Tunnelblick free software for OpenVPN on OS X and macOS We need translators for several languages…
Home Downloads Support Documents Issues Source Contribute Contact

Highlighted Articles
  Installing Tunnelblick
  Uninstalling Tunnelblick
  Setting up Configurations
  Using Tunnelblick
  Getting VPN Service
  Common Problems
  Configuring OpenVPN
  Release Notes

Discussion Group
  Read Before You Post

Privacy and Security

On This Page
    Tunnelblick and VPNs: Privacy and Security
        VPNs and Anonymity — DON'T!
        VPNs and Disguised IP Addresses
        VPNs and Location Spoofing
        VPNs and Eavesdropping and Man-in-the-Middle Attacks
    Tunnelblick Privacy
        Check for Updates
        Check for a Secure Connection and Diagnose Problems
    tunnelblick.net Privacy

Tunnelblick and VPNs: Privacy and Security

Tunnelblick and VPNs are often used for one or more of the following purposes:

  • To protect against eavesdropping and man-in-the-middle attacks when using an untrusted network to access the Internet (for example, from a coffee shop wireless network)
  • To protect against eavesdropping and man-in-the-middle attacks when using the Internet to access a secured network (for example, accessing a corporate network from home)
  • To make websites think your computer is somewhere it isn't (e.g., accessing UK television programs from non-UK locations)
  • To disguise your IP address from websites
  • To provide anonymous Internet access <== DO NOT use a VPN for this!

Tunnelblick and VPNs in general are great for the first four purposes, but should not be used to provide anonymous Internet access.

For the rest of this document, when discussion VPNs in general, the term "VPN" will be used. When speaking of Tunnelblick in particular, "Tunnelblick" will be used.

VPNs and Anonymity — DON'T!

All a VPN can do to help you surf anonymously on the Internet is make your IP address appear to be something different and mix your traffic in with traffic from other users of the VPN. However, there are many ways other than the IP address that websites can use to track you and/or find out who you are. And if a government can access activity logs your VPN service provider keeps, your anonymity can be compromised that way. And powerful organizations that can "tap" the traffic to/from both you and the VPN serviced provider could, even without such logs, correlate your traffic to a VPN service provider and their outgoing traffic to the Internet.

So, DON'T USE ANY VPN FOR ANONYMITY. Use Tor or something similar. (And be careful even then: Tor User Identified by FBI.)

VPNs and Disguised IP Addresses

VPNS can disguise your IP address. However, as described above in "VPNs and Anonymity", that usually isn't very helpful by itself.

VPNs and Location Spoofing

A VPN can often make websites think your computer is located somewhere it isn't, but the IP address is not the only way that websites know where you are.

For example, many UK television programs may be accessed via the Internet only from within the UK. Such television websites often determine whether or not your computer is located in the UK by examining the IP address from which requests are originating. So you can use a UK-based VPN server to "pretend" to be in the UK. Television websites will see your traffic as originating from the VPN server's UK-based IP address and let you watch "Larkrise to Candleford" (or whatever).

But it doesn't always work. For example, in early 2016, Netflix announced that it would not let its customers use VPNs or proxies to access content they would not be able to access from their home because of geographic restrictions. Netflix's implementation of this policy is uneven; some VPN providers claim that their customers are not are affected.

VPNs and Eavesdropping and Man-in-the-Middle Attacks

A VPN can help protect your Internet activity from local eavesdroppers and man-in-the-middle attackers. It does this by encrypting all communications that a local attacker might be able to tap. Your outgoing Internet traffic is encrypted in your computer and is sent in encrypted form to your VPN service provider's computers. There it is decrypted and passed on to the Internet without encryption*. Similarly, Internet traffic to your computer arrives at the VPN server without encryption*, is encrypted there, and is sent from the VPN server to you in encrypted form. So nobody at your local coffee shop can tell what websites you are using, or read any of your traffic. And nobody on the Internet can see what you are doing on your corporate network.

Sufficiently powerful organizations could eavesdrop and conduct man-in-the-middle attacks if they have access to the VPN server or the connection between the VPN server and the Internet.

* If you are using https: all traffic between your computer and the destination website is encrypted, too. But that is separate from the encryption used by the VPN. If you are using https: and a VPN, your traffic is first encrypted for the https:, then for the VPN, then sent to the VPN server. The VPN server removes the VPN encryption, leaving the https: encryption, and then sends the traffic out to the Internet, still encrypted with the https: encryption.

Note: Sufficiently powerful organizations could circumvent your https: encryption by spoofing security certificates.

Tunnelblick Privacy

In addition to using OpenVPN to set up, maintain, and tear down a VPN connection, Tunnelblick can also be configured to communicate over the Internet for two other purposes:

  • To check for updates to Tunnelblick itself, optionally sending anonymous profile information about the computer's version of OS X; and
  • To check for a secure connection and help diagnose problems.

Tunnelblick performs these activities by accessing tunnelblick.net, and the tunnelblick.net web server keeps logs (as do most web servers) as described in tunnelblick.net Privacy.

Tunnelblick asks for permission for each of these activities when first launched. The permissions may be modified any other time by changing the appropriate Tunnelblick setting. You may inhibit both activities by putting a check in the "Inhibit automatic update checking and IP Address checking" checkbox on the "Preferences" panel of Tunnelblick's "VPN Details" window.

Check for Updates

When checking for updates, Tunnelblick contacts the tunnelblick.net web server. Tunnelblick uses encrypted https: connections to provide security and privacy, but of course the fact that tunnelblick.net was accessed is available to any eavesdropper. That may be avoided by only doing checks for updates manually when connected to a VPN (which, as described above, will hide from local eavesdroppers the fact that tunnelblick.net was accessed).

These update checks are logged by the tunnelblick.net web server. See tunnelblick.net Privacy for details.

The setting that controls whether Tunnelblick checks for updates automatically (when launched and every 24 hours thereafter, even if no VPN is connected) is the "Check for updates automatically" checkbox on Tunnelblick's "Preferences" panel.

That panel also has an "Include anonymous profile information" checkbox. If checked, sometimes when checking for updates Tunnelblick will send information to tunnelblick.net about what version of OS X is being used. Tunnelblick does not send anything which identifies users of your computer (but see tunnelblick.net Privacy, below).

Check for a Secure Connection and Diagnose Problems

Each Tunnelblick configuration has a setting to "Check if the apparent public IP address changed after connecting". If checked, Tunnelblick will send a request to the tunnelblick.net web server before the configuration is connected and will send another request after it is connected.

These requests are usually done via https:, however:

  • The fact that tunnelblick.net was accessed is available to any eavesdropper because the first request is made before a VPN connection has been established;
  • If an https: connection is not available after connection, Tunnelblick attempts an http: connection using tunnelblick.net's IP address (not its name);
  • The tunnelblick.net web server logs these activities (as do most web servers). See tunnelblick.net Privacy, below, for details.

tunnelblick.net Privacy

tunnelblick.net is used for three purposes: as a website, to service update requests from the Tunnelblick application, and to service IP address check requests from the Tunnelblick application. Update and address check requests may be disabled at any time on the "Preferences" panel of Tunnelblick's "VPN Details" window, or may be controlled individually on the "Preferences" panel and the "Advanced" settings window.

All accesses to tunnelblick.net are logged, as is common for websites. The logs are kept by the company that provides hosting services to tunnelblick.net. That company does not provide a way to disable logging or delete logs, and it keeps the logs for several years. The logs are also saved and analyzed by Tunnelblick developers to obtain information about what webpages are popular, which versions of Tunnelblick are being used, etc. Log entries for each access to tunnelblick.net consist of:

  • Date and time of the request
  • Public IP address to which the response is to be directed
  • Request type (e.g. "GET" or "POST")
  • Resource requested (e.g., "/downloads.html HTTP/1.1" or "/appcast-b.rss HTTP/1.1"
  • Result code (e.g., "200" — OK or "404" — not found)
  • Number of bytes sent in response to the request
  • "Referer" (sic) supplied by the browser, the URL of the page that requested the resource
  • "User agent" supplied by the browser (e.g. "Mozilla/5.0 (Macintosh; Intel Mac OS 10_10_4) AppleWebKit/600.7.12 (KHTML, like Gecko)" or "Tunnelblick/3.5.3 (build 4270.4371) Sparkle/4270.4371").

Website access: tunnelblick.net does not use Javascript, other client-side scripting, plugins, trackers, beacons, or web bugs, does not collect information (other than the log information described above), does not carry advertising, and does not store cookies or any other data on your computer. You may be able to use your browser's "private" or "incognito" mode to keep it from caching site content or browser history.

Update check requests send the following information to tunnelblick.net via https:

  • The apparent public IP address and port of the computer (or the router the computer uses to connect to the Internet)
  • The version of Tunnelblick and the version of Sparkle (the update-checking portion of the program)
  • If the user has agreed, Tunnelblick will also sometimes send the version of OS X that is being used, as described above

Update information requests: if an update is available, Tunnelblick will send a request to the tunnelblick.net website via https: for information about the update that is to be displayed to the user.

Update download requests: If an update is available and the user agrees, Tunnelblick will download the update via https: from GitHub. GitHub commonly redirects downloads to amazonaws.com.

IP address check requests send the following information to the tunnelblick.net website via https:, falling back to http: if certain errors occur:

  • The apparent public IP address and port of the computer (or the router the computer uses to connect to the Internet)
  • The version of Tunnelblick
  Deutsch     Français     中文(简体)     Русский     Español     日本語     …