Proxy vs VPN: which one is better?
Two privacy tools with big differences in protection
Many users are turning to privacy-focused technologies to protect their data and privacy online. At the forefront are Virtual Private Networks (VPNs) and proxy servers, both of which mask our Internet Protocol (IP) address for anonymity. It’s even estimated that one third of people in the world are now using a VPN.
A proxy server, however, is a much more limited privacy and security tool than a good VPN can be. Proxies function through specific applications, while VPNs mask your IP and provide encryption for all of your data in transit. This isn’t the end of the story, however. Certain VPN providers with centralized server databases themselves pose privacy risks for users. Given the scope of data tracking, metadata harvesting, and surveillance which continue to affect everyone globally, privacy technology like VPNs must evolve to keep up with these threats.
Thankfully, new decentralized VPNs (dVPNs) have been developed to safeguard user privacy better than either proxy servers or traditional VPNs can. By routing user traffic through multiple independent servers, dVPNs inhibit attempts at user tracking and structurally avoid the vulnerability of centralized client data.
This article will walk you through how proxy servers and VPNs each work, what makes them different, and why VPNs (particularly decentralized ones) are better and more extensive privacy tools.
What is a proxy server?
A “proxy” is someone designated to carry out a task on your behalf. In this sense, a proxy server is an intermediary that relays data from your device to the public web, or vice versa. Proxies can be privately run servers, commercial services, or simply other web-connected computers. Most proxies run through particular applications like a web browser. Others are designed to be system-wide and will affect all apps, devices, and network connections on that system. Whatever the case, they usually need to be configured and managed on the client side.
How does a proxy work?
When you connect with a web service using a proxy-configured browser, for example, all your traffic from the browser will first be routed through the proxy server. The proxy then replaces your IP address with their own before sending the data to its intended destination on the public web. The web service you’re accessing will then see the proxy’s IP as the source of the traffic rather than your device. This can be effective in making your web browsing more private and anonymous.
In addition to IP obfuscation, proxies can also function as firewalls. They can be configured according to specific rules, such as what kinds of content, web services, or other traffic to filter for. This can help maintain network security, for instance, by filtering incoming traffic for known malicious agents or advertisers, blocking them before they reach your device. Choosing a proxy in a particular country can also be a means of accessing geo-specific information and content that might be otherwise blocked.
Read our guide on how to turn off your proxy.
Types of proxy servers
There are many different types of proxy servers, depending on specific client needs. Here are just a few:
- Anonymous proxy: Replaces the IP address of the client with that of the server, allowing clients to browse the web anonymously.
- Forward proxy: Fetches content on behalf of a client over many different network protocols, such as HTTP. This proxy can be used for both access (anonymous and encrypted connections, geo-specific content) and also blocking (prohibiting access to certain sites).
- Web (HTTPS) proxy: Like a forward proxy, fetches or forwards web content but specifically through the HTTPS encryption protocol established between the user device and the web service. This can provide proxy anonymity while also guarding encryption. Note that it is not the proxy server itself that provides this encryption stage.
- SOCKS proxy: Designed to handle many different types of network traffic (not only HTTP/S, but also UDP and TCP), it can function with different connections like email and peer-to-peer (P2P) networks, rather than just web browsing.
- Transparent proxy: Is not visible to the device user, often used in prohibiting access to certain web services or contents, for instance, by work administrators or parents.
Benefits and limits of proxy servers
Security
- Benefit: A proxy’s firewall, if well configured, can be effective in maintaining network security by filtering out malicious actors or content, like phishing scams, before they ever reach the client device.
- Limit: Unlike VPNs, proxy servers do not themselves provide encryption for user data between the client and server. However, HTTPS proxies, or any web connection using SSL/TLS protocols, will have one layer of encryption by default. To learn more about how data encryption works, check out Nym’s comprehensive guide.
Anonymity
- Benefit: A proxy can allow for more anonymous browsing, since the user’s IP address will be replaced by the proxy’s IP.
- Limit: Since a proxy server only uses one server, the proxy has the ability to keep traffic logs of its users, including IP addresses and connections. While the content of encrypted data won’t be at risk, the metadata of client traffic can be breached, sold, compiled, and analyzed. This could potentially reveal more about user activities than any particular content could, like general browsing habits over time.
Anti-hacking
- Benefit: If configured properly and with updated logs of known security threats, proxy servers might successfully filter out known hacking attempts.
- Limit: Proxies do not add additional encryption to data in transit, and can thus leave your traffic open to cyber attacks targeting metadata like exposed IP addresses and connection behaviors.
Malware/ad blocking
- Benefit: Like with anti-hacking mechanisms, proxies can be configured to block ads or attempts to install malware on your device (e.g., through deceptive links you might click on).
- Limit: In order to be effective, proxy administrators need to regularly update threat logs. This requires placing trust in the proxy service provider.
Content control
- Benefit: Proxies can be configured to give administrators custom control over web access across their network or on particular devices. Administrators can restrict what can be accessed on the web as well as what kinds of traffic can come in.
- Limit: These practices can also be used as censorship tools, restricting the legitimate access to information by overly restrictive countries, employers, or families.
What is a VPN?
A VPN also functions like a proxy server in that it reroutes your traffic through their server(s) and replaces your IP address before accessing the web. However, it also adds another security layer: VPN encryption.
Before your data ever leaves your device, it is first encrypted by the VPN provider before being sent to the VPN’s server in a special VPN encrypted tunnel. Assuming that your data already has an encrypted HTTPS connection with the web service, this doubles encryption security on route to the VPN. Once on the VPN server, your IP address is replaced with the VPN’s public IP. The VPN’s own encryption layer is removed and your data is transferred to its final destination (hopefully with pre-established HTTPS encryption in place).
Traditional VPNs and dVPNs
Not all VPNs, however, are built the same way. When it comes to user privacy and security, the key differences between VPNs on the market are their server infrastructures, data management practices, and commitments to user privacy. Most VPNs are single-server models, and newer ones are multi-server and decentralized, so let’s compare these two.
Privacy risks of single-server VPNs
Most traditional, mainstream VPNs use centralized server(s): user traffic is routed through a single proxy server that the company either owns and controls, or one rented from a third party who does. This is a serious privacy risk for users.
By centralizing user traffic data, even if encrypted, traditional VPNs may keep traffic logs of metadata records. With this metadata potentially stored on disk (whether or not for merely operational purposes), it is at risk of data breaches, cyber attacks, and government surveillance requests. Each of these could expose the metadata records of millions of clients: IP addresses, connection times and durations, IPs of destinations, etc. Metadata is regularly compiled and analyzed to track user browsing habits, behaviors, preferences, and even political leanings.
dVPNs
Decentralized architectures for VPN services have been developed to counter these risks of data centralization and user tracking. A dVPN is a multi-server network where there is no possibility of centralized traffic logging. Its servers (or nodes) are independently owned and operated, and ideally unlinkable. Because user traffic is encrypted and routed through multiple servers, no single node can have access to the full route of your traffic.
A dVPN thus provides the same function of obscuring user IP addresses, but its general privacy protections are more extensive than a traditional VPN or proxy server. It guards not only your identity, but also the metadata of your traffic so that what you do will be extremely difficult to trace back.
Proxy vs. VPN: Privacy features compared
The following table compares what these types of services are capable of providing or not in terms of protecting user privacy. Some particular service provider may not have a given feature, so users should check whether any given provider meets the market standard for privacy.
- Very few mainstream VPNs offer 2-hop routing, or what’s sometimes called a Double VPN, but if they do then both will most likely be controlled by single network authorities.
** Many dVPNs also struggle with traffic analysis and metadata protection, but the situation is better than with traditional VPNs.
VPN vs. proxy: Key differences for privacy
Scope of protection
The biggest difference between a proxy server and a VPN is how much of your data is protected. A proxy might be usable only for a particular application, such as a web browser. This will leave any network connections or traffic coming into or from other applications unprotected. VPNs, to the contrary, protect all of the network traffic coming from your device, unless custom configured to do otherwise.
When it comes to protecting your traffic and metadata from tracking, surveillance, and profiling, neither proxy servers nor traditional VPNs provide significant protections. This is because both are based on centralized, single-server architectures, which makes tracking much easier. dVPNs can also be vulnerable to traffic analysis of users, though two-hops between independent servers does complicate things. Some dVPNs, like NymVPN’s mixnet, significantly excel in inhibiting surveillance and user tracking.
Encryption
Proxy servers do not themselves encrypt user data, while VPNs encrypt all of your online traffic between the user device and their servers. Without tunneled encryption, hackers can target your metadata in transit even if the data is encrypted before the proxy connection. In the case of multi-hop dVPNs, user data will also be encrypted multiple times between the network’s nodes. Keep in mind that HTTPS encryption has been standardized across most of the public web. So when you connect with a web service, your data is most likely already encrypted.
Anonymity
Proxy servers do provide some anonymity insofar as user IPs are masked by the proxy’s own. However, without tunneled encryption between your device and the proxy, your traffic can more easily be surveilled and tracked through the metadata leaking from your encrypted traffic. Third parties, like Internet Service Providers (ISPs) or malicious agents, can see your IP’s connection to the proxy, and the proxy’s connection to the destination, as well as any connection frequencies. Lastly, it is highly possible that a proxy server keeps traffic logs, which if exposed will compromise user anonymity.
Functionality
Proxies need to be manually configured on individual applications or at the system level. Contrarily, VPNs provide a host of privacy features at the touch of a button: connections with a VPN proxy server(s), IP address obfuscation, tunneled encryption. This is all byway of a single connection.
Many modern VPNs also provide advanced privacy features: internal firewalling to block known advertising or malicious connections, DNS leak protection, and kill switches which disables your internet connection if the VPN connection drops. For all of this, users simply need to toggle the VPN on. Complex proxy configurations across apps are no longer needed.
Managing your proxy or VPN
Managing proxy
Application based proxies can be managed through the app’s settings. One big downside of using a proxy server is that the methods for changing proxy settings will vary by application and require individual adjustments. System-wide proxies are configured on the client’s device itself, applying to all network traffic, and cannot be changed by certain apps unless that app is running a proxy configured to override the former.
If you need to turn off your proxy or to permanently disable it on your system, here are Nym’s instructions.
Managing VPN
Some advanced VPNs can be custom configured through split-tunneling to choose what kinds of traffic, applications, etc. use the VPN and which bypass it. This can be important for avoiding any latency while using a VPN. For instance, a VPN can be split-tunneled so that all traffic uses the VPN except for one app, such as a gaming app which needs optimal speed and connections.
At Nym we recommend caution when turning off a VPN, but here is our guide on how to disable it on mobile devices.
Proxy vs. VPN: Nym’s verdict
When it comes to comparing proxy servers and VPNs in terms of privacy protections, VPNs win hands down. They simply provide more protections for user traffic. VPNs do not require app-based configurations, but instead protect all of your online traffic on the server side.
However, VPNs are not monolithic technologies. Free VPN services, it must be noted, will do the opposite of protecting your privacy: they instead harvest and sell user data to third parties to profit from. And the majority of traditional, mainstream VPNs are single-server architectures, which means any user data stored on disk with them is vulnerable to data breaches, cyber attacks, or disclosure requests.
The best VPN choice for genuine privacy and anonymity online is with a VPN that is structurally truly decentralized, with no central point of control and failure. NymVPN provides one of the most private VPN infrastructures: an unparalleled 5-hop mixnet with unique security mechanisms for protecting user metadata. Its 2-hop dVPN mode can be used for faster but still highly secure connections.
Join Nym’s project for a more private internet, and leave finicky and double-sworded proxy servers behind.
Share
Table of Contents
Keep Reading...
Nym is more than a VPN
The first app that protects you from AI surveillance thanks to a noise-generating mixnet
What is a VPN (Virtual Private Network)?
A guide to the popular privacy tool with centralized and decentralized forms
Nym’s zero-knowledge network: No logging promises needed
Turning a VPN no log’s policy into a network design and guarantee