Virtual Private Networks (VPNs) have become household online privacy tools, with almost one-third of people using them worldwide. Given the threats posed by data harvesting, surveillance, and cyber crime, many users are looking for even stronger ways to protect their life online. A “double VPN” is one commonly searched for solution. So what is it and how does it work?
A double VPN is an uncommon feature in which user traffic is routed through two of the VPN’s servers instead of one. Another option is using two different VPN services at the same time (sometimes alternatively called a “VPN on VPN” method). Most traditional VPNs use single server routing (one-hop), so no matter the setup, double VPNs are essentially just two-hop services.
The idea behind a double VPN is to double user security and privacy online: two hops makes it more difficult to trace your activity back to you, and double encryption protects the content of your data twice. As usual though, the devil is in the details.
Keep in mind that a “double VPN” option is limited on the market, with very few providers offering it as an “advanced VPN feature” for additional privacy and security. And these providers may charge users extra to access it.
Thankfully, there is no need to look in vain for double VPNs services, to pay extra for an advanced plan, or even to manually set up two VPN services (potentially paying double). There are now novel decentralized VPNs (dVPNs) which are multi-hop by default for all user traffic, with no additional costs or upgrades for users.
But in order to appreciate the importance of choosing a dVPN, it’s useful to consider how a double VPN works, as well as its advantages for privacy and downsides for performance. In both cases, multi-hop routing is a key means for being more anonymous online.
What is a double VPN?
A double VPN simply means two-server VPN routing. This can be either a feature of a single VPN service, or a way of using two different VPN services at the same time.
How does it work
When you’re using a VPN, your data is first encrypted on your device before being routed to the VPN’s own server via your Internet Service Provider (ISP). On its way to the VPN server, your data travels by way of an encrypted tunnel which prevents outside parties or your ISP from seeing anything about your data except the VPN IP address: neither the contents, final destination, or any metadata will be visible. Once in the hands of the VPN, your IP address is replaced with the address of the VPN’s own server before being sent to its intended destination. So when a website you’re accessing sees your request, it will appear that it comes from the VPN and not you.
With a double VPN, your data is routed a second time, likely to a different server operated by the VPN provider, before it arrives at its destination. These two servers can even be in different countries. Traditional VPN companies, including the few that offer double VPN features, own and operate their own servers in a centralized manner, either by using proprietary servers or renting them from third party services across the world. This allows users to route their traffic through more than one country, which can further complicate tracking attempts. It’s important not to forget that the first VPN server does in fact know your IP address, and of course the address of the second server, even if in the end your traffic is harder to trace externally by traffic analysis.
“VPN over VPN” or “VPN in VPN”
While a double VPN uses two different servers of the same provider, a “VPN over VPN” or “VPN in VPN” uses one server from different VPN services. In this case, VPN 1, or the first to be turned on, will route all your traffic to VPN 2 before it is made available on the public web. This provides a slightly different effect than 2-hop routing through a single VPN: the IP address visible on the web will be of VPN 2, and VPN 2 will in turn see the IP address of VPN 1 (the only one to see your true one).
Setting up a VPN over/in VPN is as simple as opening one VPN installed on your device and then the second, as you prefer. A VPN can even be installed on your router by default while your second is activated on your device. But there will be additional costs and potential compatibility issues in doing this, which we will consider below.
Value of a double VPN: Multiple servers
The value of a double VPN, in principle, is simple: multiple servers mean no single VPN provider has a view on your IP address and your activity, thus significantly complicating data tracking attempts. However, using a single VPN service with multiple servers still centralizes your activity with that provider, since the VPN’s traffic logs (and financial records of your subscription) can be in one place. This makes it vulnerable to cyber attacks or government requests.
Using two different VPN services at the same time, while impractical and unnecessary, can at least make it harder to connect your IP address to your activities. And it will also distribute any logs across several providers such that the full traffic history could only be assembled by breaching the servers of two independent companies, each of which only has a piece of your data in any case.
Double VPN: Advantages and disadvantages
A double VPN, and multi-hop routing procedures in general, have a number of clear advantages when it comes to protecting the privacy and data of users. However, they also have common drawbacks in terms of performance.
Pros of a double VPN
- Multi-encryption. Because each VPN server you connect with first encrypts your data, it will be encrypted twice. And with modern encryption standards with the public web, it will also have an end-to-end encryption with the website or service you are accessing.
- Extra IP buffer. There is essentially one extra step between you and the public web. As your data passes through two servers, your traffic will have different IP addresses at each step. This creates a bigger buffer for any attempt to track your traffic.
- Location hiding. Your IP address reveals your proximate geolocation. 1-hop VPN routing obscures the location of your device, and a double VPN can be set to route your traffic through two different countries, further obscuring the origin of the data.
- Protocol cocktail. Decryption techniques can be made more difficult by selecting VPN servers that use different types of encryption protocols, such as mixing TCP and UDP versions of OpenVPN.
Cons of using a double VPN
- Costs. Double VPN features, when they are available, typically require users to purchase more expensive plans. A VPN over/in VPN setup could further require paying for two separate plans. Users should note that many free VPN services are not secure and often sell the data of their own users’ traffic for revenue.
- Slower speeds, higher latency. Any form of data routing through an intermediary server will take longer. With a quality 1-hop VPN, latency shouldn’t be noticeable. But with multi-hop routing, users can experience slower connection speeds. This is because your traffic has to pass between two intermediaries and be encrypted twice before arrival.
- No Tor over double VPN. Using a double VPN with the Tor network, which is itself a multi-hop network, can reduce connection speeds to almost inoperable.
- Server choice. Since a double VPN is not a common feature among traditional VPNs, they might not have enough servers worldwide to allow you to choose the particular exit-node and IP address you may want.
- Encryption compatibility. If two different VPN services are used, they may use different encryption protocols (such as OpenVPN and Wireguard). Layered encryption with different protocols could cause increased latency and make decryption more complicated.
Why and when do you need a double VPN?
If you’re looking for a double VPN, the reason is to have even more robust privacy and data security than what a single-hop, traditional VPN can provide. There are many specific cases where this is strongly required, but we shouldn’t forget that the data privacy of everyone globally is also at risk. These are some of the big privacy threats which a double VPN or decentralized VPN can help mitigate. Learn more from Nym about how VPNs and dVPNs can protect your privacy online.
Data harvesting
The micro-details of everything you do online are the target of sophisticated data harvesting programs. While the content of what you do online is typically encrypted by default, the metadata of your activities reveals a lot about what you do. For instance, your IP address, geolocation, as well as the time-stamps and duration of your connections can be compiled to create a digital fingerprint of your browsing histories. This in turn can be analyzed to reveal patterns of communication and behavior online, leading to knowledge about your desires, interests, and political leanings. This can then be used for targeted advertising and even mass manipulation.
Learn more about how online tracking works and why using a decentralized VPN can help prevent it.
Hackers
Your personal data is the target of numerous kinds of hacking and cyber crimes. These attacks can attempt to intercept your data in transit, or to breach it from your devices, VPN servers, or web services you interact with. Using a multi-hop VPN can make your traffic much more difficult to track while it is in transit. Decryption is a very hard thing to accomplish, but in any case the double encryption of a Double VPN will significantly complicate the task. However, it cannot prevent your devices or VPN servers that potentially log your activity from being breached.
Check out Nym’s guide to how using a VPN can prevent certain forms of hacking.
Surveillance
Governments are not simply tracking targeted individuals (whether they are concrete threats or just suspects), but everyone globally. There are a number of specific cases where a double or multi-hop VPN is particularly important.
- Journalists protecting their sources or handling sensitive information that governments might want to access or inhibit the publication.
- Activist groups are often tracked in exercising their rights to protest. Some governments enforce censorship restrictions for their population, limiting what kinds of information, content, and knowledge is accessible.
- Law enforcement agencies are not simply tracking actual criminal activity online, but also processing mass amounts of public data through AI systems in predictive policing practices.
Verdict on double VPNs
As a product, double VPNs are not often available from traditional VPN services. When they are, they may require higher subscription fees over the default single-routing options available to users. Fortunately, the enhanced privacy protections you’re looking for are available in decentralized VPNs like NymVPN which is multi-hop by default.
Given the risks posed by traditional VPNs and the performance issues with double VPNs, NymVPN has been designed to accommodate user different privacy needs and traffic cases. Users can select between two options in one app:
- A fast 2-hop dVPN mode powered by WireGuard for general all-traffic privacy protection
- A novel 5-hop mixnet mode for less time-sensitive and highly sensitive content, like private messages and crypto transactions.
VPN technology has advanced a lot since its debut. Now overly complicated setups like P2P VPNs and double VPNs are probably a thing of the past. The biggest risk is using traditional, centralized VPNs due to the risks of data logging and breaches. VPNs designed architecturally on decentralized networks, without any central logging of user data, are the future of anonymity online.
Share
Table of Contents
Keep Reading...
Decentralized VPNs (dVPNs): What are they?
What decentralized VPNs are and how they are different from traditional ones.
Decentralized VPNs vs traditional VPNs: all the differences
Decentralized VPNs aim to solve the trust problems in traditional VPNs. Learn about all the differences between dVPNs and regular VPNs.
Nym is more than a VPN
The first app that protects you from AI surveillance thanks to a noise-generating mixnet
Why nymVPN Anonymous Mode provides the best privacy
Appreciating the value of technologically enhanced VPN privacy
