Highlighted Articles
  News
  Installing Tunnelblick
  Uninstalling Tunnelblick
  Setting up Configurations
  Using Tunnelblick
  Getting VPN Service
  Common Problems
  Configuring OpenVPN
  Release Notes
  Thanks
  FAQ

Discussion Group
Read Before You Post

Privacy and Security

On This Page
    Tunnelblick and VPNs: Privacy and Security
        Protection Against Eavesdropping and attacker-in-the-Middle Attacks
        Location Spoofing
        Disguised IP Addresses
        Untrusted Networks — DON'T USE A VPN FOR THIS!
        Anonymity — DON'T USE A VPN FOR THIS!
    Tunnelblick Privacy
        Internet Access During a Check for Updates
        Internet Access During a Check for a IP Address Changes
    tunnelblick.net Privacy
        General Data Protection Regulation Information
        Logging
        Cookies

If you are using macOS Mojave or higher, be aware of a privacy concern if you download and use any document or program, including Tunnelblick.

Tunnelblick and VPNs: Privacy and Security

Tunnelblick and VPNs are often used for one or more of the following purposes:

To protect against eavesdropping and attacker-in-the-middle attacks when using the Internet to access a secured network from another secured network (for example, accessing a corporate network from home, or one branch office of an organization from another)
To make websites think your computer is somewhere it isn't (e.g., accessing UK television programs from non-UK locations)
To disguise your IP address from websites

All of the above are OK, but VPN service providers often also tout that a VPN can be used:

To protect against eavesdropping and attacker-in-the-middle attacks when using an untrusted network to access the Internet (for example, from a coffee shop wireless network) <== DO NOT use a VPN for this!
To provide anonymous Internet access <== DO NOT use a VPN for this!

Tunnelblick and VPNs in general are great for the first three purposes, but should not be used from an untrusted network and do not provide anonymous Internet access.

For the rest of this document, when discussing VPNs in general, the term "VPN" will be used. When speaking of Tunnelblick in particular, "Tunnelblick" will be used.

Protection Against Eavesdropping and attacker-in-the-Middle Attacks

A VPN can help protect your Internet activity from local eavesdroppers and attacker-in-the-middle attackers when your computer is connected to a trusted local network. It does this by encrypting all communications that a local attacker might be able to tap. Your outgoing Internet traffic is encrypted in your computer and is sent in encrypted form to your VPN service provider's computers. There it is decrypted and passed on to the Internet without encryption*. Similarly, Internet traffic to your computer arrives at the VPN server without encryption*, is encrypted there, and is sent from the VPN server to you in encrypted form. So nobody at your local coffee shop can tell what websites you are using, or read any of your traffic. And nobody on the Internet can see what you are doing on your corporate network.

Sufficiently powerful organizations could eavesdrop and conduct attacker-in-the-middle attacks if they have access to the VPN server or the connection between the VPN server and the Internet.

* If you are using https: all traffic between your computer and the destination website is encrypted, too. But that is separate from the encryption used by the VPN. If you are using https: and a VPN, your traffic is first encrypted for the https:, then for the VPN, then sent to the VPN server. The VPN server removes the VPN encryption, leaving the https: encryption, and then sends the traffic out to the Internet, still encrypted with the https: encryption.

Sufficiently powerful organizations could circumvent your https: encryption by spoofing security certificates.

Location Spoofing

A VPN can often make websites think your computer is located somewhere it isn't, but the IP address is not the only way that websites know where you are.

For example, many UK television programs may be accessed via the Internet only from within the UK. Such television websites often determine whether or not your computer is located in the UK by examining the IP address from which requests are originating. So you can use a UK-based VPN server to "pretend" to be in the UK. Television websites will see your traffic as originating from the VPN server's UK-based IP address and let you watch "Larkrise to Candleford" (or whatever).

But it doesn't always work. For example, in early 2016, Netflix announced that it would not let its customers use VPNs or proxies to access content they would not be able to access from their home because of geographic restrictions. Netflix's implementation of this policy is uneven; some VPN providers claim that their customers are not are affected.

Disguised IP Addresses

VPNS can disguise your IP address. However, as described below in "Anonymity", that usually isn't very helpful by itself.

Note that modern versions of macOS can provide this functionality with iCloud Private Relay.

Untrusted Networks — DON'T USE A VPN FOR THIS!

There is a relatively simple attack that can bypass the VPN for traffic to and from specific websites when you are using an untrusted local network. If the sites use https:, the attacker only gets metadata such as the fact that you visited the sites, the pages you visited on the sites, how often, and when. If the websites do not use https:, the attacker can see and/or can modify any of the data sent to or from the sites.

USING A VPN FROM AN UNTRUSTED NETWORK MAY NOT PROVIDE ANY MORE SECURITY..

Anonymity — DON'T USE A VPN FOR THIS!

All a VPN can do to help you surf anonymously on the Internet is make your IP address appear to be something different and mix your traffic in with traffic from other users of the VPN. However, there are many ways other than the IP address that websites can use to track you and/or find out who you are. And if a government can access activity logs your VPN service provider keeps, your anonymity can be compromised that way. And powerful organizations that can "tap" the traffic to/from both you and the VPN serviced provider could, even without such logs, correlate your traffic to a VPN service provider and their outgoing traffic to the Internet.

USING A VPN FOR ANONYMITY DOESN'T WORK. Use Tor or something similar. (And be careful even then: Tor User Identified by FBI.)

Tunnelblick Privacy

Note: If you are alarmed by warnings when uninstalling Tunnelblick on macOS Mojave or higher, please see Warnings When Uninstalling Tunnelblick.

In addition to using OpenVPN to access the Internet to set up, maintain, and tear down a VPN connection, Tunnelblick may access the Internet for two other purposes:

During normal operation, to check for updates; and
During normal operation, to check for a secure connection and help diagnose problems.

Tunnelblick performs these activities by accessing tunnelblick.net, and the tunnelblick.net web server keeps logs (as do most web servers) as described in tunnelblick.net Privacy. However, no personally identifiable information other than the IP address is kept.

Tunnelblick asks for permission for these activities when first launched. The permissions may be modified any other time by changing the appropriate individual Tunnelblick setting. You may inhibit both activities at once (regardless of the individual setting) by putting a check in the "Inhibit automatic update checking and IP Address checking" checkbox on the "Preferences" panel of Tunnelblick's "VPN Details" window.

Internet Access During a Check for Updates

When checking for updates, Tunnelblick contacts the tunnelblick.net web server. Tunnelblick uses encrypted https: connections to provide security and privacy, but the fact that tunnelblick.net was accessed is available to any eavesdropper. That may be avoided by only doing checks for updates manually when connected to a properly configured VPN (which, as described above, should hide from local eavesdroppers the fact that tunnelblick.net was accessed).

The setting that controls whether Tunnelblick checks for updates automatically (when launched and every 24 hours thereafter while Tunnelblick is running, even if no VPN is connected) is the "Check for updates automatically" checkbox on Tunnelblick's "Preferences" panel.

Internet Access During a Check for a IP Address Changes

Each Tunnelblick configuration has a setting to "Check if the apparent public IP address changed after connecting". If checked, Tunnelblick will send a request to the tunnelblick.net web server before the configuration is connected and will send another request after it is connected. These requests are done via https:, however, the fact that tunnelblick.net was accessed is available to any eavesdropper because the first request is made before a VPN connection has been established.

tunnelblick.net Privacy

tunnelblick.net is used for three purposes: as a website, to service update requests from the Tunnelblick application, and to service IP address check requests from the Tunnelblick application.

General Data Protection Regulation Information

See General Data Protection Regulation Information.

Logging

All accesses to tunnelblick.net are logged, as is common for websites. The logs are kept by the company that provides hosting services to tunnelblick.net. That company does not provide a way to disable logging or delete logs, and it keeps the logs for several years. The logs are also saved and analyzed by Tunnelblick developers to obtain information about what webpages are popular, which versions of Tunnelblick are being used, etc. Log entries for each access to tunnelblick.net consist of:

Date and time of the request
Public IP address to which the response is to be directed [1]
Request type (e.g. "GET" or "POST")
Resource requested (e.g., "/downloads.html HTTP/1.1" or "/appcast-b.rss HTTP/1.1"
Result code (e.g., "200" — OK or "404" — not found)
Number of bytes sent in response to the request
"Referer" (sic) supplied by the browser, the URL of the page that requested the resource
"User agent" supplied by the browser (e.g. "Mozilla/5.0 (Macintosh; Intel Mac OS 10_10_4) AppleWebKit/600.7.12 (KHTML, like Gecko)" or "Tunnelblick/3.5.3 (build 4270.4371) Sparkle/4270.4371").

[1] Public IP addresses may be considered "Personal Information" with respect to the Eurpean General Data Protection Regulation Information. See General Data Protection Regulation Information for details.

Tunnelblick's downloads are hosted by GitHub and/or SourceForge, both of which may also log information. See the GitHub Privacy Statement and the SourceForge Media Privacy Policy for details.

Tunnelblick's non-English language pages are served by Google Translate, which also logs common information. See the Google Privacy Policy for details.

At times the Tunnelblick website is protected from attack by Cloudflare. This protection may be turned on or off without notice. Cloudflare does its own logging of DNS requests and requests to the Tunnelblick website, in addition to any logging done by Tunnelblick's host provider. See What Cloudflare Logs for details.

Logging of website access: tunnelblick.net does not use Javascript, other client-side scripting, plugins, trackers, beacons, or web bugs, does not collect information (other than the log information described above), does not carry advertising, and does not store cookies or any other data on your computer (except as noted in Cookies, below). You may be able to use your browser's "private" or "incognito" mode to keep it from caching site content or browser history.

Logging of Update check requests send the following information to tunnelblick.net via https:

The apparent public IP address and port of the computer (or the router the computer uses to connect to the Internet)
The version of Tunnelblick and the version of Sparkle (the update-checking portion of the program)
If the user has agreed, some versions of Tunnelblick may also sometimes send the version of macOS that is being used, as described above

Logging of Update information requests: if an update is available, Tunnelblick will send a request to the tunnelblick.net website via https: for information about the update that is to be displayed to the user.

Logging of Update download requests: If an update is available and the user agrees, Tunnelblick will download the update via https: from GitHub. GitHub commonly redirects downloads to amazonaws.com.

Logging of IP address check requests send the following information to the tunnelblick.net website via https:

The apparent public IP address and port of the computer (or the router the computer uses to connect to the Internet)
The version of Tunnelblick

Cookies

When the Tunnelblick website is protected by Cloudflare, Cloudflare may store cookies for tunnelblick.net on your computer These cookies are not used by the Tunnelblick website and you may delete or block them at any time. See Cloudflare's Cookie Policy for details.