VPN vs dVPN: A Comprehensive Comparison

Welcome! This article continues our discussion on VPNs, comparing two types of VPN services: traditional centralized VPNs and the newer decentralized VPNs (dVPNs). As mentioned in previous articles, the main reason to use a VPN for privacy is to hide your internet traffic and browsing history from your internet service provider (ISP). ISPs and mobile operators are often interested in logging, analyzing, reusing, and selling this information, and/or are required by law to store user data. Routing your traffic through a VPN on untrusted networks and masking your IP address when accessing websites and services can provide additional privacy benefits.

Most commercial centralized VPNs are suitable for these purposes—if (and only if) you trust your VPN provider more than your ISP. Recently, blockchain-based projects have promised to improve the centralized VPN model by offering greater transparency, multi-hop functionality, distributed connection nodes, and pay-per-use compensation models. This article aims to help you decide whether a decentralized solution makes sense for you by evaluating the pros and cons.

Introduction to dVPN

dVPN services (“decentralized VPNs”) use blockchain to manage a network of distributed connection nodes and aim to improve VPN design in other ways as well. Current solutions promise verifiable non-logging, distributed trust without a single decision-maker, and fairer payment systems. These are the main differences and advantages over classic services, but decentralized VPNs also promise to provide the same benefits as centralized VPNs.

When evaluating dVPNs, we use the following criteria:

• Traffic encryption between endpoints using the latest, verifiable cryptographic standards and protocols.
• A large number (ideally thousands) of nodes available for connection, not controlled by a single or small group of organizations.
• After connecting, traffic passes through at least three nodes—entry, relay, and exit—working together to route your VPN traffic. The ideal dVPN setup mirrors Tor, where the entry server knows your IP but not your activity, the relay server knows neither, and the exit server knows your activity but not your identity. This three-node setup is crucial for delivering on the promise of “no logging possible due to decentralized network design.”

Assuming there are solutions on the market that meet these criteria, we’ll discuss whether this is actually the case in the following sections.

What Makes a Good VPN for Privacy?

Let’s discuss the key features to look for when choosing a VPN for privacy protection.

1. Trust

With centralized VPNs, the key question is whether you can trust those running the service. Are they transparent and public? Do they have a strong track record? Do they have clear policies and legal frameworks to protect clients from excessive scrutiny? Trust is necessary because you can’t fully control what the company does with your data. If you can’t trust the operators, you shouldn’t use their product.

The lack of need to trust a single organization is a major advantage of dVPNs. However, while their infrastructure isn’t centralized, your data still passes through one or more nodes run by companies or individuals who may not be trustworthy. Depending on their position in the network, they may observe the source and content of your traffic, or both. The problem is that, although the most popular dVPNs (Orchid, Sentinel, Mysterium) are designed for multi-hop, their current default implementation connects you directly to a single node, which you must then trust.

If a single node acts as both entry and exit, you need to trust its operator not to log your activity. Exit nodes can use decrypted data for surveillance, identification, and correlation attacks in cooperation with others. The Tor network, which uses four nodes, suffers from unknown actors running hundreds of malicious relays. These risks are even greater if a distributed network has many nodes but few users. The “crowding effect” of many users sharing the same exit IP makes identification harder. Some dVPNs try to solve the malicious node problem by routing your traffic to a new node for each new connection or by connecting to multiple nodes for different requests. Orchid, for example, uses “trusted node” lists, but then you must either verify nodes yourself or rely on a third party—similar to trusting a centralized provider who curates their own server list.

In summary, dVPN infrastructure can be designed so that trust in a central entity isn’t required, making it a better choice than centralized VPNs in theory. However, dVPN exit node operators can still log your activity, making current implementations less than ideal. Especially with single-node systems, your IP and unencrypted data are exposed. In contrast, hosting providers for centralized VPNs (ideally) don’t have direct access to server data and can’t easily monitor connections and user activity. However, with physical access and enough motivation, they could potentially access data.

Since all dVPN providers we reviewed (Orchid, Sentinel, Mysterium, and Deeper) have used single-hop connections by default since February 2022, we conclude that dVPN solutions are currently not the best choice in terms of trust. Some providers claim to “hide your IP from everyone,” which is misleading.

2. Solid Technical Implementation

No matter how much you trust a centralized provider, if their technical competence is lacking, your privacy is at risk. Implementing and updating proven VPN protocols and standards is crucial. At a minimum, we recommend OpenVPN with SHA-256 authentication, RSA-2048 or better handshake, AES-256 ciphers, or WireGuard, plus perfect forward secrecy. Clarity about backend and infrastructure that guarantees no activity logging is also important. Centralized VPNs often can’t prove this; open-source apps, regular audits, and pentest reports are positive signs. However, audits are only snapshots in time, so you can’t verify the live code of a centralized service. This is where trust comes in.

For dVPNs, reliability can be checked by you or a trusted analyst. dVPNs are by default transparent, open-source, and have open infrastructure. You can verify claims of no system-wide logging or backdoors, making node behavior the only uncheckable aspect. As always, do your own research before using any service.

3. Stability and Speed

Centralized providers ensure stability through proper infrastructure design and quick resolution of network issues with their hosting partners. Availability and uptime depend on these factors. You can only judge by past network performance whether it meets your needs. Speed is also important—centralized VPNs that don’t oversell can achieve minimal speed loss even on gigabit connections for clients near a server. However, many providers attract too many users, causing capacity issues. If you choose a centralized service, test several providers for stability and speed before committing long-term.

In a decentralized network, if one or even many nodes fail, your traffic is routed through others. This means a well-designed dVPN network can’t be taken down as long as nodes are available. Service stability in a decentralized infrastructure with many nodes can only be disrupted by issues with the app you use to connect.

With a three-hop ideal setup, speed loss is inevitable since packets travel through different physical locations. Tor suffers from a similar issue. Most dVPNs use residential nodes—often end users—as peers. Retail bandwidth is improving over time but is still limited compared to what professional infrastructure providers offer centralized VPNs. This is one reason dVPN providers currently default to single-hop setups for usability and speed, though this undermines the promise of distributed trust. One provider admits that “10 to 40 Mbps” is a realistic average speed, while others partner with VPN services as exit (or single) nodes to improve this aspect. In terms of speed, centralized VPNs are likely to outperform dVPNs. Comparing a multi-node centralized VPN to a three-node dVPN is less straightforward. Centralized providers controlling servers in chosen locations can better optimize speed; results will depend on your location, infrastructure, and network conditions. In terms of resilience, dVPN networks should theoretically handle outages and failures better.

4. Price

Most commercial VPNs use monthly or yearly recurring payment models. Some have fixed prices, some offer discounts, but most require annual payments. This can disadvantage users with occasional or short-term needs, who end up overpaying for a service they don’t use or don’t want to commit to long-term. Recurring subscriptions can also lead to unnoticed renewals for unused services.

Decentralized providers use pay-per-use models for fairness, but in practice, the convenience of such VPNs is questionable and unlikely to be better than periodic subscriptions. Most users don’t know how much traffic they need and don’t want to regularly top up their balance. Still, if providers can make purchasing easier, this approach could lead to fairer pricing for customers.

One potential improvement over centralized VPNs is that dVPNs don’t require personal data for signup—you just need tokens to use them. However, this advantage is limited, as many centralized VPNs don’t require an email for registration and accept cryptocurrencies and cash.

Additional Considerations for dVPN

The following points don’t apply to all services but are important when evaluating distributed VPNs.

1. Exit nodes are crucial participants in a distributed VPN network, responsible for decrypting and routing data packets to their next destination. As such, they are liable for any violations occurring on the network, since their IP address is associated with any activity passing through them. Depending on network design and market strategy, dVPNs handle this differently:
   • They incentivize end users to operate as exit nodes, earning money or credits (Sentinel, Mysterium). These providers offer guides on how to address the “exit node problem.”
   • They use “trusted partners” as exit nodes, such as VPN providers and hosting companies (Orchid). Orchid’s approach highlights the issue of live nodes acting as exits: when law enforcement comes knocking, the decentralized network won’t take responsibility or provide legal support. Tor exit node operators have struggled with this since the network’s inception.
2. Some dVPNs prioritize other use cases over privacy and don’t mask your IP by default. For example, Deeper Network only routes connection requests deemed appropriate by the system (“smart route”). IP masking and encrypted connections are only available in “DPN full route” mode, which forces you to become an exit node, leading to a complex trade-off. The “smart route” option may be useful for P2P downloads and geo-shifting for streaming, but this design choice shows Deeper Network isn’t the best for privacy.
3. When evaluating centralized VPNs, remember that if a service is free, your data is likely the product being sold. While this warning may not apply to all dVPNs, they often reward nodes with tokens and offer free access to clients when starting out. As the service matures and supply and demand grow organically, incentives become unnecessary. However, if no money enters a closed system, it can’t last long—subscription fees are the obvious solution. Don’t choose a service just because it’s currently free.
4. Some dVPNs, like Deeper Network, rely on proprietary devices placed between your modem and device/router. If you need a VPN solution “on the go,” this option may not be suitable.

Conclusion

With centralized VPNs, you must trust the service operators to implement all parts of their system as promised for privacy protection. This trust is a single point of failure: you don’t need to worry about routing rules or malicious nodes. With dVPNs, you don’t need to trust a central entity, but you face challenges in achieving practical multi-hop setups and verifying nodes (or node lists).

Decentralized VPNs offer a vision where trust in a single party isn’t required, making them potentially a better choice for avoiding ISPs and covert surveillance. However, current solutions don’t live up to these promises due to single-node routing, trust and liability issues with exit nodes, and low adoption. For privacy protection, a centralized VPN is the better choice if you’re willing to trust the provider with your data. If you can’t trust a provider or value decentralization above all, a dVPN may be better—just be aware of the trade-offs described in this guide.

Authors: Vergil, Pavluu

Onion Market – a free P2P exchange on Telegram.