I use Mozilla VPN (Mullvad underneath), and it has the option for multi hop, which is really just two hops. Is there any major privacy gains with it or no?
And before you say VPNs are not the magic bullet for privacy, I already know that I use Linux, GrapheneOS, hardened Firefox, etc etc.
Can’t speak for Mozillas multihop implementation, but in general I can tell you that the concept of having multiple tunnels together does in theory make your comms more private. If a 3rd party were to try to MITM you, they would have to breach both tunnels to read your data.
deleted by creator
It will make your connection more private and secure, but I don’t think its a major improvement or worth using for most people due to the downsides.
I’m tinfoil hat levels of paranoid, but I’m not layering like that due to the downsides
I figure if you’re going to multihop, ToR isn’t going to be that much slower; might as well go that route instead with the added benefits.
That’s my thought too
I always recommend multi-hop as it increases your privacy. And as long you choose the two servers to be nearby each other and not halfway across the world, you will not notice any difference in your connection.
I think this article by Mullvad explains this well.
You forgot to mention qubes :)
I don’t consider mullvad multihop as a major security feature, but is a massive convenience feature. If you’re running the mullvad browser extension, or their mullvad browser you can just change the location of your browser without reconfiguring the VPN. Using their proxy network. Very convenient.
If you want to get really fancy you could do something with layered network name spaces, having each one use a different proxy forward to get multiple hops through one VPN connection.
The core flaw of multihop, is that your VPN provider can see all of it. So if they’re compromised, multi-hops not doing you any good.
But if you use something like qubes and you log into a VPN with account a, then you log into a different VPN with account b, then you log into VPN one again with account c : it’s going to be problematic to identify your entire path. People would have to be measuring every packet going in and out. Which is unlikely.
But this depends on your threat model, if you’re adversary has the resources to monitor all network links (national intelligence agencies) then this is very insufficient. You would have to ensure your first hop also doesn’t identify you, login for brief Windows, don’t send a lot of data for God’s sakes don’t stream video. For the vast majority of what people care about this is not an issue.
Safing is really interesting, it’s an onion network, but you can configure each application to have its own independent path. So instead of a normal VPN we’re all traffic has the same route. This would make identification much more difficult, let’s suppose you accidentally started up discord while attached to your safing session, it wouldn’t give away your identity for all your other applications cuz they would have different paths. It’s interesting. I recommend you look at it. https://safing.io/spn/
deleted by creator