Is there any value to a multi-hop VPN is both servers are using the same servers? Mullvad offers this and I just wanted to see if this was something worth using. Can i be safer/more secure? And, if it can be, is that worth the latency?
If you want multi-hop I would suggest using different VPN providers instead of using the multi-hop feature from the same provider
That's what I thought too. But it does make me curious why that is even an option if there's no real value to it.
it's just a marketing gimmick, that's all. read @mirimir 's posts on nested chains, vm's & pfsense. you'll figure it out.
If you trust the VPN provider, multi-hop arguably makes traffic analysis harder. But if you do multi-hop with multiple providers, you're distributing trust. That is, neither one can pwn you. Adversaries would need data from both. Or from their hosting providers. That's a key aspect of Tor design. With three relays in a circuit, no one relay can pwn users.
Mirimir's post above this describes what we call "partition of trust" in networking. Makes total sense and its what I use too. However; there is great value in using two or even three servers from the same provider if its a trusted one. The aforementioned "partition of trust" is likely the better model but only IF you assume that two providers would have to be pawned before they get YOUR real IP. Out in the "real world" the issue is not merely a provider being pawned but users making stupid mistakes that even the VPN providers cannot cover you for. 3 letter agencies can monitor all traffic going into and out of a data center. This is outside of any tunnels and frankly outside of the VPN providers control too! The traffic of course is encrypted BUT when your real IP connects to a data center THEY can see it, and record it as well. Over time by doing analysis it is possible to determine where you are going, especially if they are also monitoring the site you are viewing post exit node. It takes time to correlate the activities but advanced software can achieve it with enough input. Now when you add more servers you make the analysis extremely more complex. The software doesn't get to just try and correlate the established exit IP with all known incoming IP's to the related data center (one hop analysis). There are now multiple servers allowing bouncing over many countries throughout the globe. In other words the CORRELATION is now major calculus and not simple arithmetic. Remember that all this has NOTHING to do with being inside the encrypted traffic at all. If you only have access to ONE great quality VPN provider and want to take the time to setup using two or three of their servers by establishing your own routes (much better than the cookie cutter ones that are all known) you would be way ahead of a one hop setup. A two hop VPN route followed by TBB in a VM is a solid and safe approach. Not discounting use of two providers if you have access. Just saying that examination from the OUTSIDE is where many get pawned, not only by the tunnels being broken into where crappy providers exist. Get the best VPN provider you can afford and then setup multiple hops and TOR. Its easy and pretty safe.
Too many hops will slow you down. IMO running a VPN from a host machine and running another VPN inside a VM is more than adequate. Of course both VPNs are from different providers. TOR is just...... slow
