Brave Browser Researchers Prove that Not All Distributed VPNs Suck

Last updated August 5, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

According to a research conducted and presented by a team of researchers working for Brave Browser, there is a way to design a distributed VPN (dVPN) that performs well, respects the user’s privacy, and features superior relay node management. Back in May, the Brave Browser analyzed various dVPN tools like the Hola, VPN Gate, Mysterium, Sentinel, Nymtech, and Substratum, and found that all of them lacked one or more of the following: a.) privacy, b.) traffic accountability, c.) performance. The team now presents a novel method which they call VPN0, and which is a dVPN that does all of the above three well enough.

VPN0 can control what traffic is transmitted through the relay nodes, but without getting to know the actual content of the traffic. This is done by leveraging a DHT (Distributed Hash Table), which deploys a special lookup service. The nodes announce their whitelists, and clients lookup the nodes that are available to them, all done in a completely private context. After the DHT lookup, the client receives the relay’s IP and an encryption of the accessed service provider’s public key. This proves that the service has been accessed and that it matches one of the entries of the node’s whitelist. The validation of this is finally sealed with a TLS v1.3 handshake.

dvpn_flow

Source: brave.com

On the performance side, VPN0 is based on “chains”, which is practically a series of bounces between nodes. As these bounces occur, the client is still routed towards the domain they are trying to visit with every step. Instead of waiting for a VPN connection with a node that features a corresponding whitelist entry, the client is assigned with a “classic” connection to any node, while the software keeps running in the background looking for a valid exit node. When this happens, the temporary relay chains the two tunnels towards the designated exit node, and the user lands on the target domain without noticeable delays.

dvpn_chain

Source: brave.com

The Brave Browser team tested the VPN0 design in collaboration with BitTorrent DHT and ProtonVPN, and found that it is working as expected in real-world use case scenarios. They have noticed some delays introduced by diverse network paths during DHT lookups, and also a high percentage of negotiation failures attributed to ProtonVPN's protection against frequent switches. These elements, however, are nothing that can’t be fixed in products that are created with VPN0 in mind. DHT lookup and chain selection are bound to be optimized in the future, so it really looks like we have a truly private and well-performing decentralized VPN design to work with in the future.

Have something to comment on the above? Feel free to share your thoughts with us in the section down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: