Is Nordlynx snake oil?
Popular VPN provider Nordvpn uses their own VPN protocol based on Wireguard, Nordlynx.
They claim that using Wireguard alone would be less private:
WireGuard alone can’t ensure complete privacy. Here’s why. It can’t dynamically assign IP addresses to everyone connected to a server. Therefore, the server must contain a local static IP table to know where internet packets are traveling from and to whom they should return. It means that the user’s identity must be stored on the server and linked to an internal IP address assigned by the VPN.
and that their solution, based on a double NAT, fixes this issue:
We needed to find a way for the WireGuard protocol to work without posing a risk to our customers’ privacy.
And we found it. We developed something called a double NAT (Network Address Translation) system. This is the key to a secure connection.
To put it simply, the double NAT system creates two local network interfaces for each user. The first interface assigns a local IP address to all users connected to a server. Unlike in the original WireGuard protocol, each user gets the same IP address.
Is their (non-technical) analysis accurate, or are they selling snake oil? At first glance (from a non-professional), it seems to me that they are merely isolating part of their servers from others; all the benefits depend on their server architecture and essentially users are trusting them that they are not being tracked, even though Nordvpn could be lying about their server-side setup.
I googled to see if there have been any independent security reviews of this protocol, but I found nothing apart from what the company claims.
If this scheme really has privacy benefits oven Wireguard, why has the technique not been standardized, and why is it not used more widely?
