Learn everything about Virtual Private Networks
This page functions as a mini «glossary» of VPN terms. It contains basic terminology and concepts, and the protocols commonly used by VPNs.
If you are just starting to explore the VPN wonder world it is highly recommended to read our VPN for Beginners Guide and to visit our Ultimate Guide to VPN Encryption.
Explore all terms surrounding Virtual Private Network technology. From encryption protocols to IP address spoofing, we’ve got it all.
A VPN — VPN stands for Virtual Private Network, is simply a network of computers connected over the Internet. With a commercial VPN provider, users’ traffic is encrypted and tunneled through the VPN, preventing eavesdropping or surveillance, and allowing anonymous and private browsing and downloading of content. The use of VPNs as a means of maintaining digital privacy has increased exponentially in recent years.
Read More: Tips for VPN beginners
Ad Blocker — A browser add-on/extension, or software, that prevents advertisements from displaying on web pages. The majority of these will also help to block ad-based malware and cross-site tracking, which is when companies collect your data across multiple websites.
Adware — Software that is given free of charge but contains adverts and directs users to sponsors websites. Adware can collect user data to be sold for marketing purposes.
AES (Advanced Encryption Standard) — One of the most commonly used encryption protocols, AES-256 is the cipher of choice for the US federal government – hence why you’ll often see VPN providers describe it as ‘military grade ‘. AES is the best encryption standard available to VPN users.
Asymmetric encryption — Any encryption protocol in which the participants create a key pair, consisting of a public and private part. The private key is usually created randomly, and the public key derived through a function.
Backdoor — A weakness that is deliberately built into the software to allow governments and law enforcement (or anyone really) to bypass security encryption, giving them a ‘back door’ to otherwise private and secure information.
Bitcoin — A payment method secured by cryptography rather than institutions. Generally, not controlled by anybody, Bitcoin allows for more anonymous payments than other electronic options.
Blockchain — continuously updated list of records (blocks) used as a public record that cannot be modified. Cryptocurrencies such as Bitcoin use blockchain to record every transaction, and new uses for blockchain technology are being thought up rapidly.
Browser Extension — A plug-in, or add-on, that can be downloaded and installed to your web browser to let it do all manner of extra things. Many VPN providers offer browser extensions – they can be an excellent, lightweight solution to achieving a little more anonymity. In most cases, these are proxies rather than full VPN extensions (see our definition of ‘proxy’ below), so your web traffic won’t actually be encrypted.
Browser Fingerprinting — Browser fingerprinting is an incredibly accurate method of identifying unique browsers and tracking online activity.
Bullrun — A classified program by the U.S. National Security Agency and used to decrypt every communication channel. VPN services and protocols are targeted by Bullrun.
CA — Certificate Authority. When relating to VPNs, this usually refers to a file that identifies which key is considered the authority, or whether a connection to a server is authentic. The Certificate Authority consists of a public and private key.
Cipher — A mathematical algorithm used for data encryption. Modern-day ciphers are almost impossible to crack, even with the help of advanced supercomputers, as they’re made up of incredibly complex algorithms. AES-256 is considered to be the strongest cipher currently available for a VPN.
Client— a desktop computer or workstation that is capable of obtaining information and applications from a server.
Closed Source Software — Closed source software is software that holds the source code safe and encrypted. Meaning, the user can’t copy, modify, or delete parts of the code without some type of consequence. It can go from voiding the warranty to even legal repercussions. Open-source software is software that does the complete opposite
Connection Logs (/ Metadata Logs) — connection logs are used by VPN providers (in most cases) for troubleshooting and dealing with technical issues. Generally, includes anonymous details such as connection time, amount of data transferred, and the number of devices that are connected to the VPN.
Connection speed — The amount of data that can be transmitted in a certain amount of time. Usually measured in kilobit or megabit per second.
Cookies — Small files downloaded by web browsers that store information about certain web pages. Some cookies are used for harmless and useful user experience optimization such as remembering preferences and login details, while others are used to track users across the internet.
Cryptocurrency — A form of decentralized currency that uses cryptography to secure and verify transactions, eliminating the need for banks. Many cryptocurrencies exist, such as Bitcoin, Litecoin, and Etherium.
Cryptography — The study of communications secured by mathematics.
Dark Web — The part of the internet that exists on pseudo Nymity networks like Tor and I2P. The dark web can only be accessed with special software that typically hides the identity and location of its participants.
Darknet — A overlay network that shields users from each other by routing traffic randomly around the world. The darknet allows for hidden services like the Tor and I2P networks. Often used interchangeably with Dark Web.
Data Retention — The policy or law under which a company retains data of its users. In most jurisdictions, Internet Service Providers (ISPs) are required to store information such as browsing history for a few months.
DD-WRT — A Linux-based open-source firmware for wireless routers. It’s a third-party software compatible with numerous router brands, designed to be installed over the default operating system to provide added functionality.
Dedicated Server — A hosting service in which the physical machine works exclusively for a single customer. See also: VPS.
DMCA notice — A DMCA takedown refers to a notice sent because a copyright owner believes someone has posted an infringement and they want it removed without the hassle of filing an infringement lawsuit.
DNS (Domain Name System) — A naming system that maps domain names to IP Addresses. Commonly used as a point to censor and monitor internet traffic.
DNS Leak — Under certain circumstances, a misconfigured VPN connection can lead a user to identify themselves to the sites they visit inadvertently
DNS Server — Domain Name System, translates people-friendly domain names (www.google.com) into computer-friendly IP addresses (1.1.1.1). DNS is especially important for VPNs as some countries return improper results for domains intentionally as a way of blocking that website. When using a VPN, the DNS is handled by the VPN provider rather than ISP.
DRD (EU Data Retention Directive) — The Data Retention Directive is a document issued by the European Union which demands that member states store their citizens’ digital communication data for a period of between six months and two years. Under this directive, authorized agencies must keep records of the IP addresses, timestamps, and other information associated with each email, text, and phone call that their citizens send or receive. This directive was invalidated in 2014 because it violated the EU Charter of Fundamental Rights.
Encryption — Using an algorithm to securely encode data so that it appears like random, digitally illegible information. Once your encrypted data reaches its destination, a cipher is used to decrypt it. There are multiple types of encryption used by VPNs, which vary in strength.
Encryption Key Length — The size of the Encryption Key. Usually denominated in bits. Common key lengths in symmetric systems like AES are 128, 256, and 512 bits. In asymmetrical systems like RSA, keys are usually 1024 to 4096 bits in length.
End to End Timing Attack — An end-to-end timing attack is cybersecurity exploit that allows hackers to identify and make use of vulnerabilities in your encryption system
End-to-End Encryption — a form of encryption where only the users have access to the encryption key, meaning the company providing the encryption service can’t decrypt the data, and therefore cannot be compelled to hand it over.
Ethernet — The dominant standard network connection cable. Infamously dropped by Apple. Such a network is called a LAN.
Etags — An entity tag (ETag for short) is a mechanism that uses HTTP headers to verify unchanged cached resources.
Filesharing — le sharing is the act of sharing documents, images, software, books, and audio/video files over the internet. It refers to public or private, authorized or unauthorized distribution of multimedia content online.
Firewall — A system that monitors inbound and outbound packets between networks and devices. Firewalls come as both software or hardware and are commonly used to protect infrastructure, but can also be used to restrict access and censor content. See also the Great Firewall.
Five Eyes — The name of mass surveillance and intelligence-sharing agreements between nations. Five Eyes members include the US, UK, Australia, New Zealand, and Canada. If a VPN provider is headquartered in one of the countries involved in one of these surveillance groups, it generally follows the data-sharing practices of that group, so it’s usually recommended to select a VPN headquartered outside of these nations.
Free Internet Act — Free Internet Act was the working title of the Freedom of Internet Act, the first crowdsourced piece of legislation that originated from a Reddit post. The Freedom of Internet Act aimed to regulate the use of the internet in four key areas – free speech, censorship, privacy, and copyright
Gateway — All data enters and exits networks through gateways. Gateways are network nodes that connect two networks with different transmission protocols and translate those protocols so the networks can communicate. Nearly every type of VPN uses gateways to connect users to networks
Geoblocking — The process of blocking access to online content, or restricting that content to certain locations.
Read more: What You Need to Know Before Traveling to China and Using the Internet
Geo-Restrictions — Geo-restrictions are the result of geo-blocking, a common internet practice that restricts access to a piece of online content from specific locations. Using a combination of geolocation techniques, content owners can prevent users in certain geographic locations from accessing the content that they own.
Read more: https://www.vpnexperts.com/vpn-guides/unblock-youtube/
Geo-Spoofing — Any attempt by a user to hide or fake their location, perhaps through the use of anonymity networks like Tor, VPNs, or software that relays incorrect GPS coordinates.
Handshake — The handshake protocol is used to negotiate, verify, and establish a TLS session between a client and a server. Encrypted data can only be transferred between client and server once the handshake has been successfully completed
Hardware VPN — A hardware VPN is another type of VPN, which is more expensive than a software-based VPN. However, hardware VPNs provide more security than software, can support more clients, and provide load balancing to those clients. Hardware VPNs are physical appliances with the same features as standard VPNs but suit enterprise use cases better.
Hash function — A function that condenses a file or text into some a fixed length. While the information in the document is lost, the number serves as a unique identifier of the file. They are used to identify encryption keys and software. Because they cannot be reversed (decrypted), they are also called one-way encryption.
History Stealing — Some websites use certain methods and techniques to collect sensitive data about their users’ browsing histories. This is usually referred to as browser history stealing. About a decade ago, websites used a combination of JavaScript and the “visited” CSS selector to determine what sites a user has visited based on the color of the links that lead to them
HTTP proxy — A service similar to a VPN Service. But HTTP proxies will reroute only your browsing traffic.
HTTPS (HTTP over SSL, or HTTP Secure) — Technology that secures your connection to a website with end-to-end encryption. HTTPS needs to be enabled by the website administrator and is quickly becoming a minimum standard for security on the web.
I2P (Invisible Internet Project) — The Invisible Internet Project (I2P) is an open-source internet network built to provide an anonymous, censorship-free browsing experience
Incognito Mode — is a feature that prevents your browser from caching the sites you visit and saving them to your history. When you’re browsing in private mode, your computer won’t save cookies, visited URLs, or form history. This is useful for shared computers as it allows you to hide your activity from others who use the same computer.
Internet Shutdown — Intentional disruption of internet or electronic communications, rendering them inaccessible or effectively unusable, for a specific population or within a location, often to exert control over the flow of information.
IP (Internet Protocol) Address — The unique identifier of a device in a network. A device might be identified within its LAN to the router, and the router identified to the internet. In this case, the router has two IP Addresses, one facing the internet, another facing the LAN. The router performs NAT between the two networks.
IP Count — The number of IP addresses used by a VPN provider. VPNs that have a larger supply of IP addresses can offer higher speeds to individual users. Those with a smaller number of IP addresses may offer slower speeds to users because of that, but it may also indicate a greater percentage of users on the network are sharing an IP address.
IPsec — Internet Protocol Security, an encryption method used in VPN. Requires client software to be accessed by each device. IPSEC is essentially an agreement to encrypt communications between the two devices, which is why L2TP needs PPP for routing. Encrypting all packets between a client and server is not enough to set up a VPN
IP Leak — One of the major reasons that people use a VPN is to mask their true IP address. An IP leak is when the true IP address of a user can be seen despite the use of a VPN
IPv4 — Short for Internet Protocol Version 4. The current default system for defining numerical IP addresses (see our definition of DNS above). An IPv4 address will look something like this: 198.51.100.1
IPv6 — Upgrade of IPv4, due to space constraints. IPv6 potentially allows for each device to have its own unique IP Address, rather than rely on NAT.
ISP — An ISP (Internet Service Provider) is a business that offers access to the Internet. All Internet users access the Internet through an ISP. Popular ISPs include Comcast, Verizon, and AT&T in the United States; Sky, BT, and TalkTalk in the United Kingdom, and Linkem, Tiscali, and BT Italia in Italy.
ISP Throttling – is when your internet service provider (ISP) may deliberately slow down your connection when accessing certain websites.
Jurisdiction — The country in which a VPN provider is headquartered, and to whose laws it must adhere. For example, VPNs with jurisdiction outside of a Five Eyes or 14 Eyes country (see above) are not beholden to the data retention policies of those countries and are generally considered better for privacy.
Kill Switch — A must-have feature offered by most VPNs that kills your internet connection if your VPN connection is dropped for any reason, in order to prevent your data from suddenly becoming visible to others. Get more info here
L2TP/IPSec — L2TP/IPsec is a VPN protocol. Data sent using P2TP/IPsec is encrypted. Supported by Windows, Mac OS X, and Linux.
LAN — Local Area Network. A network of devices that can communicate with each other via an Ethernet cable. A LAN can be connected to the internet with a router.
Leak — When a VPN service fails in some way and exposes what could be personally identifying information or unencrypted user data to either a website, network members or an internet service provider
Logs — Records kept by a service provider. Some VPN providers keep logs of users’ online activities such as connection times and even websites visited. Usage logs contain actual activity when connected to the VPN, whereas connection (aka metadata) logs are records of which VPN service is used, and the times of connecting and disconnecting. Where logs are kept, subpoenas can be issued.
Malware — Malicious software used to disrupt normal computer operation, collect data, or hold computers to ransom by encrypting files (see ransomware).
Metadata — metadata refers to the details of a message that don’t reveal its actual content. For example, when you send a letter, the names and the addresses written on the envelope can be classified as metadata. Many internet and VPN providers say that they “only” log your metadata in an effort to downplay the importance of the information they collect. However, your metadata can still provide a lot of personal information, including your IP address, upload/download volume, and connection details
Multi-Hop VPN (aka Double VPN) — Multi-hop VPN is a feature that routes your traffic via two different VPN servers instead of just one. The goal here is added security – the more points your traffic jumps between before unencrypting itself at the destination, the harder it is to track. It’s a similar concept to Tor.
National Intranet — some countries with strict censorship policies set up their own IP-based networks that only contain information deemed suitable by local authorities. These networks are called national intranets and serve as a politically safe substitute for public internet.
Net Neutrality — Net neutrality is the principle that internet service providers should treat all data the same regardless of its type, content, source, or destination. According to this principle, internet providers shouldn’t engage in throttling practices and limit their users’ bandwidth when accessing certain websites.
Onion — An alternative name of the Tor network, named after its layered privacy. .onion (dot onion) is also the ending of Tor URLs, which are not registered, but generated like an encryption key.
Open-Source Software — Open-source software is a product built with source code that is freely available for anyone to inspect.
OpenVPN — OpenVPN is software that allows a user to connect to a VPN. OpenVPN is very popular, and many VPN providers use it. Most providers offer guides or tutorials for setting up or troubleshooting OpenVPN connections. It is available on Windows, Mac OS X, Linux, as well as devices running Android 4.0+, iOS 3GS+, and others.
P2P — Peer-to-peer refers to a network with no central server; individual users («peers») transfer content to each other. By design, those software shares the IP address of peers, so their users often turn to VPNs to stay anonymous and prevent traffic throttling by their ISP or prevent legal action by copyright holders or rights groups.
Perfect Forward Secrecy — A widely hailed encryption function that uses one of two established key exchanges to create an additional level of security. A good VPN uses Perfect Forward Secrecy to ensure that any stolen encryption keys can’t be used to decrypt past or future internet sessions.
Piggyback Attack – also known as between-the-lines attacks. A piggyback attack is a form of online wiretapping where the attacker hacks into the system via their target’s active, legitimate connection. The attacker then uses the intervals during which the target is inactive to engage in cybercriminal activity
Port Forwarding — Port forwarding is the process of redirecting communication requests from one port to another while they are moving through a network gateway
PPTP — PPTP (Point-to-Point Tunneling Protocol) is another protocol for VPN connections. PPTP does not necessarily require data to be encrypted. It is supported by Windows, Linux, and Mac OS X and offered by many VPN providers.
PGP (Pretty Good Privacy) — Pretty Good Privacy (PGP) is a program that encrypts and decrypts communications and files transmitted over the internet
Proxy — Similar to a VPN, a proxy server can be connected to by a computer before accessing the internet to change its apparent IP address. Unlike a VPN, proxies don’t encrypt the data and are therefore not useful as a security or privacy measure.
Psiphon — Psiphon is a free, open-source tool that allows users to bypass internet filtering and access censored content.
Router — A router is a device that forwards data between computer networks. Most commonly used to connect a LAN or WLAN to the open internet. If the firmware of a router supports VPN protocols, such as DD-WRT, a router can be configured to connect a LAN to a VPN service.
RSA Encryption — RSA encryption is an encryption technology commonly used to secure important communications that are transmitted over the internet. RSA encryption is used by most popular VPN protocols due to its superior security. The algorithm relies on the difficulty in factoring the multiplication of two large prime numbers. Extracting an RSA key is thus very time-consuming and requires a lot of computational power.
Secure Socket Tunneling Protocol — Secure Socket Tunneling Protocol (SSTP) is a VPN tunneling protocol used on Microsoft Windows. whereas SSL does the actual data transmission, SSTP helps the data move through a network of proxy servers and firewalls. This protocol is most often used for remote access to private networks.
Read more: The best VPN for windows
Server count — The number of servers maintained in a VPN’s network. A larger number of servers in a larger number of locations is often a strong indicator of increased speeds.
Shared IP addresses — The assignment of multiple users to a single IP address. Ordinarily, your IP address is unique to your router, so is solely allocated to the devices and people connected to it. A shared IP address makes it more difficult to pin down a single user, therefore increasing privacy.
Sideload — It’s most commonly used when referring to the installation of apps on Android devices that aren’t officially listed on the Google Play Store. In VPN terms, this means installing the APK of your VPN onto an Android device (most likely a Fire TV Stick or an Android TV device) using a file manager app in order to find and load the APK file.
Simultaneous Connections — The number of devices you can use your VPN on at the same time. The more simultaneous connections a VPN provider allows the better, as it means you can protect all of your household or family’s devices, as well as your own.
Smart DNS — A service similar to a DNS service in which a provider will route traffic based on the user’s location and intent, for example, to circumvent geoblocking.
Split Tunneling – Split tunneling is a feature found in some VPNs that allows you to use a public network and a VPN network simultaneously
Spyware — a form of malware that sends the attacker sensitive data about the target’s activities.
SSL / TLS — SSL (Secure Sockets Layer) is a protocol that allows secure, encrypted Internet communication. TLS (Transport Layer Security) is a newer protocol, based on SSL. Most people use SSL/TLS on a daily basis, without realizing it: https uses SSL to encrypt data, preventing traffic snooping. Most banks and online shops use https to protect their customers’ sensitive data, such as their credit card information.
Static IP Address — Ordinarily, the address assigned to you by a VPN is dynamic. That means that it’s randomly assigned every time you connect. With a static IP address, however, you’re guaranteed to be connected to the same IP address every time – a bit like how your home router has the same fixed IP address.
The Great Firewall of China — The most commonly used name for the Chinese government’s vast, advanced internet censorship apparatus. Just as the Great Wall was designed to keep intruding armies out of the country, the Great Firewall is designed to prevent outside the internet from reaching the people of China.
Read more: What You Need to Know Before Traveling to China and Using the Internet
TCP — stands for ‘Transmission Control Protocol’, and it’s one of the two protocols that OpenVPN can run over (the other being UDP). TCP is viewed as the more reliable of the two OpenVPN protocols.
Tor — An abbreviation for The Onion Router, or The Tor Network. Tor is designed to allow completely anonymous communication on the internet by encrypting your data and bouncing it off of several volunteer-run receiving points called «nodes.» Tor was originally designed by the US Navy and is the subject of heated debate among privacy aficionados. Tor is not a VPN, but some VPNs are now offering Tor-compatible services.
Tunneling Protocols — A secure and encrypted connection between your computer and a privacy network, such as a VPN or darknet.
Two Factor Authentication — A two-step authentication process that requires, for example, entering a password AND having a code sent to your phone.
UDP — User Datagram Protocol (UDP) is a communication protocol that allows users to send data packets over the internet. Sometimes used as an alternative to Transmission Control Protocol (TCP), UDP has the ability to differentiate user requests by port numbers
URL — Uniform Resource Locator (URL) is the alphanumeric address of a website (e.g. www.softwarelab.org). In addition to a unique IP address, every website has its own unique URL that you have to type into your browser’s address bar to access the site. Because computers can’t process URLs, a DNS server is used to translate the alphanumeric address into the corresponding IP address and direct your traffic to it.
Usage Logs — A usage log is a file that contains all the information that your internet or VPN provider has collected about your online behavior.
VPN Client — The VPN client connects to the VPN server to establish a secure connection with the internet. VPN clients are controlled by the user and usually installed on a phone, tablet, computer, router, or server.
VPN Protocol — A VPN protocol is a group of processes used by VPN providers to ensure their users can connect to VPN servers quickly and securely. Different VPN services use different protocols to secure their users’ data on the internet
VPN Tunnel — A VPN tunnel is an encrypted connection established between your computer and your chosen VPN serve
VPS (Virtual Private Server) — A virtual private server (VPS) is a shared server that acts like a private one.
Wi-Fi — Wi-Fi connects devices via radio signals to a network, typically through a router. These radio signals can easily be intercepted by anyone, which is why it’s important to use Wi-Fi Encryption or a VPN.
Wi-Fi encryption — Encryption standards to secure Wi-Fi signals from unauthorized interception. The currently recommended standard is WPA2, while WEP is also still widely in use.
Resources:
- https://en.wikipedia.org/wiki/Virtual_private_network
- https://csrc.nist.gov/glossary/term/VPN
- https://www.geosurf.com/blog/vpn-glossary/
- https://searchnetworking.techtarget.com/feature/A-glossary-of-the-VPN-terminology-you-need-to-know
- https://www.expressvpn.com/blog/
Read More: New To VPN? Read Our Complete Guide for VPN Beginners