Privacy and Security
On This Page
Tunnelblick and VPNs: Privacy and Security
Tunnelblick and VPNs are often used for one or more of the following purposes:
Tunnelblick and VPNs in general are great for the first four purposes, but should not be used to provide anonymous Internet access.
For the rest of this document, when discussion VPNs in general, the term "VPN" will be used. When speaking of Tunnelblick in particular, "Tunnelblick" will be used.
VPNs and Anonymity — DON'T!
All a VPN can do to help you surf anonymously on the Internet is make your IP address appear to be something different and mix your traffic in with traffic from other users of the VPN. However, there are many ways other than the IP address that websites can use to track you and/or find out who you are. And if a government can access activity logs your VPN service provider keeps, your anonymity can be compromised that way. And powerful organizations that can "tap" the traffic to/from both you and the VPN serviced provider could, even without such logs, correlate your traffic to a VPN service provider and their outgoing traffic to the Internet.
VPNs and Disguised IP Addresses
VPNS can disguise your IP address. However, as described above in "VPNs and Anonymity", that usually isn't very helpful by itself.
VPNs and Location Spoofing
A VPN can often make websites think your computer is located somewhere it isn't, but the IP address is not the only way that websites know where you are.
For example, many UK television programs may be accessed via the Internet only from within the UK. Such television websites often determine whether or not your computer is located in the UK by examining the IP address from which requests are originating. So you can use a UK-based VPN server to "pretend" to be in the UK. Television websites will see your traffic as originating from the VPN server's UK-based IP address and let you watch "Larkrise to Candleford" (or whatever).
But it doesn't always work. For example, in early 2016, Netflix announced that it would not let its customers use VPNs or proxies to access content they would not be able to access from their home because of geographic restrictions. Netflix's implementation of this policy is uneven; some VPN providers claim that their customers are not are affected.
VPNs and Eavesdropping and Man-in-the-Middle Attacks
A VPN can help protect your Internet activity from local eavesdroppers and man-in-the-middle attackers. It does this by encrypting all communications that a local attacker might be able to tap. Your outgoing Internet traffic is encrypted in your computer and is sent in encrypted form to your VPN service provider's computers. There it is decrypted and passed on to the Internet without encryption
Sufficiently powerful organizations could eavesdrop and conduct man-in-the-middle attacks if they have access to the VPN server or the connection between the VPN server and the Internet.
Note: Sufficiently powerful organizations could circumvent your https: encryption by spoofing security certificates.
In addition to using OpenVPN to set up, maintain, and tear down a VPN connection, Tunnelblick can also be configured to communicate over the Internet for two other purposes:
Tunnelblick performs these activities by accessing tunnelblick.net, and the tunnelblick.net web server keeps logs (as do most web servers) as described in tunnelblick.net Privacy.
Tunnelblick asks for permission for each of these activities when first launched. The permissions may be modified any other time by changing the appropriate Tunnelblick setting. You may inhibit both activities by putting a check in the "Inhibit automatic update checking and IP Address checking" checkbox on the "Preferences" panel of Tunnelblick's "VPN Details" window.
Check for Updates
When checking for updates, Tunnelblick contacts the tunnelblick.net web server. Tunnelblick uses encrypted https: connections to provide security and privacy, but of course the fact that tunnelblick.net was accessed is available to any eavesdropper. That may be avoided by only doing checks for updates manually when connected to a VPN (which, as described above, will hide from local eavesdroppers the fact that tunnelblick.net was accessed).
These update checks are logged by the tunnelblick.net web server. See tunnelblick.net Privacy for details.
The setting that controls whether Tunnelblick checks for updates automatically (when launched and every 24 hours thereafter, even if no VPN is connected) is the "Check for updates automatically" checkbox on Tunnelblick's "Preferences" panel.
That panel also has an "Include anonymous profile information" checkbox. If checked, sometimes when checking for updates Tunnelblick will send information to tunnelblick.net about what version of OS X is being used. Tunnelblick does not send anything which identifies users of your computer (but see tunnelblick.net Privacy, below).
Check for a Secure Connection and Diagnose Problems
Each Tunnelblick configuration has a setting to "Check if the apparent public IP address changed after connecting". If checked, Tunnelblick will send a request to the tunnelblick.net web server before the configuration is connected and will send another request after it is connected.
These requests are usually done via https:, however:
tunnelblick.net is used for three purposes: as a website, to service update requests from the Tunnelblick application, and to service IP address check requests from the Tunnelblick application. Update and address check requests may be disabled at any time on the "Preferences" panel of Tunnelblick's "VPN Details" window, or may be controlled individually on the "Preferences" panel and the "Advanced" settings window.
All accesses to tunnelblick.net are logged, as is common for websites. The logs are kept by the company that provides hosting services to tunnelblick.net. That company does not provide a way to disable logging or delete logs, and it keeps the logs for several years. The logs are also saved and analyzed by Tunnelblick developers to obtain information about what webpages are popular, which versions of Tunnelblick are being used, etc. Log entries for each access to tunnelblick.net consist of:
Update check requests send the following information to tunnelblick.net via https:
Update information requests: if an update is available, Tunnelblick will send a request to the tunnelblick.net website via https: for information about the update that is to be displayed to the user.
Update download requests: If an update is available and the user agrees, Tunnelblick will download the update via https: from GitHub. GitHub commonly redirects downloads to amazonaws.com.
IP address check requests send the following information to the tunnelblick.net website via https:, falling back to http: if certain errors occur: