A
AES (Advanced Encryption Standard)
The gold standard encryption algorithm used by VPNs, banks, and governments. AES-256 (256-bit encryption) is considered virtually unbreakable with current technology. Most reputable VPNs use AES-256 to encrypt your data.
Anonymity
The state of being unidentifiable. VPNs improve anonymity by masking your IP address and encrypting your traffic, but they don't provide complete anonymity—the VPN provider can still potentially see your activity. For true anonymity, you'd need additional tools like Tor.
Audit (Security Audit)
An independent examination of a VPN's code, infrastructure, or practices by a third-party security firm (like PwC, Deloitte, or Cure53). Audits verify whether a VPN's no-logs claims are true and if their security is sound. Look for VPNs with publicly available audit reports.
B
Bandwidth
The maximum rate at which data can be transferred. Often measured in Mbps (megabits per second). Good VPNs offer unlimited bandwidth, meaning they don't cap how much data you can transfer. Some free VPNs limit bandwidth, restricting your usage.
Bit
The smallest unit of digital information (0 or 1). Encryption strength is measured in bits—256-bit encryption has 2^256 possible combinations, making it effectively impossible to crack by brute force.
Browser Extension
A lightweight VPN add-on for browsers like Chrome or Firefox. Browser extensions only encrypt traffic from that browser—not other apps on your device. They're convenient but offer less protection than a full VPN app.
C
Cipher
An algorithm used to perform encryption and decryption. Common VPN ciphers include AES-256-GCM, ChaCha20, and Blowfish. The cipher determines how your data is scrambled to prevent unauthorized access.
Client (VPN Client)
The software application you install on your device to connect to a VPN. Examples include the NordVPN app, Surfshark app, or the built-in VPN settings in your operating system. The client handles encryption and communication with VPN servers.
Connection Logs
Records of when you connected to a VPN, how long you were connected, and which server you used. Different from activity logs. Some "no-logs" VPNs still keep minimal connection logs for troubleshooting. True no-logs VPNs keep neither connection nor activity logs.
D
Data Cap
A limit on how much data you can transfer through the VPN. Free VPNs often impose data caps (e.g., 500MB/month). Paid VPNs typically offer unlimited data with no caps.
Dedicated IP
A static IP address assigned exclusively to you. Unlike shared IPs (used by many VPN users), dedicated IPs are less likely to be blocked by websites and won't be affected by other users' behavior. Often available as a paid add-on.
DNS (Domain Name System)
The internet's phonebook—it translates domain names (like google.com) into IP addresses computers can understand. VPNs should route DNS queries through their own servers to prevent your ISP from seeing which websites you visit.
DNS Leak
A security flaw where DNS queries bypass the VPN tunnel and go through your ISP instead. This exposes which websites you're visiting despite being connected to a VPN. Good VPNs include DNS leak protection. Test yours at dnsleaktest.com.
Double VPN (Multi-Hop)
A feature that routes your traffic through two VPN servers instead of one, encrypting data twice. Provides extra security but reduces speed. Useful for high-risk situations requiring maximum anonymity.
E
Encryption
The process of scrambling data so only authorized parties can read it. VPNs encrypt your internet traffic, making it unreadable to ISPs, hackers, and governments. Think of it as putting your data in a locked box that only you and the VPN server have keys to.
End-to-End Encryption
Encryption where only the sender and recipient can read the data—not even the service provider. VPNs don't provide true end-to-end encryption (they decrypt at the server), but apps like Signal do. VPNs add a layer of encryption for the journey between you and the VPN server.
Five/Nine/Fourteen Eyes
Intelligence-sharing alliances between countries. Five Eyes (US, UK, Canada, Australia, New Zealand), Nine Eyes (adds Denmark, France, Netherlands, Norway), and Fourteen Eyes (adds Germany, Belgium, Italy, Spain, Sweden). VPNs based in these countries may be subject to surveillance requests.
F
Firewall
Security software or hardware that monitors and controls network traffic based on rules. Some countries (like China's Great Firewall) use national firewalls to block VPNs and censor content. VPN obfuscation helps bypass these firewalls.
Forward Secrecy (Perfect Forward Secrecy)
A security feature where encryption keys are changed regularly. Even if someone captures encrypted traffic and later obtains a key, they can only decrypt a small portion of data, not your entire history. Modern VPN protocols like WireGuard and OpenVPN support forward secrecy.
G
Geo-blocking (Geo-restriction)
The practice of restricting content based on your geographic location. Netflix, for example, shows different libraries in different countries. VPNs can bypass geo-blocking by making it appear you're in a different location.
Geo-spoofing
Using a VPN to make it appear you're in a different location than you actually are. Connect to a UK server, and websites will think you're in the UK. Useful for accessing region-locked content or getting better prices.
H
Handshake
The initial communication between your device and the VPN server to establish a secure connection. During the handshake, both parties verify each other's identity and agree on encryption keys. A secure handshake prevents man-in-the-middle attacks.
HTTPS
The secure version of HTTP, indicated by the padlock icon in your browser. HTTPS encrypts data between your browser and the website. A VPN adds another layer of encryption and hides your traffic from your ISP, even when visiting HTTPS sites.
I
IKEv2/IPsec
A VPN protocol known for speed and stability, especially on mobile devices. IKEv2 excels at quickly re-establishing connections when switching between WiFi and mobile data (MOBIKE support). Good for mobile users but less flexible than WireGuard.
IP Address
A unique numerical identifier assigned to every device connected to the internet (e.g., 192.168.1.1). Your IP address reveals your approximate location and can be used to track your online activity. VPNs mask your real IP by replacing it with the VPN server's IP.
IP Leak
When your real IP address is exposed despite being connected to a VPN. Can occur through WebRTC leaks, DNS leaks, or VPN disconnections. Good VPNs include leak protection. Test yours at ipleak.net.
ISP (Internet Service Provider)
The company that provides your internet connection (e.g., Comcast, AT&T, Verizon). Without a VPN, your ISP can see every website you visit. Many ISPs sell this data to advertisers or throttle certain types of traffic.
J
Jurisdiction
The country where a VPN company is legally incorporated and operates. Jurisdiction matters because it determines which laws apply—including data retention requirements and government surveillance powers. Privacy-friendly jurisdictions include Panama, British Virgin Islands, and Switzerland.
K
Kill Switch
A critical VPN feature that automatically blocks all internet traffic if your VPN connection drops. Without a kill switch, your real IP could be briefly exposed during disconnections. Always enable the kill switch when privacy matters.
Key (Encryption Key)
A piece of information (like a very long password) used to encrypt and decrypt data. Longer keys (like 256-bit) are more secure. During VPN connections, keys are exchanged securely between your device and the server.
L
Latency (Ping)
The time (in milliseconds) for data to travel from your device to a server and back. Lower latency is better, especially for gaming and video calls. VPNs add some latency because data must travel to the VPN server first. Nearby servers have less latency.
Lightway
ExpressVPN's proprietary VPN protocol, designed as an alternative to WireGuard. Uses wolfSSL cryptographic library. Offers fast speeds and quick connections, similar to WireGuard, but exclusive to ExpressVPN.
Logging (VPN Logs)
Records kept by VPN providers about user activity. Activity logs record what you do online (dangerous). Connection logs record when/where you connected (less dangerous). No-logs means the VPN keeps neither type. Always verify no-logs claims through independent audits.
M
Man-in-the-Middle Attack (MITM)
An attack where someone intercepts communication between two parties, potentially reading or altering the data. Common on public WiFi. VPN encryption prevents MITM attacks by making intercepted data unreadable.
Mbps (Megabits per Second)
A unit measuring data transfer speed. 100 Mbps means 100 million bits of data per second. Note: Megabits (Mb) ≠ Megabytes (MB). There are 8 bits in a byte, so 100 Mbps = 12.5 MB/s download speed.
Multi-Hop
See Double VPN. Routes traffic through multiple VPN servers for additional security layers.
N
No-Logs Policy
A VPN provider's commitment to not store any records of user activity or connections. Critical for privacy—if logs don't exist, they can't be hacked or subpoenaed. Verify no-logs claims through independent audits from firms like PwC, Deloitte, or Cure53.
NordLynx
NordVPN's proprietary protocol built on WireGuard. NordLynx adds NordVPN's double NAT system to address WireGuard's original privacy concerns. Offers WireGuard's speed benefits while maintaining strong privacy.
O
Obfuscation
Technology that disguises VPN traffic to look like regular HTTPS traffic. Essential in countries that block VPNs (China, Russia, Iran). Obfuscated servers can bypass Deep Packet Inspection (DPI) that would otherwise detect and block VPN connections.
Onion Over VPN
A feature that routes your already-encrypted VPN traffic through the Tor network for maximum anonymity. Combines VPN encryption with Tor's multi-layer routing. Slower but provides exceptional privacy for sensitive activities.
OpenVPN
An open-source VPN protocol that's been the industry standard for over a decade. Very secure and highly configurable, but slower than modern alternatives like WireGuard. Available in UDP (faster) and TCP (more reliable) variants.
P
P2P (Peer-to-Peer)
A network architecture where devices communicate directly with each other rather than through a central server. Used for torrenting. Some VPNs offer P2P-optimized servers specifically designed for file-sharing traffic.
Port
A virtual endpoint for network communication. Different services use different ports (HTTP uses 80, HTTPS uses 443). VPNs typically use ports like 1194 (OpenVPN) or 51820 (WireGuard). Some networks block VPN ports; switching ports can help bypass restrictions.
Protocol (VPN Protocol)
The set of rules governing how data is transmitted between your device and the VPN server. Common protocols include WireGuard, OpenVPN, and IKEv2. Each has different trade-offs between speed, security, and compatibility.
Proxy
A server that acts as an intermediary between you and the internet. Unlike VPNs, proxies typically don't encrypt traffic and only work for specific applications (like your browser). VPNs are more secure and protect all your device's traffic.
R
RAM-Only Servers
VPN servers that run entirely in volatile memory (RAM) rather than hard drives. When servers restart, all data is wiped. This makes it physically impossible to store long-term logs. ExpressVPN's TrustedServer and NordVPN use this technology.
Router VPN
Installing a VPN directly on your router rather than individual devices. This protects all devices on your network (including smart TVs and game consoles that don't support VPN apps) but can be technically challenging to set up.
S
Server (VPN Server)
A computer that receives your encrypted traffic, decrypts it, and forwards it to websites. VPN providers operate thousands of servers worldwide. You choose which server to connect to based on desired location or specialized function (streaming, P2P, etc.).
Simultaneous Connections
The number of devices you can connect to a VPN at the same time with one subscription. Common limits are 5-10 devices. Surfshark offers unlimited simultaneous connections, making it ideal for households with many devices.
Split Tunneling
A feature that lets you choose which apps or websites use the VPN while others connect directly. Useful for using a VPN for streaming while keeping local services (like banking) on your regular connection for better compatibility.
SSL/TLS
Secure Sockets Layer / Transport Layer Security. The encryption protocols that secure HTTPS websites (the padlock icon). Some VPN protocols use SSL/TLS for their encryption. SSL is the older standard; TLS is the modern successor.
T
Throttling (Bandwidth Throttling)
When your ISP intentionally slows down certain types of traffic (like streaming or torrents). VPNs can bypass throttling by hiding what you're doing from your ISP. If Netflix is slow without a VPN but fast with one, your ISP is probably throttling.
Tor (The Onion Router)
A free anonymity network that routes traffic through multiple volunteer-operated servers, encrypting at each step. Provides stronger anonymity than VPNs but is much slower. Can be combined with VPNs (Onion over VPN) for maximum privacy.
Tunnel (VPN Tunnel)
The encrypted connection between your device and the VPN server. All your internet traffic passes through this "tunnel," hidden from outside observers like your ISP. The metaphor reflects how data travels securely through potentially hostile territory.
U
UDP (User Datagram Protocol)
A communication protocol that's faster but less reliable than TCP. UDP doesn't verify that packets arrive in order. VPNs often default to UDP for speed. If you have connection issues, switching to TCP may help.
V
VPN (Virtual Private Network)
A service that encrypts your internet traffic and routes it through a server in a location of your choice. VPNs hide your online activity from your ISP, protect you on public WiFi, and let you access geo-restricted content by changing your apparent location.
Virtual Server (Virtual Location)
A VPN server that assigns you an IP address from a country where the physical hardware isn't actually located. Used to offer IP addresses in countries where operating servers is difficult or illegal. Performance may differ from physical servers.
W
WebRTC
Web Real-Time Communication—a browser technology enabling direct video/audio calls. WebRTC can leak your real IP address even when connected to a VPN. Good VPNs include WebRTC leak protection, or you can disable it in browser settings.
WireGuard
The newest major VPN protocol, known for exceptional speed and simplicity. WireGuard's codebase is ~4,000 lines (vs OpenVPN's ~100,000), making it easier to audit for security flaws. Now supported by most major VPNs and is typically the fastest option.
Z
Zero-Knowledge
A security model where a service provider has no ability to access your data, even if they wanted to. In VPN context, this typically refers to no-logs policies combined with encryption that prevents the provider from seeing your traffic content.
Ready to Choose a VPN?
Now that you understand the terminology, see how top VPNs compare on the features that matter.