The VPN industry must change or face losing the battle against censorship
It's now or never

VPNs need to change. This may seem like a strange thing for someone who writes about the best VPNs for a living, but it's true.
Traditional VPNs have been protecting our privacy for well over a decade, but the world is now a very different place and our online privacy has never been more under threat.
Is traditional VPN technology the best it can be? I'm not so sure. I'm not saying the leading VPN providers are unsafe – quite the opposite – but they have limitations and the industry needs to innovate.
We are seeing early signs of this. New VPN providers are launching with unique approaches to VPN technology. We're seeing VPNs team up, beat censorship, and even decentralize.
There's no right or wrong way to progress, and differing approaches have been put forward – but we must begin to think beyond the status quo.
So what do these changes look like? Are they the right ones to take VPNs forward? Let's investigate.
Two hops, two providers
The majority of VPNs work in a similar way. One provider operates hundreds or even thousands of servers. You connect to one, your traffic is encrypted on your device, and then sent through a "tunnel" before being connected to the internet.
To create an additional layer of security, features like Proton VPN's Secure Core and NordVPN's Double VPN route your traffic through two servers, encrypting your data twice and mitigating the danger of a compromised server.
However, a single provider is still overseeing both hops, meaning they can theoretically see your whole journey.
But what if we added a second provider into the encryption equation? This is exactly what Obscura VPN is doing, in a move that could be a game-changer.
It has partnered with Mullvad, one of the most private VPNs, to offer a double-hop VPN operated by two independent providers. The goal is becoming the "best darn VPN out there."
Neither of the VPNs can see your traffic's whole journey. Obscura VPN can only see your connecting IP address, which it doesn't log. Mullvad only connects you to the internet and doesn't see any identifiable information related to your real IP or device.
What impresses me about Obscura's concept is its simplicity, and I'm surprised something like this wasn't launched earlier.
Of course, you do have to trust two providers compared to one, but Mullvad is a VPN veteran with an incredible privacy reputation. Obscura VPN is the new kid on the block, but it's "private by design," and its creator, Carl Dong, says it is "physically unable" to see your personal data.
Obscura VPN and Mullvad both have their own drawbacks, so this clearly is not be the endgame. But they are championing this two-provider idea, and I'd love to see more VPN partnerships like it.
Remove the middle-man and decentralize
Pretty much every VPN on the market is centralized in one way or another. Whether it's one provider or two, there's always a fixed "central point" or "middle-man" which oversees everything.
What if we removed that? NymVPN is a new provider that has done exactly that by creating a decentralized, noise generating, "mixnet" VPN.
NymVPN is backed by Chelsea Manning and its mixnet can be likened to the technology used by Tor. Your traffic is encrypted before being sent through five nodes. A layer of encryption is removed at each stage, and no single node can see your entire traffic or data.
Data packets are split, shuffled, and randomized, with fake traffic or "noise" also being mixed in. This makes it very hard for patterns to be seen and your activity monitored, helping to defend against the rise of AI-led cyberattacks and surveillance.
Decentralized VPNs are great for anonymity, but some believe your privacy suffers – and separating anonymity and privacy is important.
My issue is with the node operators. Although almost all will be genuine and participating in the network for the right reasons, this cannot be verified. Node operators can constantly change and can't be audited in the same way centralized VPNs can.
If node operators are not vetted then anyone can become one, and this leaves the door open for malicious actors to intercept a network posing as node operators.
NymVPN CEO Harry Halpin admits it's possible for your traffic to come into contact with a malicious node, but claims it is "statistically difficult" due to the five hops and added noise. I do agree this risk is unlikely, but it's hard to ignore.
It's up to you to decide whether you value privacy or anonymity more. But if the erosion of our digital rights continues, we may lose the luxury of having this choice – and that's why I am glad a decentralized VPN exists.
More than a VPN
10 years ago VPNs were simply just VPNs. Since then, we've seen an explosion in what products VPNs offer, including the launch of complete cybersecurity suites.
The Nord Security ecosystem contains NordVPN, NordPass password manager, Threat Protection Pro, NordProtect, NordLayer, and the Saily eSIM.
Proton AG has one of the best suites in my opinion, and it's one I use every day. It offers Proton VPN, Proton Mail, Proton Pass, Proton Drive, Proton Calendar – is there anything more you could need?
Proton VPN was actually Proton's second product, with Proton Mail launching first – and both Proton and Nord Security have continued to add and improve their products over the years.
Not much more than a year ago, ExpressVPN's only additional feature was its Keys password manager. Now its suite includes Credit Scanner, Identity Defender, Threat Manager, plus its holiday.com eSIM.
What could be next? It's hard to predict, but we are certainly going to see VPNs continue to add more strings to their bow and offer total cybersecurity protection.
Why change is needed
VPNs must adapt to the issues we're facing today. Our rights and freedoms are rapidly being taken away and VPNs need to stay one step ahead. 4.8 billion people were affected by internet censorship in 2024 – over half the world's population. This is a shocking statistic and one that looks very likely to increase.
Western governments are getting in on the act too. They're after our data and big tech is happy to provide; the U.S. government and Elon Musk's DOGE attempted to access the sensitive data of millions of Americans; and TikTok was banned in the U.S.
Proton VPN's anti-censorship features and NordVPN's NordWhisper are much needed, but I believe a deeper level change is required.
The traditional VPN approach is becoming outdated and internet and VPN blocks are becoming more frequent and sophisticated. The industry must come together and share resources, trial new ideas, and challenge itself.
Only by doing this can VPNs continue to be a lifeline for those in need and champion the right to online privacy.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
George is a Staff Writer at Tom's Guide, covering VPN, privacy, and cybersecurity news. He is especially interested in digital rights and censorship, and its interplay with politics. Outside of work, George is passionate about music, Star Wars, and Karate.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.