Conventional VPN
A conventional VPN establishes an encrypted tunnel between a user’s device and a centralized VPN server, enabling secure access to private networks over the Internet. This tunnel hides the user’s IP address and secures the data transmitted between the client and the server, which is particularly useful for remote work or accessing geographically restricted content.
However, one of the significant downsides of a conventional VPN is that it does not necessarily guarantee privacy. Since all user traffic is funneled through a centralized server, that server can log user information and monitor activities. This means that, rather than being completely anonymous, the user is essentially trusting the VPN provider with a detailed record of their online behavior. In some cases, these logs might be stored indefinitely or shared with third parties, which poses a risk to user privacy.
In addition to privacy concerns, this centralized architecture also creates a single point of failure and potential performance bottlenecks. If the VPN server experiences issues or is compromised, users could face degraded service or exposure to additional security threats. This reliance on a single server or a limited cluster further underscores the importance of considering alternative architectures for those who prioritize both security and privacy.
How is VeilNet different?
VeilNet is fundamentally different from conventional VPN. As shown by the demo topology, VeilNet is essentially a distributed dynamic network without a single point of failure and relays user traffic across multiple hops. This not only improves the reliability of the VPN service but also makes logging user activities impossible by design. The head Rift node where the user data enters the Veil does not have any information about the final destination of the data because it is encrypted by a unique and dynamic encryption key only know to the tail Rift node, where user data leaves the Veil. However, the tail Rift node is not where the user directly connects to the Veil, it is impossible for the tail Rift to know any identifiable information of the user. Therefore, even if each Rift maintains a log, none of them will be able to show the activity of the users, not to mention all meta information is also encrypted by a domain secret only know to the user. Did I mention all encryption key is shared via Kyber KEM, a post-quantum encryption key encapsulation algorithm? 🙂
