What is multi-hop?
This VPN technique helps keep your data secure
If you’re looking to take your privacy protection to the next level while browsing for a VPN, you may have noticed that some of the best VPNs advertise “multi-hop” or “double VPN” in their feature lists. But what exactly is multi-hop, and how does it work?
In a nutshell, multi-hop is a feature of some VPNs that adds extra layers of security and privacy by routing your internet traffic through multiple servers, making it harder for anyone to track your activity.
In this guide, I’ll break down what multi-hop is, how it works, and whether it’s something you should consider using.
What is multi-hop?
Multi-hop is a feature offered by the most private VPN services that routes your internet traffic through more than one server, rather than just one.
In a typical VPN setup, your data is encrypted before it leaves your computer, sent through a tunnel to a single server which acts as your “provider” instead of your ISP, and is then decrypted. The VPN server then sends it on to its final destination.
With multi-hop, your data passes through multiple VPN servers, each adding extra layers of encryption and making your internet footprint even harder to trace back to your home connection.
The primary benefit of multi-hop is that it makes it much more difficult for anyone to trace your online activity. Whether it’s a hacker, your internet service provider, or even a government entity, multi-hop makes it so they have to breach multiple servers to actually monitor your traffic.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
How does multi-hop work?
So, how does multi-hop actually work? Each time you connect to a VPN server, you generate a unique “encrypted tunnel” between your device and the server that nobody can snoop on. Multi-hop chains these connections together between multiple VPN servers.
By routing your traffic through several servers, it becomes much harder for anyone to track your activity. Each server only knows where the data came from and where it’s going next, making it almost impossible to piece together your full browsing activity even if the server is hacked into by an untrustworthy employee or law enforcement. Each link in the multi-hop chain is an entirely new defence against snooping.
How multi-hop is actually implemented depends on your provider. Some just start a new connection for each server, whereas others use something called “Onion Routing”. This starts the data you’re sending with several layers of encryption and sheers one off every time it’s sent to a new “hop” on its way to the destination. When it reaches the final “hop”, the data is fully decrypted and sent onwards. This has the added benefit of ensuring each intermediary server doesn’t know the contents of the data or where it’s being sent to, increasing your privacy.
Multi-hop makes it more difficult for hackers to intercept your data using man-in-the-middle attacks. In these attacks, hackers try to intercept the communication between your device and the internet. With multi-hop, even if one server is compromised, the additional layers of encryption will still protect your data. That's why the most secure VPNs use multi-hop.
For people living in countries with heavy internet censorship or surveillance, where VPNs are banned or restricted, multi-hop can offer an extra layer of protection, too. The issue that multi-hop solves is correlation attacks. Without getting too complex, a correlation attack uses outside knowledge to denonymize a VPN.
If someone after your data has sufficient resources, they may be able to monitor either the VPN networks themselves or the network infrastructure that provides for them. By looking at when certain requests are being sent, it’s possible to tie back those requests to individual users. However, it becomes significantly harder for authorities to trace your activity back to you when your traffic is scattered across multiple servers in different locations.
Should I use multi-hop?
Generally, you should be using multi-hop if you’re concerned about your privacy. There’s one downside to multi-hop, which is that you’re sending your traffic through multiple servers instead of straight to your endpoint.
This will inevitably increase your latency and reduce your bandwidth, although the impact will be significantly less if you’re connecting to say, Sweden through Switzerland, instead of going halfway around the world by bouncing your traffic through Japan and then to the US.
In practice, the impact on your traffic is minimal so unless you’re doing something latency sensitive like gaming or holding a VoIP call you shouldn’t notice the difference.
Now that we’ve got the downsides out of the way, let’s talk about the benefits. If you live in a country where VPNs are banned or where internet surveillance is common, multi-hop gives you an extra layer of protection, making it harder for anyone to track your online movements.
If you're handling sensitive information, such as confidential work documents or private communications, multi-hop provides extra peace of mind by making it harder for anyone to intercept your data.
Multi-hop can also help when you’re trying to bypass geographical restrictions. Using Multi-hop allows you to connect to a high-security server in a country with trustworthy data laws, while still appearing that you’re in the target country from the perspective of the service you’re trying to access.
How to use multi-hop
There’s a few well-known VPN services that offer multi-hop servers, but I’ve found NordVPN’s Double VPN servers provide the best combination of location choices and speed. NordVPN's Double VPN feature works by routing your internet traffic through two separate VPN servers, providing double the encryption.
NordVPN makes it incredibly easy, too, as all you have to do is check out their server list inside the app and choose one of the locations available in the “Double VPN” tab. All of the routing is done for you automatically, so you can just pick the endpoint you need and go.
There’s no need to worry about Double VPN chewing up your bandwidth, either. NordVPN makes Double VPN completely unintrusive using its custom-built NordLynx protocol that ensures faster speeds than OpenVPN without compromising security.
Sam Dawson is a cybersecurity expert who has over four years of experience reviewing security-related software products. He focuses his writing on VPNs and security, previously writing for ProPrivacy before freelancing for Future PLC's brands, including TechRadar. Between running a penetration testing company and finishing a PhD focusing on speculative execution attacks at the University of Kent, he still somehow finds the time to keep an eye on how technology is impacting current affairs.
- Olivia PowellTech Software Commissioning Editor