VPN Glossary: Useful Terms to Know
Photo from Unsplash
Originally Posted On: https://www.alwaysvpn.com/guides/vpn-glossary
There are dozens of VPN components to get straight and understand. Many of these act as a single ingredient of a larger recipe that cooks up a secure and private network for users—also known as a VPN. Our glossary includes 90 terms to clear up any confusion you have on common VPN terminology that explains how a VPN works, why they exist, and how they’ve developed over time.
A software program—often packaged as a browser extension or add-on—that blocks or partially prevents advertisements from displaying on web pages. Some ad blockers can also block ad-based malware and cross-site tracking.
Advanced Encryption Standard (AES)
A symmetric encryption protocol that uses the same key to both encrypt and decrypt data through text encryption before it’s sent through a network. There are three lengths of AES encryption keys (128-bit, 192-bit, and 256-bit), which can be represented with varying lengths with letters and numbers. It’s one of the most commonly used encryption protocols on the VPN market today as it’s nearly impenetrable. Any decent VPN will use this encryption standard to secure their network.
In the context of web browsing, your activity is not traced back to you or your IP address. You’re essentially anonymous from any virtual tracking and cannot be identified.
An encryption protocol where parties create a public key and a private key to exchange and receive encrypted messages. Private keys are randomized while public keys are created through a procedure. Public keys are required and safely exchanged while private keys stay with the owner’s device.
A virtual currency allowing for more anonymous transactions through a P2P (peer-to-peer) network. This decentralized payment method can be used by customers to purchase a VPN to add an extra layer of anonymity. So, the VPN will not know the name and contact information through each transaction.
If you regularly do cryptocurrency trading, then we highly recommend using a VPN to keep your crypto investments secure.
A P2P (peer-to-peer) protocol used to download and share files efficiently through the internet. To access these files, BitTorrent software is needed, along with a small torrent file that contains the information on the desired contents. Essentially, the protocol makes downloading large files a quicker process by breaking down the downloads into smaller torrent files—generally compiled by crowdsourcing. Be aware, your IP address can be tracked by other downloaders, so we highly recommend using a VPN for torrenting.
In relation to cryptography, a block is one section of a blockchain (digital ledger). It’s nearly impossible to hack or change without a personal key, which is why most cryptocurrencies use this technology to record transactions. One block can consist of anywhere from 1 to 3,000 transactions on average per day.
An up-to-date list of blocks that are used as a public record and cannot be modified. Blockchain is commonly used by cryptocurrencies to record transactions.
A downloadable program that is an add-on or plug-in for major web browsers, such as Google Chrome, Safari, and Firefox. These programs typically provide extra functionality and solutions for certain issues through a web browser. Many VPN providers offer web browser extensions to increase a user’s anonymity when they’re browsing the internet.
Certificate Authority (CA)
An SSL secured website with a connection secured by SSL/TSL encryption is validated by a Certificate Authority (CA). These websites also present your browser with an SSL certificate and a padlock icon in the URL bar. Meaning, the website you’re visiting is assumed to provide an authentic and secure connection.
In regards to VPNs, CA commonly recognizes genuine servers or refers to a file that identifies which key is the authority. These keys include a public key (given to a user) and a private key (a secured file owned by a VPN provider).
The suppression of public information and speech carried out by authoritative governments, private institutions, or powerful individuals. If you live in a country that enforces censorship, we highly recommend using a VPN for anonymity when expressing free speech or attempting to access restricted content.
An encryption algorithm that encrypts and decrypts data between a user and a server. In the VPN world, AES-256 is known as one of the most secure ciphers on the market.
Used as a shared benefit, the Cloud refers to online services and software that run virtually on the internet, rather than on local hardware.
These logs typically contain anonymous data, such as connection times, amount of data used, and quantity of connected devices to a VPN. VPN providers mainly use these for troubleshooting technical issues brought up by users. However, check your provider’s logging policy to ensure that this information is anonymous if stored.
Small text files on your device that are used for many reasons, including website preferences, user-experience optimizations, remembering login information, and tracking. Web browsers store this personal information when you visit a website to remember your device and details on your activity. We recommend using a VPN to hide your cookies and keep yourself anonymous while browsing the internet.
Born out of the 2008 financial crisis, cryptocurrency eliminates the need for banks because it acts as a form of decentralized currency to secure and confirm transactions. Common examples of cryptocurrency include Bitcoin, Litecoin, and Etherium.
Also known as a payload, this is a unit of data that travels through a network path from a sender to a receiver. It can contain everything from a user’s search query to their IP address origin and the destination IP address. A VPN works to encrypt a data packet, so a user’s personal information isn’t open for all eyes to see or access.
A company’s policy or a law to retain the data of its users. In most cases, internet service providers (ISPs) store user data, such as browsing activity and IP addresses.
An open-source firmware for internet routers, typically providing more control and personal preference options for your router. Many VPN providers offer this software for DD-WRT routers so all devices connected to the router will automatically tunnel through a VPN server.
A cyber attack that overwhelms a server with requests, messages, or other pieces of data from outside sources. The server then reaches a point where it is unresponsive and can no longer function. Oftentimes, gamers will use this tactic to slow down their competitor’s internet connection to win a game. To avoid this, consider using a gaming VPN to secure your connection.
Deep Packet Inspection (DPI)
An advanced technique to analyze and observe web traffic. Certain governments typically use this method to censor the internet for their citizens by monitoring their data packages and checking for malicious content or unsolicited recipients.
Deep Web & Dark Web
While used interchangeably, these two terms mean different things.
The Deep Web refers to all the websites not indexed or found on regular search engines like Bing or Google. These websites end with the suffix .onion rather than .com or .gov and can only be accessed through private networks including Tor (The Onion Router) or I2P (Invisible Internet Project). On the whole, it is completely legal to access sites on the Deep Web. In fact, it’s the main avenue for most people living under oppressive governments, and some VPN providers like NordVPN even have .onion mirror versions of their site for them to access on the Deep Web.
In contrast, many sites on the Dark Web are illegal. This is a section of the Deep Web that’s mostly used for illegal activity, which is why we recommend staying away from it entirely.
This term refers to the Digital Millennium Copyright Act. A DMCA notice is an alert of any copyright infringement sent to an ISP or content owner. For VPN users, DMCA notices are sent to their VPN provider because their IP address is from a VPN server rather than their ISP. Many VPNs do protect their users from copyright holders, but some do not. Therefore, we recommend checking if your VPN provider allows torrenting on its servers.
DNS (Domain Name System)
A naming system that translates web addresses (URLs) into numeric IP addresses. This method is usually performed by a user’s ISP, making every website you visit known to your internet provider. When a user is connected to a VPN, all DNS requests are routed through a VPN tunnel and translated by the VPN provider instead of the ISP.
A hacker intercepts traffic by redirecting the victim to a malicious site disguised as the authentic one they’re trying to visit. In some cases, these sites are designed for phishing and can steal private information or login credentials to your account. A reliable VPN can protect you from DNS hijacking and create a secure tunnel between your device and the DNS server you want to access.
When a VPN connection fails or is incorrectly set up and leads to DNS requests sent to your ISP. Which then exposes your web traffic and real IP address. The best way to avoid this is to install a secure VPN with DNS leak protection.
Also known as the Data Retention and Investigatory Powers Act 2014, which requires ISPs to track and keep records of their users’ web browsing activity in the United Kingdom. ISPs must give access to this data to law enforcement upon request without judicial supervision.
Dynamic Host Configuration Protocol (DHCP)
This is the method used by routers to automatically assign IP addresses to connected devices.
Encrypted Server Name Indication (ESNI) & Server Name Indication (SNI)
SNI is an internet standard that allows a server to host multiple websites under one IP address. All of this data is unencrypted, making one vulnerable to cyber attacks. ESNI is a solution to this by keeping data encrypted throughout web browsing. The process is secured between the server and user and can only be decrypted with a private key.
The process of turning data into cryptic code to prevent unauthorized parties from accessing it. Generally, your internet data and activity is not encrypted, making it vulnerable to potential hackers and cyber threats. For increased security, it’s important to use a VPN to protect your right to privacy.
In some encryption cases, a key is required to decrypt data or information. Keys are typically a string of random numbers and exchanged between two parties to decrypt the intended message.
This encryption standard only allows access to encrypted data between the two intended parties—i.e. the sender and receiver. Commonly, encryption keys are needed to decrypt an encrypted message, which prevents any third parties from accessing your private data.
A prominent service example that utilizes end-to-end encryption is an email encryption provider. These services offer the ability to send and receive encrypted emails to keep sensitive information within these messages private.
A system used for monitoring inbound and outbound traffic between a network and connected devices. Firewalls are commonly used to protect infrastructure, censor the internet, and/or restrict access to certain websites. The most infamous one today is the Great Firewall of China, which only a few premium VPNs can successfully bypass today.
An intelligence group consisting of five governments: the United States, Australia, Canada, New Zealand, and the United Kingdom. These governments work together to collect surveillance data on security threats and to circumvent laws that prohibit them from spying on their citizens. A general rule of thumb is to avoid using a VPN based in one of the Five Eyes.
Paths that connect two networks and translate their unique transmission protocols, so they can communicate with each other. All internet data enters and exits a gateway, and most VPNs use these to connect users to securely access networks.
Restricting access to online content, based on a user’s location (i.e. IP address). Companies typically use this mechanism to put geo-restrictions in place so a user cannot access illegal content due to copyright licensing or local laws. Many streaming services like Netflix and Youtube use geo-blocking, but many have found VPNs for streaming to circumvent these restrictions.
The act of using a VPN, proxy server, or SmartDNS to hide your real location and appear as if you’re in a different location to bypass online geo-restrictions.
Great Firewall of China
The nickname used to refer to China’s “Golden Shield Project,” the government initiative that combines legal and technological tools to regulate the internet within China’s borders. Under the guise of “information sovereignty,” this censorship project uses various methods to monitor, censor, and eliminate dissenting information within the country as well as block out content outside China’s border. A few tangible examples of the Great Firewall (GFW) at work include IP blocking that bars IP addresses from VPN servers and other flagged domains, facial and speech recognition that tracks and monitors citizens, and packet filtering that scans data for certain keywords.
This protocol is a negotiation to verify and initiate a TLS/SSL session between a user and a server. In the VPN world, this establishes an encrypted connection where the transferred data can only be accessed by the user and server once the handshake has been validated.
A physical gadget that provides security and privacy for internet-connected devices. Compared to software-based VPNs, hardware VPNs offer wider support at an enterprise level, which typically costs more than VPN applications.
A protocol that performs similar to a VPN, but is designed solely for web browsing. When calling on a particular website, an HTTP proxy will filter out suspicious content like malware before accepting a request to open a website. However, when you access websites via an HTTP proxy, your online activity is not secure. For this reason, we recommend only accessing websites using an HTTPS proxy.
This protocol is the second iteration of an HTTP proxy and uses SSL for end-to-end encryption. An HTTPS proxy is designed to secure personal data while browsing the web – the “S” here standing for “secure.”
Internet Key Exchange version 2 (IKEv2)
IKEv2 is a popular protocol that offers a good balance of fast connection speeds and strong encryption. There are no known security flaws, and it’s a stable option that’s quicker than the majority of the VPN protocols. When paired with IPsec, IKEv2/IPSec uses a Diffie–Hellman key exchange algorithm and supports AES 256-bit encryption, making it nearly impossible to penetrate.
Internet Protocol Security (IPsec)
This VPN protocol is commonly paired with other protocols such as IKEv2 and L2TP and enables security directly on the IP layer. It requires installed software by each user to encrypt data packets individually. This essentially works as an agreement to encrypt communication between two connected devices. IPsec uses UDP because this allows IPsec packets to get past firewalls. It can work in either Transport mode or Tunnel mode, with the latter the default option. (Tunnel mode encrypts the entire data packet, while Transport mode is ideal for secure communications.)
IP (Internet Protocol) Address
Each internet-connected device is identified with a unique numerical combination known as an IP address, which translates your physical location to ISPs and websites you browse. To enhance your privacy, we recommend using a VPN to hide your IP address and prevent any location tracking on your device.
This occurs when a VPN connection fails or briefly drops and exposes the true IP address of a connected device. We recommend using a VPN that offers DNS and IPv6 protection to prevent IP leaks from happening and revealing your IP address to websites and other online snoopers like your ISP, hackers, and government surveillance agencies.
This internet protocol is the current default system that defines numerical IP addresses like 188.8.131.52. Since the rapid growth of the internet continues, IPv4 addresses are running out because they only support a maximum of 32-bit address schemes—meaning there are 232 addresses available (about 4.3 billion). Now a new internet protocol is stepping in as the solution called IPv6 (below).
This internet protocol is essentially an upgraded version of IPv4 addresses. IPv6 uses 128-bit addresses, therefore expanding the number of available addresses to 2128 — giving the internet a healthy supply of addresses for the foreseeable future. IPv6 is still in the early stages and many VPNs have not enabled processes to route IPv6 traffic through their private tunnels.
ISP (Internet Service Provider)
The company that connects your device to the internet. ISPs in many places, like the US and the UK, are required by law to track and store records of their users’ metadata for law enforcement access if needed. ISPs also monitor DMCA notices for copyright holders to punish repeating offenders.
To keep your internet activity private, use a VPN to encrypt your metadata. This will prevent your ISP from tracking and monitoring everything you’re doing on the internet.
When encryption keys are exchanged to establish encrypted channels. For example, the asymmetric encryption protocol initiates a key exchange using a public and private key to receive the encrypted message.
A highly sought-after VPN feature that kills your internet connection when your VPN connection drops off. This will prevent your IP address and data from being leaked to your ISP and other third parties.
A combination of two protocols that includes a VPN tunneling protocol (L2TP) and an encryption protocol (IPSec). L2TP is not encrypted, which is why it’s usually combined with IPSec for an extra layer of security. There are rumors it’s not the most reliable combination due to the possibility of it being compromised by the NSA. However, some VPN providers still offer it as an option due to its high level of encryption.
ExpressVPN’s proprietary VPN protocol launched in the summer of 2021. Lightway uses wolfSSL encryption standard and a lightweight code base to secure users’ connections. It’s proven to be fast and easy to use, but it’s still very new to the market and needs further vetting before we can fully recommend it to users.
Logs are data records related to your online activity that are kept on file by an ISP or VPN provider. These records commonly include websites visited, connection times, and IP information. Some VPN providers claim to keep zero logs on file, while others do keep connection and usage logs on file. In some cases, logs are harmless and are only kept on file for solving technical or maintenance problems.
Malicious software aiming to harm and disrupt computer systems. In some cases, hackers use malware to steal data or even threaten ransom by encrypting files. Various malware types may include viruses, ransomware, and spyware.
Man-in-the-Middle (MitM) Attacks
These attacks involve a cybercriminal who acts as a “man in the middle” to intercept and/or decrypt a user’s message using an open network. Typically, these attacks occur in public areas with free WiFi or in some residential networks lacking strong password protection. Once an attacker gains access to a vulnerable network, they can use tools to intercept and read a user’s transmitted data. In worst cases, a user’s banking information, login credentials, or other personal information can be accessed.
The type of VPN for mobile devices. Mobile VPNs aim to provide service to devices that always move between different physical locations and connect across multiple hotspots and cellular networks.
Multi-Hop VPN (aka Double VPN)
A VPN feature that routes your internet traffic through two different VPN servers instead of one, similar to Tor. The goal of this feature is to add an extra layer of security. However, due to the extended routing process, user connection speeds are much slower when using Multi-Hop functionality.
The act of disguising VPN-enabled web traffic as though a VPN is not being used. Some countries have laws against using a VPN, so this feature is important to bypass censorship blockers.
Software with source code that is freely accessible for anyone to inspect, modify, and distribute. Open-source VPNs can be useful for security enthusiasts to test a VPN to check for any vulnerabilities and intelligently rate its reliability for other potential users.
The most widely used VPN protocol on the market. OpenVPN is an open-source protocol that has grown as the most popular encryption method among VPN providers. It works through a two-part encryption process, which includes data channel (secures data) and control channel encryption (secures the connection between a connected device and VPN server).
This refers to a network where two parties can share and exchange files with each other, rather than obtaining them through a central server. In most cases, P2P involves torrenting or exchanging cryptocurrency between two connected devices. Many VPNs support P2P sharing, so if you’re looking to download many files to your device, it’s worth finding a provider with P2P compatibility.
Perfect Forward Secrecy
An encryption standard that increases the security of HTTPS connections by creating a brand new encryption key for each session. Should a hacker ever gain access to your keys, they would only have access to your most recent session.
Commonly, port forwarding relates to improving torrenting speeds by setting up a gaming server to your device. This works by forwarding traffic through certain ports to block out unwanted traffic from other ports.
PPTP (Point-to-Point Tunneling Protocol)
The older brother of SSTP, point-to-point protocol (PPTP) has been around since the Windows ‘95 era. As one of the oldest VPN protocols, PPTP has been noted to have security issues and offer weak encryption. Some cases even mention the NSA being able to crack into PPTP connections. So, we recommend only using it when there is no other option available.
A proxy server is similar to a VPN provider but acts as a service between you and your network destination—and without encryption. So, it’s vital to note that proxies are only temporary solutions that mainly work to hide your IP address.
A form of malware that encrypts your files and will only release the encryption key when the victim sends the demanded ransom payment.
When a user accesses their organization’s network from a remote location. Some VPN providers offer remote access so company employees can access files through a secure VPN gateway. This method typically requires user authentication to keep files out of the hands of non-employees.
Secure Sockets Layer (SSL)
A protocol used to secure a user’s network by establishing an encrypted connection between two devices. This ensures that data tunneling through both parties is secure, private, and prevents cyberattacks from malicious parties.
Secure Socket Tunneling Protocol (SSTP)
Originally developed by Microsoft as a proprietary option, SSTP (Secure Socket Tunneling Protocol) uses an SSL/TLS channel to encrypt data packets. It also has the ability to bypass firewalls easily, as well as accessing blocked content. However, SSTP was designed with Windows devices in mind, so it’s not the best option in terms of compatibility.
Shared IP Address
When multiple users are connected to the same IP address. Many VPNs use this technique so they don’t have to invest in a large number of available IP addresses. However, this can cause a slowdown in performance due to the greater number of users on a shared IP address.
This refers to a user downloading an app on their Android device that isn’t listed on the Google Play Store, usually in the form of an APK file. Some VPN providers offer APK versions of their app, so users can install it on Android devices like an Android TV or Amazon Firestick.
The number of devices connected to a service provider at the same time. For VPNs, many providers offer their users the ability to connect 5-10 devices simultaneously. This widens the availability to cover and secure most or all the members of your household with a single VPN account.
Similar to a VPN and proxy server, Smart DNS allows a user to connect to a website or service and make their IP address appear different than their actual location. It’s most commonly used for streaming geo-restricted content today.
This is a popular VPN feature that allows users to control which programs travel through two different tunnels. For many, this feature is utilized to protect internet activity in their browser for one tunnel and the other tunnel to protect their internet activity from apps on their device(s).
A type of malware that sends the attacker personal information about a user’s internet data.
Static IP Address
A static IP address is much like the IP address you have on your internet-connected device without a VPN. Typically, VPNs offer dynamic IP addresses that are randomly generated each time you connect to the internet. For an extra cost, VPNs offer static IP addresses to make it appear you are at the same physical location over time.
This encryption protocol involves participants creating a single key to encrypt and decrypt data.
When your ISP intentionally slows down your internet connection. Usually, ISPs do this to level out network traffic and minimize bandwidth congestion.
Also known as “The Onion Router,” Tor is a free, open-source software program that keeps your web browsing anonymous. It’s grown in popularity by dark web users, but also has become more prevalent by everyday internet visitors looking for a higher level of privacy.
Transmission Control Protocol (TCP)
This digital exchange protocol ensures a safe and secure transfer of data was initiated. The user receives a confirmation when a sent data packet was properly received before continuing to send the next one. Keep in mind, this protocol can be slow at times, especially when a user is far from a VPN server.
Transport Layer Security (TLS)
A successor of SSL, TLS was introduced in 1999 to mitigate serious security flaws found with SSL. It’s a security protocol used to keep data private and secure between two or more devices. When secured by TLS, the connection between the server and user is encrypted and authenticated. This method includes two layers of security, including a secure TLS record and a TLS handshake for proper authentication.
The process by which data is privately transferred between networks. In the VPN world, providers use tunneling to encrypt data over public networks so unauthorized users can’t access secure data.
Two Factor Authentication
When a user needs to complete two layers of authentication to access something. Typically, the first layer of authentication is entering your account username and password. The second layer can be entering a code of numbers sent to the phone on file or a biometric scan of a fingerprint or face.
UDP (User Datagram Protocol) is one of two communications protocols used by OpenVPN. It speeds up tasks by allowing data transfers before verification is provided by the receiving party, which makes it faster than TCP but not as secure. OpenVPN over UDP is only recommended for non-critical tasks like streaming or gaming where lag-free speeds are preferred.
VPN (Virtual Private Network)
A network that creates a secure and private internet connection for devices in order to protect your privacy and personal information. It’s used as a tool to mask IP addresses, so online snoopers like ISPs and cybercriminals can’t track your data.
This term refers to a VPN provider’s desktop or mobile application. It’s used to connect your device(s) to a VPN server.
The method a VPN provider uses to create a private and secure network for its users. Popular VPN protocols include:
When using a VPN, traffic is routed from the user to a VPN server through an encrypted connection. There are numerous VPN servers a user can connect to. So, users can change their IP address to avoid tracking or access websites that aren’t available in the country they physically reside in.
WireGuard is a free, open-source VPN protocol that aims to simplify the encryption process by using less code and a cleaner design. It’s exceptionally fast and lightweight. However, since it just launched in March 2020, WireGuard is seen as an experimental protocol. Meaning, it hasn’t been widely implemented by VPN providers yet.