Privacy and Security
On This Page
Tunnelblick and VPNs: Privacy and Security
Tunnelblick and VPNs are often used for one or more of the following purposes:
Tunnelblick and VPNs in general are great for the first four purposes, but should not be used to provide anonymous Internet access.
For the rest of this document, when discussion VPNs in general, the term "VPN" will be used. When speaking of Tunnelblick in particular, "Tunnelblick" will be used.
VPNs and Anonymity — DON'T!
All a VPN can do to help you surf anonymously on the Internet is make your IP address appear to be something different and mix your traffic in with traffic from other users of the VPN. However, there are many ways other than the IP address that websites can use to track you and/or find out who you are. And if a government can access activity logs your VPN service provider keeps, your anonymity can be compromised that way. And powerful organizations that can "tap" the traffic to/from both you and the VPN serviced provider could, even without such logs, correlate your traffic to a VPN service provider and their outgoing traffic to the Internet.
VPNs and Disguised IP Addresses
VPNS can disguise your IP address. However, as described above in "VPNs and Anonymity", that usually isn't very helpful by itself.
VPNs and Location Spoofing
A VPN can often make websites think your computer is located somewhere it isn't, but the IP address is not the only way that websites know where you are.
For example, many UK television programs may be accessed via the Internet only from within the UK. Such television websites often determine whether or not your computer is located in the UK by examining the IP address from which requests are originating. So you can use a UK-based VPN server to "pretend" to be in the UK. Television websites will see your traffic as originating from the VPN server's UK-based IP address and let you watch "Larkrise to Candleford" (or whatever).
But it doesn't always work. For example, in early 2016, Netflix announced that it would not let its customers use VPNs or proxies to access content they would not be able to access from their home because of geographic restrictions. Netflix's implementation of this policy is uneven; some VPN providers claim that their customers are not are affected.
VPNs and Eavesdropping and Man-in-the-Middle Attacks
A VPN can help protect your Internet activity from local eavesdroppers and man-in-the-middle attackers. It does this by encrypting all communications that a local attacker might be able to tap. Your outgoing Internet traffic is encrypted in your computer and is sent in encrypted form to your VPN service provider's computers. There it is decrypted and passed on to the Internet without encryption
Sufficiently powerful organizations could eavesdrop and conduct man-in-the-middle attacks if they have access to the VPN server or the connection between the VPN server and the Internet.
Note: Sufficiently powerful organizations could circumvent your https: encryption by spoofing security certificates.
In addition to using OpenVPN to access the Internet to set up, maintain, and tear down a VPN connection, Tunnelblick may access the Internet for three other purposes:
Tunnelblick performs these activities by accessing tunnelblick.net, and the tunnelblick.net web server keeps logs (as do most web servers) as described in tunnelblick.net Privacy. However, no personally identifiable information (other than the IP address) is kept.
Tunnelblick asks for permission for the normal operation activities when first launched. The permissions may be modified any other time by changing the appropriate individual Tunnelblick setting. You may inhibit both activities at once (regardless of the individual setting) by putting a check in the "Inhibit automatic update checking and IP Address checking" checkbox on the "Preferences" panel of Tunnelblick's "VPN Details" window.
Internet Access During Installations and Updates
When Tunnelblick or updates to Tunnelblick are installed, Tunnelblick attempts to access tunnelblick.net so a count of the number of Tunnelblick installations can be maintained. (The access attempt does not require a response.)
Internet Access During a Check for Updates
When checking for updates, Tunnelblick contacts the tunnelblick.net web server. Tunnelblick uses encrypted https: connections to provide security and privacy, but the fact that tunnelblick.net was accessed is available to any eavesdropper. That may be avoided by only doing checks for updates manually when connected to a properly configured VPN (which, as described above, should hide from local eavesdroppers the fact that tunnelblick.net was accessed).
The setting that controls whether Tunnelblick checks for updates automatically (when launched and every 24 hours thereafter, even if no VPN is connected) is the "Check for updates automatically" checkbox on Tunnelblick's "Preferences" panel.
That panel also has an "Include anonymous profile information" checkbox. If checked, sometimes when checking for updates Tunnelblick will send information to tunnelblick.net about what version of OS X is being used. Tunnelblick does not send anything which identifies users of your computer (but see tunnelblick.net Privacy, below).
Internet Access During a Check for a Secure Connection and Diagnose Problems
Each Tunnelblick configuration has a setting to "Check if the apparent public IP address changed after connecting". If checked, Tunnelblick will send a request to the tunnelblick.net web server before the configuration is connected and will send another request after it is connected. These requests are usually done via https:, however:
tunnelblick.net is used for four purposes: as a website, to count Tunnelblick installations, to service update requests from the Tunnelblick application, and to service IP address check requests from the Tunnelblick application. Update and address check requests may be disabled at any time on the "Preferences" panel of Tunnelblick's "VPN Details" window, or may be controlled individually on the "Preferences" panel and the "Advanced" settings window.
All accesses to tunnelblick.net are logged, as is common for websites. The logs are kept by the company that provides hosting services to tunnelblick.net. That company does not provide a way to disable logging or delete logs, and it keeps the logs for several years. The logs are also saved and analyzed by Tunnelblick developers to obtain information about what webpages are popular, which versions of Tunnelblick are being used, etc. Log entries for each access to tunnelblick.net consist of:
Tunnelblick's downloads are hosted by GitHub. GitHub also logs common information; see the GitHub Privacy Statement.
At times the Tunnelblick website is protected from attack by Cloudflare. This protection may be turned on or off without notice. Cloudflare does its own logging of DNS requests and requests to the Tunnelblick website, in addition to any logging done by Tunnelblick's host provider. See What Cloudflare Logs for details.
Counting Tunnelblick installations: When Tunnelblick is installed, and when updates include a change to the terms under which it is provided, Tunnelblick may attempt to access tunnelblick.net to help maintain a count of the number of Tunnelblick installations. In addition to the information described in Logging, above, Tunnelblick may also provide information to tunnelblick.net about the version of Tunnelblick being installed or updated and what other actions (checking for updates and/or checking for IP address changes) the user has chosen to allow. Other than the IP address, no personally identifiable information is sent. Whether or not the attempt to access Tunnelblick.net is successful, Tunnelblick continues with the installation or update.
Update check requests send the following information to tunnelblick.net via https:
Update information requests: if an update is available, Tunnelblick will send a request to the tunnelblick.net website via https: for information about the update that is to be displayed to the user.
Update download requests: If an update is available and the user agrees, Tunnelblick will download the update via https: from GitHub. GitHub commonly redirects downloads to amazonaws.com.
IP address check requests send the following information to the tunnelblick.net website via https:, falling back to http: if certain errors occur: