VPN Glossary: key terms explained (2024)

VPN Glossary: key terms explained (1)

Jump to:

  • Advanced Encryption Standard (AES)
  • Black box
  • Catapult Hydra
  • Cipher
  • Dark web
  • Deep Web
  • DD-WRT
  • Deep Packet Inspection (DPI)
  • Domain Name System (DNS)
  • Eavesdropping Attack
  • Encryption
  • Encryption Key
  • Five Eyes Alliance
  • Geo-blocking
  • IP address
  • IPv4
  • IPv6
  • IP leak
  • Jurisdiction
  • Key Exchange
  • Kill switch
  • Latency
  • Leak
  • Lightway
  • Logging
  • Man-in-the-middle attacks
  • No Logs Policy
  • Obfuscation
  • OpenVPN
  • Perfect Forward Secrecy
  • Ping
  • Protocol
  • Proxy
  • Public Wi-Fi
  • Split tunneling
  • strongSwan
  • Throttling
  • Tor
  • Tunnel
  • VPN Client
  • VPN Server
  • VPN Service
  • Warrant canary
  • WebRTC
  • White box
  • WireGuard

Virtual Private Networks (VPNs) are, undeniably, handy pieces of kit for anyone who values their digital privacy. They can put a stop to snooping cybercriminals, invasive ads, and ISP (internet service provider) throttling that can grind your streaming sessions to a halt. Unfortunately, the language used on provider sites can be super-techy and obscure.

If you've ever wondered just what encryption is, exactly, or the difference between a DNS leak and an IP leak, you’re not alone – and I'm here to help.

I've picked out the terms you're likely to come across when shopping around for the best VPN in the business. I've summed up each one with a jargon-free explanation that'll help you wrap your head around the key VPN concepts – whether you're totally new to the tech or have some experience under your belt.

Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES) is an encryption cipher that determines how data is encrypted and decrypted.

AES is the industry's gold standard, and you'll often find it described alongside the key length. AES-128 uses a 128-bit key, for example, whereas AES-256 encryption uses a 256-bit key. The more bits, the stronger the encryption, and AES encryption is virtually uncrackable (even when tested by brute force attacks).

Black box

Auditors use a "black box" testing technique to check out VPN services from the point of view of an everyday user – like you and me. While black box testing lets the auditor install and run the VPN, it doesn't allow them to comb through the service's app and server source code. That requires a "white box" test.

Catapult Hydra

A VPN protocol developed by Hotspot Shield. It uses TLS 1.2-based security, but additional details on how the protocol works haven't been shared by the provider.

Sign up to get the BEST of Tom’s Guide direct to your inbox.

Upgrade your life with a daily dose of the biggest tech news, lifestyle hacks and our curated analysis. Be the first to know about cutting-edge gadgets and the hottest deals.


Ciphers contain rules for data encryption and decryption – and there are all sorts of ciphers available. Blowfish is an enduring favorite, developed in 1993, and still widely used today. Advanced Encryption Standard (AES) is tougher, however, and has become the VPN industry's gold standard.

Dark web

Web content that lives on darknets, which are only accessible to savvy users with specific software. The TOR network is the most popular of these.

VPN Glossary: key terms explained (2)

Deep Web

Similar (but not the same as) the dark web, the deep web is any site that isn't indexed by search engines – think Google, Bing, etc. You can access these deep web sites via a direct URL or IP address, but you might need an additional password to view content.

Deep web sites are used for online banking, email providers, and forums where you'll need an account to join the conversation and check out content.


Firmware you can use to improve your wireless router's performance: better speed, more features, and extended functionality. You'll need to "flash" your router to do this, however, which can be risky. Lots of VPNs are compatible with DD-WRT (including ExpressVPN and NordVPN), meaning you can set them up on a range of wireless routers.

"DD" is a reference to Dresden, in Germany, where DD-WRT firmware was initially developed. "WRT" means wireless router.

Deep Packet Inspection (DPI)

Filtering technologies that inspect network traffic to understand its purpose. DPI uses pre-defined criteria to check out traffic, find viruses, malware, hackers, spam, and other threats, and block them. Unfortunately, DPI can also be used by repressive government regimes to monitor its citizens' online activity.

When you connect to a VPN, your traffic is encrypted and much harder for snoopers to inspect with DPI. That means you can go about your browsing with added peace of mind. DPI isn't a rock-solid guarantee of privacy, however, as it can be used to sniff out and prevent VPN usage.

Domain Name System (DNS)

DNS takes the URL you type into your browser's address bar and turns it into a numeric IP address that your device uses to find the webpage and load it up. DNS is often thought of as the translation of human inputs (like URLs and domain names) into computer-friendly numeric codes.

Your default DNS provider is usually your ISP (Internet Service Provider). However, connect to a VPN, and your DNS will be provided by the VPN service provider.

Eavesdropping Attack

A form of hacking that targets information as it is transmitted over unencrypted wireless internet connections. Often, these are free Wi-Fi hotspots you find in cafes and airports, and they typically don't require a password.

Eavesdropping attacks are sometimes called "sniffing attacks" or "spoofing attacks".


Encryption encodes data, turning it into a random string of unintelligible characters, and prevents it from being read by snoopers and hackers. An algorithm encrypts your data, and a cipher is used to subsequently decrypt it once it reaches its destination.

Today's best secure VPNs use a variety of encryption protocols to protect your data, but AES (Advanced Encryption Standard) is the most widely used and secure.

Encryption Key

Encryption keys are made up of random sets of information used to encrypt and decrypt data. You'll often see keys described alongside their size – like 1024 and 2048. The bigger the number, the more variations there are in the encryption process, and the harder it is for attacks to crack the code.

Five Eyes Alliance

An intelligence network made up of the UK, the US, Canada, Australia, and New Zealand. The existence of the Five Eyes Alliance (and the extent of its data harvesting) was unveiled in 2013, by Edward Snowden, and now we recommend sticking to VPN providers who are headquartered outside of the countries listed above.

Extended alliances exist, too – including the Nine Eyes and Fourteen Eyes.


Geo-blocks prevent you from accessing web content – and can limit certain sites, services, and apps to specific countries.

Streaming VPNs can help you get around geo-blocking measures, however, which is vital for folks trying to check out international Netflix libraries. So, if you're on vacation, traveling for work, or simply interested in what other regions have to offer, a VPN is your best bet.

IP address

An IP address is like a digital street name and house number – every device has one, just like physical houses, and they use them to communicate. Any gadget that can connect to the internet has a unique IP address that contains approximate location information and makes sure that the correct data gets routed to the correct computer.


IPv4 is what we call the 4th version of the internet's standard protocol, Internet Protocol (IP). IPv4 assigns a unique IP address to every internet-enabled device, allowing them to communicate and connect to the web.

We're rapidly running out of usable IPv4 addresses, however. The protocol is so popular, and there are so many devices connected to the internet, that it became necessary to develop a new standard protocol – IPv6.


Internet Protocol version 6 (IPv6 for short) is the newer version of IPv4. Like its predecessor, it defines how IP addresses are dished out to our gadgets and computers, and how they communicate.

IPv6 isn’t as widespread as IPv4, but it's certainly better. It's much quicker, simpler, and has 1,028 times more IP addresses than IPv4. That's good news, too, because we're quickly running out of IPv4 addresses.

IP leak

IP leaks occur when your IP address is visible – even though you're using a VPN.

If you're using your original DNS server, and not the one provided by your VPN, your ISP (internet service provider) can see everything you get up to online. Naturally, this is the last thing you want when using a VPN.

You can visit IPLeak.net, IPLeak.org, or BrowserLeaks.com to check for DNS leaks. Alternatively, lots of VPN providers have their own DNS leak tools – including ExpressVPN's excellent page.


The country where a VPN provider's headquarters are located. A VPN provider has to stick to the laws of the jurisdiction – which can vary from country to country.

Generally, we'd advise you to use a VPN headquartered in a country that isn't a part of the Five Eyes alliance – and one without invasive data retention laws.

Key Exchange

A process where two parties securely swap cryptographic keys that can be used to share encrypted data. Anyone who isn't an involved party will be unable to get their hands on a key (or a copy of the key) and, as a result, unable to decrypt the shared data.

Diffie-Hellman is a popular method of key exchange, along with Internet Key Exchange (which you might recognize from the IKEv2 protocol).

Kill switch

One of a VPN's most must-have features. A kill switch cuts your connection to the internet if your VPN connection drops out, and ensures that you don't suffer an IP leak. Without a kill switch, your identifiable information could become visible to snoopers, and your data could be left unprotected.


How long it takes for data to journey across a network from its source (usually your device) to its ultimate destination (like a website).

When you connect to a VPN, data leaves the source and is routed through the VPN server before it makes it to its destination. This is an extra step in the process – but an important one, as this is where your data is encrypted – that can increase latency.

VPN Glossary: key terms explained (4)


Whenever a VPN fails to keep your personal information secure and out of the hands of onlookers (including your internet service provider, the website you're on, other network users, or cybercriminals) it's known as a leak.

Common leaks include: IPv4, IPv6, DNS, and WebRTC.


A proprietary protocol created by ExpressVPN – and based on WireGuard. Like WireGuard, Lightway is more lightweight than OpenVPN, consisting of fewer lines of code. This means that it won't drain your device’s battery as fast or demand as many CPU requirements.

Lightway is quicker, connects faster, and is designed to handle common mobile networking hangups – like surprise signal dropouts. Most proprietary VPN protocols are closed-source, but Lightway bucks the trend, and you can comb through its source code yourself if you want to check that it's working as it should.

VPN Glossary: key terms explained (5)

<a href="https://go.expressvpn.com/c/4550836/1330033/16063?subId1=hawk-custom-tracking&sharedId=hawk&u=https%3A%2F%2Fwww.expressvpn.com%2Foffer%2Frecommended-deal%3Foffer%3D3monthsfree" data-link-merchant="expressvpn.com"" target="_blank" rel="nofollow">Looking in the Lightway: ExpressVPN
If Lightway has piqued your interest, you'll want to check out ExpressVPN. It's an awesome newbie VPN, thanks to a bevy of handy automations that handle all the complicated configurations for you, and it can unblock more content than you'll know what to do with. Take this super-fast service for a test drive with a 30-day money-back guarantee.


Generally, VPN logs are split into two categories: connection logs and usage logs. Connection logs are usually anonymized, and contain information about which server you're using, how long you've been connected to it, and the device you're using the VPN with. Connection logs help VPN services maintain their server networks and troubleshoot issues as they crop up.

Usage logs, on the other hand, are far more insidious. They can reveal your IP address, the websites and services you've visited, and your download history, which is a massive violation of your digital privacy. The Tom's Guide team doesn't recommend VPNs known to keep usage logs.

Man-in-the-middle attacks

A cyberattack that allows a snooper to listen in to conversations between a user device and the sites they visit – and record login details, financial information, and even credit card numbers. Armed with this information, the snooper can go on to impersonate the victim or empty their bank account.

No Logs Policy

A no-logs policy states that a VPN won't keep a record of a user's browsing history, download history, real IP address, DNS queries, or bandwidth usage. Today's top VPNs submit to independent audits of their no-log policies in the name of transparency.


Obfuscation makes encrypted VPN traffic look just like ordinary web traffic – so the websites you visit can't tell that you’re using a VPN at all. Obfuscation can help you access streaming platforms and blocked services, and nullify VPN bans imposed by certain websites or oppressive governments.

<a href="http://go.nordvpn.net/aff_c?offer_id=564&url_id=10992&aff_id=3013&aff_click_id=hawk-custom-tracking&aff_sub2=hawk-article-url" data-link-merchant="go.nordvpn.net"" target="_blank" rel="nofollow">The best VPN with obfuscated servers: NordVPN
NordVPN is my top pick overall when it comes to obfuscation. The provider has obfuscated servers you can connect to with just a click and get around those pesky VPN bans and check out content that might otherwise be unavailable in your current location. Check out NordVPN today with a handy 30-day money-back guarantee.

View Deal


A massively popular VPN protocol. OpenVPN is secure, configurable, and open-source – which means you could take a look at its source code (and pick out potential bugs or weaknesses) if you wanted.

OpenVPN's security and versatility have made the protocol a mainstay in the VPN world, but the WireGuard protocol (and proprietary protocols, like Lightway and NordLynx) are quicker.

Perfect Forward Secrecy

A method of encryption that frequently swaps the encryption keys that a VPN uses to encrypt and decrypt data. The constant switch-ups ensure that only a small percentage of data is exposed if a bad actor hacks a key.


A measurement of latency; how long it takes for data to travel along a network, from one device to the next, and come back with a response.

When you connect to a VPN, your traffic is routed through a VPN server after it leaves your device and before it reaches its ultimate destination. This extra step can result in increased ping.


Rules that dictate how data is transmitted between a VPN server and a user device, and how the VPN creates a secure connection between the two parties.

The protocols you'll see most often include OpenVPN, WireGuard, and IKEv2.


Proxies can help bypass geo-restrictions that block access to region-specific services or websites. By masking your original IP address and replacing it with one of the proxy's IP addresses, you can avoid restrictions.

However, proxies aren't usually encrypted, so they're often thought of as unblocking tools rather than a full privacy-enhancing security suite (like a VPN).

Public Wi-Fi

The free wireless connections offered by hotels, airports, cafes, and other public places. Anyone can connect to these public Wi-Fi hotspots – you won't need a password. However, because of this (and because public Wi-Fi hotspots are unencrypted), they're a notorious hotspot for hackers. Users are at risk unless they have a VPN to encrypt data transmitted to and from their devices.

Split tunneling

A feature offered by some VPNs that dictates whether traffic is routed through an encrypted VPN tunnel (for improved digital security) or the regular internet connection (in order to access websites and services restricted to your current location).

If an app isn't working properly with your VPN (a streaming service that blocks access if it detects that you're connected to a VPN server overseas, for example), you can set up split tunneling and direct app traffic through your original internet connection to avoid the problem in the future.


An open-source VPN app. You can use it on Windows, Mac, Android, and iOS, and it's compatible with most VPNs on the market.

Although strongSwan isn't packed with features, you can use it in place of a VPN provider's app if you're having trouble with it.


Internet throttling is a mode of digital traffic management that reduces connection speeds. Your internet service provider (ISP) might decide to throttle your connection if you're in the middle of a data-intensive activity (think HD streaming, online gaming, torrenting) to alleviate bandwidth demand.

A VPN prevents throttling by hiding your activity from your ISP – meaning it won't know what you're up to and won't know to throttle you.


The Tor Network (also known as The Onion Router) is an open-source project that enables secure and anonymous online communication. Tor achieves this by encrypting data multiple times and passing it through randomly selected volunteer-run services (or "nodes").

Although Tor and VPNs aren't the same, they can both mask your IP address and boost your digital privacy – and some VPNs are compatible with Tor.


The encrypted connection that links your device and another network. A VPN, for example, creates a secure tunnel between your device and the internet.

VPN Glossary: key terms explained (7)

VPN Client

The VPN client is the device owned (or used) by you, the VPN user. This device connects to the VPN server via the encrypted tunnel and can be a PC, laptop, smartphone, tablet, games console, TV, or even a router.

VPN Server

Servers run and maintained by the VPN provider that connect to the internet. VPN end users connect their devices to a VPN server of their choice via the encrypted tunnel. Most of today's top VPNs have hundreds (sometimes thousands) of servers dotted around the globe – talk about being spoiled for choice.

VPN Service

A service or company that provides VPN servers. These servers are scattered around the world and enable VPN users to connect to the internet via the secure encrypted tunnel.

Warrant canary

A document that subtly informs VPN users that a VPN provider has been ordered to reveal identifiable information about its users. Warrant canaries let users know that a VPN provider hasn't been lumped with a warrant or subpoena, up to a certain date. So, if the warrant canary is wildly out of date or removed altogether, VPN users can typically assume that the provider has come under investigation.


Created by Google, Web Real-Time Communications (WebRTC) is an open-source technology allowing web browsers (and other apps) to support audio, video, and other communications.

However, WebRTC can inform websites about the original IP address of a user, even if they have a VPN, which is known as a WebRTC leak.

White box

An in-depth method of software testing where auditors have access to apps and their source code.

White box VPN audits result in more detailed findings than black box tests, where auditors only have access to the same information as end users – meaning they can test apps, but can’t comb through the source code.


The next generation of VPN encryption – and the successor to OpenVPN in terms of popularity. WireGuard is easy to set up by design, contains fewer lines of code than OpenVPN, and often results in improved speed – making it a favorite of avid streamers and gamers.

<a href="http://get.surfshark.net/aff_c?offer_id=61&aff_id=1691&aff_click_id=hawk-custom-tracking&aff_sub2=hawk-article-url" data-link-merchant="get.surfshark.net"" target="_blank" rel="nofollow">Blazing fast WireGuard implementation: Surfshark
Surfshark is all-in when it comes to WireGuard, and is wickedly quick as a result. I often recommend Surfshark as a Netflix VPN, seeing as it can handle HD and 4K streaming without buffering hiccups, as well as your day-to-day browsing. You'll also get unlimited simultaneous connections, budget-friendly prices, and a handy 30-day money-back guarantee.

View Deal


We test and review VPN services in the context of legal recreational uses. For example:

1. Accessing a service from another country (subject to the terms and conditions of that service).

2. Protecting your online security and strengthening your online privacy when abroad.

We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

VPN Glossary: key terms explained (9)

River Hart

Tech Software Editor

River is a Tech Software Editor and VPN expert at Tom’s Guide—helping take care of VPN and cybersecurity content, publish breaking news stories, and ensure all of our VPN testing is as accurate as possible. When they’re not following the ins and outs of the VPN world, River can be found plugged into their PS5 or trekking through the Welsh countryside in a very practical, but unfortunately unfashionable, waterproof jacket.

More about vpns

Google One VPN set to shut down later this yearWhat are the benefits of using a VPN?


The best Brazil VPN in 2024
See more latest►

No comments yetComment from the forums

    Most Popular
    21 best Apple CarPlay apps every driver needs
    My cats have tested these robotic litter boxes for months — here’s the one they use the most
    Udio is a game changer for AI music — 9 best prompts to try now
    5 signs you need a king size mattress, not a queen
    The 8 best core workouts to build stronger abs and boost your balance without weights
    Apple Watch X — 5 upgrades Apple needs to make
    5 plants that attract butterflies and other pollinators to your yard
    This is the mattress Marriott hotels use — and where to buy them
    Lenovo Legion Go 2 and Asus ROG Ally 2 are coming soon — 5 things I want to see
    I'm a personal trainer — this 3-move foam roller routine reduces back stiffness in just 10 minutes
    You don't need the gym to build upper body muscle — just these 5 moves and a pair of dumbbells
    VPN Glossary: key terms explained (2024)
    Top Articles
    Latest Posts
    Article information

    Author: Edmund Hettinger DC

    Last Updated:

    Views: 5593

    Rating: 4.8 / 5 (58 voted)

    Reviews: 81% of readers found this page helpful

    Author information

    Name: Edmund Hettinger DC

    Birthday: 1994-08-17

    Address: 2033 Gerhold Pine, Port Jocelyn, VA 12101-5654

    Phone: +8524399971620

    Job: Central Manufacturing Supervisor

    Hobby: Jogging, Metalworking, Tai chi, Shopping, Puzzles, Rock climbing, Crocheting

    Introduction: My name is Edmund Hettinger DC, I am a adventurous, colorful, gifted, determined, precious, open, colorful person who loves writing and wants to share my knowledge and understanding with you.