NymVPN v VPNs v Tor v I2P v dVPNs: How do they compare?

Your privacy is under threat. With high-profile privacy scandals and data leaks hitting the news all the time, everybody knows it – but you might not know what to do about it. Over the years privacy tooling like proxies, VPNs, and whole networks like Tor have tried to fix the online privacy dilemma. Now, a crop of decentralized VPNs have entered the market too.

NymVPN brings a whole new value proposition to the field with the 5-hop mixnet, which encrypts messages plus protects communication patterns with traffic shuffling. But how do all these privacy enhancing technologies stack up? Let’s take a closer look.

VPNs v Tor v dVPNs v IP2 v NymVPN: How private are traditional VPNs?

Virtual private networks are hugely popular, with the VPN market predicted to be worth $135 billion by 2030. These traditional VPNs work by encrypting your traffic to a remote server. This connection is called a tunnel, and it obscures your online activity from your internet service provider. Traditional VPNs can be better than nothing for protecting your privacy. However, they also come with some major privacy risks, especially around trust and centralization.

Essentially, VPNs move trust away from your ISP to your VPN provider. A VPN is a kind of proxy that you need to trust with your traffic – and ideally, you want the VPN provider to encrypt your traffic properly, and not to spy on your usage. Unfortunately, despite lots of promises to the contrary, much of the VPN market is just not trustworthy.

VPN providers themselves put out a lot of misinformation, portraying their technologies as a silver bullet for achieving total privacy or using meaningless buzzwords like ‘military-grade encryption’. The result is confusion among the public, with many people failing to understand VPN providers could observe their traffic if they wanted to. With a VPN, your ISP may not be able to see the traffic, but the VPN provider can. And this data is a profitable asset that many free VPN providers exploit.

As outlined elsewhere on this blog, traditional VPNs are also centrally operated by a single entity. This means you need to trust that the provider isn’t selling your browsing activity. You also need to trust the provider does not have shady links to governments, data brokers or other companies. You need to trust that the VPN provider manages its security properly, and that its proprietary, opaque code base is safe and secure. That’s quite a long check list when you’re trusting your most sensitive information to a single company.

Some VPN providers try to differentiate themselves by promising no-log policies, meaning that they don’t keep records of any traffic or usage. However, this is not always true either, such as when HideMyAss handed logs and information to authorities despite its no-logging claims.

Additionally, although VPNs protect network traffic from websites and the ISP, they remain vulnerable to certain kinds of cyber attacks.

Users can be de-anonymized, for example, via the size and timing of data packets being sent to the VPN. Traditional VPNs are also vulnerable to adversaries with a whole view of the network. They offer no resistance for these ‘traffic analysis’ attacks, where adversaries that can view whole networks study the size and timing of data packets, in order to correlate IP addresses with online services. Finally, because traditional VPN providers are managed centrally, VPN data breaches can affect huge swathes of people and tie your identity to your VPN usage.

So while traditional VPN providers might promise you bullet-proof privacy, there are many risks to take into account.

Have a look at this article if you want to know more about the onion over VPN technique.

VPNs v Tor v dVPNs v NymVPN v I2P routing: How private is Tor?

Tor is currently the most widely used anonymous communication network, with over 2 million daily users and 100,000 downloads per day. Tor is designed to safeguard privacy and goes much further than almost all commercial VPNs in actually doing so. Tor is a fantastic project; it’s free, open source, and actually values anonymity. However, Tor remains vulnerable to some sustainability, performance, and security issues.

Unlike VPNs, which largely encrypt traffic to just one server, Tor creates a path of encrypted traffic along three servers called ‘hops’. Every connection opens a ‘circuit’ through these three servers: an entry point called a guard, a middle relay, and the exit relay. These servers only know the entity before and after them, and nothing else in the route.

Additionally, data is shielded by three layers of encryption, where each relay removes a single layer of encryption. This is called onion encryption. The exit relay decrypts the final, innermost layer of encryption before forwarding data to its destination. The client IP is protected via the first hop, and encryption hides traffic until the final node.

Tor is completely run by volunteers. Anyone can set up a Tor node, which is one of the project’s strengths. However, because nodes are run on a volunteer basis, the operators are not economically incentivized to ensure a good quality of service. What’s more, if for some reason people stopped volunteering to run nodes, the Tor network would suffer. The network is only as strong as the people contributing to it.

Considering Tor runs connections through multiple hops, the network’s latency and performance is quite good for tasks like browsing the web. However, in this data-hungry age, Tor struggles with video streaming, gaming, and other more performance-heavy and other high-volume, low-latency tolerance tasks. Of course, Tor was designed for high-privacy use cases rather than high-performance tasks, but as a result you won’t want to be watching Netflix via Tor.

On the privacy side, Tor distributes data with a ‘First In First Out’ method, where packets are processed in the order they arrive through each node. This makes the network vulnerable to something called packet timing analysis attacks, where patterns of packets on the network are analyzed to gather information about communications.

Tor is therefore very useful for defending against local adversaries, or attackers that can view a small part of the network. However, it is vulnerable to sophisticated adversaries with a ‘global’ view of the network and who can watch the flow of packets more broadly. Additionally, because it relies on people volunteering their resources, it is less sustainable than incentivized systems.

VPNs v Tor v dVPNs v NymVPN v I2P routing: How private is I2P?

Invisible Internet Project, or I2P, is a peer-to-peer alternative to Tor where every user is both a client and a router. In other words, in addition to using the network, each user also provides bandwidth to the network. Unlike Tor, which provides anonymized access to the public internet with hidden services as an additional benefit, I2P is designed to be a closed system specifically for accessing integrated hidden services.

I2P uses an extension of Tor’s ‘onion’ encryption called ‘garlic’ encryption. While onion encryption wraps a single message in multiple layers of encryption, garlic encryption bundles multiple messages together in layers.

Instead of using a ‘directory authority’ of trusted nodes to oversee the health of the network, I2P instead uses something called distributed hash tables (DHT) and peer selection. This is a decentralized peer to peer system for storing and retrieving information. Due to this system, I2P is less centralized than Tor. Although I2P avoids a semi-centralized directory authority, the peer to peer DHT system that it uses has been vulnerable to various attacks that have damaged the privacy and security of the network.

Like Tor, I2P protects against local network adversaries. However, also like Tor, it struggles to safeguard anonymity against sophisticated adversaries performing traffic analysis attacks because, unlike the mix network offered by NymVPN, there is no per-packet mixing.

Also like Tor, the network is completely run by volunteers, ultimately meaning that a users’ security and privacy relies on the number and reliability of participants in the network. Unlike Tor, which has millions of users, I2P remains a little niche - with users in the tens of thousands.

VPNs v Tor v dVPNs v NymVPN v I2P routing: How private are dVPNs?

Decentralized VPNs, or dVPNs, are relatively new products to the VPN market. They aim to solve issues around trust with traditional VPNs, as well as removing the single point of failure from their centralized infrastructure. (Read about dVPN and VPN differences here.)

The main dVPNs today are Sentinel, Mysterium, and Orchid, and of course the dVPN mode of the NymVPN.

Usually, dVPNs are powered by blockchain to provide access to the network. Users receive bandwidth or time-limited access in exchange for crypto-based tokens. Like Tor, dVPNs are based on a network of independent nodes. Unlike Tor, the nodes are ‘incentivized’ – meaning node operators are rewarded to run them. This is designed to encourage high-quality performance and uptime rather than having to rely on the volunteers who donate their own resources to Tor.

Additionally, dVPNs remove the need to trust a single entity with your data. They spread trust through decentralized networks where nodes are operated by individuals. This is important for preserving your privacy because it means no one single organization has a view of your data, unlike traditional VPN providers, who rent or own all their servers.

With Sentinel, users can customize the relay nodes that should be involved in the connection, and with Orchid, clients can construct a single or a multi-hop circuit by selecting randomized VPN nodes from a global pool of providers.

Some dVPNs are capable of multi-hop routing, which, like Tor, boosts your privacy by adding extra steps between your device and the digital service you are connecting to. Orchid offers multi-hop routing, and Sentinel has started rolling out multi-hop routing support in its architecture this year. Mysterium, however, does not currently have multi-hop routing, making users more vulnerable to activity correlation. However, in contrast to NymVPN, none of these dVPNs have multi-hop routing by default.

Decentralized VPNs, then, are superior in many ways to traditional VPNs in actually preserving user privacy. Multi-hop routing improves a users’ privacy, by masking the IP address and limiting the amount of information a proxy node can collect, and their very decentralized nature makes compromising a whole network more challenging for attackers.

However, the current crop of dVPNs are vulnerable to many of the attacks that the Tor network is, including fingerprinting, statistical disclosure, and end-to-end correlation attacks. And like Tor one major reason that they are vulnerable to these attacks is that they also do not mix traffic.

VPNs v Tor v dVPNs v NymVPN v I2P routing: How private is NymVPN?

Based on years of research, NymVPN is the first commercial application based on the Nym mixnet. Since cryptographer David Chaum first conceptualized mixnets in the 1980s, the Nym mixnet is the first working mixed network designed for anonymity at scale. It has been meticulously designed to offer unprecedented privacy protections, going even beyond the capabilities of Tor.

With the Nym mixnet, not only is data encrypted, but your patterns of communication are safeguarded too with unique packet shuffling in the inner three nodes. This traffic mixing makes tracing your data next to impossible even for adversaries with a global view of the network.

In mixnet mode, your data takes a secure 5-hop path, with every hop adding a layer of protection. Cover traffic, meanwhile, further disguises communication patterns with empty ‘dummy’ packets that are indistinguishable from normal traffic. The advanced packet shuffling of the three inner nodes ensures packets can’t be correlated based on timing, enhancing privacy and providing unparalleled security against sophisticated traffic analysis attacks.

NymVPN also protects your everyday use cases where privacy can be slightly relaxed, like streaming or web browsing, with an additional 2-hop dVPN mode that’s optimized to balance privacy with speed.

Additionally, both modes of NymVPN offer geo-blocking resistance, so you can set your location by picking the exit node. Both modes offer multi-hop routing by default, beating the privacy levels of most traditional VPNs and newer dVPNs even in this speedier mode.

Unlike traditional VPNs, NymVPN is decentralized end-to-end, including down to its directory authority, the system that oversees the health of the mixnet. Because the network is powered by individual node operators, there’s no centralized logging by design.

And, critically, this decentralized network is also incentivized: node operators on the Nym network receive rewards, delegated by the community, for performing well.

The result is a tool that allows you to quickly and easily set your privacy preferences. You can easily opt for total privacy or speed depending on your requirements. And the cryptographic zk-nyms zero-proof credentials scheme also ensures unlinkability between payments and usage.

As a summary, the NymVPN includes the:

NymVPN 5-hop mixnet mode:

• Which is optimized for privacy;
• Features advanced privacy protections against even government-level adversaries;
• Is ideal for sensitive use cases like crypto transactions, messaging, and secure email that are not timing sensitive;
• Prevents more metadata leakage of timing and volume of packets;
• Includes traffic analysis resistance via packet shuffling and dummy traffic in inner-three mix nodes.

NymVPN 2-hop dVPN mode:

• In addition to the mixnet, a faster 2-hop VPN;
• Optimized for speed;
• IP address obfuscation for everyday browsing, streaming, or gaming;
• Multi-hop by default, going far beyond the privacy standards of most VPNs.

NymVPN is undergoing alpha testing right now to improve usability ahead of the beta and V1.0 later this year.

In future, NymVPN will also include split tunneling so you can decide which applications use the mixnet and which direct traffic through the dVPN. And the team is also exploring censorship resistance technologies so that anyone in the world can access NymVPN no matter where they are – even if governments attempt to block VPNs at the network level.

There’s still time to access NymVPN alpha. Sign up to the NymVPN alpha waitlist today. And if you’ve already signed up – start putting together testing workshops in your communities now. Join the NymVPN channel on Matrix, and help us build the future private internet.