Technology hype comes in waves – and sometimes, you just get swept up with the tide. But some of these flashy technologies aren’t that new, just freshly repackaged for the present day. So what would be the case when it comes to decentralized VPNs (DPNs)? And are they better than regular VPNs?
Decentralized VPN vs. regular VPN
A decentralized VPN is a distributed VPN service where volunteers supply your VPN servers instead of a single company – but paid by crypto. Like with regular VPNs, you have to trust that the VPN server isn’t monitoring your data. But instead of there being a single VPN provider company behind it all, you have to trust that none of the thousands of server volunteers are spying on you.
Table of contents
Necessary background: How a VPN works
Before we go into the business end, we need to set the ground rules for how VPN services work to maintain a secure internet connection. That is fairly simple:
- You connect to a VPN server via the client (read: app) on your device.
- The client and the server maintain an encrypted connection.
- The server decrypts data to forward it to the website or server you visit and vice versa.
This is, very abstractly, how any sort of VPN provider – regular, decentralized, even technically-not-a-VPN Tor – works. But it’s not the whole picture.
How a decentralized VPN works
A decentralized VPN is a VPN that doesn’t have centralized control of its servers. Instead of a single VPN provider supplying and maintaining the servers, dVPN’s servers are hosted by independent users. They could be using dedicated server machines or just installing dVPN software on their home computers. The hosts are paid based on how much use their servers get.
The experience may not be that different for the regular user: you open the app and select the server location to use. But as we discuss further in the article, the whole system backing that process is a lot shadier.
Comparing decentralized VPNs to regular VPNs and Tor
This is where things get a little complicated, so let’s lay it all on the table and get down to brass VPN tacks:
Note: decentralized VPNs and Tor like to use “node” instead of “server.” While that is very technically true – a node can be something even a desktop computer can run – it’s practically the same to a regular user.
Who maintains it?
The service provider
The service provider
What is the server ownership scheme?
Distributed nodes: volunteers paid in crypto set up nodes
Centralized servers: the service provider rents or buys servers
Distributed nodes: unpaid volunteers set up nodes
Can you choose the server?
How many servers are used in a regular connection?
How fast is it?
Depends on the proximity of the server and the random nature of volunteer suppliers
Depends on the proximity of the server and supplier
Dreadfully slow due to three random relays used in the connection and the random nature of volunteer suppliers
Are the servers automatically changed during the session?
All the time
Is the connection encrypted?
Yes, to the point where each server can only know the participant next to them
What is the payment method?
Crypto nano transactions
You can donate to the project
To put it all together:
- With regular VPNs, you can choose what server you’re connecting to and you always know its location and who’s supplying it.
- With a DPN, you can choose what server you’re connecting to and you always know its location, but not who’s supplying it.
- With Tor, you can’t choose what server(s) you’re connecting to, you never know what server you’re connecting to, and the supplier is always changing.
The reason why Tor is so different is because it was made, way back when, with security and anonymity in mind. Any speed and comfort was sacrificed to make the three server/node/relay connection, where only #1 (entry) node knows who’s connected and only #3 (exit) node knows what website or service you’re trying to reach.
However, there are ways to breach Tor and it has been done in the past. And the same security issues persist with DPNs.
Are decentralized VPNs safer than centralized?
Oh boy, the answer here is going to be neither short nor easy. But, all things considered, the answer’s no. Why? Because with a DPN, you have to trust a lot more entities than with a centralized VPN:
Key takeaway: Nearly all VPNs are based on open-source VPN protocols.
DPN marketingese likes to underline that it uses open-source software that anyone can check for faults, and so on. But guess what? Regular VPN suppliers also use open-source VPN protocols (there’s a reason why OpenVPN is called that). While you can’t always look under the hood at the implementation, the fun data-stealing stuff can always be inserted somewhere else, like at the server.
And even if the VPN apps aren’t open-source themselves, this doesn’t stop crafty researchers from discovering their security flaws (and outright malicious features) like the time they uncovered how badly compromised free Android VPNs were.
Key takeaway: ‘Decentralized servers’ means that many more people can potentially be stealing your data.
The main thrust of the DPN’s assault on regular VPN providers’ reputation is this: one company can potentially steal all of your internet traffic as it is routed through the server that they control. After all, the server knows the IP address of the person, their online destination, and has access to the unencrypted (except for HTTPS) communication between them (you can’t forward that data still encrypted as the destination would have no way to read it).
And that is absolutely true. In fact, we’ve always said that you have to be really careful when selecting a VPN service, looking into their history, audits, and the like. Because, when all is said and done, this whole business is built on trust in the supplier.
But with regular VPN services, you only need to trust a single company; the company that is publicly visible, runs audits to prove that it is trustworthy, has a vested interest in ensuring network security, and so on. With a distributed VPN, you have to trust each of those paid volunteers.
Speaking of which, it has been recently discovered that around 900 Tor nodes (roughly 10% of the whole network) had been set up to spy on its traffic, which is something that can be done with distributed VPNs as well.
Key takeaway: Decentralized VPN servers are easier to compromise than Tor nodes.
Now, on the servers’ and nodes’ subject: Tor, as a decentralized network, uses three per connection, none of whom have access to the full picture of the connection. Therefore, malicious (and most likely state) third parties need to compromise 2-3 nodes in the connection and hope for the best as the connections are established randomly and regularly redrawn.
For a decentralized VPN, you need to only compromise the one node in the connection. And since a decentralized VPN is a product targeted at everyday users and not security buffs, it is necessary to give them the option to choose the server (unlike with Tor). Depending on your needs, you’ll choose either the server closest to you (for best speeds) or located in a specific location (to fulfill a certain need).
Since malicious (and state) actors don’t just spy on people for the sake of spying on people, they can narrow down the profile of people and set up their nodes where their likely targets would be. Think they’ll be connecting to servers in Los Angeles? Set up Los Angeles nodes.
And here’s the fun part: the decentralized VPN scheme to incentivize cryptocurrency can make it even easier for them.
Key takeaway: Server incentivization makes it more lucrative for rich bad actors that compromise nodes (like security agencies).
So decentralized VPNs are blowing up due to their ties to crypto. And reading through their websites, crypto has nothing to do with improving your VPN connection.
The biggest bonus to a regular user would be the residential IP addresses that volunteer nodes come with: it would help overcome streaming service blocks (which usually target IPs in business areas), but that’s in no way contingent on crypto. Crypto is just a way to pay anonymously as well as a way to use “nano transactions” to pay only for the VPN bandwidth you use rather than a flat subscription fee.
If you’re old enough to remember old data plans where you paid per megabyte, it’s like that, but with more damage to the environment.
Now, the money you pay supposedly goes to the paid volunteers running the servers. The more people connect to your node, the more crypto you get. In theory, this incentivizes you to maintain your node better, providing good bandwidth and all. But this sort of goes against the idea that anyone can set up a node to sell their unused network traffic, especially since your piddly stream of kilobytes will be overshadowed by someone dedicated to the scheme.
So if you’re CIA and you’re setting up nodes in LA apartments with quantum-space-age-glass-fiber-turbo connections that offer the most bandwidth, you’re not only beating out the competing nodes and grabbing all the data but also being compensated for your spying.
Furthermore, certain decentralized companies (the legal team won’t let me name names) require node providers to stake (read: invest) crypto into their nodes. The more you invest, the more users are routed to the node, up to its bandwidth limit.
Say you’re some sort of Russian three-letter agency, and you think your targets are likely to use servers in Warsaw. All you have to do is plop down some nodes with ridiculous bandwidth in Warsaw, stake them to the limit, and make them hoover up most of the traffic in Warsaw.
Granted, crypto-schemes rewarding the already rich is nothing new, but it’s the first time where they’re blatantly favoring state agencies with money to splash.
Key takeaway: Regular VPNs already accept crypto payments.
So the only upside here is that you can pay for a VPN service with crypto, which is something that any trusted VPN developer already supports.
It does not, however, increase transparency in any way: while payments are recorded on the blockchain, it does nothing to make malicious node providers easier to identify. State security agencies (and other malicious agents) lie as easily as they breathe. They can set up a bajillion crypto wallets for Nursultan Tulyakbay or John Doe, and what the blockchain will show is that yes, the “money” did pass their fake hands.
They also have the funds to deceive at a scale that boggles the mind, and crypto can’t stop them (outside of you, you know, hastening the collapse of civilization via climate change which would presumably collapse the states maintaining these security agencies).
Key takeaway: The only real upside to crypto microtransaction over a subscription is that you can pay for the bandwidth you actually consume.
The decentralized VPN emphasis on crypto hinges on two things:
- You’re usually getting paid in the DPN’s own cryptocurrency, and investing in new cryptocurrencies is one of the top 10 ways to get scammed in 2022.
- The only real use for you is being able to make small payments (of variable value as cryptocurrency is anything but stable) for the bandwidth you consume.
So there you have it, the whole picture.
What is better: a no-logs policy or a decentralized VPN?
A no-logs policy is better than a decentralized VPN because it’s easier to check if the company abides by the policy than to ensure that every dVPN server supplier is playing nicely.
A no-logs policy demonstrates a VPN provider’s commitment to not recording your data. Companies who want to be trustworthy will invite independent audits to confirm whether that’s the case.
With a decentralized VPN service, there is no way to check whether the server operators are behaving and aren’t logging your data somehow. As the nodes are set up quite anonymously and paid for in crypto, it’s really hard to track down any solid paper trail.
So the no-logs policy wins hands-down.
Make an informed decision on your VPN
Now you know what the whole deal with decentralized VPNs is (though my ego won’t suffer too much if you do some more of your own research). As you can already gather, there’s little reason to believe that a DPN is in any way more inherently safe than a normal VPN. But hey, it beats using a free VPN, right?
Is Tor a decentralized VPN?
Tor is not a decentralized VPN, despite the similarities: both provide data encryption and routing, and both rely on decentralized volunteers to run the servers.
The difference is that Tor volunteers are not paid, Tor doesn’t allow you to select the server you want, and Tor routes your traffic via three servers (instead of one). Tor is also free.
In any case, Tor is not a suitable replacement for everyday VPN use as it works a lot slower than the alternatives.
What VPN is best for crypto?
The best VPN for crypto would be:
- Operating from a country with great privacy laws;
- Maintaining a no-logs policy;
- Independently audited;
- Using the newest security features.
Surfshark just happens to fit all those conditions.