One of the biggest trends right now is to put everything on the blockchain. It was just a matter of time, then, until a VPN service would pursue the siren song of decentralized public ledgers. That VPN’s name is Orchid from Orchid Labs and it has some serious development muscle behind it, including Jay Freeman, aka Saurik. Longtime iPhone users will remember Freeman as a leading voice in the iOS jailbreaking community and the developer of Cydia, the app store for jailbroken iOS devices.
Other co-founders include Dr. Steven Waterhouse, co-founder of Pantera Capital; Brian J. Fox, creator of the GNU Bash Shell; and Gustav Simonsson, a former core developer on Ethereum.
Note: This review is part of our best VPNs for Mac roundup. Go there for details about competing products and how we tested them.
There’s a lot of capability on this team, and they’ve come up with an interesting product. If you don’t care to know about cryptocurrencies or the blockchain, you can let all of those details happen in the background.
If, however, you’re a cryptocurrency fan, well, why are you still reading this? Just head over to Orchid’s website and get going. For the rest of us, let’s see how Orchid works in practice and how this VPN performs.
Paying for Orchid
Orchid isn’t your typical VPN, where you pay a flat monthly or annual fee for unlimited bandwidth. Instead, you pay in cryptocurrency on a per-packet basis. We’ll briefly get into how this works later, but it’s important to understand that you have to buy what are essentially credits to use Orchid. The service’s credits are a cryptocurrency called OXT, which is based on Ethereum. You can buy OXT on an exchange or you can buy OXT straight from the Mac App Store in one of three bundles.
A basic light-browsing bundle costs $40, a medium-usage bundle is $80, and the heavy-user bundle is $200. Alternatively, cryptocurrency veterans can buy OXT on exchanges such as Coinbase, Bitcoin.com, Binance, and others. Then you just add the funds to your cryptocurrency wallet, set up an account with Orchid, and you’re good to go. The beauty of this approach, while more complicated, is that paying for Orchid directly provides extra anonymity compared to buying a bundle with your credit card from the App Store.
The problem is that it’s hard to say how much VPN usage you get for your money. Orchid says the cost is around 3 to 8 cents per gigabyte. The company figures that if a family were to funnel about 350 gigabytes per month through Orchid it would end up costing between $10 to $30.
That wild range in pricing is in part because you may not actually pay anything from your OXT credits for a while. Instead of paying outright for each packet, Orchid payments happen on what is essential a lottery basis, a scheme called “probabilistic nanopayments.”
Every time a user connects to a provider they send along a digital ticket. Just like in Charlie and the Chocolate Factory some of those tickets are “golden” and return OXT to the bandwidth provider. Most tickets, however, do not.
Bandwidth providers only make money when they receive a golden ticket, and users only pay out when they’ve delivered one. Neither side knows whether they have a winning ticket until it’s received, but the system is weighted in such a way that over the course of a week or a month, providers get value returned for their investment and users pay out relative to their usage.
It sounds complicated, but that’s cryptocurrency design for you.
One excellent thing about using Orchid is that there’s no requirement for an email address or even a username or account number. That doesn’t mean it’s perfectly anonymous (especially if you pay for Orchid via the Mac App Store), but if you get your own OXT it’s a far cry better than most VPNs.
Using Orchid is a snap
When you first open up Orchid it’s pretty straightforward. There’s a good-sized Connect button, as well as a Manage Profile button. Click the latter, and you can purchase a bundle for your first hop, add a WireGuard or OpenVPN configuration, or link an Orchid account if you bought OXT directly off an exchange.
After that, connecting to the VPN is easy. You just click the Connect button and that’s it. There are no choices for countries or regions, and in my experience, all servers were in the United States.
The decentralized part
Orchid is very similar to The Onion Router (TOR) project in that you connect to the VPN through a series of “hops.” Each hop is a different server, and it’s up to you to decide how many servers you want to hop to before hitting the open internet. By default, you use a single hop, which is just like any other standard VPN.
Additional hops can include more servers from the Orchid network, or you can add your own servers running WireGuard or OpenVPN. In our tests with an Algo-created WireGuard server, this latter feature didn’t really work, but Orchid has since discovered and fixed the issue we were having.
Since Orchid is a decentralized VPN service, it doesn’t run its own servers. Instead, it relies on third-party providers who at this writing included standard VPN services such as Private Internet Access, Boleh VPN, Liquid VPN, and VPNSecure.
In theory, anyone could become a third-party provider, including you, dear reader, but there’s a catch. You can’t just throw up a server (or old laptop) and start funneling traffic on the network the way you can with TOR. Instead, you have to provide a “stake” of OXT, which is exactly what it sounds like. You put up some money to prove you’re invested in the network, and then you get traffic and rewards for providing bandwidth. The more you stake, the more potential rewards come your way. Extracting your stake is no simple business and can take up to three months after you stop providing access.
Security and privacy
Orchid uses its own VPN protocol based on WebRTC. If you’re not familiar with it, WebRTC is a computer-to-computer communication standard for video and text chat. It’s built into browsers like Chrome and Firefox and let’s you talk to people directly over the internet without using a third party like Zoom, WhatsApp, or Skype.
The Orchid protocol uses the same WebRTC encryption used by Chrome, which is ECDSA P-256 SHA-256.
As this is a decentralized network, your online activity falls under the privacy policies of each provider. That means you’ve got to be able to trust each and every one since you cannot choose a server to connect to like you can with a standard VPN. We asked Orchid if it plans to provide location and server choices, the way a regular VPN does, and the company says it currently has no plans to do so.
We’ve reviewed a few of Orchid’s VPN providers over at PCWorld and will be looking at others in the future.
We don’t know how many servers are in the Orchid network, but in our time using Orchid we found the speeds were moderate to fair, but not outstanding. We’d be comfortable using Orchid for streaming and other basic web browsing, but gamers and others relying on high-performing servers may be disappointed.
Our tests had to run a little differently than usual since there are no country locations to choose from. So we did a smaller version of our standard test, running the VPN multiple times on multiple days. All connections were in the United States. In the end, Orchid maintained about 10 percent of the base speed, hitting around 10Mbps. As we said, it’s fine for basic browsing and video streaming, although it doesn’t support bypassing Netflix’s VPN filters.
Who is Orchid for? That’s a good question. Right now, it’s best suited for anyone looking to use a VPN for the purposes of anonymity, but who also know how to manage their best shot at anonymity. Just like TOR, the final hop before you hit the open internet has the potential to decrypt your traffic, especially if you’re not forcing HTTPS connections with something like HTTPS Everywhere.
Orchid recommends using two or three hops to max out your anonymity, but if any of those hops can be traced back to you, because, say, you’re running your own WireGuard server on a cloud account in your name, then, well, that’s that.
Regular users who are just looking for a simple VPN could also use Orchid, since you never need to touch the cryptocurrency side; however, Orchid offers no option to choose a specific location, and it doesn’t support Netflix. Plus, $40 is a lot to pay upfront and is the equivalent of six to eight months of an annual subscription to a VPN with unlimited traffic.
Orchid is an interesting idea, and fans of cryptocurrency will certainly find a lot to like, but right now it’s not something we see having mass appeal.
Editor’s note: Because online services are often iterative, gaining new features and performance improvements over time, this review is subject to change in order to accurately reflect the current state of the service. Any changes to text or our final review verdict will be noted at the top of this article.