Mar 12, 2020

If you’ve been following Orchid, you’ve probably encountered lots of references to “hops” and to Orchid’s multi-hop architecture. Hops is how we at Orchid refer to the routing of data -- from its origin, through a node such as a VPN server, and finally “exiting” to its destination webpage. The ‘hop’ camouflages user activity by making it harder for parties at the source and destination of a web journey to gain full information about an Internet user’s activity. Hops on Orchid can be strung together to add additional layers of indirection. In this piece, we look at how hops work and how different solutions can utilize them to offer users better privacy.

How do hops work in VPNs?

When you use a VPN, your web traffic is encrypted by the VPN provider and sent first to its server, which then routes it to the destination site. This impedes the ability of both your Internet Service Provider (ISP) and the destination website to gain full information about your browsing activity. Since the traffic is encrypted by the VPN, your ISP cannot see where the traffic is going -- all it sees is a connection to the VPN server. This encryption and masking of web traffic by a VPN is what we call a “hop.” On the other end of the journey, traffic “exits” the VPN server onto the destination website. This site recognizes that someone is visiting, but since it comes from a VPN rather than from your specific Internet Protocol (IP) address, doesn’t know it’s you. A website sees your location as that of the VPN server, instead of where your computer actually is.

Hops can obfuscate the nature of your browsing but not the volume of it; your ISP will still see all your web traffic, only encrypted, so the details are hidden. Still, if your ISP is throttling traffic based on data usage, for instance, using a VPN will not solve the problem.

Further, although VPN hops can obscure the nature of web browsing from ISPs and website operators, the traffic is not fully private or anonymous. The VPNs themselves have visibility into their customers’ web browsing, with the ability to track the entire journey. Most VPNs place their customers’ privacy high on their lists of concerns. Nevertheless, to use a single VPN is still ultimately to rely on the service always to follow through on its stated commitments to customer privacy.

“Logging,” the practice by which VPN providers record and store data generated by their customers, is a major topic of discussion in Internet privacy circles. Many VPNs claim to be “no-log” services, which means they store no information about their customers’ activity. Thus, they argue, even if their systems were compromised or they were compelled by a government agency to turn over information, there would be nothing to see. And there is little doubt that many Internet privacy solutions have a genuine commitment to keep user data private. But the fact remains, users of these services must rely on the strength of their word.

So what else can be done to improve users’ Internet anonymity?

Double hops and multiple hops

A logical answer is to use more than one hop. Indeed, several VPN services offer “double hop” or “multi-hop” configurations. The premise is that by “hopping” not just once but several times, it is possible to make the trail much harder to piece together. Routing traffic from a VPN server first to another VPN server, and then to the destination website, should make unraveling the entire route more difficult. By directing activity through two or more servers, the user can -- in theory -- prevent any one of them from having the full picture of the user’s actions. The first server will be able to see the origin’s IP address, and the last, only the destination website. Neither alone has enough information to decode the whole journey.

The effect is muted, though, if you get two hops from a single provider: if the entire journey takes place through servers controlled by the same VPN, that provider still has full visibility into the user’s activity. In order for multiple hops to allow a genuine improvement in user privacy, the servers that traffic hops between need to be unconnected.

Orchid’s multi-hop routes

A few Internet privacy tools have adopted this approach by aggregating multiple service providers. For example, Tor -- which is not a VPN but a hardened browser -- creates a circuit for users with traffic hopping through three nodes before exiting. This is an instance of true multi-hop capability, since the providers that operate on Tor do not come from any single service provider (although collusion between providers is technically possible).

Orchid, which aggregates VPN services, offers another multi-hop solution. Whereas Tor lacks an incentive structure to reward nodes, relying on bandwidth that is effectively “donated,” Orchid has developed blockchain-based architecture designed to provide adequate rewards for VPN providers to offer their services. This has resulted in partnerships with some of the leading VPNs, including LiquidVPN, PIA, and VPNSecure, which should mean faster browsing speeds and fewer bottlenecks for users. Orchid users can customize the service to include as many hops as they want. While that does not fully anonymize web browsing, it makes it much more difficult for any one party to track a user’s web traffic.

With multiple hops, only the first node and the last node operators can see any meaningful information: the source and destination of web traffic, respectively. Any other VPN nodes simply see encrypted traffic. While this doesn’t stop service providers from logging if they choose to, it can render the data they collect effectively meaningless. Like sensitive mail, this data has effectively been put through a “shredder,” making it much harder for someone to dig it out of the trash and glean sensitive information.

There is no perfect way to achieve anonymity online. Hops are one of the tools Orchid gives its users to improve and strengthen their privacy protections. Orchid is the first solution to combine multiple hops run by different entities with a properly incentivized, blockchain design that utilizes other innovations such as probabilistic nanopayments. Through this approach, Orchid offers a novel way to combine VPN services together.

Join Orchid today to start exploring freely. Stay curious out there!

Get involved with Orchid

Stay in touch and up to date at orchid.com, or through our social channels:

GitHub: OrchidTechnologies

Facebook: OrchidProtocol

Telegram: OrchidOfficial

Thank you for being part of the Orchid community.