VPN Cascading: Cascaded VPN Connections with Multiple Connections are encrypted connections with multiple identity changes that hide the user’s identity and ensure his anonymity.
It is very easy to connect from one place to another through a VPN, but the VPN provider must explicitly support and allow this. HOP (network technology) is the path from one device or server to another.
‘Multi-hop’, therefore, is a connection “made in series” on more than one hop/server/device.
VPN cascades or Multi-Hop VPNs or DoubleVPNs offer advanced technical protection against targeted surveillance by international organizations and secret services.
The purpose of VPN cascades: Improved disguise and less information in server log files
The advantage is significantly improved hiding of the starting points of your data, as well as the fact that no server has sender + receiver. Thus, on no VPN server, in the cascade “sender + destination” are known at the same time. Even log files cannot provide evidence of the transfer of particular data.
VPN Cascading: Explanation of the different types of VPN connections
Simple VPN Connection
With a simple VPN connection, an encrypted data connection is established between the VPN client (user) and the VPN server (VPN service). The users use the IP address of the VPN service for their online activities.
Your own ISP sees a data connection between the user and the VPN server, but it cannot see what content this data is transmitting.
✔︎ Simple VPN connections are standard functionality of all VPN providers.
Simple Cascaded VPN Connection (DoubleVPN)
With a simple cascade connection, the VPN server establishes a different connection with another VPN server. Thus, user data leaves a different server than the one to which the user is connected.
However, since data paths are mostly predefined, international services can predict them. But this is still a significant improvement over ‘simple VPN connections’. In this case, the Internet provider can ONLY recognize the first data connection, without being able to recognize the transported content. However, it cannot understand which server is used.
Multiple Cascading VPN Connections (Multi-Hop VPN)
If there are several cascading connections, the user can decide for himself which routes and how many VPN servers to send their data to. This means that the predictability of data transfer is much lower and therefore also difficult or impossible to control.
In this case, the Internet provider can ONLY recognize the first data connection, without being able to recognize the transmitted content. However, it cannot understand which server is used to use the Internet.
✔︎ Multiple individual VPN cascades are currently only available with ZorroVPN and Perfect-Privacy VPN.
Multiple Dynamic Cascading VPN Connections (Neural Routing)
When redirecting Perfect-Privacy VPN, data is routed differently and dynamically through its own VPN server network, depending on the destination. The main attention here is paid to the fact that the data achieve the goal unpredictably and individually, and also remains in the secure network through the maximum possible route to the target.
This makes monitoring impossible due to the dynamics of the system, and also reduces the risk of the last unencrypted path from the outgoing VPN server to the destination, automatically selecting it.
✔︎ Currently, neuronavigation is only available with Perfect-Privacy VPN.
ATTENTION: Nested VPN connections are not “cascades”
Anyone who creates two or more VPN connections nested inside one makes careless mistakes that will not lead to better anti-monitoring!
A common scenario for revealing users of nested connections
Nested connections can always be attacked using targeted measures, as a result of which an external VPN connection fails using “data injection”. The result is that the IP address of the internal VPN connection changes and it inevitably collapses.
Subsequently, Kill Switch or other protective measures will not operate for several seconds, as an attempt is made to automatically establish a new connection. Then it is very easy to determine the real IP address of the user. The user cannot even notice this.
Two VPN connections to each other can always be unstable.
As data packet headers must be read differently for nested connections, which means significant additional effort for VPN servers.
Managing data packet headers will also create recognizable facts that can cause routers to block this data on the network. Both of them lead to the fact that nested VPN connections basically cannot work constantly stably. Short connection failures are usually not noticed by users, but lead to the reveal of themselves on the Internet.
My advice: do not try to improve your security with nested connections. In the end, you will reach the opposite goal. A simple VPN connection is always preferable to a ‘nested double connection’!
Multi-Hop VPN is the only technical solution that provides the following three aspects of security:
- The VPN server processing/saving the data necessary for research is not used. (source <> destination).
- Possible storage in the log files of the VPN server will NOT be able to identify any links to “user activities”.
- Even if there are targeted long-term monitoring, even of the server as a whole, tracking user activity is completely impossible.
Note: With the “usual type of VPN connection” (from 1 device to 1 VPN server), theoretically, it would always be possible to register the use of the VPN server and all registered users or to track the actions of individual users.
You can also record all incoming and outgoing VPN server connections without direct access to it. VPN server logs (log files) could also log individual users or their actions. These risks can only be excluded from the Multi-Hop VPN.
VPN cascade example
A user logs in to a VPN server in Switzerland. He is assigned to a Swiss IP address, and the channel between the user and the VPN server is encrypted using OpenVPN and 256-bit. From there, the user initiates a connection to a VPN server in Russia with his “Swiss identity”. It also establishes an encrypted connection and obtains the Russian IP address, then the user uses it to enter the VPN server in Brazil … etc.
In fact, the original data traffic is encrypted up to 5 times, and the identity on the way to the destination changes and hides as often. This also means that the second VPN server has already accepted only the credentials of the previous server and can no longer determine the actual user identity.
Why is the VPN cascade more secure now?
The server or router always sees the IP address of the device that connects to it, and where it sends data. This means that the VPN server knows the real IP address of the user, as well as where he sends the data. The first VPN server sees the real IP address in the cascade, but only redirects it to another VPN server. He no longer knows where the final data will end up. The second VPN server recognizes only the last IP address and, therefore, only that of the first VPN server. This means that on this server there is no more information about the user’s real IP address.
If one of these VPN servers is fully controlled, the overview obtained with its help will never be complete! Either the destination or the source is always absent. Therefore, cascades in VPN servers are the safest way to avoid targeted monitoring.
As a result, on 2+ servers (at least 3) the ability to get the big picture is ‘ZERO’. A cascade of more than 3 or more VPN servers is the highest level of protection against traceability.
The TOR / Onion network has a similar structure
The Perfect Privacy VPN provider or ZorroVPN and NordVPN from our test also offer this in an even more complicated way. In addition to multiple nesting, provider technology can also be used to establish a TOR connection, which means that identity is again hidden 4-5 times.
In fact, the entire TOR network is built based on multithreading, but you cannot determine the endpoint in the TOR network in advance and cannot control the possible routes. Besides, most TOR servers, of course, operate privately and therefore have limited bandwidth and services.
|Recommended applications|VPN service name Operating location Panama British Virgin IslandsIsrael Czeck RepublicFrancePanama Sweden Billing location Cyprus Cyprus Switzerland Sweden Local laws influence on clients protection ✔ ✔ ✔ ✔ Operation and billing are separated ✔ ✔ ✔ ✘ Servers location 56 63 25 17 no log files ✔ ✔ ✔ ✔ Own DNS server ✔ ✔ ✔ ✔ Virtual server ✔ ✔ ✘ ✘ Dedicated server ✔ ✔ ✔ ✔ RAM-disk Server ✔ ✘ ✔ ✔ Hardware's owner ✔ ✔ ✔ ✔ Owner of IP-address ✘ ✔ ✔ ✔
|Anonymity in internet|
|Altered virtual location||✘|
|Protection from requests for information||✘|
|General monitoring protection||✘|
|Targeted monitoring protection||✘|
|no log files||✘|
|Prices / Tarifs|
|Number of connections per account|
No other technology provides more protection for anonymity!
As a rule, with each multi-junction connection, due to multiple encryptions, as well as large distances, a decrease in throughput can be expected.
However, Perfect-Privacy offers reasonable services, especially when compared to TOR. The reason for this is that the provider uses special servers for this and provides adequate bandwidth.
The cascades are safe but dynamic cascades are even better!
NeuroRouting ™ from Perfect-Privacy VPN
NeuroRouting ™ calls Perfect-Privacy VPN the latest innovation, which is also based on VPN cascades, but they are dynamic and consistent with the goal. All this happens completely automatically, and the system constantly learns, making it safer and faster.
It is not possible to predict which router the user will use to send or receive the following data, and the data will be stored as much as possible in the Perfect-Privacy VPN secure network. This significantly reduces the risk of tracking through international surveillance measures, prevents attacks on encryption technologies and anonymously anonymizes users!
Terminal ➩ VPN server 1 ➩ dynamically selected VPN server 2 ➩ dynamically selected VPN server 3 ➩ Internet destination
Erstellt am: 02/29/2020