If I wanted to tell you why Orchid VPN is poised to be not only the next evolution of virtual private networks but also a futuristic answer to global online privacy threats, I could tell you its cryptocurrency-fueled decentralized bandwidth market makes it a blockchain-supported VPN-Tor hybrid ready to upend even the fastest, most secure VPN on the market.
And that’s what I’ve been saying since March, but for most people (myself included) it still sounds like I’m speaking cyberpunk marketing gibberish. So, instead, I want to tell you about bootleg whiskey and outrunning the law. Hop in.
LikeRaises the bar on VPN privacyHandles heavy media reliablyIntegrates with other VPNs
Don’t LikeSteep learning curveApp interface needs improvementSlightly unpredictable speeds
Now, if you were going to do any respectable amount of moonshining in the 1920s, you were going to need more than just a bubbling still and a handshake with the sheriff — you’d need a car. And not just any car. What you’d need is an unquestionably reliable machine with massive trunk space and hidden compartments. One that looked as unassuming as a church lady with a basket of biscuits, but one whose engine could — at the toe-tap of a pedal — roar to life with the fury of seven hells and leave cops wondering how to charge you with breaking the laws of physics.
Read more:The best VPN service of 2020
That’s how stock car racing was born. It’s also what the world of commercial VPNs looks like right now. VPN innovations are spurred by a competition to be fastest over long distances, to best hide your product (your data) and to offer the biggest bang per buck. Likewise, VPN companies can be aggressive in their hype-making — their businesses live and die by whether they’ve ever been caught selling you out to a G-man and you’ll find some of them bolster their reputations by swearing their competitors are all patsies.
The toughest part for you in all this, dear moonshiner, is that no matter how good a VPN might seem, you’re still confronted with the core vulnerability shared by every VPN: Since you can’t inspect the routes these VPNs travel and the servers through which your data passes, you’ve ultimately got to risk trusting one. For some of you, that trust is low-risk — you’re just looking for better online gaming or a wider streaming media library. For a slice of you, though, the stakes couldn’t be higher — evading censorship and government snooping in countries where VPNs are illegal can be a matter of life and death if you’re caught.
CNET Apps Today
Discover the latest apps: Be the first to know about the hottest new apps with the CNET Apps Today newsletter.
While I can inspect the nuts and bolts of all these VPNs for you and dig up dirt on the people associated with them, even I can’t see the routes nor track all the shell companies behind their owners. Caveat emptor.
So imagine my face when this latest hot shot VPN rolls into my shop and I pop the hood to find not just an engine but a fractal of engines. Imagine my jaw dropping when I realize this thing isn’t just one souped-up privacy vehicle but a fleet of its competitor cars, each of which is autonomous and paid per mile in anonymized currency to carry a tiny piece of your product in a hyper-coordinated yet seemingly chaotic convoy.
That’s Orchid VPN. It’s changing the nature of VPNs as we know them and resisting all attempts at categorization using my normal testing and review process. No, it’s not ready for the mass market quite yet: It’s not as fast as our top-tier VPN speedsters and it isn’t as easy to handle for new users as some of our trusted standbys. And no, I can’t even give you a specific monthly cost.
But this is what the future of VPN tech looks like. And you gotta see it.
Speed: Reliable performance with data-heavy media
This is normally the part where I give you a slate of speed test scores about a VPN and compare it to its nearest competitor. But it’s hard to get a lock on average speeds for Orchid because it doesn’t test the same. Orchid’s service is unique in that its speed, its security and its cost are all inseparable and interdependent.
My normal speed testing routine includes extended multiplatform speed score averaging across at least five countries and a few oceans. Orchid’s normal client, however, isn’t yet fully available for Windows, so any attempt to average the scores would start out slanted. Also, Orchid doesn’t allow you to connect to a specific country the way other VPNs do. Instead, you’ve got to manually add a “hop” to another VPN server by pasting that server’s configuration file into a screen on your Orchid app. That VPN server can be selected from either from Orchid’s global pool of service providers or from your own current, non-Orchid VPN provider.
The structure looks a lot like Tor’s network, which obscures your traffic by letting you hop between user-run nodes. And while a multihop feature is a security boon in any VPN, it’s not going to give us an accurate baseline speed comparison.
What’s more, anyone can set up an Orchid node on the company’s bandwidth marketplace, meaning the speed of each node you connect to will vary based on what kind of connection its operator is working with. The person running the node also gets to set their node’s bandwidth price.
So I threw my framework out the window and decided to see how much this thing could handle.
Aiming to find the lowest likely base speeds, I loaded Orchid onto an Android device with less processing power than my normal MacOS testing device, connected to Wi-Fi and clocked a non-VPN speed of 372.47 megabits per second. Connecting to Orchid via a single US VPN hop, I pulled 45.5 Mbps. Not as fast as I’d hoped, but a perfectly usable connection speed for nearly any streaming media that yielded zero performance issues (for context, our Editor’s Choice ExpressVPN pulled an average US speed of 66 Mbps, during our last tests). Then I went beyond the default VPN connection and added another cross-country Orchid hop to California, pulling 28.9 Mbps and still streaming video.
A key feature of Orchid is that you can add a server of your choice to your list of in-app hops. So I manually configured an additional OpenVPN protocol hop which would double-ricochet my traffic from California to an OpenVPN server in London for a total of three hops. For any VPN with a multihop feature (especially one sending your traffic overseas and back), three hops should be enough to throw pretty much anything off your trail, but it will slow you down. Sure enough, I was stalled to a sputtering 2.9 Mbps.
Using 5G mobile data, I saw comparable speeds. I measured a non-VPN speed of 212.6 Mbps. With one US Orchid hop, I saw 13.84 Mbps. At two US Orchid hops, I saw 9.82 Mbps. Replicating the same trio of hops described above, I still pulled 1.83 Mbps.
Now playing:Watch this: Top 5 reasons to use a VPN
While you might be able to get some streaming services to work on the slower of those speeds, you shouldn’t count on it. I managed to get HBO Max playing on the slower of the two-hop connections, but it took a few tries. That may have been related to Orchid’s sluggish pace at making that first connection. There’s more lag than you normally find in a VPN app. Two-hop connections were even more touch-and-go about video calls, though voice calls and music apps held steady compared to what you’d see with other multihop VPNs, and I was able to play Netflix.
I was impressed. So, naturally, I tried to kill it.
Working on mobile data only, I took an elevator underground until I was directly beneath 290 feet of continuous-pour reinforced concrete framing enclosed by an aluminum curtain-wall system (in a very chic shade of 1960s turquoise blue), straining my connection until non-VPN test speeds were repeatedly under 60 Mbps. From this location, I kicked on Orchid, opened every data-sucking app I had, loaded media-intensive sites across multiple tabs in all the browsers and ran some tests.
No IP leaks. No DNS leaks. This version of the app may have its glitches, but even when I dragged Orchid all the way down to 0.7 Mbps and taunted it with intermittent signal disruptions, it never exposed my identity and I could still listen to Spotify before the VPN finally guttered out. Never mind speed. That’s performance.
Security: Brilliant combo of Tor privacy and VPN flexibility
One reason I was able to get streaming content on a multihop connection is Orchid’s own home-brewed protocol. While the backbone of its encryption is in the blockchain, Orchid’s protocol is specifically designed to travel on the back of WebRTC — the same technology your browser uses to facilitate high-quality video and audio calls. Not only does this give Orchid an advantage in streaming media content that you’d never be able to get using Tor, but it also makes your traffic look like just another video call.
Some privacy advocates will tell you that, given how opaque VPN corporate ownership is, you might as well just write off consumer VPNs altogether and stick to using Tor. They’re not entirely wrong. Decades have passed without government entities fully cracking Tor’s core technology and exposing users at will.
Tor has its limits, though. Tor traffic makes you stick out like a sore thumb to your ISP and network administrators. Sites can see it too and are often quick to block in-bound Tor traffic. Likewise, the CIA, NSA and FBI have all been known to camp out in Tor exit nodes or set up their own. If that weren’t enough, you can’t transport nearly as much data via Tor as you would a VPN, making voice and video calls nearly impossible over Tor’s network of volunteer-run nodes.
On the VPN side of security, the encryption we normally test with (and which we consider the minimum security you should expect of a VPN) is OpenVPN protocol. It’s generally considered by privacy gurus to be a healthy mixture of speed and security, and its popularity among consumer VPNs makes it a great control variable in testing. But OpenVPN is also getting up there in Internet Years, and has a history of being somewhat vulnerable if not deployed carefully.
Orchid’s protocol is similar to OpenVPN but based on blockchain and, as a decentralized network, Orchid is built to adapt to different types of protocols. Normally, I wouldn’t recommend any US-based VPN company, but decentralized blockchain encryption changes that altogether. Decentralized VPNs, in general, are the next step in end-user privacy tools because their nature prevents any single, central company from being able to keep logs of all of your activity.
And Orchid isn’t the only one out there. Mysterium, Kelvpn, Tachyon, BitVPN and Lethean are all decentralized, peer-to-peer style VPNs aimed at resisting censorship efforts by creating a nearly subpoena-proof network of bandwidth providers over which your traffic is scattered. Orchid is ahead of the field here in several notable ways, among them its contracts with other VPN companies, which allows users to travel on its partner VPNs’ networks.
Ready to upgrade to a mesh router? You’ve got lots of new options in 2020See all photos
The quick and dirty blockchain explanation
If you really want to understand why decentralized blockchain is the next step for VPNs and why Orchid is brilliant, you’ll need to know what blockchain and cryptocurrency actually are. Despite the hype, it’s not that complicated.
A blockchain is basically just an encrypted, tamper-proof ledger for transactions. Everyone gets a copy of the ledger and everyone’s copy automatically changes when someone adds a transaction to their own. You build computer networks on blockchain tech when you need a trustworthy record of information that a lot of people are working with at once — financial trading, digital copies of paper documents, movements in food supply chains and global shipping, or art brokering.
The “block” is a block of data that is added to the ledger when a transaction occurs. The “chain” is the metaphorical ledger itself. Simple.
Cryptocurrencies work on blockchain. Just like paper money has its anti-counterfeiting designs, each unit of cryptocurrency has its verifiable blockchain. When a transaction occurs and a block is about to get added to the chain, a whole network of computers working with that chain jumps in to verify the transaction is legit by checking its math. The first computer to prove the block’s math gets paid.
That’s called mining. It’s how Bitcoin works. It’s also a process that takes too long — imagine standing at a grocery store register for 10 minutes while your cashier calls the bank — and sucks up way too much computing power. But there are thousands of types of cryptocurrencies. One of those is Ethereum. It’s faster because its verification process is different. Using Ethereum, Orchid developed its own cryptocurrency, called OXT.
In a 2018 explainer, CNET’s Stephen Shankland offers one of the clearest and simplest explanations of blockchain I’ve read. I’ve cribbed from him liberally here, but that same explainer was remarkably prescient.
“There’s lots of work to free blockchain from the problems of transaction speed and energy consumption, though,” he wrote. “One idea, ‘proof of stake,’ uses no significant computing power and looks to be the future for the Ethereum Project, which is responsible for the ether cryptocurrency.”
Proof of stake is how Orchid works. And Orchid’s currency, OXT, is based on Ethereum.
As Shankland explained, “ether has popularized a newer idea called smart contracts. These are programs that run on the Ethereum network and take automated if-this-then-that actions. For example, a smart contract could look for the highest bid in an auction at a certain time and automatically transfer ownership rights to the auction winner.”
That bidding system is also how Orchid works and bandwidth sellers are working in that automated, auction-like environment.
The price tag: Cryptohow?
This is normally where I compare costs between VPNs in the same league as the one I’m reviewing. I’d love to do that here. But Orchid again defies simple explanation. There’s no set monthly price and no one is in its league.
Instead, you pay for the bandwidth that you use in OXT and Ethereum, or ETH. The downside is that you’re subject to market changes, so it can be difficult to estimate long-term cost and you’ve got to figure out how it works. On the plus side, you’re only paying for what you use, you’re more anonymous than you would be paying by cash or card and even a heavy data user will find it pretty affordable.
Mercifully, Orchid made the process easier when it obliterated an enormous barrier to entry in July. It now lets you buy your cryptocurrency within the app in semidisposable accounts (think: burner phones but for cryptocurrency wallets) instead of jumping through hoops to set up and connect an outside cryptocurrency account.
To get started, you need at least $4 worth of OXT and $1 in ETH. At current exchange rates, that’ll get you around 60 gigs of VPN service. Not bad.
Now playing:Watch this: What the heck is blockchain?
App improvements needed for wider adoption
I plan to keep fiddling with this service until I know it inside-out, but Orchid has some work to do before I can recommend it as everyone’s daily driver VPN. Privacy hounds should absolutely give this a whirl and get a look at the future of VPNs. But for most of us, the onboarding is a little too complicated, the pricing too much guesswork and the learning curve still steep enough to be a major hurdle to adoption.
By itself, a crypto-financed hybrid VPN based on a bandwidth-trading market is already a hard pitch to make to the average person. This novelty of the underlying tech and its payment method mean the app’s designers are under even greater pressure to create a welcoming, intuitive interface.
The app launches smoothly and its interface is simple and attractively designed. The home screen has one button for connecting and another to manage your hops, while other functions are hidden in a three-bar menu in the top-left corner. While this simplicity aims to create an intuitive experience, I found it too minimalistic where I needed more information and too complicated in places where I needed clarity. The experience left me unsure if I’d done it right, tapping around the app searching for confirmation of some kind that I hadn’t missed a step or misconfigured a connection somehow.
The central button of the app is labelled with a universally familiar power icon that says “connect” when the app is opened, says “connecting” as it works and, when connected, changes to “disconnect.” Once connected, the Orchid icon and its connection status appear at the top of your phone’s home screen.
This would normally be fine design, but the option to stop or start Orchid from the device’s main screen rarely works as intended, the app sometimes freezes while attempting to connect, and sometimes it says it’s connected when it’s not.
To check for data flow, you can access the Traffic Monitor feature in the three-bar menu, but if terms like “TLSv1.2” and “UDP” don’t ring any bells for you, then that screen might not be useful. Glitchiness aside, if you’re new to cryptocurrency, you might also struggle trying to figure out how much currency you have within the app, how much you’re burning at any given time, how the unfamiliar in-app “tickets” work and how to gauge bandwidth value. We’re going to need a little more hand-holding here from Orchid to get us neophytes all onboard.
Likewise, as VPNs are loosely understood to be technology that takes us from one location to another, Orchid could help visually signal that we’ve used the app correctly and that our connection is active by telling us what city we’re now connected to on its main screen, and perhaps for how long we’ve been connected.
It’s not fair that the app interface has so much heavy lifting to do on behalf of the technology, but it’s Orchid’s best vector for removing adoption obstacles and getting more of us where we all need to be for our own good — on a decentralized VPN, leaving trust in the dust and outrunning the all-seeing eye of government surveillance.
CNET Apps TodaySecuritySoftwareApplicationsMobile AppsBlockchainPrivacy