Affiliate Disclosure: We earn commissions from some links below. This never affects our editorial independence.
Home » Blog » VPN Glossary

VPN Glossary

75+ VPN and privacy terms explained in plain English.

Updated: December 2025 Reference Guide

Jump to Section

A B C D E F G H I K L M N O P R S T U V W Z

A

AES (Advanced Encryption Standard)

The encryption algorithm used by most VPNs. AES-256 (256-bit) is considered unbreakable with current technology. It's the same encryption used by governments and banks. When a VPN advertises "military-grade encryption," they usually mean AES-256.

Anonymity

The state of being unidentifiable. VPNs provide privacy (hiding what you do) but not complete anonymity (hiding who you are). True anonymity requires additional tools like Tor. Be skeptical of VPNs claiming "100% anonymity."

Audit (Security/No-Logs)

An independent examination of a VPN's security practices and logging claims by a third-party firm. Reputable auditors include PwC, Deloitte, and Cure53. Audits don't guarantee safety but provide more assurance than marketing claims alone.

B

Bandwidth

The amount of data that can be transferred over a connection in a given time. Often confused with speed. Some free VPNs limit bandwidth (e.g., 500MB/month). Premium VPNs offer unlimited bandwidth.

Browser Extension

A VPN that runs only within your web browser (Chrome, Firefox, etc.). Only protects browser traffic — other apps remain unprotected. Lighter than full VPN apps but less comprehensive protection.

C

Cipher

The algorithm used to encrypt and decrypt data. Common VPN ciphers include AES-256, ChaCha20 (used by WireGuard), and Blowfish. Stronger ciphers are more secure but may be slower.

Connection Logs

Records of when you connected, how long, and bandwidth used — but not what sites you visited. Less invasive than activity logs but still a privacy concern. Some "no-log" VPNs still keep connection logs.

D

DNS (Domain Name System)

The internet's phone book — translates domain names (google.com) into IP addresses. Without VPN protection, your ISP handles DNS and sees every domain you visit. Good VPNs run their own DNS servers.

DNS Leak

When DNS requests bypass the VPN tunnel and go to your ISP instead. This exposes which websites you visit even while connected to a VPN. Quality VPNs include DNS leak protection. Test yours at dnsleaktest.com.

Double VPN (Multi-Hop)

Routing your traffic through two VPN servers instead of one. Provides extra encryption and makes traffic harder to trace, but reduces speed. Useful for high-security situations. NordVPN and Surfshark offer this feature.

E

Encryption

The process of scrambling data so only authorized parties can read it. VPNs encrypt your traffic so your ISP, hackers on public WiFi, and others can't see what you're doing online. See also: AES.

Exit Node

The server where your VPN traffic emerges onto the regular internet. The exit node's IP address is what websites see. With Tor, exit nodes are run by volunteers; with VPNs, by the VPN company.

F

Five Eyes (FVEY)

An intelligence alliance between US, UK, Canada, Australia, and New Zealand. These countries share surveillance data. Privacy-conscious users often prefer VPNs based outside Five Eyes jurisdictions. See also: Fourteen Eyes.

Fourteen Eyes

Extended intelligence alliance including Five Eyes plus Denmark, France, Netherlands, Norway, Germany, Belgium, Italy, Sweden, and Spain. These countries cooperate on surveillance. VPN jurisdiction outside 14 Eyes is considered more private.

G

Geo-Blocking (Geo-Restriction)

Restricting content access based on your geographic location. Streaming services use geo-blocking to enforce licensing agreements. VPNs can bypass geo-blocking by making you appear to be in a different country.

H

Handshake

The initial negotiation between your device and a VPN server to establish a secure connection. During handshake, encryption keys are exchanged. A secure handshake prevents man-in-the-middle attacks.

I

IKEv2 (Internet Key Exchange version 2)

A VPN protocol known for stability and speed, especially on mobile devices. Handles network switching (WiFi to cellular) gracefully. Developed by Microsoft and Cisco. Learn more in our protocols guide.

IP Address

A unique number assigned to your device on a network (like 192.168.1.1 or 2001:db8::1). Your public IP address identifies you to websites. VPNs replace your real IP with the VPN server's IP, masking your identity and location.

IP Leak

When your real IP address is exposed despite being connected to a VPN. Can occur through WebRTC, DNS leaks, or VPN disconnections. Quality VPNs include leak protection. Test yours at ipleak.net.

ISP (Internet Service Provider)

The company that provides your internet connection (Comcast, AT&T, etc.). Without a VPN, your ISP can see every website you visit. In many countries, ISPs are required to retain this data. A VPN encrypts traffic so your ISP sees nothing.

K

Kill Switch

A feature that blocks all internet traffic if your VPN connection drops. Prevents accidental exposure of your real IP address. Essential for privacy-conscious users. All premium VPNs should include this.

L

Latency (Ping)

The time it takes for data to travel from your device to a server and back, measured in milliseconds (ms). Low latency is crucial for gaming and video calls. VPNs add some latency; closer servers minimize this.

Logging (Activity Logs)

Recording what users do online — sites visited, files downloaded, etc. Reputable VPNs have "no-logs" policies meaning they don't record your activity. Always verify through independent audits, not marketing claims.

M

Man-in-the-Middle Attack (MITM)

An attack where someone intercepts communication between you and a website. Common on public WiFi. VPN encryption prevents MITM attacks by making intercepted data unreadable.

Metadata

Data about data — when you connected, how long, how much bandwidth, etc. Even without content, metadata reveals patterns. Some VPNs log metadata while claiming "no logs" (technically no activity logs).

N

No-Logs Policy

A VPN's commitment to not record user activity. The gold standard for privacy. Should be verified through independent audits. Watch for fine print — some "no-logs" VPNs still keep connection logs.

O

Obfuscation (Stealth Mode)

Technology that disguises VPN traffic to look like regular HTTPS traffic. Useful for bypassing VPN blocks in restrictive networks or countries (China, Iran). Not all VPNs offer obfuscation.

OpenVPN

An open-source VPN protocol that's been the industry standard for years. Highly secure, extensively audited, works on almost any device. Slower than WireGuard but more versatile for bypassing blocks.

P

P2P (Peer-to-Peer)

A network where computers connect directly to each other rather than through a central server. Used for torrenting. Some VPNs block P2P traffic; others allow it on specific servers. Check before subscribing if you torrent.

Port

A virtual endpoint for network communication. Different services use different ports (HTTPS uses 443, VPNs often use 1194 or 443). Port forwarding in VPNs can improve P2P speeds.

Protocol

The set of rules governing how your VPN connection works. Major protocols include WireGuard, OpenVPN, and IKEv2. Each has tradeoffs between speed, security, and compatibility.

Proxy

A server that acts as an intermediary between you and websites. Changes your IP but doesn't encrypt traffic like a VPN does. Less secure but sometimes faster. SOCKS5 proxies are common for torrenting.

R

RAM-Only Servers

VPN servers that run entirely in RAM (memory) instead of hard drives. When rebooted, all data is wiped. Even if physically seized, no user data remains. NordVPN, ExpressVPN, and Surfshark use RAM-only servers.

S

Split Tunneling

A feature that lets you choose which apps use the VPN and which use your regular connection. Useful for accessing local services (banking) while keeping other traffic protected. Available in most premium VPNs.

SSL/TLS

Encryption protocols that secure web traffic (the "S" in HTTPS). Protects data between your browser and websites. VPNs add another layer — SSL/TLS protects content; VPNs hide that you're communicating at all.

T

Tor (The Onion Router)

A free network that routes traffic through multiple volunteer relays for anonymity. Stronger privacy than VPN but much slower. Some VPNs offer "Onion over VPN" combining both. Best for high-security needs.

Tunnel

The encrypted connection between your device and a VPN server. All your traffic travels through this "tunnel," protected from outside observation. Tunneling is what makes VPNs work.

U

UDP (User Datagram Protocol)

A fast, lightweight network protocol used by most VPN connections. Faster than TCP but doesn't guarantee packet delivery. Most VPNs use UDP by default; switch to TCP if connections are unstable.

V

VPN (Virtual Private Network)

A service that encrypts your internet traffic and routes it through a server in a location you choose. Hides your IP address, prevents ISP surveillance, and can bypass geo-restrictions. The core technology this entire site is about!

W

WebRTC

A browser technology for real-time communication (video calls, etc.) that can leak your real IP address even while using a VPN. Quality VPNs include WebRTC leak protection. Can also be disabled in browser settings.

WireGuard

A modern VPN protocol released in 2020. Faster and more efficient than OpenVPN with just 4,000 lines of code (vs 400,000+). Now the preferred protocol for most users. NordVPN calls their implementation "NordLynx." See our protocols guide.

Z

Zero-Knowledge

A privacy model where the service provider has no knowledge of your activity or data. True zero-knowledge VPNs don't know who you are or what you do. Mullvad approaches this with anonymous accounts (no email required).

Learn More

→ VPN Protocols Explained → VPN Buying Checklist → Best VPNs 2025 → VPN Industry Ownership Exposed → Free VPN Data Selling Exposed → Renewal Prices Exposed