VPN Glossary

There are lots of terms surrounding VPNs. Most are probably straightforward but others could be brand new to you and are what make some VPNs unique. Clarifying it all will round out your knowledge of what VPNs are for and how they work, and could help in your decision to pick one over another.

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z



A common encryption method, standing for Advanced Encryption Standard, that's used by websites, VPNs, and apps that prioritize privacy.

AES-256 and AES-192 are common terms used by VPNs. Called block ciphers, they refer to the key length used to encrypt the data. The higher the number, the longer the key size and the harder it is to find the right combination that unlocks the data.

See Can VPNs Be Hacked? for more information.


A situation in which your identity is unknown and your true origin untraceable.

One of the driving factors for why so many people use a VPN is because it can help you stay anonymous online. There's less to be known about you if the VPN supports encryption and keeps no logs of your activity.

Remember, however, that there are things you can do while connected to a VPN that jeopardize your anonymity.



The maximum amount of data that can pass through a network connection over a specific period of time. Higher bandwidth means higher speeds.

It's often written in megabits per second, such as 150 Mbps.

A VPN provider that doesn't limit how much data you can use within a given period of time is said to offer unlimited bandwidth.

Bandwidth Throttling

A practice imposed by some ISPs that limits a user's available bandwidth under certain conditions, usually high-bandwidth cases like when downloading torrents or streaming movies.

Your bandwidth might be manipulated to save the company money or to limit network congestion. In the context of a VPN, encryption prevents your internet service provider from knowing that you're engaging in those activities, so it's less likely that they'll lower your speeds while you're using one.

That said, a VPN isn't a foolproof way to get around this. The ISP can still monitor some things even when the connection is encrypted, such as how much data you're using. That can lead them to impose a bandwidth limit even though they don't know what, exactly, you're doing.

Browser Extension

A small program that runs inside a web browser, such as Chrome or Firefox.

Extensions are installed by the browser and exist there only. Since they work within that context, a VPN browser extension will protect your web browsing but not any non-browser functions, such as emails you send through a desktop client or games played outside the browser. It works only within the browser for which it's installed.

Not all VPNs provide a browser extension, and they don't all work the same. Some, for example, serve only as a remote for controlling the desktop VPN.



Also called digital or virtual currency, it's a digital-only method of transferring money. Cryptography is used to provide a level of privacy not afforded to traditional payment systems where the user is tied to the bank account.

Some VPN providers accept cryptocurrencies as a way to pay for the service. There are thousands, but Bitcoin (BTC) and Ether (ETH) are a couple of the more well-known options.


Data Retention

The act of storing data, such as connection logs, for a set period of time, usually to follow legal orders or business-related archival requirements.

Some countries and companies don't have data retention laws, making them an attractive option for users looking for ultimate privacy. Knowing if a VPN records your real IP address or the sites you visit is important if you're looking for a truly private VPN.

Dedicated IP Address

A static IP address that's completely unique to each user. It's the opposite of a shared IP address.

Since dedicated addresses are, by definition, not used by anyone else, they come with some extra benefits:

  • They're less likely to be blocked by streaming services, banks, etc.
  • They afford you the ability to permanently access a home server without dealing with an ever-changing IP address (port forwarding is another component the VPN must allow for this to work).
  • It's less likely that you'll need to repeatedly verify your identity when using secure services.
  • You get an address that isn't shared with other, possibly disreputable users, that could be giving that address bad credit.

However, since dedicated addresses aren't used by others, they're considered less secure than shared ones. It's easier to pinpoint who was using a particular IP address when there's only one possible user.

Desktop VPN

A VPN app running from a computer.

When a computer is using a VPN, all the programs have access to the encryption benefits (unless split tunneling is used). This includes any and all video games, email programs, and other software that use the network.

A computer-based VPN also covers web browsers, so a VPN browser extension is unnecessary if a desktop program is used.

Device Fingerprint

A collection of information that can be used to identify a device.

In the context of a VPN, it's important to be aware of device fingerprinting (aka, machine fingerprinting) because despite the VPN giving you a different IP address, other details can still be used to identify you. This could include things like your operating system, hardware serial numbers, web browser settings, and MAC address.


Short for Domain Name System, it's used to translate human-readable words, such as thenewreview.com, into machine-readable IP addresses. This works through DNS servers.

DNS Leak

When DNS queries are made outside of the security of the VPN.

Ideally, the communication between a DNS server and your device would remain within the VPN's secure tunnel, but when it doesn't, it's called a DNS leak. A leak could mean that someone else, like your ISP or a third-party company, can see these DNS queries and make out which sites you're visiting.

Phishing is another threat that comes with DNS leaks. The server handling the DNS requests could theoretically send you to lookalike websites that are there only to fool you into typing in sensitive information like your passwords, which they could then use to pose as you.

Some VPNs offer built-in protection from DNS leaks by providing their own encrypted DNS service. That's the best way to prevent leaks, but another option is to configure your own settings that point to DNS servers that are known to respect your privacy.

Double VPN

A method in which the VPN client connects to two servers instead of one. It's sometimes called a multihop VPN.

Typically, when you power on a VPN, it goes through the same process each time: one server decrypts your data, deals with it (like requests a website you're after), and then decrypts it again before sending it back to your VPN program.

In a double VPN scenario, the same steps happen but instead of requesting the data right away, it's all sent to a second server to handle whatever it is you're wanting.

Here's the full process of a multihop VPN:

  1. Your VPN app encrypts your request and sends it to the first server.
  2. The first server decrypts it and provides a new IP address.
  3. The data is decrypted and sent to the second server.
  4. The second server decrypts it and provides a new IP address.
  5. The request is made on your behalf and then encrypted before being sent back to you.

One of the selling points of this method is that your ISP won't see the final server you land on, just the first one. The second server also never sees your real IP address since it can only see the first server's address.

Another way to think of it is in terms of the server getting hacked. When using two servers, the second/end server could get hacked and expose your "real" IP address, but it'd really just be the first server's address.

A VPN program that has built-in support for this is a better choice than trying to run two VPNs at once.



One core function of a VPN is encryption, which is the use of an algorithm to transform data from plaintext to ciphertext. It makes the data running through the network unreadable until the VPN server or client has decrypted it.


Five Eyes

The 5 Eyes (FVEY) are these five countries that have an intelligence-sharing agreement: US, UK, Canada, Australia, and New Zealand. Various intelligence agencies from each country work in unison with companies like internet service providers to spy on users.

People often avoid VPNs that are incorporated within the Five Eyes in an effort to minimize the possibility that their data will be collected and shared.

9 Eyes and 14 Eyes are two other alliances whose terms come from the fact that more countries are involved:

  • Nine Eyes: 5 Eyes + Denmark, France, the Netherlands, and Norway
  • Fourteen Eyes: 9 Eyes + Germany, Belgium, Italy, Sweden, and Spain

See What's wrong with a Five Eyes VPN? for a little more on this.



Also called geoblocking, it's the restricting of content based on a user's location.

A VPN that can bypass geoblocks might let you access Netflix in your home country even when you're traveling abroad. Governments can use geographical restrictions to limit what people within their borders are allowed to access online.



Short for Internet Key Exchange Version 2 and also called IKEv2/IPsec, it's a VPN protocol that encrypts data using IPsec.

One advantage this protocol has over some other ones is the ability to hold its connection with the VPN server even while switching networks, such as when moving from a mobile connection to Wi-Fi. This is possible through a built-in mechanism called Mobility and Multihoming Protocol (MOBIKE).

IKEv2 uses UDP packets.

IP Address

A unique identifier that all network-connected devices must have in order to access the internet.

A device is provided a public IP address from its ISP but will use a VPN server's IP address once a connection has been established. It's this change in address that provides location anonymity and geoblocking benefits.

VPNs can offer multiple kinds of addresses, including static IP addresses, shared IP addresses, and dedicated IP addresses.


Short for Internet Protocol Security, it's a network protocol that encrypts traffic on a VPN.


An ISP, or internet service provider, is the company that provides you with a connection to the internet. They serve you an IP address so that you can communicate with other devices on the internet, including VPNs.

You can think of ISPs as bridges that connect every device to the internet. You need one to reach a VPN and a VPN needs one to reach the internet.


Kill Switch

A feature in some VPN programs that will automatically disable access to the internet if the connection to the server has been terminated. Since your real IP address is visible when the VPN is disabled, it's used to ensure that your address is hidden at all times to avoid data leaks.

Although most VPN apps notify you of a disconnect, it's possible for the connection to shut down without your knowledge, so enabling a kill switch is a good way to guarantee the greatest privacy.



Short for Layer 2 Tunneling Protocol, it's a protocol used by VPNs that allows data to move from your private network to another one over the public internet.

On its own, it doesn't provide any encryption, which is why it's often paired with IPsec.


A file that maintains a record of some sort.

A VPN provider might keep connection logs to understand how much data is being transferred, how long users are connected to specific servers, how often you use the service, or which platforms the company's apps are running on. Usage logs could include a user's original IP address and the websites they've been visiting.

A provider that advertises "zero logging" presumably deletes or never even creates these kinds of logs, or might keep only anonymous information. How long a log is kept depends on the provider's data retention policy.

See Can VPNs Monitor What I'm Doing? for more on whether a VPN can really get by with zero logs, whether they can see your passwords, and how to confirm their logging policies.



A unit, standing for megabits per second, used to measure bandwidth.

When testing how fast a VPN is, you'll get two numbers: an upload and a download speed, both often expressed in megabits per second.

Mobile VPN

An app running from a phone or tablet that provides access to a VPN. By default, everything running from the device will use the VPN, including all browsers, games, and other apps.

You might use this kind of VPN to unblock apps you can't use in your country or to watch videos or view sites from your phone that are unavailable from your real location.

Multi-factor Authentication

Sometimes abbreviated MFA, it's a way to confirm a user is who they say they are by having them present two or more pieces of information before they're given access to something.

One of the most popular ways this is used is through two-factor authentication (2FA), which is when two of these items are required: something they know (like a password), something they have (a physical device), or something they are (fingerprint, facial recognition, etc.).

Two-step verification is a widely used form of MFA.


Onion Network

A network of devices that data can be transmitted through to provide anonymity. It can be used to make a VPN more secure.


A VPN protocol that typically works through a software program and a certificate file, but some VPN apps include it in the client.

This protocol is often preferred over other ones because it's faster. It runs over TCP or UDP; you can pick which one to use if the app allows that level of customization.

Setting up a VPN manually often involves using OpenVPN.

There's a lot more information on this protocol at OpenVPN.net.



Peer-to-peer (P2P) refers to a connection that doesn't involve a server; devices communicate with one another directly. Instead of one device uploading data to a server and then other devices downloading that same data from the server, the clients communicate with one another directly.

The use of torrents over the BitTorrent protocol, a common reason people use VPNs, is a primary example of a P2P network.

Ping Time

The time it takes for a server to respond. Measured in milliseconds (ms), a lower ping time is often preferred for live streams like online gaming and video calls.

50 ms or higher is often considered a slow ping time.


Short for Point-to-Point Tunneling Protocol, it's a fast VPN protocol but is known to have security vulnerabilities.

This protocol shouldn't be your first choice but might be preferred if security isn't a concern.


A server that sits between your device and the internet, through which your network traffic is passed.

Proxies are a lot like VPNs in that they can quickly hide your IP address. Everything you do while connected to a proxy goes through that server, so websites you visit will see the proxy's IP address instead of your real one. If it's based in another country, your location will appear to be coming from there, just like with a VPN. A popular way people use them is through a website, which is where web proxies get their name.

However, the crucial difference between a VPN and a proxy is that some proxies don't encrypt your data. Hackers, ISPs, and anyone else looking in on an unencrypted connection has a much easier time seeing what you're doing. Web proxies might be really tempting to use because they're often free, are faster than VPNs, and work in seconds through a website, but they're sometimes not as secure. Plus, where a VPN which might be extensively transparent about their logging practices, a proxy usually isn't.

Even so, they still have their benefits if security isn't a top priority. You don't necessarily need a VPN if you just want to get around a content filter, access a website that has blocked your IP address, or watch a video that's restricted in your country.



A device that sits between you and the internet that forwards data to the appropriate device, like to a computer in your house or a server on the internet. It's a necessary component of any network that needs access to the internet.

Router-based VPNs provide benefits to all devices connected to the router, eliminating the need to run one through a mobile app, desktop program, or browser extension. It's also useful for forcing other devices to use the VPN even when individual setup is hard or impossible, like on streaming devices, game consoles, smart TVs, and guest devices.

Setting up a VPN on a router is registered by the VPN provider as only one connection, making it a smart way to bypass simultaneous connection limitations.


Shared IP Address

An IP address that's used by multiple users. It's the opposite of a dedicated IP address.

Shared IP addresses as considered more secure than dedicated ones since it's much harder to track someone who's using the same IP address as dozens or hundreds of other people. All the users are mixing their traffic together, essentially allowing plausible deniability for everybody.

Simultaneous Connections

The number of devices that can simultaneously connect to a service from a single account.

Some VPN providers let you share your account between two or more devices, such as your phone and computers. Most providers allow at least a few simultaneous connections while others put no limit on how many one account can support.

Be aware, however, that while there's usually no limit to how many devices can be set up with the VPN, you might still be restricted to using your account simultaneously on just a few (i.e., 50 devices can be signed on to your account but only five can be connected to a server at one time). In some cases, despite the ability for more than one device to access the VPN at once, the provider might allow only one to access a specific combination of server+protocol at once (but that shouldn't be a concern for most people).

Setting up the VPN from a router is often recommended to free up connection slots.

Smart DNS

A location-spoofing method that you can use to access content that's restricted to certain parts of the world.

In a regular situation when your DNS settings are set to their defaults by your ISP, if you were to try loading a video from a website that only accepts UK residents, but you're from Australia, the DNS server you'd be using would likely be local to your country and would therefore give away to the UK site that you're from Australia, restricting your access.

Smart DNS in this situation would be useful because it could use a DNS server in the UK instead so that the website will think that you're local and will grant you access.

Not sure if this is what you need? See Is Smart DNS the same as a VPN? for all the details.

Split Tunneling

A feature in some VPN programs that lets you pick which apps should use the VPN and which should not.

Maybe you want your web browser activity encrypted but not your email program, or you don't mind that your gaming apps bypass the VPN but you want to ensure that your banking apps are protected. This is easy to control with a VPN client that supports split tunneling.

Although not as common, some VPNs let you get really specific and choose which websites should and shouldn't use the VPN.

Static IP Address

An IP address that doesn't change. They come in two forms: shared and dedicated.

Regardless of the type, they both offer the benefit of an unchanging location. Conversely, when using a server that has a changing IP address, you might appear to be in a different region each time you connect.

You might use a static IP address if the VPN service supports remote access and you want to always have access to a resource on your computer (like a file server) when you're away.



Short for Transmission Control Protocol, it's a method for sending data over the internet where confirmation of delivery is important.

Unlike UDP, TCP is more reliable because it checks that the data was delivered properly. If it wasn't, the recipient device can request that it be sent again because bidirectional communication is supported. It's used when doing things like downloading files.

This error checking causes it to be slower than UDP but more reliable. The data is for sure delivered each and every time, but not at the speeds supported by UDP.

Two-step Verification

Also called two-step authentication, it's a kind of multi-factor authentication where the user can't log in to their account until they provide something else in addition to their password.

A common implementation of this is to have the user receive a code over text or email that they must enter on the login page with their password. The reason this is considered more secure than just entering a password is because the user is confirming that they also have access to the phone or email account associated with the account.



Short for User Datagram Protocol, it's a connectionless protocol used for sending data over the internet where there's no guarantee that the information has been delivered.

Unlike TCP, a VPN that uses UDP doesn't wait around to confirm that each and every packet was received. Some may be corrupt or lost but the delivery won't be interrupted or restarted.

Due to the lack of delivery confirmation, it's faster than TCP but not as reliable. It's commonly used when streaming where low latency is important but not every data packet is necessary. Live broadcasts and online gaming, for example, require data in real time and have no use for old, repackaged data, so TCP here is unnecessary.


Virtual Server

A virtual server could mean one of two things depending on what's being discussed: 1) a server whose IP address originates from a different country than the physical server, or 2) a server that's installed in a virtual environment.

Some VPNs call the first type a geo-located region or a fake server location. A VPN might offer virtual servers so that you can appear to be connected in the location you choose but without your data having to actually be routed through that country. For example, if there's a virtual server in Indonesia, you'll get an IP address from there when you connect to it, but the server you're using might really be located in Malaysia.

This might be a preferred setup in situations where there are benefits to having an IP address from that location but a physical server costs too much to maintain or isn't allowed due to local laws.

The term can also describe servers that are installed on virtual machines. A VPN might use this kind of server for easier management or to save money without compromising functionality or security.

VPN Client

The tool that a VPN user must have in order to actually use a VPN.

A VPN client is software running on a phone, computer, router, TV, etc. that sends data to, and receives data from, a VPN server. It also encrypts and decrypts data as necessary in real time.

VPN Protocols

Rules that dictate how devices communicate with each other.

VPNs require at least one protocol so that your device and the VPN server can understand how to transfer data. There are different kinds because some offer better encryption than others or favor speed over security. The protocol you use depends on what the app supports.

You can sometimes choose which one to use if there are multiple options. Otherwise, the app will pick for you. It's common to deal with protocols when setting up a VPN manually.

Some examples include WireGuard, IKEv2, and OpenVPN.

VPN Server

An essential part of a VPN that a client device communicates with. Every VPN provider has servers that their users connect to in order to access the broader internet. They're often strategically positioned around the globe and you can sometimes decide which server to use.

The server is what gives you a different IP address. See What Are VPN Servers? for more.

VPN Tunnel

Used to describe the tunnel-like quality of a VPN. Some VPN terms use this word as another way to refer to its private nature. You can also think of it as a pipe or channel that connects a client and server. It's through this encrypted tunnel that data travels.


Warrant Canary

A method where a company informs its users that it has been served with a government subpoena.

This is important in the context of a VPN because a user's data flows through the company's servers. Depending on the VPN's poicies, it could have retained data that it could retrieve and hand over to authorities.

A warrant canary usually has a date associated with it, that's supposed to be updated daily. Since there are legal implications for the service provider if they reveal the existence of the subpoena, the warrant canary page might be deleted or not updated if the VPN provider was served with a subpoena.


Short for Web Real-Time Communication, it allows for P2P web browser communication. A WebRTC leak is when a website determines your real IP address.


A protocol used by some VPN apps. Built to be faster and more reliable, it's meant to replace older standards like IPsec and OpenVPN.

Visit Wireguard.com to learn more.