I’m a netsec student and recently started looking beyond classic centralized VPN architectures to better understand how decentralization changes the security and privacy model. While researching dVPNs, I came across Raccoonline, which routes traffic through a decentralized network of independent nodes instead of provider-controlled servers.

From a security and threat-modeling standpoint, I’m trying to wrap my head around a few things:

• How does decentralization actually change the trust model compared to traditional VPNs?

• Does routing through independent nodes meaningfully reduce risks like logging and single points of failure, or just shift trust elsewhere?

• What new attack surfaces should be considered (malicious nodes, traffic correlation, exit-node risks, etc.)?

• How should a student properly evaluate a dVPN like this without relying on marketing claims?

I’m mainly interested in how to analyze these systems critically — what assumptions to make, what metrics matter, and what common pitfalls students overlook when studying dVPNs.

Would really appreciate insights, papers, or frameworks others here use when evaluating decentralized privacy tools.