A new wave of VPNs are hitting the market. This next generation of virtual private networks are radically different from your usual VPN: they are decentralized.
- Traditional VPNs are largely marketed on false promises. Most VPNs are not actually private at all, and one key reason for this is that they are centralized and this centralization poses major privacy risks. This article will take you through the privacy risks of traditional VPNs, how decentralization solves this and what exactly a dVPN is. You will also learn how NymVPN goes one step further than dVPNs by adding the powers of mixnet technology - finally enabling true online anonymity for ordinary people.
Key takeaways: dVPN advantages at a glance
- Vastly improved anonymity via multi-hop routing
- No single point of failure
- No centralized logging
- Independent node operators rather than centralized control
- Open source and transparent codebase
What is a (traditional) VPN?
Let’s start with the basics: VPN stands for virtual private network. In simple terms, instead of your traffic moving directly from your home to the internet via your ISP, a VPN encrypts traffic and routes it through the VPN company's own servers. This is called a tunnel, and it helps mask the user’s IP address from whatever website or service they are connecting to. The main protocols used in consumer VPNs today are IPsec, OpenVPN, and WireGuard. Most VPNs on the market either opt for one of these protocols, use a combination, or allow the user to configure their preferred option.
For many users, picking a traditional VPN might be the very first step towards achieving a higher level of privacy - but is it enough? After a steady stream of online privacy scandals, there has been a boom in the usage of VPNs. But centralized VPNs are not actually a particularly useful tool to protect your privacy.
When you browse the internet you trust your Internet Service Provider not to spy on you. To feel safer, perhaps you might use a VPN. But this introduces another question: can you trust the VPN provider more than the ISP?
Traditional VPNs: The risks
Whether 0-day exploits, data leakage for millions of users, or countless other hacks or security issues, centralized VPNs put you at risk. Free VPN services monitor and sell your browsing activity to data brokers, and one study even found that many VPNs did not encrypt data at all.
Consumer research shows that people simply do not understand that VPN providers can view their online behavior. That doesn’t mean VPN providers are certainly monitoring your activities. It does mean they could monitor your traffic if they wanted to.
Traditional VPNs: The centralization problem
Traditional VPNs are centralized. This means that each VPN provider controls its entire business structure and network, and operates or rents all of its servers. Traditional VPN providers claim this centralization is an advantage, because customers know who is operating the network.
But customers might not be immediately clear on who is operating the network. Larger businesses are now snapping up smaller providers: Kape Technologies, for example, owns ExpressVPN, CyberGhost, and Private Internet Access. If you’re picking between any of those, you’re really picking the parent provider.
The main lingering question around traditional VPNs is one of trust. With centralized VPNs, you need to trust that:
- The VPN provider is not monitoring your activity.
- The VPN provider is not selling your activity and data.
- The owners of the business and their investors are trustworthy, with no shady links to governments, data brokers, or other companies.
- Their proprietary, opaque codebase is secure and trustworthy.
Decentralized VPNs: What is a dVPN? What are the differences?
Decentralized VPNs aim to solve trust issues by distributing risk instead of having to put your faith into any one provider or parent company. Let’s take a look at some of the main features and check out this article if you want to dive deeper in the dVPN topic.
Community-powered, decentralized network
There is no one entity controlling every server like there is with traditional VPNs. Instead of one business owning or renting all its servers, decentralized VPNs are powered by independent ‘node’ operators.
Each node is owned and operated by independent operators across the world, creating a joint-up network consisting of individuals.
These node operators may be motivated to run nodes because they are privacy enthusiasts, academics, or just for economic reasons. But the result is a greatly reduced risk of a compromised network because there is not a single point of failure.
For a whole network to be compromised, many, many nodes would have to be malicious. Networks such as the one used by NymVPN have mechanisms in place to protect against these so-called ‘Sybil’ attacks, which involve a takeover of a network by malicious nodes. With NymVPN, the calibration of the network changes every hour to prevent malicious nodes gaining undue prominence.
dVPNs: Multi-hop routing by default
While some centralized VPN providers offer multiple hops, traditional VPNs mostly offer only one hop by default.
Unlike traditional VPN providers or other dVPN providers that offer multi-hop routing as an option or even not at all, NymVPN implements multi-hop routing as the default.
Adding more hops builds unlinkability, security, and privacy, making it harder for someone watching the whole network to trace VPN usage back to the user. As well as making life harder for snoopers to track your online behavior, multi-hop routing improves resilience against man-in-the-middle attacks.
NymVPN’s basic two-hop mode optimizes for speed while providing much more privacy than traditional VPNs and other dVPNs.
And the five-hop mixnet mode is incomparably more private and secure, consisting of an entry gateway, three ‘inner’ nodes that shuffle traffic, and an exit node.
dVPNs: No centralized logging
There have been many historic events where privacy services or VPNs promised not to keep logs but then handed over user data anyway, or kept logs despite their policies.
With a centralized VPN, you have to trust that the provider is telling the truth.
But with a decentralized VPN, logging user behavior is much more difficult because the nodes are operated independently.
NymVPN cannot keep centralized logs as it does not operate nodes in the network. Even in the event that malicious node operators did log traffic, they would only be able to log 1/100th or less of this traffic. Moreover, it would be fully encrypted and indecipherable. Only exit gateways can see traffic in clear, but they are unable to link this traffic to any given user due to the topology of the network.
dVPNs: Decentralized directory authority
A directory authority is a set of nodes that oversees the health and configuration of a network.
With traditional VPNs, one company oversees the whole network, meaning a centralized setup that can be hijacked.
By comparison, the network powering NymVPN is decentralized, including its directory authority.
Instead of trusting people, the directory authority is managed on Nym’s native Nyx blockchain, which is decentralized, trustless, and permissionless, with no user data ever touching it. This directory authority uses smart contracts to understand the health and configuration of the network instead, ensuring decentralization.
dVPNs: Incentivized to boost performance
Most traditional VPN providers rent or own their servers. Because they are businesses, they are incentivized to ensure they have reliable servers with strong uptime in order to retain customers.
Decentralized VPNs work differently. Each node is operated by an independent member of the community. That might remind you of the Tor Project, where nodes (or ‘relays’) are voluntarily run by community members.
With the advent of blockchain technologies, having both a decentralized and an incentivized network became possible, allowing providers to address the connectivity and performance issues encountered with Tor.
Unlike Tor, the operators of dVPN nodes have an economic incentive to provide good service. This ensures that a system can be self-sustaining and doesn’t have to rely on charity or donations, while also guaranteeing that it remains decentralized.
Usually, dVPNs rent bandwidth to users via a token in whichever blockchain ecosystem they are based on. And the node operators are rewarded for their work in this token too. Instead of a single company renting or buying servers and maintaining them, lots of people are encouraged to run a good quality service on their own nodes, contributing to the network.
In the case of NymVPN, a carefully defined reward mechanism encourages node operators to optimize their infrastructure for uptime and performance. This system also constantly reassesses which nodes are reliable.
dVPNs: Open source and transparent
Traditional VPNs might make use of open source technologies like OpenVPN and WireGuard, but their overall code is opaque and proprietary. Users have to trust that they are not full of 0-day exploits, that they are patched and maintained regularly, and that all servers are up to date too. If developers neglect to update part or all of their code base, major security holes could emerge, unbeknownst to the user.
Some traditional VPNs might offer security audits to reassure their users, but this simply means that users have to trust the auditors as well as the VPN provider.
Decentralized VPNs tend to be open source, so anyone can view and vet the code base. Open source ensures the transparency of a system - users can see for themselves whether we’re meeting our promises.
NymVPN: Powerful decentralized privacy made simple
With NymVPN, users gain access to a 2-hop mode for strong but speedy privacy protections. The 5-hop mixnet mode based on our novel mixed network is a truly unique feature, offered by no other dVPN on the market.
Designed for anonymity at scale, the mixnet mode protects your data and your metadata. This mixnet mode guards your patterns of communications: all the personally identifying information hidden in data about data, that governments, corporations, and criminals otherwise hoover up to dox you, spy on you, and hack you.
Until now, a high amount of technical knowledge was required for users to enjoy a better level of anonymity. But Nym believes that privacy should be the default for everyone online.
Although a step in the right direction away from centralized systems, most dVPNs are only pseudo-anonymous. What’s more, their usability is poor, often requiring competence with crypto currencies and networking know-how in order to configure them properly.
Built on years of research by Nym, NymVPN has decentralization and multi-hop routing as the default. The five-hop mixnet mode solves the extremely challenging privacy problem of metadata leakage. And NymVPN is easy to use, fixing the complexity issues found in the current crop of dVPNs - a product that finally offers real privacy to users in one simple application for all major operating systems.
Sign up to the NymVPN waitlist today and tap into the most powerful privacy system on Earth.
Share
Table of Contents
Keep Reading...
What is a VPN (Virtual Private Network)?
A guide to the popular privacy tool with centralized and decentralized forms
Blockchain-based VPNs: All you need to know
In this article you'll learn how a new wave of VPNs use the blockchain to ensure decentralization and more.
Can you be tracked while using a VPN?
VPNs are great privacy tools, but you can still be tracked. Choose the right type of VPN to avoid it.
What VPNs can do for you & how they protect you
A VPN service is only as good as the security it provides. Here’s what a VPN is, and what it can and can’t do to protect you online.
The best anonymous VPNs: What to look for
What to look for in a VPN service to make sure you’re truly anonymous online.
Choosing the best VPN provider
Getting real privacy from a VPN service is not as easy as you think
What is a “P2P VPN”?
Learn what P2P means, and how decentralized networks make for a more private VPN
NymVPN v VPNs v Tor v I2P v dVPNs: How do they compare?
There are many privacy preserving technologies on the market today. But how do they stack up?
