VPN glossary

If you’re new to the world of Virtual Private Networks (VPNs), it’s easy to become overwhelmed by jargon. Even the most well-intentioned companies slip into tech-speak when enthusing about their products. To help consumers navigate this landscape, we’ve created a glossary defining the most commonly used terms.

As you become familiar with some of the meanings, you’ll be able to differentiate between the VPN services that intentionally use jargon to bamboozle consumers, and those that occasionally use it to be more succinct. As a general rule, it’s best to avoid VPN providers that overly rely on jargon. With that in mind, let’s get started.


Actor: You may see descriptions of how a VPN prevents “bad actors” or “threat actors” getting hold of your data. These are people who instigate a threat and have the capability to do harm.

VPN Glossary: Actor

Ad-blocker: We’ve all experienced being pestered by adverts while online. An ad-blocker is a piece of software designed to stop them. Some VPNs include them as an additional feature.

Adware: This is a malicious form of software designed to automatically display unwanted adverts. Adware is typically bundled with software from less reputable sources.

AES: An acronym for Advanced Encryption Standard. It’s a set of instructions for encrypting data. It’s fast and effective compared to other systems, which is why it’s widely used across the internet and in VPN software.

Algorithm: A sequence of instructions for solving a problem.

Anonymity: A state where your identity is completely unknown. VPNs grant you privacy, but they don’t make you anonymous.

App: The VPN software for a particular device comes in the form of an application (app). VPN providers make apps that work with specific operating systems.

Asymmetric encryption: A method of encryption that uses two keys to lock and unlock messages: one public and one private. It’s very secure, but slower than symmetric encryption – which uses a single key.

Audit: An audit traditionally involves a detailed examination of an organization’s accounts by an independent body. However, when used by VPNs, it refers not to accounts, but to the provider’s software and/ or hardware. The more in-depth an audit is, the better.


Backdoor: An undocumented entry point to a computer system. A backdoor poses a serious security risk as it enables clandestine access.

Bandwidth: Refers to the maximum amount of data that can be transmitted over an internet connection in a given amount of time. It’s a measure of capacity. Bandwidth is one of the factors that determines the speed of a connection.

BitTorrent: Protocol enabling peer-to-peer file sharing. BitTorrent is used by software such as Deluge, qBittorrent, and uTorrent. BitTorrent Logo

Blackout: The non-airing of a TV or radio program in certain markets. It typically relates to sporting events, which may not be broadcast in the area where they take place in order to encourage attendance, or are restricted to a local broadcasting network.

Browser: A web browser is an application that’s used to access websites. It retrieves the necessary files from a web server and displays them on the user’s screen.


Client: Hardware or software that sends or receives data from a server. “Client” often refers to the VPN app.

Cookies: Small snippets of code sent by websites to users’ web browsers in order to keep track of their visits and/ or activity. Common types of cookies include session cookies, tracking cookies, and authentication cookies. Some VPNs block tracking cookies.

Cryptocurrency: A digital medium of exchange that is created and stored on the blockchain – a distributed ledger constructed from blocks of records detailing previous transaction data. Some VPNs allow you to pay in cryptocurrency like Bitcoin.


Dark web: A portion of the deep web that requires specialist software (typically the Tor browser) to access. Websites in the dark web can be accessed anonymously and often have URLs that end in the .onion suffix.

DD-WRT: An open-source Linux-based firmware used for wireless routers and access points.

DDoS: A distributed denial of service (DDoS) is a form of DoS attack that originates from more than one source. A DDoS attack is able to generate more traffic, and is thus generally more effective than attacks from a single source.

Dedicated IP: An IP address that isn’t shared. Dedicated IP addresses can be purchased from some VPN providers as an add-on to regular subscriptions.

Deep packet inspection: An analysis of the full contents of data packets being sent across a network. Deep packet inspection (DPI) is often used in firewalls to detect and block VPN connections.

Diskless/RAM-only server: Diskless or RAM-only servers run on Random Access Memory (RAM) and cannot write to the hard drive. This means they cannot store information when powered off or rebooted. The better VPN providers use these servers for improved security and privacy.

DNS: The Domain Name System (DNS) converts the website name you type into your browser’s address bar into the corresponding IP address needed to locate the relevant resources used to provide the website. ISPs provide most people’s DNS servers, though the better VPNs have their own.

DNS leak: A security flaw where DNS traffic leaves the device outside of the VPN tunnel, or leaves via the tunnel but goes to a DNS server not run by the VPN provider. We have a tool to check for DNS leaks.

DoS: A denial of service (DoS) attack involves a computer being flooded with traffic so that it becomes overwhelmed and unresponsive. The goal is to prevent legitimate users from accessing the services provided by the computer.


Encryption: Converts data from its original plaintext state into an unreadable alternative form – known as ciphertext. This can be converted back to the original plaintext using the appropriate key. VPNs use encryption to disguise traffic flowing between the user’s device and the VPN server. Most VPNs use AES-256.


File sharing: Torrenting or peer-to-peer file sharing is the process of sharing files between two computers (peers) using app-based peer-to-peer architecture like BitTorrent. Not all VPNs are suitable for torrenting.

Firewall: A barrier that separates your computer or network from the internet. Firewalls filter traffic based on predefined rules.

Firmware: Software embedded into hardware and used to provide low-level control. In computers, for example, it is responsible for the startup process and loading the operating system.

Five Eyes: An international intelligence-gathering alliance. Member states monitor one another’s electronic communications and share the results. The Five Eyes alliance consists of the United States, the United Kingdom, Canada, Australia and New Zealand.


Gag order: A legal requirement that a VPN provider does not reveal when it has been compelled to share user data or begin collecting it. Gag orders may be circumvented using a warrant canary.

Geo-blocking: Limitations on the online content accessible to users in particular geographical locations. Geo-blocking is typically used by streaming platforms seeking to comply with licensing restrictions.

Great Firewall: Unofficial nickname for China’s internet censorship system. State-owned internet service providers restrict all internet traffic to and from China using a combination of IP blocking, deep packet inspection, DNS tampering, URL filtering, keyword filtering, and manual enforcement. Use our dedicated tool to find out if a particular website is blocked in China.


Handshake: Establishes the parameters of a connection between a client and server so that they are able to communicate. The TLS handshake is a crucial part of the Transport Layer Security protocol, which provides the security in HTTPS.

Hash: A one-way mathematical function that takes an input of any size and converts it to an output of a predetermined length. The same input always produces the same output – which may be called the hash, hash value, or message digest.

Host: A device on a network that communicates with other hosts on a network. Network hosts require an IP address and can include both clients and servers.

HTTPS: Hypertext Transfer Protocol Secure (HTTPS) is a secure version of HTTP – the protocol used to send hypermedia (web-based) resources between a web server and a web browser. HTTPS uses the TLS encryption protocol to secure communications.


IP address: An Internet Protocol address (IP address) is a string of characters used to identify a device on a network that is using the Internet Protocol for communication. Consumer IP addresses are typically assigned to users’ routers by ISPs. These are public IP addresses, visible to the wider internet. The router then assigns IP addresses to the devices in its network. These are private IP addresses and are not routable over the internet.

IP leak: Occurs when a user’s real IP address is exposed despite being connected to a VPN server. IP leaks can be avoided by using a good quality VPN service.

IPSec: Internet Protocol Security (IPsec) is a framework of techniques used to secure the connection between two points. It has a tunnel mode that is frequently used in VPN software.

IPv4: The fourth version of the Internet Protocol (IP), and still the most commonly used. An IPv4 address contains 32 bits and consists of a sequence of four numbers, each between 0 and 254.

IPv6: The sixth (and latest) version of the Internet Protocol. IPv6 addresses contain 128 bits each, and use hexadecimal digits. IPv6 will eventually become the dominant protocol.

ISP: An acronym for Internet Service Provider. Simply put, it’s an organization (typically a private company) that provides access to the internet. It provides different connection types, including cable, DSL, fiber optics, and wireless.


Key: A term used in cryptography to describe a string of numbers and/or letters that can encrypt or decrypt cryptographic data when used with a cryptographic algorithm. A symmetric key is used to both encrypt and decrypt information, while an asymmetric key performs one or other of the functions in an exchange. Key

Kill switch: A feature built into some VPN apps that cuts off your internet if the connection to the VPN server drops out. This prevents users unintentionally exposing unencrypted internet traffic.


Latency: This is the amount of time that it takes for data to travel from its source to its destination. Low latency means data travels faster, high latency means it travels more slowly. High latency is often referred to as “lag”.

L2TP/IPsec: A pairing of the Layer 2 Tunnel Protocol (L2TP) and the Internet protocol security (IPsec) protocol. L2TP is a tunneling protocol and IPsec provides encryption.

Logs: Records relating to user activity. Logs can include connection times, users’ IP addresses, bandwidth usage, and even websites visited. The better VPNs keep no logs that could be used to identify individual users – this approach is typically referred to as a “no-logs” or “zero-logs” policy.


Malware: Malicious computer software designed to compromise the security of the recipient’s data, applications, or operating system. Examples include adware, spyware, rootkits, and Trojan horses.


Man-in-the-middle attack: A man-in-the-middle (MitM) attack is where an attacker positions themselves between two communicating parties in order to intercept the data traveling between them.

Metadata: If we think of a photograph or word processor document as data, then metadata tells us information about where and when the photograph or document was created. It’s data about data.

Money-back guarantee: Reassurance that a vendor will refund a customer’s payment if the product or service does not meet their requirements. Good quality VPNs typically provide a money-back guarantee lasting around 30 days.

MultiHop: A typical VPN tunnel involves connecting to a single VPN server. In a MultiHop connection, user data passes through two servers. This provides an additional layer of encryption.


NAT: Network Address Translation (NAT) maps multiple private IP addresses in a local network to a single public IP address. It allows hosts on an external network to communicate with individual devices in a local area network (LAN) and vice-versa. NAT can also act as a firewall by discarding unsolicited requests.

Nine Eyes: An intelligence-sharing arrangement between the Five Eyes group and Denmark, France, the Netherlands and Norway.


Obfuscation: A technique used to circumvent VPN blocks by masking VPN traffic so that it isn’t identified as VPN traffic. Obfuscation can be performed using Obfsproxy, Stunnel, Shadowsocks, or OpenVPN XOR scramble.

Onion site: A website with a .onion suffix that is only available from within the Tor network. Some VPN providers have dedicated Onion sites.

Open-source: Refers to software that is freely distributed along with the source code used to create it. This enables anyone to use, modify, and distribute the source code as they see fit.

OpenVPN: A trusted and widely used VPN protocol. OpenVPN can create secure site-to-site or point-to-point connections between networks or devices. OpenVPN offers a range of authentication methods and uses the OpenSSL library and the TLS protocol for security.


Packet: A network packet is a smaller part of a larger message. Data is split into packets that are sent over computer networks and recombined by the receiving device. Each packet consists of a packet header – which contains information about the packet’s contents, origin, and destination – and the payload – which is the actual data being sent.

Password manager: An app used to create, remember, and fill in passwords. Password managers mean that users only need to remember a single master password rather than individual passwords for every site.

Perfect forward secrecy: Ensures that previously derived session keys are not compromised if one of the private keys is compromised in the future. It’s achieved by creating and sharing a new secret key for each session.

PGP: Pretty Good Privacy (PGP) is a system for exchanging messages where users have access to the public keys of those to whom they wish to send messages. Once received, messages are decrypted using a private key that only the recipient has access to.

Ping: A measurement of the total time it takes to send an Internet Control Message Protocol (ICMP) echo request packet to a host, and to receive an ICMP echo reply packet from that host. Ping is primarily a network diagnostic tool built into most operating systems to test for connectivity and latency between devices.

Plug-in: Software that provides additional features to an existing program without altering the program itself. May also be referred to as an “add-on” or “extension”.

Port forwarding: A networking technique that allows devices on a local network to be accessible from outside the network. Port forwarding specifies that incoming requests on a specific port should be forwarded by the router to the appropriate device within the local network.

PPTP: The Point-to-Point Tunneling Protocol (PPTP) is an obsolete VPN protocol that uses easily compromised encryption. PPTP should be avoided in favor of alternatives such as WireGuard and OpenVPN.

Protocol: A set of rules or instructions that determine how a user’s data travels between their device and the VPN server.

Proxy server: An intermediary server situated between a user and the resource they’re attempting to reach online. This hides the user’s IP address as, to the wider internet, requests appear to originate from the proxy server. Unlike VPNs, proxy servers do not encrypt internet traffic.

P2P: Peer-to-peer (P2P) is a distributed communications model that allows computers (peers) to directly share resources. P2P file sharing, for example, involves sharing digital media using P2P networking software that locates searched-for content on connected computers.


Rootkit: Software that provides administrator-level access to a computer. Rootkits are typically malware packages designed to provide attackers with clandestine and privileged ongoing access to a victim’s device.

RSA: An asymmetric encryption method that allows two people to securely exchange information without having previously met. The encryption key is publicly available, while the decryption key is kept private. RSA is the most commonly used key exchange method for VPN clients and servers.


Server: A computer that manages resources on a network. Examples include mail servers that handle and deliver email, and web servers that process and deliver requests for web pages. VPN servers allow secure, private access to content on a local network or the wider internet.

SHA: The Secure Hash Algorithms (SHA) are a family of cryptographic hash functions. SHA-256 – which produces an output consisting of 256 bits – is used for storing passwords, and ensuring the integrity of digital signatures and files.

Shared IP: When you connect to a VPN server, the IP address you’re assigned is shared with other users connected to the same server. This helps prevent the activities of any one user being tracked.

Simultaneous connections: Refers to the number of individual VPN connections you can make at the same time from different devices. Most providers impose a limit of between five and 10.

SmartDNS: Technology that routes DNS queries through a proxy server to bypass geo-restrictions. Some VPN subscriptions include SmartDNS for use with VPN-incompatible devices.

Split tunneling: A feature in some VPNs that allows users to choose which apps, websites, or devices stay within the VPN tunnel and which use a direct connection to the internet (or vice-versa).

Spyware: Malicious software designed to enter a device, secretly gather information about the user without their consent, and send it to a third-party. Keyloggers are a form of spyware.


SSL: Secure Sockets Layer (SSL) is a deprecated encryption security protocol used to provide privacy, authentication, and data integrity in internet communications. SSL has been replaced by TLS.

Static IP: A static IP address is one that doesn’t change when you disconnect and reconnect to the internet. Some VPNs offer static IP addresses as part of their subscriptions.


Targeted ads: A form of online advertising that analyzes user data to serve adverts that target specific audiences.

Throttling: Bandwidth throttling is the intentional limitation of a user’s bandwidth. It’s typically carried out by mobile carriers or ISPs to discourage the use of certain sites or services, or because a data threshold has been exceeded.

Throughput: A measure of the rate at which messages successfully arrive at their destination. Throughput is normally measured in bits per second (bps), but may also be measured in data packets per second. Throughput measures how much data is being sent, while bandwidth measures the maximum throughput.

Time correlation attack: A method for de-anonymizing Tor traffic. Attackers with access to connection logs at the source and destination of a communication channel can correlate the timings of traffic as it enters, and then leaves, the Tor network.

Timing attack: A form of side-channel attack where attackers measure how long it takes for a cryptosystem to perform certain operations. As the amount of time this takes varies depending on the input, attackers may ultimately be able to discover the cryptosystem’s key.

TLS: Transport Layer Security (TLS) is a cryptographic protocol primarily used to secure the data that travels between a web browser and website via HTTPS. It can also be used to secure email and other protocols. TLS authenticates the other party in a connection, checks the integrity of data and ensures its confidentiality.

TLS/SSL certificates: A digital certificate used to authenticate a website’s identity and make TLS/SSL encryption possible.

Tomato: A family of Linux-based open-source firmware for routers. The most active project – FreshTomato – supports the OpenVPN protocol.

Tor: The Onion Router (Tor) is software that enables users to access the internet and communicate anonymously. It is a network made up of thousands of volunteer “nodes” or “relays”. Encrypted traffic entering the network is passed randomly between nodes and gradually decrypted before exiting and joining the internet proper.

Tor logo

Trojan horse: A form of malware that disguises itself as legitimate software in order to gain access to a user’s device. Once installed, a Trojan horse can create a backdoor, steal data, download more malware, or take control of the user’s device.

TUN/TAP adapter: TUN and TAP adapters are kernel virtual network devices. They are primarily used by VPN client software as interfaces to transfer packets through the VPN tunnel to the VPN server.

Two-factor authentication: Often referred to as 2FA, two-factor authentication is a login process that requires two factors. The first “factor” is typically a password. The second can be a one-time PIN, biometric scan, or a dedicated authentication device or app.


URL: The uniform resource locator (URL) is the address of a particular resource on the web. It is made up of the “scheme” (which refers to how the browser should frame requests for access – typically HTTPs), the “host” (which is the site’s domain name), and the “path” (which is the particular file being requested from the web page’s server).


Virtual server: A server which has an IP address different to the country in which it is physically located. Virtual servers are used by some VPNs to provide customers with connections to countries where accessing physical servers is problematic.

VPN: An acronym for Virtual Private Network. A VPN is a virtual network built on top of existing networks that can provide a secure communications mechanism for data and IP information transmitted between networks.

VPN tunnel: An encrypted connection between the user’s device and a VPN server.


Warrant canary: A statement displayed by a VPN provider that informs users that it has not received secret legal demands for user information. Any subsequent absence of the statement indicates that the provider has received such a request. A warrant canary hypothetically circumvents US legal prohibitions on revealing the existence of such requests. Warrant canary

WebRTC: Web Real-Time Communication (WebRTC) is an open-source project designed to allow real-time communication between web apps and browsers. It’s typically used by web browsers for voice and video chat applications. WebRTC poses a security risk to some VPN users as it can transmit data outside the encrypted tunnel.

Wi-fi hotspot: A physical location where people can wirelessly connect wi-fi enabled devices to the internet. Wi-fi hotspots may be found in cafes, hotels or shopping centers.

WireGuard: The default protocol used by many VPNs for creating an encrypted tunnel. Faster and more lightweight than traditional protocols such as OpenVPN. WireGuard is open-source and uses ChaCha20 authenticated encryption.


Canary image courtesy of janjf93 from Pixabay

Alice, Bob, Mallory image courtesy of Didia – CC BY-SA 4.0 https://commons.wikimedia.org/w/index.php?curid=48553852

Binary skull courtesy of Gordon Johnson from Pixabay