the credit, they're a big part of our secret sauce! Designs / user experience were originally created by Ryan (one of the co-founders) and Andrew (our first designer) | |||
===Are you able to share more information about how you tackle the problem of distribution in China?=== | |||
'''Answer:''' Aside from relying on our NGO partners’ distribution networks, our distribution focus right now is on Iran. That said, we hope to take the lessons learned from this country-rollout program and apply it to other censored countries in the future, like China for example. | |||
===How many languages Tunnelbear supports? Are you planning to add more languages? Do you have insights of your audience using the app in localized languages?=== | |||
'''Answer:''' We currently support 15 languages on Android, and are super grateful to the efforts of the Localization Lab for their help in this! We are planning to add more language support, and will keep our users updated as we go. I’m not sure about our language insights, but if you’re really interested in this, it may be worth emailing [email protected] | |||
===What trends you folks are seeing in regards to censorship=== | |||
'''Answer:''' DNS and SNI censorship are the most common types of VPN censorship we’ve seen. We’re also seeing more advanced censorship during election periods/times of protest/political unrest.And usually the first services to get censored are social media (facebook / twitter etc..) | |||
''' | ===Has subscriber/user increased in Hong Kong over the past few months?=== | ||
'''Answer:''' Yes, we’ve seen an increase in the number of connections from Hong Kong. |
Latest revision as of 15:22, 8 October 2020
Glitter Meetups |
This Glitter Meetup, which featured a Q&A with TunnelBear's Director of VPN, Rodrigue Hajjar , is part of our VPN Village The following are the questions and answers from this gathering.
Guest Speaker: Rodrigue Hajjar, TunnelBear’s Director of VPN.
Notes:
Question: What is the culture of TunnelBear?
ANSWER: TunnelBear is all about mission-driven development. We started the service with the idea that the internet would be a better place if everyone browsed the same internet as everyone else, regardless of local censor restrictions. The folks who work with us are all about this mission, and the office is a great place to be
Question: How did TunnelBear get the name?
ANSWER: At that point in time (2011/2012), most online security apps had shields and a rather intimidating brand image. We wanted to go with a friendlier approach. “Tunnel” obviously for the encrypted tunnel, and “Bear”, because everyone loves Bears and they’re fierce”. The business model is simple, we’re a freemium app, you get a small amount of data for free, and then you have to pay to get unlimited bandwidth.
Question: How has TunnelBear handled any US legal requests?
ANSWER: Whenever we do get legal requests, we comply with them. Our strategy is to collect as little data as possible in the first place so that legal requests don't put us in an uncomfortable position. We publish the number of requests we get/comply with in our annual transparency report. This is TunnelBear’s 2019 Transparency Report
Question: Is there a reason for blocking P2P and any domain that includes the word "torrent" while connected via TunnelBear?
ANSWER: TunnelBear doesn’t block P2P or any domain that has the word “torrent”, if there’s a specific port that’s blocked, we might be doing it due to security concerns. However, if you contact support we often get these things figured out. (This question was related to a [https://vpnpro.com/torrenting/tunnelbear-for-torrenting/ past action).
Question: How do you handle user data?
ANSWER: We absolutely do not store user logs, and collect as little data as possible to operate our service. Our privacy policy is written in an intentionally no-nonsense and simple way. (TunnelBear's Privacy Policy: https://www.tunnelbear.com/privacy-policy) A commitment to ethical data collection requires constant review. That’s why TunnelBear works with Cure53 to conduct transparency and security audits of our service. We publish these on our blog annually, so you can hold us accountable to our no-logs promises. We also always audit our whole infrastructure, instead of just the clients or parts of it.
Question: What is the anti-censorship team focused on at TunnelBear? What's your vision for the latest circumvention techniques you are working towards?
ANSWER: Our anti-censorship team is focused on building anti-censorship capabilities into the TunnelBear service based on a proactive approach. There’s a number of countries that censor VPNs in different ways. Our team tracks this through the lens of our four stages of censorship framework (distribution, API blocking, connecting to a VPN, and maintaining a VPN connection), with the most sophisticated censors blocking at all four stages. The team includes a mix of engineers and community professionals that are focused on this framework. The anti-censorship team was founded just this year and our focus right now is on Iran. The 4 stages framework for thinking about VPN censorship works for most countries including China.
Question: In general, how do you understand the needs of the community that uses TunnelBear? Do you have user surveys or studies that help inform the development of features?
ANSWER: We do conduct user surveys and take user feedback into consideration. We also work with a number of community partners as part of our anti-censorship initiative and through our NGO Support Network program. These community partners have been kind enough to relay user feedback, which is super useful especially when we consider different local contexts, etc.
Why not using open source solutions, openvpn, or outline?
Answer: TunnelBear does use OSS, we use OpenVPN amongst other protocols. We contribute back to OSS whenever they can (see ESNI contribution to boringSSL). We will never accept data as a payment form; We used to accept a jar of honey as a payment form.
Question: TunnelBear recently pulled its servers from Hong Kong in light of their new security law, but in general, how do you reconcile with the laws of the (other) countries where you have your servers in?
ANSWER: As we said in our statement about the HK servers, the integrity of our network infrastructure is of the utmost importance to us. That particular situation introduced risk, so we decided to pull our servers. That same principle applies to other countries where we have servers. If we note a risk to our infrastructure, we owe it to our users to act.
Answer: You’ll find through our blog posts how we react to specific vulnerabilities found or external threats, like Hong Kong servers removal, the Security Audits or the specific vulnerability that could have affected. We’re also on hackerone where anyone can post and get paid for security vulnerabilities
Question: I think TunnelBear has the cutest design for a vpn tool, who designed the UI?
Answer: Designers get all the credit, they're a big part of our secret sauce! Designs / user experience were originally created by Ryan (one of the co-founders) and Andrew (our first designer)
Answer: Aside from relying on our NGO partners’ distribution networks, our distribution focus right now is on Iran. That said, we hope to take the lessons learned from this country-rollout program and apply it to other censored countries in the future, like China for example.
How many languages Tunnelbear supports? Are you planning to add more languages? Do you have insights of your audience using the app in localized languages?
Answer: We currently support 15 languages on Android, and are super grateful to the efforts of the Localization Lab for their help in this! We are planning to add more language support, and will keep our users updated as we go. I’m not sure about our language insights, but if you’re really interested in this, it may be worth emailing [email protected]
What trends you folks are seeing in regards to censorship
Answer: DNS and SNI censorship are the most common types of VPN censorship we’ve seen. We’re also seeing more advanced censorship during election periods/times of protest/political unrest.And usually the first services to get censored are social media (facebook / twitter etc..)
Has subscriber/user increased in Hong Kong over the past few months?
Answer: Yes, we’ve seen an increase in the number of connections from Hong Kong.