It doesn’t make sense using, since both VPNs see your traffic and one of them still knows your real IP adress. So using VPN over VPN doesn’t add any extra security or privacy. Anyone who say smth different has no technical understanding how Tor works and how VPN does, the only case where this make sense if the VPN provider itself provide this as feature and encrypts the traffic so that the second server can’t see it.
I always recommend multi-hop as it increases your privacy. And as long you choose the two servers to be nearby each other and not halfway across the world, you will not notice any difference in your connection.
I don’t consider mullvad multihop as a major security feature, but is a massive convenience feature. If you’re running the mullvad browser extension, or their mullvad browser you can just change the location of your browser without reconfiguring the VPN. Using their proxy network. Very convenient.
If you want to get really fancy you could do something with layered network name spaces, having each one use a different proxy forward to get multiple hops through one VPN connection.
The core flaw of multihop, is that your VPN provider can see all of it. So if they’re compromised, multi-hops not doing you any good.
But if you use something like qubes and you log into a VPN with account a, then you log into a different VPN with account b, then you log into VPN one again with account c : it’s going to be problematic to identify your entire path. People would have to be measuring every packet going in and out. Which is unlikely.
But this depends on your threat model, if you’re adversary has the resources to monitor all network links (national intelligence agencies) then this is very insufficient. You would have to ensure your first hop also doesn’t identify you, login for brief Windows, don’t send a lot of data for God’s sakes don’t stream video. For the vast majority of what people care about this is not an issue.
Safing is really interesting, it’s an onion network, but you can configure each application to have its own independent path. So instead of a normal VPN we’re all traffic has the same route. This would make identification much more difficult, let’s suppose you accidentally started up discord while attached to your safing session, it wouldn’t give away your identity for all your other applications cuz they would have different paths. It’s interesting. I recommend you look at it. https://safing.io/spn/
Can’t speak for Mozillas multihop implementation, but in general I can tell you that the concept of having multiple tunnels together does in theory make your comms more private. If a 3rd party were to try to MITM you, they would have to breach both tunnels to read your data.
For average use not really, assuming the VPN is reliable and trustworthy, and if by average you mean just regular day to day browsing.
When you start getting into the territory of doing stuff that would actually get investigated, it has some benefits like having a little bit of protection from possibly backdoored servers, MITM, etc.
For regular privacy in day to day, it is an improvement but I wouldn’t consider it worth the latency gain unless absolutely needed.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
It doesn’t make sense using, since both VPNs see your traffic and one of them still knows your real IP adress. So using VPN over VPN doesn’t add any extra security or privacy. Anyone who say smth different has no technical understanding how Tor works and how VPN does, the only case where this make sense if the VPN provider itself provide this as feature and encrypts the traffic so that the second server can’t see it.
I think this article by Mullvad explains this well.
I always recommend multi-hop as it increases your privacy. And as long you choose the two servers to be nearby each other and not halfway across the world, you will not notice any difference in your connection.
It will make your connection more private and secure, but I don’t think its a major improvement or worth using for most people due to the downsides.
I’m tinfoil hat levels of paranoid, but I’m not layering like that due to the downsides
I figure if you’re going to multihop, ToR isn’t going to be that much slower; might as well go that route instead with the added benefits.
That’s my thought too
You forgot to mention qubes :)
I don’t consider mullvad multihop as a major security feature, but is a massive convenience feature. If you’re running the mullvad browser extension, or their mullvad browser you can just change the location of your browser without reconfiguring the VPN. Using their proxy network. Very convenient.
If you want to get really fancy you could do something with layered network name spaces, having each one use a different proxy forward to get multiple hops through one VPN connection.
The core flaw of multihop, is that your VPN provider can see all of it. So if they’re compromised, multi-hops not doing you any good.
But if you use something like qubes and you log into a VPN with account a, then you log into a different VPN with account b, then you log into VPN one again with account c : it’s going to be problematic to identify your entire path. People would have to be measuring every packet going in and out. Which is unlikely.
But this depends on your threat model, if you’re adversary has the resources to monitor all network links (national intelligence agencies) then this is very insufficient. You would have to ensure your first hop also doesn’t identify you, login for brief Windows, don’t send a lot of data for God’s sakes don’t stream video. For the vast majority of what people care about this is not an issue.
Safing is really interesting, it’s an onion network, but you can configure each application to have its own independent path. So instead of a normal VPN we’re all traffic has the same route. This would make identification much more difficult, let’s suppose you accidentally started up discord while attached to your safing session, it wouldn’t give away your identity for all your other applications cuz they would have different paths. It’s interesting. I recommend you look at it. https://safing.io/spn/
Can’t speak for Mozillas multihop implementation, but in general I can tell you that the concept of having multiple tunnels together does in theory make your comms more private. If a 3rd party were to try to MITM you, they would have to breach both tunnels to read your data.
For average use not really, assuming the VPN is reliable and trustworthy, and if by average you mean just regular day to day browsing.
When you start getting into the territory of doing stuff that would actually get investigated, it has some benefits like having a little bit of protection from possibly backdoored servers, MITM, etc.
For regular privacy in day to day, it is an improvement but I wouldn’t consider it worth the latency gain unless absolutely needed.