The short answer is that the jury’s still out, but probably not. Though dVPNs aren’t unsafe, either, for now the smart money seems to be on VPNs when it comes to protecting data. To figure out why that is, let’s start with a quick crash course on VPN security.
How Regular VPNs Protect Your Data
When you use a VPN, you make a connection from your computer to a server run by your internet service provider (ISP). From there, the connection is relayed to your VPN’s server and then to the site you want to visit. The connection from the ISP to the VPN is encrypted in a so-called VPN tunnel, and you assume the IP address belonging to the VPN’s server.
This has two effects: the ISP can only see encrypted communication, and the site you’re visiting sees an IP address that’s different from yours, making it impossible to track you that way. It’s a great way to add a measure of anonymity to your browsing, though it’s not perfect. For example, you can still be tracked by methods that don’t rely on your IP address, like browser fingerprinting.
The way your VPN encrypts your connection is through a VPN protocol, a set of rules that determines how the VPN “talks” to other devices on the network. There are several different ones, like OpenVPN or WireGuard, and each will do things slightly differently. Some are more secure, some are faster, and the best ones will strike a balance between these two.
The upshot is that your connection is secure through the VPN tunnel from end to end. There’s no way for the ISP or the site you visit to crack the encryption keeping you safe. The only weakness of VPNs are the VPNs themselves, through their logs.
VPNs and Logs
When you use a VPN, you’re leaving traces of your activity behind on the provider’s servers. These are called logs, not unlike the records a ship’s captain keeps. Since the whole point of using a VPN is to remain undetected and logs kind of defeat that point, VPN providers make promises that they will destroy their logs, or not keep them at all.
However, as we explain in our article on no-log VPNs, there’s no real way of knowing whether this actually happens; it’s very hard to prove a negative. As such, when you use a VPN, you’re trusting the service to destroy its logs.
How dVPNs Protect Your Data
Data protection is where dVPNs claim to have the upper hand: because of their decentralized nature, logs are less of an issue. When you get started with dVPNs, you’ll quickly notice that you don’t connect to servers like with a VPN, but instead to what are called nodes. Think of nodes as places where you can enter and exit the dVPN network.
These nodes are run by your fellow users, and could be their laptops or smartphones; you can also offer your devices as nodes and get paid a little in the network’s cryptocurrency. However, here’s where things get tricky: it’s unclear how the connection between you and the node is secured.
This is where comparisons with Tor come up: unlike VPNs, which use VPN protocols to encrypt your connection, dVPNs seem to work like Tor, which relays your connection between nodes. However, each node can only see the node before it and after it, so chain enough nodes together and you get a measure of anonymity.
However, if this is how dVPNs work, then they share a very important weakness with Tor. The final node, called the exit node, can see which sites you’re connecting to. They won’t be able to see what you’re doing there—the encryption on your HTTPS connection should keep you safe—but they will know you’re doing something.
Keeping Exit Nodes “Blind”
This is an issue that Tor and dVPNs both struggle with. However, dVPNs claim to have fixed this issue; in fact, it’s their big claim to fame as without it they’d just be an upgraded Tor. However, considering that dVPN operators are a secretive and elusive bunch, it’s hard to get a hard answer on how this exactly works.
For example, in an email Derek Silva, the global community manager for Orchid, told us that “DNS requests from the Orchid client software are sent to a private DNS service, there’s no logging software built in to the Orchid server.” As a result, “Orchid […] nodes have no idea if you’re sending email, watching a video, downloading an app, etc.”
This is an interesting take on the Tor way of doing things, only with extra steps, like sending DNS requests (how a server “asks” for the address of a site) to a private service rather than a public one. This is, effectively, a way to keep connections secret.
In its whitepaper, Sentinel also points out that the decentralized nature of the connection, a chain of servers, essentially, makes it so the system is very hard to attack; take one link of the chain out, and it will simply reform. Other than that, though, the whitepaper is very miserly with details of how security works.
Are dVPNs More Secure?
As a result of this lack of detail, it’s hard to say that dVPNs are more secure than regular VPNs, as most dVPNs like to claim. That said, it’s not quite like they’re less secure, either. It’s more that, like Tor, dVPNs rely on the anonymity that chaining nodes offers rather than the outright wall of encryption VPNs have.
The result is a system that’s less different from Tor than advertised, and thus has some of the same weaknesses. For example, to be anonymous, you need to connect through multiple nodes. This is a killer for your speed, making dVPNs a lot less pleasant to use. For now, it seems that if you use dVPNs, you should maybe only do so for activities that won’t get you into hot water, like getting through to Netflix.