A double VPN feature consists of a VPN connection routed through two consecutive VPN servers instead of one. It’s also known as “multi-hop.” The feature adds an extra encryption layer to the user’s traffic, thus increasing security, privacy, and anonymity. Unfortunately, most VPN networks do not support multi-hop connections. Why don’t they? Which are the ones that do? In this article, we will answer those questions and many more.
What is a multi-hop or double VPN?
As the name suggests, the double VPN feature enables VPN users to route their traffic through two VPN servers instead of one. In this way, your traffic encryption happens twice (once on each server), thus providing an extra layer and security for your online activities. However, one significant difference from the regular connections is that, even in the VPNs that support such a feature, not every server within the network is suitable, so your choices are limited to those nodes that can be paired together.
Multi-hop connections are not the industry standard by any means. In fact, most VPNs do not support it. The reason behind that is that the demand for this feature tends to be low because the additional encryption and routing times cost something in connection speeds. In other words: double VPN connections are significantly slower than regular single ones. Also, double VPN connections demand more resources from the provider, and that also plays a role.
Double VPNs come at a cost to the network and the user; that much is clear. Nevertheless, the multi-hop feature is a valuable service for a particular user who needs to ensure that their privacy and security are guaranteed at all costs.
For example, suppose you are a political activist, especially of the dissident kind working in a repressive country; you could also be a journalist writing on sensitive topics that could awaken a giant’s anger; or that you are a whistleblower passing on sensitive information to third parties. Those three cases are the most obvious scenarios in which double VPNs are critical in keeping a user safe from potential enemies, but they’re not the only ones.
So are multi-hop connections an option for you? Well, answering that question needs you first to know the pros and cons. Let’s see them.
Multi-hop VPN connections: The advantages and disadvantages
Most VPNs offer added features that enhance a user’s security, such as kill switches, leak protection, malware blockers. So double VPN is not a compulsory feature for a network to be a regular (even a premium) VPN service. A good VPN performs two services for you at all times: traffic encryption and IP masking; any additional advantage is welcome but not vital. Thus, double VPN connections are not in the “must-have” list of any provider. We’ll see why in this section, but let’s start with the positive side of the coin.
Double VPNs: The advantages
Multi-hop connections enhance security, privacy, and anonymity. And how they achieve that goal are advantages in themselves.
- Double encryption. Each server in a multi-hop connection encrypts the traffic in full. A single AES-128 encryption stage is impossible to crack with the current technology. Two stages of AES-256 encryption make the traffic utterly impossible to decipher.
- Extra IP. The server hides your IP address from the word in a single VPN connection and assigns you a new one. In a double VPN, this happens twice, so your actual IP address is twice removed from the world.
- Keeping your ISP in the dark. If your ISP is interested in your online activities (which it shouldn’t), he won’t be able to know anything about what you’re doing. The ISP will know that all of your traffic is directed to a single node on the Internet (your VPN server). But it won’t understand what your traffic is about, what sites you are visiting, or anything else.
- Hidden whereabouts. Any mildly competent hacker can figure out your location from your IP address. In a double VPN connection, any third party will think you are located at the second server’s location, which will typically be very far away from you.
- Protocol combinations. If double encryption still seems not enough for you, you can set up your double connection so that one server uses TCP within the OpenVPN protocol and the other uses UDP.
- Bypass censorship. Even the most liberal countries in the world impose some restrictions on their domestic internet access, not to mention China, North Korea, or other jurisdictions where the lack of online freedom is notorious and world-famous. Single VPN connections allow you to circumvent those restrictions. A double VPN ensures that it can’t be traced back to you.
Double VPNs are an extreme security measure. As such, they’re not meant to be the default mode of any user. That’s why so many industry players do not offer it –and have no intention to change their minds. Also, the decision-makers in the VPN world consider that single VPN connections are good enough for any task in terms of security. Furthermore, they are versatile enough to serve activities as torrenting or unblocking streaming websites. Thus, in their minds, a double VPN is overkill, an enhancement on a service that already meets its purpose perfectly.
While we also consider that those multi-hop connections are for paranoids for the most part (though we have mentioned three cases in which the paranoia is justified), if you decide that doubling down on security is your cup of tea, go right ahead. Just keep in mind that there’s a price to pay.
- Loss of speed. The most evident cost you’ll have to pay for a double VPN comes in the form of lower speeds when connected to a VPN. Even a single connection reduces connection speeds because the encryption and the traffic routing take some time and computing power. If you add another VPN stage on top, then things slow down so much more. In addition, if you want to transfer large files, use your BitTorrent client, or see streaming videos, the chances are that the multi-hop will not be optimal for your user experience.
- No Tor over VPN. If you have ever used Tor to protect your security, you already know that navigation speeds in the Tor network are low. You can double-down on security by launching your Tor browser over a single VPN connection. Adding a further VPN layer will make snail races look exciting.
- Resource intensive. Double VPN connections mean more work for your device, not just for your VPN provider. Your battery will drain quickly, the other tasks on your device will slow down. If you can be plugged in, that’s not a problem, but if you’re on the go (which is the point in mobile devices), you won’t be able to be online for long.
- Server choice. As far as we’ve seen in most VPN networks, the server list for multi-hop users is much smaller than the regular list. Also, you can’t choose each server separately. Instead, you will have to choose from a list in which servers are already paired.
So the primary drawbacks of double VPNs come as inefficient speeds and battery use. If you happen to have an astonishingly fast ISP, maybe your dual connection will be manageable. On the lack of variety of server choices, most of the available pairs are located in the countries where the servers are most useful for almost every task (the US, UK, Netherlands, etc.), so lack of choice does not translate into a lack of flexibility.