We’ve already discussed how VPNs work in our beginner guide, but that’s just scraping the surface of VPN technology. While the common VPN setup allows you to connect to one VPN server in order to encrypt and/or obfuscate your internet traffic, it’s also possible to become even more secure by using two VPN connections at once. This is called “Double VPN”, or in some services “Multi-Hop VPN”, “Chained VPN”, or “Cascading VPN”.
The Basics of Double VPN
Originally, a “double VPN” is just two VPNs connected to each other, and bouncing traffic from one to another. This is what is more specifically referred to today as “Nested VPN” — essentially two separate VPN services connected with each other. This is still available today in custom VPN setups such as companiesSince the commercialization of VPNs, the concept has evolved to mean two different VPN servers in a single network, bouncing traffic to each other.
When you connect to a double VPN setup, your traffic becomes encrypted and anonymized through the first VPN server. Instead of proceeding to the destination server, however, it passes through another server where it is yet again encrypted. The additional bounce makes tracking the source and destination of your traffic almost impossible. Think of it as a mini-version of what normally happens when your traffic bounces through the Tor network. From the destination server, the traffic goes back the same way it came through, being decrypted through the two servers, until everything is finally ready for plain-view access in your device.
Note that using a double VPN does not mean that the attributes of your VPN will double — for example, because your VPN offers only 128-bit encryption does not mean doing a second hop will give you 256-bit security. It only means you will have another layer of 128-bit encryption that will be just as easy to break as the first layer (that’s not to say it’s easy — breaking a 128-bit encryption is still insanely hard).
Advantages and Disadvantages of a Double VPN
A double VPN is more secure. Because it gives you a second VPN tunnel, double VPN setups are inherently more secure than a regular setup. For example, if hackers were to find their way into your device and steal the encryption/decryption key for one server, your data can still remain secure because of the second hop.
It helps spoof your details. When you turn on your VPN, the first entity to notice it will be your ISP. If you have a VPN leak, your ISP can see which site you are trying to access through your VPN, even if they can’t see exactly what is happening between you and that site. Going through a second VPN completely blinds your ISP as to your activity, since they will only see the address of the second VPN server. If you’re in a country with strict censorship laws, you can also get away by making it appear as if you’re accessing only sites from the same geographical region as your second VPN server.
You’re also secure from the other side — some websites can see details of the devices trying to access them, again through a leak. By going through a second VPN tunnel, it’s much less likely for leaks to reveal information such as your IP and your location.
You can mix and match protocols. As noted in our VPN primer, some protocols perform better than others depending on the situation and usage. By doing a double VPN setup, it may be possible to choose which protocols are being used at each hop, potentially increasing certain attributes such as speed or security.
It can be slow. Some VPN servers can drop your speeds by as much as 90%, which can greatly impact your browsing experience — and that’s just on one server. Add a second one and your browsing, streaming, gaming, or whatever activity may slow down to a crawl. Even with fast base internet speeds, your browsing experience is sure to take a hit. Sadly, there’s no real way around this and you’re basically captive by the quality of your VPN provider’s network.
Server choice is limited. Doing a double VPN setup is fairly resource intensive, which is one reason why it’s not something commonly offered by VPN providers. When it is offered, the VPN company usually offers a limited set of server pairing that are meant to handle the double hop. These pairings may either be optimized for speed and performance, or may simply be the most conveniently available servers for other reasons. Again, you are bound by your VPN provider’s network.
Resource intensive on the host device. Doing a double VPN is also resource-intensive on your host device, so you’re likely to see shorter battery lifespans for portable devices, and generally slower performance.
Who should use a Double VPN?
As you see, a double VPN setup can be very useful in a number of scenarios. People who work with very sensitive data, or those whose lives, liberties, or employment depend on online anonymity and privacy (such as activists, journalists, academics, bankers, etc.) should definitely do a double hop everytime they work and even most times when just doing casual online activities. Here, the tradeoff of a faster battery drain and overall slower speeds are worth it if you want to protect things that are more important.
That said, a double VPN isn’t for everyone — if you’re gaming or streaming, there’s absolutely no reason for you to turn on this service. Same goes if you’re doing casual, non-sensitive work or any other regular online activity. In these instances, a regular VPN connection would be enough.
And remember that there’s a reason not all VPNs offer a double hop setup — sometimes true online security can be achieved through a host of other factors that the top VPN providers excel in, and through safer browsing habits. If you’ve carefully considered your VPN provider and your online activities around these factors, then a basic VPN connection would be enough for almost everything.