Published: March 12, 2020; Updated: December 16, 2021

If you’ve been following Orchid, you’ve probably encountered lots of references to “hops” and to Orchid’s multi-hop architecture. “Hop” is a term we at Orchid use to refer to the routing of data -- from its origin, through a node such as a VPN server, and finally “exiting” to its destination webpage. Each “hop” camouflages user activity by making it harder for parties at the source and destination of a web journey to gain full information about an Internet user’s activity. Hops on Orchid can be strung together to add additional layers of misdirection. In this piece, we look at how hops work and how different solutions can utilize them to offer users better privacy.

How do hops work in VPNs?

When you use a VPN, your web traffic is encrypted by the VPN provider and sent first to its server, which then routes it to the destination site. This impedes the ability of both your Internet Service Provider (ISP) and the destination website to gain full information about your browsing activity. Since the traffic is encrypted by the VPN, your ISP cannot see where the traffic is going -- all it sees is a connection to the VPN server. This encryption and masking of web traffic by a VPN is what we call a “hop.” On the other end of the journey, traffic “exits” the VPN server onto the destination website. This site recognizes that someone is visiting, but since it comes from a VPN rather than from your specific Internet Protocol (IP) address, it doesn't know it’s you. A website sees your location as that of the VPN server, instead of where your computer actually is.

Although VPN hops can obscure the nature of web browsing from ISPs and website operators, the traffic is not fully private or anonymous. The VPNs themselves have visibility into their customers’ web browsing, with the ability to track the entire journey. Most VPNs place their customers’ privacy high on their lists of concerns. Nevertheless, to use a single VPN is still ultimately to rely on the service always to follow through on its stated commitments to customer privacy.

“Logging,” the practice by which VPN providers record and store data generated by their customers, is a major topic of discussion in Internet privacy circles. Many VPNs claim to be “no-log” services, which means they store no information about their customers’ activity. Thus, they argue, even if their systems were compromised or they were compelled by a government agency to turn over information, there would be nothing to see. And there is little doubt that many Internet privacy solutions have a genuine commitment to keep user data private. But the fact remains, users of these services must rely on the strength of their word.

So what else can be done to improve users’ Internet anonymity?

Double hops and multiple hops

A logical answer is to use more than one hop. Several VPN services offer “double hop” or “multi-hop” configurations. Most VPNs offer their users just one hop. Other VPNs use double-hop authentication, which places just two servers between the data's origin and endpoint. A multi-hop VPN allows users to send their data through more than two different servers.

By “hopping” not just once but several times, it is possible to make the trail much harder to piece together. Routing traffic from a VPN server first to another VPN server, and then to the destination website, should make unraveling the entire route more difficult. By directing activity through two or more servers, the user can -- in theory -- prevent any one of them from having the full picture of the user’s actions. The first server will be able to see the origin’s IP address, and the last, only the destination website. Neither alone has enough information to decode the whole journey.

Pssst! You can get privacy news delivered to your inbox.

Subscribe

Your privacy is important to us. We will never share your information.

The effect is muted, though, if you get two hops from a single provider: if the entire journey takes place through servers controlled by the same VPN, that provider still has full visibility into the user’s activity. In order for multiple hops to allow a genuine improvement in user privacy, the servers that traffic hops between need to be unconnected.

Orchid’s multi-hop routes

A few Internet privacy tools have adopted this approach by aggregating multiple service providers. For example, Tor -- which is not a VPN but a hardened browser -- creates a circuit for users with traffic hopping through three nodes before exiting. This is an instance of true multi-hop capability, since the providers that operate on Tor do not come from any single service provider (although collusion between providers is technically possible).

Orchid, which aggregates VPN services, offers another multi-hop solution. Whereas Tor lacks an incentive structure to reward nodes, relying on bandwidth that is effectively “donated,” Orchid has developed a blockchain-based architecture designed to provide adequate rewards for VPN providers to offer their services.

Unlike other VPN providers, Orchid is the only service that allows users to include external servers in their multi-hop circuits. Most providers only allow their users to access internal hops. But on Orchid, users can configure an unlimited number of hops with generic OpenVPN and Wireguard configuations from other VPN providers or maybe even a VPN server users run themselves. And users can pay for a randomized Orchid node using prepaid xDAI accounts along with OXT, Orchid's native digital asset. Anyone with an ordinary credit card can purchase a prepaid account for as little as $1. The service for a random Orchid node is pay-as-you-go – thanks to Orchid’s novel system of probablistic nanopayments, users never pay for bandwidth they don’t use.

Orchid users can customize the service to include as many hops as they want. While this does not fully anonymize web browsing, it makes it much more difficult for any one party to track a user’s web traffic.

And it’s easy to configure multi-hop VPN routes on Orchid using a desktop or mobile device. Use the app's menu to navigate to the circuit builder interface, and select "add new hop" to add new servers to your connection. There is no limit to how many hops users can incorporate, and it’s quick and easy to configure a multi-hop route on Orchid.

With multiple hops, only the first node and the last node operators can see any meaningful information: the source and destination of web traffic, respectively. Any other VPN nodes simply see encrypted traffic. While this doesn’t stop service providers from logging if they choose to, it can render the data they collect effectively meaningless. Like sensitive mail, this data has effectively been put through a “shredder,” making it much harder for someone to dig it out of the trash and glean sensitive information.

There is no perfect way to achieve anonymity online. Hops are one of the tools Orchid gives its users to improve and strengthen their privacy protections. Orchid is the first solution to combine multiple hops run by different entities with a properly incentivized, blockchain design that utilizes other innovations such as probabilistic nanopayments. Through this approach, Orchid offers a novel way to combine VPN services together.

Download Orchid today to start exploring freely. Stay curious out there!