What is a double VPN? Multi-hop privacy explained

The critical limitation is ownership. Both servers belong to the same company. A single provider controls the full chain – including any logs it keeps, any breach that targets its infrastructure, and any government request it might receive.

This is not a good VPN architecture for privacy.

How does double VPN encryption work?

A double VPN applies encryption at each server hop. Data is encrypted on the user’s device, passed to the first server, then re-encrypted before being routed onward to the second server. This wraps data in two independent layers of encryption before it exits to the public web.

Multi-hop routing A privacy technique where internet traffic passes through two or more intermediary servers before reaching its destination. Each hop adds encryption and changes the visible IP address. In decentralized VPNs, each hop is operated by an independent node – unlike double VPNs where one company controls all hops.

→ Nym’s cybersecurity guide: Learn more about how data encryption and traffic routing work with different types of VPNs.

The double-encryption model uses standard protocols such as OpenVPN or WireGuard, which encrypt data using AES-256 – an encryption standard recommended by NIST for classified information.¹ Each server can only process its own layer; it cannot see content intended for the final destination until that layer is removed.

When both servers are operated by the same provider, however, the architectural separation that makes multi-hop meaningful is absent: one entity still holds the full picture.

What is a VPN-over-VPN setup?

A VPN-over-VPN setup chains two different VPN services simultaneously:

1. VPN 1 handles initial encryption and routing
2. VPN 2 receives that traffic and routes it onward to the public internet.

The exit IP visible on the web belongs to VPN 2, which sees only VPN 1’s IP, not your real address. This splits knowledge of your identity across two independent companies rather than concentrating it with one.

Setting up a VPN-over-VPN involves running two clients or apps simultaneously – typically one at the router level and a second on the device. In practice this introduces compatibility issues between different encryption protocols and compounds the latency of two separate hops, with additional cost since both services require separate subscriptions.

For most users, a decentralized VPN that operates across independent nodes by default provides equivalent trust separation without the added complexity, cost, and hassle.

What is a decentralized VPN (dVPN)? A virtual private network where traffic is routed through independently operated nodes rather than servers owned by a single company. Decentralization removes the central point of trust, failure, and logging. NymVPN adds mixnet technology that shuffles and mixes packets with cover traffic to defeat traffic analysis.

Why do double VPNs use multiple servers?

Routing through multiple servers breaks the line of sight between your identity and your activity. With a single-hop VPN, one provider sees both ends of every request. Split across two hops, that view is severed:

1. The first server knows who you are but not where you’re going.
2. The second knows the destination but not who sent the traffic.

The weakness is ownership. When one company controls both servers, a single court order or data breach recovers both halves of the chain simultaneously. The privacy benefit of multi-hop routing is only real when each hop is operated by a party with no relationship to the others: in other words, if the VPN is decentralized.

What are the pros and cons of a double VPN?

Two encryption layers and an extra IP address are genuine improvements over a single-hop VPN. But the table below shows where the gains stop: both hops still belong to the same provider. Hop count is not the same as trust distribution.

Ultimately, the VPN provider’s architecture matters more than the number of servers it controls. Many free VPN services do not encrypt traffic at all, and some inject malware or tracking libraries into user data.²

How does a double VPN compare to Onion over VPN?

What is Onion over VPN? Onion over VPN routes traffic through a VPN and then through the decentralized Tor network, which uses three volunteer-operated nodes before reaching the public web.

Both double VPNs and onion over VPN have multiple routing layers for extra privacy, but they work differently. A double VPN passes traffic through two servers – both operated by one provider. Onion over VPN provides stronger anonymity because the servers are independent and decentralized. However, a double VPN may offer faster and more predictable speeds.

Tor’s distributed volunteer network makes origin correlation extremely difficult but significantly reduces connection speed and reliability. A double VPN is faster than Onion over VPN but provides weaker anonymity guarantees, particularly against a provider that logs traffic.

NymVPN’s 5-hop mixnet sits between these approaches: five hops across independently operated nodes with cover traffic and packet mixing, faster than Tor while providing stronger metadata protection than any double VPN.

Nym’s verdict: Go for a dVPN instead

The instinct behind getting a double VPN is right: everyone needs extra IP obfuscation than what most VPNs provide. But paying for premium features of a vulnerable VPN design is not the right way to go. For ongoing everyday privacy, a decentralized VPN is the more practical choice.

NymVPN is designed for exactly these cases:

• Two VPN modes to choose from, depending on your privacy needs
• Fully decentralized routing with a minimum of 2 servers
• Advanced privacy protections that no other VPN or anonymity network provides, including cover traffic, timing obfuscation, and packet mixing

Is a double VPN worth it?

No, there are better options available!

More hops can mean more privacy, but only if the servers are decentralized. The execution is the problem. Adding a second server from the same company doesn’t change the fundamental architecture: it simply extends a centralized system rather than replacing. Privacy that depends on one company keeping its promises, whether those promises span one server or two, is still contingent privacy.

NymVPN is built to match the privacy level to the actual risk of the traffic. A fast 2-hop mode covers everyday browsing and email. The 5-hop Anonymous mode – with cover traffic, packet mixing, and timing obfuscation – is for the moments where what you do online could be used against you. Both modes run across independently operated nodes: no company controls the full chain.

A double VPN was an attempt to solve a real problem with the wrong tool. Decentralized VPNs solve it architecturally: multi-hop by default, across nodes no single entity owns, with no extra tier to unlock and no single point to breach.

Want to learn more about why NymVPN is more than a VPN?

References

1. NIST – Recommendation for block cipher modes of operation
2. CSIRO/ICSI, UC Berkeley: An analysis of the privacy and security exposure of Android VPN applications (2017)
3. CNET: NSA has backdoor access to internet companies’ databases (2013)