We are reader supported and sometimes earn a commission if you buy through a link on our site.

VPN Glossary

AES (Advanced Encryption Standard): A symmetric block cipher that the U.S. government uses to encrypt their classified information. Highly trusted, AES is used in software and hardware around the world to encrypt sensitive data.

Anonymity: The ability to travel the internet without the fear that any of your online activities could be traced back to you. This is what you should be striving for when using the internet. We here at Pixel Privacy believe that the right to remain anonymous is a fundamental right of free speech.

Asymmetric Encryption: Also known as public-key encryption. An encryption system that uses a pair of keys: a public key, which can be distributed widely, and a private key, which is known only to the owner. When using asymmetric encryption to protect a message, any person can use the recipient’s public key to encrypt the message, but only the recipient’s private key can decrypt the message.

Modern day applications, such as email and messaging apps, use this type of encryption to ensure the confidentiality of messages.

For more information, check out our article What Is Encryption and How Does It Work?

Bitcoin: An open source and decentralized cryptocurrency that can be traded for goods and services and sold for traditional currency. Bitcoin can be used as an anonymous form of payment, which has led many VPN providers to accept the cryptocurrency as payment for their services.

BitTorrent (File Sharing, P2P): A peer-to-peer protocol that facilitates the sharing of files among numerous users. While BitTorrent is an efficient way to share files, leading many firms to use this method to legally share files among employees and customers, it’s also popular with folks sharing copyrighted files. Because of this, some ISPs block torrenting altogether – even the legal forms of it. To get around any barriers and to keep your IP address and online activities away from prying eyes, it’s always a good idea to use a VPN when torrenting files.

Botnet: A group of internet-connected devices that third parties can use to steal data, send spam, perform Distributed Denial-of-Service attacks and more. Many botnets consist of Internet of Things (IoT) devices, such as webcams, security cameras and other connected devices that have either been left unprotected by a password or that still use the default password set at the factory.

Browser Extension: Small “in-browser apps” that can be added to modern web browsers, such as Google Chrome and Mozilla Firefox, to extend your browser’s functionality. There are extensions available for numerous tasks, such as quickly sharing links, saving photos from a web page and much more. Many popular VPN providers, such as ExpressVPN and NordVPN, offer browser extensions that can protect your browsing session from prying eyes.

Censorship: The suppression of free speech on any medium. When we at Pixel Privacy mention censorship, we’re referring to the online form. Censorship can mean the blocking of websites and other online services by governments, the removal of content from online services such as Facebook and Twitter, or even DDoS attacks to make websites unavailable.

Certificate Authority (CA): A Certificate Authority is a recognized entity that issues digital certificates that certify that the public encryption key of the website you’re on does indeed belong to that site, and not to a fake version. This certificate informs you (and your browser) that a website is trustworthy, safe and authentic, and is neither insecure nor actually a hacker’s site in disguise.

For example, when you visit an SSL-secured website (a site where the address begins with “https://”), that means that a recognized and trusted Certificate Authority has issued it an SSL certificate, which shows that the CA has confirmed that the site owns the public encryption key and is thus secure, and that your browser can trust the website.

Cipher: An algorithm used to encrypt the connection between a user’s device and a server. VPN providers use ciphers to encrypt your connection while your device is connected to their servers, keeping your online travels safe from observation by third parties.

Cookies: Small text files that your web browser stores. Cookies have many useful and legitimate purposes, such as remembering your login information or website-related preferences. However, those wishing to track your online activities as you move through the internet can abuse cookies to record your web traffic, and even the data you enter while traveling the web, and send it back to the cookie’s creator.

Dark Web: A portion of the deep web, the dark web is web content that exists on darknets, which are hidden parts of the web that require specific software, configurations and permissions to access. While the general public only thinks of it as a dark and dangerous place that hackers and lovers of illegal pornography inhabit, the dark web can also be used for good, allowing human rights activists and whistleblowers to communicate in secret.

The Tor Browser is the main tool used to access dark web sites. The special web browser allows users to anonymously visit dark sites.

Data Retention: The process of companies storing data related to their users. In some regions of the world, Internet Service Providers are required to save logs detailing their users’ online activities for certain periods of time. Using a VPN keeps your ISP or other interested third parties from being able to track your online travels.

Distributed Denial of Service (DDoS) Attacks: An attack where a botnet is used to overwhelm a server or other online target with requests, either greatly slowing the target’s connection or shutting it down completely. There are many reasons why someone might launch a DDoS attack, such as to carry out an extortion plot, where the victims are told to pay a “ransom” to be relieved from the attack.

DD-WRT: A firmware (Linux-based) that allows more customization of a router than is usually available out of the box. A DD-WRT router can be set up to allow VPN connections directly from the router, allowing users to protect multiple connected devices via one connection. Many VPN providers offer software or customized settings for use with DD-WRT routers.

Deep Web: The portion of the internet that isn’t indexed by conventional search engines and therefore can’t be found through a search. For all intents and purposes, this means the content is hidden. Examples of hidden pages include things like emails or private YouTube videos – things that you wouldn’t want to be accessible through a Google search.

However, it does not require special tools to access (except for the Dark Web portion of it), and any user who knows the web address (and password, if applicable) can access it.

The Digital Millennium Copyright Act (DMCA) Notice: A copyright infringement notification about illegally hosted movies, television shows or music that copyright holders send to ISPs. The ISP is then required to notify the user who’s hosting the files that they need to stop sharing the file(s) in question, or they can be removed from the ISP’s network and possibly face legal action.

DNS (Domain Name System): The system used to translate a website’s domain name (for example: pixelprivacy.com) to an IP address ( A DNS server, usually operated by your ISP or VPN provider, performs the translation. This allows users to enter easy-to-remember URLs instead of having to remember a string of numbers to connect to a website.

DNS Leak: A security flaw where your ISP’s DNS server continues to handle your VPN connection’s DNS requests instead of your VPN provider’s DNS server. This means that your online activities are open to monitoring. Most VPN services offer DNS leak protection, but check to be sure before buying a subscription. To check your current VPN provider for DNS leaks, visit the DNS Leak Test website.

DNS Request: A request for the IP address related to the domain name in a URL, sent from a DNS client (your computer or other connected device) to a DNS server. The DNS server replies with the IP address of the domain, which is then used to route the device’s connection to the proper website or service.

Encryption: A method of protecting data by using a mathematical cipher to convert it to a format that outside parties cannot read. Encryption is used to prevent unauthorized parties from accessing sensitive information. It is all but impossible for parties that don’t have access to the correct encryption keys to view data that’s been properly encrypted.

For more information about encryption, read our article What Is Encryption and How Does It Work?

End-to-End Encryption: A communication system where only the parties included in the conversation have the encryption keys required to read the conversation. Apple’s iMessages service and Facebook’s WhatsApp service both use this type of encryption. Not even Apple or Facebook have access to the keys, making it impossible for outside parties to access the conversation.

Firewall: A software or hardware roadblock that monitors and controls outgoing and incoming network traffic, usually on a computer. A firewall establishes a protective barrier between an internal network and an outside network, usually the internet. This helps prevent “drive-by attacks” by malware, hackers and other dangerous types.

Five Eyes (FVEY): An anglophone intelligence alliance made up of Australia, Canada, New Zealand, the United Kingdom and the United States. The alliance was established in the days of post-World War II to monitor the communications of Soviet Bloc countries. However, since the so-called “War on Terror” began in 2001, the FVEY has expanded its surveillance capabilities, with an emphasis on monitoring each other’s private citizens and sharing the information with each other.

Geo-restrictions: The limiting of access to online services to residents of certain regions. Perhaps the best example of companies that place these restrictions is streaming services, such as Netflix, which restricts its content to certain countries, or Hulu, which restricts its content to residents of the United States.

Geo-spoofing: The use of a VPN, SmartDNS service or proxy service to make it appear that a user is located in another region, thereby “spoofing” their location. This allows users to access geo-restricted content and services that may normally be blocked from their real-life location.

Great Firewall of China: A combination of legal actions and internet technologies put in place by the People’s Republic of China to limit access to information sources outside of Chinese borders, such as Google search, Facebook, Twitter and other popular sites, as well as mobile apps. The Chinese government also requires foreign companies to follow domestic regulations.

Handshake: The establishment of secret keys between a computer (or other connection device) and a server (be it a VPN server, web server or other type of server) in order for the two to communicate. The process creates a master encryption key, which is used during that particular session. This “handshake” verifies that you’re connecting to the intended server and not an attacker’s “spoofed” server.

For more information, check out our article The Ultimate Guide to VPN Encryption.

Hypertext Transfer Protocol Secure (HTTPS): A secure extension of the Hypertext Transfer Protocol (HTTP), HTTPS secures communications over the internet. HTTPS allows for encrypted communication between your browser and a website. This protects the privacy and integrity of communications, protecting your personal information from man-in-the-middle and other forms of online attacks.

Internet of Things (IoT): A network of connected devices such as home appliances, webcams, electronic sensors, vehicles and more that connect, exchange data and interact on the internet. IoT devices allow users to remotely control their home’s lighting, temperature and more.

IP Address: A unique identifier for a networked device. An IP address is assigned to every device connected to the internet and is used to identify which device is sending a request for information and where that information is to be delivered (much like your home address is used to identify where your snail mail gets delivered).

IP Leak: A security flaw where your IP address information leaks from a VPN tunnel, exposing your actual IP address to third parties. When you are using a VPN, any website or other service you connect to on the internet should not see your actual IP address, but should instead see the IP address for the VPN server you are connected to. Always look for a VPN provider that provides IP leak protection.

Internet Protocol Version 4 (IPv4): The current system used to assign IP addresses. Due to its 32-bit address length limitations, all of the approximately 4.29 billion IPv4 addresses are quickly running out. This is due to the overwhelming number of connected devices being connected to the internet every year.

Internet Protocol Version 6 (IPv6): The replacement system for assigning IP addresses, IPv6 is a 128-bit addressing scheme that expands the number of available IP addresses on the internet to 2^128 (340,282,366,920,938,000,000,000,000,000,000,000,000). WHEW! This allows for longer IP addresses to identify connected devices. This new scheme was required due to the increasing number of internet-connected devices.

Adoption of IPv6 has been slow due to the expense involved and backward compatibility concerns with the IPv4 addressing scheme already in place. This means that while most modern operating systems support IPv6, most websites are still using the IPv4 scheme.

Internet Service Provider (ISP): This is the entity that supplies the internet connection that you’re using to view this page. ISPs can include your local cable company, phone company and even your cellular provider. Keep in mind that all of them want to monitor your online activities so that they can sell that information to the highest bidder.

Kill Switch: A feature of modern VPN software that kills your internet connection in the event that your connection to the VPN’s servers is ever interrupted. This feature prevents your online antics from being exposed to prying eyes.

L2TP/IPSec: A VPN tunneling protocol including encryption, which is built into most operating systems and is popular among VPN providers. While L2TP/IPSec is secure if implemented properly and contains no known vulnerabilities, whistleblower Edward Snowden claims that the NSA may have compromised and deliberately weakened the standard during its design stage.

Logs: While all sorts of apps save and use logs, when we use the term “log” on Pixel Privacy, we’re usually referring to the records of your online activities kept by your ISP and even some VPNs. (Stay away from those VPNs! Bad VPNs! Bad!)

Man-in-the-Middle Attack (MITM): An attack that involves a bad guy that secretly intercepts, relays and monitors communications between two other connected parties. A hacker can use an MITM attack to monitor and steal personal information, such as your credit or debit card numbers, or to modify the information being sent between the two unsuspecting parties. Free Wi-Fi hotspots are popular locations for MITM attacks due to their unencrypted Wi-Fi signal.

NSA (U.S. National Security Agency): The United States government agency responsible for monitoring, collecting and processing information for foreign and domestic intelligence and counterintelligence purposes. The NSA collects huge amounts of data related to U.S. citizens, with an international scope unimagined until the revelations shared by whistleblower Edward Snowden.

.onion: The extension of websites accessible only through the Tor Browser. Instead of being registered, like a “.com” or “.net” domain, “.onion” domain names are generated when the Onion service is configured. Specially configured software, such as the Tor Browser, can then access the .onion address. This allows for anonymity for both the website and its visitors.

OpenVPN: An industry-standard protocol used by most major VPN providers to protect your internet connection. OpenVPN is the most recommended protocol to use for your VPN connection because of its good balance of privacy and performance. While not natively supported by any of the major operating systems, open-source solutions are available via third-party software.

Peer-to-Peer (P2P): A type of network where computers or other connected devices share files with each other rather than downloading them from a centralized server. While downloading, a single device can also share the file, even before the file is completely downloaded. This feature makes P2P an efficient method for sharing files among multiple users.

While P2P file sharing is used legitimately by companies to share files among employees and clients, it’s also a popular way for users to share media files like movies or music, causing ISPs and content copyright holders to frown upon the activity.

Password: The secret passphrase used to protect your computer, connected device, apps or online accounts. Arguably, the most important piece of online security is a strong password. Strong passwords should include a mix of uppercase and lowercase letters, numbers and special characters. Complicated passwords can be tough to remember, so we recommend using a password manager (see below).

To learn more about the risks of re-using the same passwords, check out our article The Real-Life Risks Of Re-Using The Same Passwords.

Password Manager: Apps that provide encrypted storage of your app and website login information (username and password) and allow users to retrieve the information using a single password. Most password managers also offer browser extensions for popular web browsers, allowing users to retrieve their web logins with a single click of the mouse.

To learn more about password managers, check out our article What Is the Best Password Manager of 2019?

Perfect Forward Secrecy: A method of improving HTTPS security by generating a new and unique single-use private encryption key for each new session. This ensures each private session has its own set of keys, meaning there is no master key that can be hijacked for use later.

This greatly improves security, as the private encryption key is created for that session and that session only, and is never used again. This means that, at worst, if the encryption key is cracked, only the information from that session is at risk.

PPTP: An older VPN protocol, which is considered insecure but is still used by many VPN platforms simply due to its popularity and the fact that it’s widely available. PPTP has been cracked by the NSA and hackers, making it a poor choice for any ultra-private encryption needs. PPTP should be used only when no other options are available.

Pretty Good Privacy (PGP): PGP encryption is widely used to keep users’ email private (even though it does not secure the header of the email). The PGP process is complicated, and often confusing, preventing wide adoption of the protocol.

Protocol: A protocol is an established set of rules that computers and other connected devices must follow in order to format, transmit and receive data from other connected devices. This allows computers and other devices to communicate, regardless of their infrastructure, operating system or other differences.

Proxy: A computer that acts as a go-between for your computer and the internet. Any traffic that is routed through a proxy server will display the proxy’s IP address instead of yours. While this is the same basic description for a VPN server, a proxy server lacks the encrypted protection of a VPN server.

Router: A device that routes and transfers data on networks. Acting much like a virtual traffic cop, the router routes the data your device requests or sends to and from the proper IP address. (For example, it makes sure that the movie your iPhone requested from Netflix makes it to your device.) Routers are used on Local Area Networks, like those used in your home or office, as well as Wide Area Networks, like the internet.

RSA (Rivest–Shamir–Adleman) Encryption: An asymmetric encryption standard developed in 1977 that is still in use today. RSA uses a public key to encrypt data while using a different, private key to decrypt the data. It’s often used to protect handshakes.

For more information, check out this article about what RSA is and how it works.

Secure Hash Algorithm (SHA): A cryptographic hash function that can be used to authenticate connections, including SSL/TLS and data connections. SHA creates a unique check value for digital data, ensuring that the data hasn’t been tampered with during transmission. A simple example of this would be when you receive a message from your dear old mom saying, “I like you better than all of my other children,” SHA verifies that the message hasn’t been tampered with and that Mom does indeed like you best.

SHA helps prevent Man-in-the-Middle attacks, where a party attempts to divert a VPN connection from the provider’s VPN server to a server of the hacker’s own making.

For more information, check out our article The Ultimate Guide to VPN Encryption.

Session: This typically refers to the amount of time between when a user logs into a website and when they log out or close the browser. For example, the period of time between when you log into Amazon to buy the latest item you could probably do without and when you complete the transaction, close the browser window or travel to another website.

Shared IP Address: A single IP address that VPN providers assign to multiple users to add an additional layer of privacy for their customers. This makes it nearly impossible for any observer to detect which users are responsible for the activity originating from the IP address.

Simultaneous Connections: The number of devices that a VPN service allows to simultaneously connect to their servers using a single username. The more simultaneous connections allowed, the more devices that can be simultaneously protected by the VPN.

SmartDNS: A service that allows users to get around geo-restrictions placed on content and services, such as Netflix, Hulu, Spotify and others. SmartDNS makes a user’s connection appear to be originating in a different location, working much like a VPN but sans the encryption.

SSL/TLS (Secure Socket Layer and Transport Layer Security): Although TLS is the successor to SSL, the terms are usually used interchangeably. SSL/TLS is the encryption protocol used to secure an HTTPS website. OpenVPN uses an open-source version.

SSL/TLS Certificates: Certificates that verify that the website a user is connecting to is actually the website it’s presenting itself as. If a web browser is supplied with a valid certificate, it will assume the website is the genuine article, initiating a secure connection.

Targeted Ads: Ads that are tailored to a user’s personal tastes, interests and online travels. Tailoring is achieved in multiple ways. Facebook and Google scan users’ messages, posts, emails and searches to tailor ads. Some ad services use tracking cookies to track a user’s movements around the web, using them to build a profile for use in targeting ads.

Tomato: A firmware or operating system that allows more customization of a router than is usually available. A Tomato-based router can be set up to allow a VPN connection directly from the router, enabling users to protect multiple connected devices via one connection. Many VPN providers offer software or customized settings for use with Tomato routers.

Tor Browser: Free browser software, based on the Firefox browser platform, that anonymizes your web browsing by routing your online traffic through a network of multiple servers (also known as “nodes”) to hide your actual IP address. While Tor is an excellent way to anonymize your online antics, performance can be slow due to the traffic being routed through multiple nodes.

Two Factor Authentication (2FA): A method of authenticating a login to a network, website or other online service by verifying that the true owner of the account is the party that is attempting to log in. 2FA does so by using something you know and something you have: typically, “what you know” is your username and password, and “what you have” is an app or device, where a verification code is sent at the time of login.

Uniform Resource Locator (URL): An easy-to-remember, text-based website address. The URL address is entered into the address bar of your browser, and your ISP, VPN or other service’s DNS server converts the URL to an IP address in order to route you to that web page. The URL consists not only of the domain name (“pixelprivacy.com,” for example) but also other essential components (such as “https://” and “www.”).

USA Freedom Act: Legislation intended to reign in the NSA’s uncontrolled collection of phone metadata. While the initial draft of the act provided strong provisions to protect citizens, the act was eventually watered down so much that it lost support from most of the civil liberties groups that had originally supported it. The weakened form of the act was passed into law in June 2015.

For more information about the USA Freedom Act, check out our article The USA Freedom Act: What Is It and How Does It Affect Your Online Activities?

USA Patriot Act: A group of measures passed soon after the terrorist attacks on 9/11/2001. The Patriot Act allowed U.S. intelligence agencies to conduct mass surveillance of American citizens’ phone, internet and other types of communications.

Virtual Private Network (VPN): A service that encases your internet traffic in a tunnel of encryption to protect it from the prying eyes of your ISP, the government or other third parties. While an observer can tell that you are connected to the internet, they will be unable to detect which websites and services you’re accessing. A VPN can also open up formerly blocked web content by making it appear that your connection is originating from another region of the globe.

VPN Server: A server used by a VPN provider. It re-routes and encrypts your internet traffic. By using a VPN app, users can connect to a VPN server, which accepts the user’s content requests, fetches the information and returns the results to the user.

VPN Client: An app, usually supplied by a VPN provider, that connects a user’s computer or other connected device to a VPN server, which then encrypts the user’s online traffic.

VPN Tunnel: The layer of encryption that protects the connection between your computer or connected device and a VPN server.

Warranty Canary: A method used by some VPN providers to assure its customers that a gag order related to a subpoena, which would force the provider to turn over log information and legally require them to stay quiet about it, hasn’t been served. A statement is posted and regularly updated on the provider’s website. If the statement doesn’t receive its regularly scheduled update or is taken down, users should assume a gag order has been served.

Wi-Fi Hotspot: A public Wi-Fi internet connection generally found in coffee shops, restaurants, hotels and other public locations. While handy, these hotspots can be dangerous due to their lack of encryption. The openness of the hotspot allows hackers to easily set up shop and monitor connections to the hotspot. We at Pixel Privacy strongly urge you to never connect to a Wi-Fi hotspot without the use of a VPN.

For more information about the dangers of Wi-Fi Hotspots, check out our article The Real-Life Dangers Of Using Public Wi-Fi.