October 8 2020 GM: Difference between revisions

From TCU Wiki
← Older edit
VisualWikitext
No edit summary
No edit summary
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
__NOTOC__
{|class="wikitable" style="float:right; margin-left: 10px; width: 20%; background-color:#A9D743;"  
{|class="wikitable" style="float:right; margin-left: 10px; width: 20%; background-color:#A9D743;"  


Line 9: Line 10:
|}
|}


'''Time:''' 9:00am EST / 1:00pm UTC+0
This Glitter Meetup, which featured a Q&A with TunnelBear's Director of VPN,  Rodrigue Hajjar , is part of our [[IFF_VPN_Village_2020| VPN Village]] The following are the questions and answers from this gathering.
 
'''Where:''' [http://community.internetfreedomfestival.org/ IFF Mattermost Square Channel].
 
''***[[IFF Mattermost|Check out how to get an invite here]].''


'''Guest Speaker:''' Rodrigue Hajjar, TunnelBear’s Director of VPN.  
'''Guest Speaker:''' Rodrigue Hajjar, TunnelBear’s Director of VPN.  
[https://internetfreedomfestival.org/vpn-village/ This Glitter Meetup is part of the IFF VPN Village program.]
Join us during this Glitter Meetup to hear from TunnelBear’s Rodrigue Hajjar, the Director of VPN.  Did you ever want to know what countries use VPNs the most? What is the VPN industry doing to evolve to meet increasing digital right threats? This is also a good time to share some of the issues and challenges folks have been encountering in the field in regards to TunnelBear.


----
----
Line 26: Line 18:
'''Notes:'''
'''Notes:'''


This is the VPN Glitter Meetup, part of the [https://internetfreedomfestival.org/vpn-village/ IFF VPN Village]. We dedicated this Town Hall to a Q&A with Rodrigue Hajjar, Director of VPN of TunnelBear, you can find him as @rod_h on the IFF Mattermost.
===Question: What is the culture of TunnelBear?===
 
'''How would you describe the culture of the company? What is yalls business model?'''
* TunnelBear is all about mission-driven development. We started the service with the idea that the internet would be a better place if everyone browsed the same internet as everyone else, regardless of local censor restrictions. The folks who work with us are all about this mission, and the office is a great place to be
 
'''How did TunnelBear get the name?'''
* At that point in time (2011/2012), most online security apps had shields and a rather intimidating brand image. We wanted to go with a friendlier approach. “Tunnel” obviously for the encrypted tunnel, and “Bear”, because everyone loves Bears and they’re fierce”. The business model is simple, we’re a freemium app, you get a small amount of data for free, and then you have to pay to get unlimited bandwidth.
 
'''How has TunnelBear handled any US legal requests?'''
* Whenever we do get legal requests, we comply with them. Our strategy is to collect as little data as possible in the first place so that legal requests don't put us in an uncomfortable position. We publish the number of requests we get/comply with in our annual transparency report.
 
* This is TunnelBear’s [https://www.tunnelbear.com/blog/tunnelbear-transparency-report-for-2019/ 2019 Transparency Report]
 
'''Is there a reason for blocking P2P and any domain that includes the word "torrent" while connected via TunnelBear?'''
* TunnelBear doesn’t block P2P or any domain that has the word “torrent”, if there’s a specific port that’s blocked, we might be doing it due to security concerns. However, if you contact support we often get these things figured out.
 
* This question was related to a [https://vpnpro.com/torrenting/tunnelbear-for-torrenting/ past action].


'''How do you handle user data? For example, the log-in user’s information.'''
'''ANSWER:''' TunnelBear is all about mission-driven development. We started the service with the idea that the internet would be a better place if everyone browsed the same internet as everyone else, regardless of local censor restrictions. The folks who work with us are all about this mission, and the office is a great place to be
* We absolutely do not store user logs, and collect as little data as possible to operate our service. Our [https://www.tunnelbear.com/privacy-policy privacy policy] is written in an intentionally no-nonsense and simple way.


* A commitment to ethical data collection requires constant review. That’s why TunnelBear works with Cure53 to conduct transparency and security audits of our service. We publish these on our blog annually, so you can hold us accountable to our no-logs promises. We also always audit our whole infrastructure, instead of just the clients or parts of it.
===Question: How did TunnelBear get the name?===
'''ANSWER:''' At that point in time (2011/2012), most online security apps had shields and a rather intimidating brand image. We wanted to go with a friendlier approach. “Tunnel” obviously for the encrypted tunnel, and “Bear”, because everyone loves Bears and they’re fierce”. The business model is simple, we’re a freemium app, you get a small amount of data for free, and then you have to pay to get unlimited bandwidth.


'''What is the anti-censorship team focused on at TunnelBear? and what's your vision for the latest circumvention techniques you are working towards?'''
===Question: How has TunnelBear handled any US legal requests?===
* Our anti-censorship team is focused on building anti-censorship capabilities into the TunnelBear service based on a proactive approach.
'''ANSWER:''' Whenever we do get legal requests, we comply with them. Our strategy is to collect as little data as possible in the first place so that legal requests don't put us in an uncomfortable position. We publish the number of requests we get/comply with in our annual transparency report. This is TunnelBear’s [https://www.tunnelbear.com/blog/tunnelbear-transparency-report-for-2019/ 2019 Transparency Report]


* There’s a number of countries that censor VPNs in different ways. Our team tracks this through the lens of our four stages of censorship framework (distribution, API blocking, connecting to a VPN, and maintaining a VPN connection), with the most sophisticated censors blocking at all four stages. The team includes a mix of engineers and community professionals that are focused on this framework.
===Question: Is there a reason for blocking P2P and any domain that includes the word "torrent" while connected via TunnelBear?'''===
'''ANSWER:''' TunnelBear doesn’t block P2P or any domain that has the word “torrent”, if there’s a specific port that’s blocked, we might be doing it due to security concerns. However, if you contact support we often get these things figured out. (This question was related to a [https://vpnpro.com/torrenting/tunnelbear-for-torrenting/ past action).


* The anti-censorship team was founded just this year and our focus right now is on Iran. The 4 stages framework for thinking about VPN censorship works for most countries including China.  
===Question: How do you handle user data?===
'''ANSWER:''' We absolutely do not store user logs, and collect as little data as possible to operate our service. Our privacy policy is written in an intentionally no-nonsense and simple way. (TunnelBear's Privacy Policy: https://www.tunnelbear.com/privacy-policy) A commitment to ethical data collection requires constant review. That’s why TunnelBear works with Cure53 to conduct transparency and security audits of our service. We publish these on our blog annually, so you can hold us accountable to our no-logs promises. We also always audit our whole infrastructure, instead of just the clients or parts of it.


'''In general, how do you understand the needs of the community that uses TunnelBear? Do you have user surveys or studies that help inform the development of features?'''
===Question: What is the anti-censorship team focused on at TunnelBear? What's your vision for the latest circumvention techniques you are working towards?===
* We do conduct user surveys and take user feedback into consideration. We also work with a number of community partners as part of our anti-censorship initiative and through our NGO Support Network program. These community partners have been kind enough to relay user feedback, which is super useful especially when we consider different local contexts, etc.
'''ANSWER:''' Our anti-censorship team is focused on building anti-censorship capabilities into the TunnelBear service based on a proactive approach. There’s a number of countries that censor VPNs in different ways. Our team tracks this through the lens of our four stages of censorship framework (distribution, API blocking, connecting to a VPN, and maintaining a VPN connection), with the most sophisticated censors blocking at all four stages. The team includes a mix of engineers and community professionals that are focused on this framework. The anti-censorship team was founded just this year and our focus right now is on Iran. The 4 stages framework for thinking about VPN censorship works for most countries including China.  


'''Why not using open source solutions, openvpn, or outline?'''
===Question: In general, how do you understand the needs of the community that uses TunnelBear? Do you have user surveys or studies that help inform the development of features?===
* Some participants answer first this question, sharing their point of view: one of the things Tunnelbear brings to the table that free software hasn't done a good job with is educating users about what VPNs are and what they do through funny, cute, smartly-designed illustrations. If you want your users to not only use VPNs because they're easy and just work (which Tunnelbear does) but also understand what they're doing, Tunnelbear is a great choice. Also, some anti-censorship methods are quite hard to use in a "self-service" way that Outline suggests.
'''ANSWER:''' We do conduct user surveys and take user feedback into consideration. We also work with a number of community partners as part of our anti-censorship initiative and through our NGO Support Network program. These community partners have been kind enough to relay user feedback, which is super useful especially when we consider different local contexts, etc.


* Rod answers that TunnelBear does use OSS, they use OpenVPN amongst other protocols. THey contribute back to OSS whenever they can (see ESNI contribution to boringSSL). They will never accept data as a payment form; they used to accept a jar of honey as a payment form.
===Why not using open source solutions, openvpn, or outline?===
'''Answer:''' TunnelBear does use OSS, we use OpenVPN amongst other protocols. We contribute back to OSS whenever they can (see ESNI contribution to boringSSL). We will never accept data as a payment form; We used to accept a jar of honey as a payment form.


'''TunnelBear recently pulled its servers from Hong Kong in light of their new security law, but in general, how do you reconcile with the laws of the (other) countries where you have your servers in?'''
===Question: TunnelBear recently pulled its servers from Hong Kong in light of their new security law, but in general, how do you reconcile with the laws of the (other) countries where you have your servers in?===
* As we said in our statement about the HK servers, the integrity of our network infrastructure is of the utmost importance to us. That particular situation introduced risk, so we decided to pull our servers. That same principle applies to other countries where we have servers. If we note a risk to our infrastructure, we owe it to our users to act.
'''ANSWER:''' As we said in our statement about the HK servers, the integrity of our network infrastructure is of the utmost importance to us. That particular situation introduced risk, so we decided to pull our servers. That same principle applies to other countries where we have servers. If we note a risk to our infrastructure, we owe it to our users to act.


'''What is TunnelBear's policy about security-related issues?'''
===Question: What is TunnelBear's policy about security-related issues?===
* You’ll find through our blog posts how we react to specific vulnerabilities found or external threats, like [https://www.tunnelbear.com/blog/tunnelbear-removes-hong-kong-servers-to-safeguard-vpn-network-infrastructure/ Hong Kong servers removal], the  
'''Answer:''' You’ll find through our blog posts how we react to specific vulnerabilities found or external threats, like [https://www.tunnelbear.com/blog/tunnelbear-removes-hong-kong-servers-to-safeguard-vpn-network-infrastructure/ Hong Kong servers removal], the [https://www.tunnelbear.com/blog/tunnelbear-completes-3rd-annual-independent-public-security-audit/ Security Audits] or the  
[https://www.tunnelbear.com/blog/tunnelbear-completes-3rd-annual-independent-public-security-audit/ Security Audits] or the  
[https://www.tunnelbear.com/blog/heartbleed/ specific vulnerability that could have affected]. We’re also on hackerone where anyone can post and get paid for security vulnerabilities
[https://www.tunnelbear.com/blog/heartbleed/ specific vulnerability that could have affected]. We’re also on hackerone where anyone can post and get paid for security vulnerabilities


'''I think TunnelBear has the cutest design for a vpn tool, who designed the UI?'''
===Question: I think TunnelBear has the cutest design for a vpn tool, who designed the UI?===
* Designers get all the credit, they're a big part of our secret sauce! Designs / user experience were originally created by Ryan (one of the co-founders) and Andrew (our first designer)
'''Answer:''' Designers get all the credit, they're a big part of our secret sauce! Designs / user experience were originally created by Ryan (one of the co-founders) and Andrew (our first designer)


'''Are you able to share more information about how you tackle the problem of distribution in China?'''
===Are you able to share more information about how you tackle the problem of distribution in China?===


* Aside from relying on our NGO partners’ distribution networks, our distribution focus right now is on Iran. That said, we hope to take the lessons learned from this country-rollout program and apply it to other censored countries in the future, like China for example.
'''Answer:''' Aside from relying on our NGO partners’ distribution networks, our distribution focus right now is on Iran. That said, we hope to take the lessons learned from this country-rollout program and apply it to other censored countries in the future, like China for example.


'''How many languages Tunnelbear supports? Are you planning to add more languages? Do you have insights of your audience using the app in localized languages?'''
===How many languages Tunnelbear supports? Are you planning to add more languages? Do you have insights of your audience using the app in localized languages?===
We currently support 15 languages on Android, and are super grateful to the efforts of the Localization Lab for their help in this! We are planning to add more language support, and will keep our users updated as we go. I’m not sure about our language insights, but if you’re really interested in this, it may be worth emailing [email protected]
'''Answer:''' We currently support 15 languages on Android, and are super grateful to the efforts of the Localization Lab for their help in this! We are planning to add more language support, and will keep our users updated as we go. I’m not sure about our language insights, but if you’re really interested in this, it may be worth emailing [email protected]


'''I want to know what trends you folks are seeing in regards to censorship. I think this info would be valuable to all of us!'''
===What trends you folks are seeing in regards to censorship===
* DNS and SNI censorship are the most common types of VPN censorship we’ve seen. We’re also seeing more advanced censorship during election periods/times of protest/political unrest.And usually the first services to get censored are social media (facebook / twitter etc..)
'''Answer:''' DNS and SNI censorship are the most common types of VPN censorship we’ve seen. We’re also seeing more advanced censorship during election periods/times of protest/political unrest.And usually the first services to get censored are social media (facebook / twitter etc..)


'''Is the subscriber/user increase in Hong Kong over the past few months?'''
===Has subscriber/user increased in Hong Kong over the past few months?===
* Yes, we’ve seen an increase in the number of connections from Hong Kong.
'''Answer:''' Yes, we’ve seen an increase in the number of connections from Hong Kong.

Latest revision as of 15:22, 8 October 2020

Glitter Meetups

This Glitter Meetup, which featured a Q&A with TunnelBear's Director of VPN, Rodrigue Hajjar , is part of our VPN Village The following are the questions and answers from this gathering.

Guest Speaker: Rodrigue Hajjar, TunnelBear’s Director of VPN.

Notes:

Question: What is the culture of TunnelBear?

ANSWER: TunnelBear is all about mission-driven development. We started the service with the idea that the internet would be a better place if everyone browsed the same internet as everyone else, regardless of local censor restrictions. The folks who work with us are all about this mission, and the office is a great place to be

Question: How did TunnelBear get the name?

ANSWER: At that point in time (2011/2012), most online security apps had shields and a rather intimidating brand image. We wanted to go with a friendlier approach. “Tunnel” obviously for the encrypted tunnel, and “Bear”, because everyone loves Bears and they’re fierce”. The business model is simple, we’re a freemium app, you get a small amount of data for free, and then you have to pay to get unlimited bandwidth.

Question: How has TunnelBear handled any US legal requests?

ANSWER: Whenever we do get legal requests, we comply with them. Our strategy is to collect as little data as possible in the first place so that legal requests don't put us in an uncomfortable position. We publish the number of requests we get/comply with in our annual transparency report. This is TunnelBear’s 2019 Transparency Report

Question: Is there a reason for blocking P2P and any domain that includes the word "torrent" while connected via TunnelBear?

ANSWER: TunnelBear doesn’t block P2P or any domain that has the word “torrent”, if there’s a specific port that’s blocked, we might be doing it due to security concerns. However, if you contact support we often get these things figured out. (This question was related to a [https://vpnpro.com/torrenting/tunnelbear-for-torrenting/ past action).

Question: How do you handle user data?

ANSWER: We absolutely do not store user logs, and collect as little data as possible to operate our service. Our privacy policy is written in an intentionally no-nonsense and simple way. (TunnelBear's Privacy Policy: https://www.tunnelbear.com/privacy-policy) A commitment to ethical data collection requires constant review. That’s why TunnelBear works with Cure53 to conduct transparency and security audits of our service. We publish these on our blog annually, so you can hold us accountable to our no-logs promises. We also always audit our whole infrastructure, instead of just the clients or parts of it.

Question: What is the anti-censorship team focused on at TunnelBear? What's your vision for the latest circumvention techniques you are working towards?

ANSWER: Our anti-censorship team is focused on building anti-censorship capabilities into the TunnelBear service based on a proactive approach. There’s a number of countries that censor VPNs in different ways. Our team tracks this through the lens of our four stages of censorship framework (distribution, API blocking, connecting to a VPN, and maintaining a VPN connection), with the most sophisticated censors blocking at all four stages. The team includes a mix of engineers and community professionals that are focused on this framework. The anti-censorship team was founded just this year and our focus right now is on Iran. The 4 stages framework for thinking about VPN censorship works for most countries including China.

Question: In general, how do you understand the needs of the community that uses TunnelBear? Do you have user surveys or studies that help inform the development of features?

ANSWER: We do conduct user surveys and take user feedback into consideration. We also work with a number of community partners as part of our anti-censorship initiative and through our NGO Support Network program. These community partners have been kind enough to relay user feedback, which is super useful especially when we consider different local contexts, etc.

Why not using open source solutions, openvpn, or outline?

Answer: TunnelBear does use OSS, we use OpenVPN amongst other protocols. We contribute back to OSS whenever they can (see ESNI contribution to boringSSL). We will never accept data as a payment form; We used to accept a jar of honey as a payment form.

Question: TunnelBear recently pulled its servers from Hong Kong in light of their new security law, but in general, how do you reconcile with the laws of the (other) countries where you have your servers in?

ANSWER: As we said in our statement about the HK servers, the integrity of our network infrastructure is of the utmost importance to us. That particular situation introduced risk, so we decided to pull our servers. That same principle applies to other countries where we have servers. If we note a risk to our infrastructure, we owe it to our users to act.

Question: What is TunnelBear's policy about security-related issues?

Answer: You’ll find through our blog posts how we react to specific vulnerabilities found or external threats, like Hong Kong servers removal, the Security Audits or the specific vulnerability that could have affected. We’re also on hackerone where anyone can post and get paid for security vulnerabilities

Question: I think TunnelBear has the cutest design for a vpn tool, who designed the UI?

Answer: Designers get all the credit, they're a big part of our secret sauce! Designs / user experience were originally created by Ryan (one of the co-founders) and Andrew (our first designer)

Are you able to share more information about how you tackle the problem of distribution in China?

Answer: Aside from relying on our NGO partners’ distribution networks, our distribution focus right now is on Iran. That said, we hope to take the lessons learned from this country-rollout program and apply it to other censored countries in the future, like China for example.

How many languages Tunnelbear supports? Are you planning to add more languages? Do you have insights of your audience using the app in localized languages?

Answer: We currently support 15 languages on Android, and are super grateful to the efforts of the Localization Lab for their help in this! We are planning to add more language support, and will keep our users updated as we go. I’m not sure about our language insights, but if you’re really interested in this, it may be worth emailing [email protected]

What trends you folks are seeing in regards to censorship

Answer: DNS and SNI censorship are the most common types of VPN censorship we’ve seen. We’re also seeing more advanced censorship during election periods/times of protest/political unrest.And usually the first services to get censored are social media (facebook / twitter etc..)

Has subscriber/user increased in Hong Kong over the past few months?

Answer: Yes, we’ve seen an increase in the number of connections from Hong Kong.

Retrieved from "https://wiki.digitalrights.community/index.php?title=October_8_2020_GM&oldid=43893"