A Guide to VPN Jargon

administrator

March 30, 2022

Recent News

Is BT webmail blocking VPN connections?

March 30, 2022

A Guide to VPN Jargon

March 30, 2022

Professional Security Always There To Keep Safe Copy

March 15, 2022

Let's Join Wih Us

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis pulvinar dapibus.

The Basics

Ad-blocker

An ad-blocker is a piece of software (usually a browser extension/add-on) that works to completely, or at least partially, prevent adverts from being displayed on the web pages you visit. Many ad-blockers can stop websites and organizations from tracking your online activities, and can help to block ad-based malware. Popular ad-blockers include Adblock Plus, AdGuard and uBlock Origin.

BitTorrent

BitTorrent is what’s known as a “peer-to-peer” protocol that allows for distributed and efficient sharing of files. Rather than there being a single, central server that everyone connects to in order to download something (a game, a book, a movie), you are, in fact, downloading little pieces of it from other people on the BitTorrent network all around the world. The BitTorrent protocol has many legitimate uses, but is well known for its popularity among people looking to download things illegally from sites such as The Pirate Bay.

Browser (also known as a web-browser)

A browser is the program/app you use to access the internet. There are many to choose from, but on a desktop PC the most common browsers are Firefox, Chrome, Microsoft Edge or Microsoft Internet Explorer. On Mac and iOS devices (like iPhones and iPads), it’ll usually be Safari. Android devices like phones and tablets will typically also use the Chrome web browser.

Browser add-on/extension/plug-in

Web browsers such as Chrome and Firefox allow you to download and install additional small programs that integrate (literally plug-in) with your browser to provide increased functionality. This can include everything blocking adverts, to changing the way Facebook works, or helping you check your grammar and spelling online. Here at afdolvpn, we are mainly concerned with extensions that improve users’ privacy and/or security, and have recommendations for Chrome and Firefox users.

Cookies (HTTP cookies)

These are small text files stored by your web browser. Cookies are used for many things, such as remembering your login for a website or storing your preferences. Unfortunately, cookies have been used by some websites to track visitors even after they leave that site (to the extent that the EU passed a not entirely effective “cookie law” to limit their use). Making sure you’re always connected to the internet through a VPN can help protect you from websites attempting to track you.

Cryptocurrency

A medium of exchange that uses cryptography to secure the transactions and to control the creation of new units, in theory making it nearly impossible to counterfeit. Bitcoin is the most famous example, but there are many other alternative cryptocurrencies, such as Ethereum, Coinbase, Ripple, and Dash (formerly Darkcoin). Unfortunately, as there is no government or regulatory oversight, cryptocurrency scams and abuse are a common problem.

Distributed Denial of Service Attack (DDOS)

A DDOS attack occurs when someone wants to prevent access to a network or website. They do this by flooding the target site/resource with fake connection requests, making sure that it’s so busy with the fake requests it can’t answer the real ones. DDoS attacks use compromised machines (computers and IoT devices) in order to create these fake requests, and can involve dozens of machines all sending requests at once. In essence, it’s like a traffic jam clogging up the motorway, preventing regular traffic from arriving at its destination. These attacks are often carried out to hold sites for ransom, denying them any legitimate traffic until the site owner pays up.

Domain Name System (DNS)

DNS lies at the heart of the internet as we know it today. At its core, DNS is a database used to translate the easy-to-understand and remember web addresses (URLs) that we are familiar with to their “true” numerical IP addresses computers can understand. For example, DNS connects the domain name afdolvpn.com to its IP address of 777.77.319.158. Without DNS, we would all have to browse the internet by typing in IP addresses.

Deep Fake

“Deep fake” is a portmanteau word made from “deep learning” and “fake” and is typically used to refer to a video that has been edited using AI to replace the person in the video with someone else in such a way that it appears entirely genuine (examples of well known deep fake videos include Barack Obama, Tom Cruise and Mark Zuckerberg).

Encryption

Encoding data using a mathematical algorithm (known as a cipher) in order to prevent unauthorized access to that data. Encryption is the one thing that prevents just about anyone from being able to read (or track you with) your digital data, and is the absolute cornerstone of all internet security. Strong encryption is very difficult to crack without the correct “keys”, so who holds or can access these keys is a vital security issue. We discuss many issues relating to VPN encryption in our complete encryption guide.

End-to-End (E2E) encryption

E2E encryption (Often shortened to E2EE) is a phrase you’ll see in lots of different places. Basically, end-to-end encryption is the act of applying encryption to messages on one device, and making sure that only the device the data is sent to can decrypt and open it. The message is encrypted all the way from the sender to the recipient. Many services and products do not use E2E encryption, instead encrypting your data and holding the keys for you. This can be very convenient (allowing easy recovery of lost passwords, syncing across devices, etc), but does mean that these services could be compelled to hand over your encryption keys if the government or police came looking for them. We therefore only consider products and services that use end-to-end encryption to be truly secure.

File sharing

Downloading and uploading files via a P2P (peer-to-peer) network such as BitTorrent. While file sharing is not illegal in itself, it is often associated with piracy of movies, music and software.

IP address (also known as an Internet Protocol address)

Every device connected to the internet is assigned a unique numerical identifier. This is your IP address. One of the most important things a VPN services does is to hide your real IP address from outside observers, which helps disguise where in the world you’re connecting from, which is important for things like accessing streaming content in other countries.

Internet Service Provider (ISP)

An ISP is the company that supplies your internet connection. In the UK this is usually someone like Virgin, Sky, BT or TalkTalk. Unless your internet data is encrypted (by using a VPN, for example), your ISP can track and log exactly what you get up to on the internet. In many counties (notably in Europe) ISPs are required by law to keep customer data, and to hand it over to the authorities if requested.

Kill-switch

This is a feature built into some VPN clients that prevents you from connecting to the internet if no VPN connection is present. This is important, as even the most stable VPN connection can ‘drop’ occasionally, and, if a kill-switch isn’t used, your internet activity will be visible to anyone watching. Note that we call this feature a kill-switch, but the term is not standardized, and may also be called secure IP, internet block, network lock, or something else entirely, but they all serve the same purpose.

Logs

Records kept, for example, by an ISP or VPN provider. Some VPN providers keep extensive logs of customers’ internet activity, while some claim to keep none at all. Of those who claim to keep no logs, here at Afdolvpn we make a clear distinction between those who keep no logs of what users get up to the internet (i.e. no usage logs) but do keep some connection logs, and those who claim to keep no logs at all.

Password/passphrase

The single most important thing that anyone can do to strengthen their online security is to use better passwords. Weak passwords are an absolute gift to criminals or anyone else who might wish to access your data, so no using “123456” or “password” or your date of birth!

The strongest passwords include a mix of capital and non-capital letters, spaces, numbers, and symbols. Remember, length is extremely important, so we recommend creating a password out of three words that only you will remember, and combining them with the above (for example: “L3mon4de,T0adsto0L P1g3on!“). Utilizing easy-to-remember phrases provides far greater security than six or seven random numbers, letters, and characters.

Password manager

In our Ultimate Privacy Guide, we suggest ways to pick memorable passwords that are more secure than the ones you are probably using right now, but the only practical solution when you need to remember dozens of unique passwords is to use a password manager. These programs (and apps) generate strong passwords, encrypt them all, and hide them behind a single password (which should be memorable, but also as unique as you can make it). Helpfully, they usually integrate into your browser and across your various devices (laptop, phone, tablet etc.), so your passwords are always accessible. Some of the best password managers on the market include LastPass, Keeper, 1Password and others.

Ping

Ping has its roots in the use of the sonar “ping”, used to measure the distance between a ship and its target. Now it most commonly refers to the latency between your machine and the server, i.e. when you send a request or command on the internet, how long does it take for you to get a response? The higher the “ping”, the longer you need to wait until your request is answered.

For example, in gaming a high ping can mean that there’s a big delay between you clicking the mouse, and your character shooting a gun. A VPN with high latency means you’re likely to end up frustrated with how long it takes to get anything done online.

Protocol

Encryption protocols and ciphers make up the core of VPN technology. A “protocol” refers to the way your VPN client communicates with the server when you click the connect button. When picking any VPN provider, make sure that they are using up-to-date protocols, as older ones are vulnerable to attacks from hackers. The two best protocols as of time of writing are OpenVPN and WireGuard, with WireGuard being the most recent.

Pwned

The word “pwned” has its roots in online game, a consequence of the O and P keys being so close together on the keyboard. Owned/Pwned initially meant to utterly dominate or defeat an opponent in a match. In the world of online privacy/security, it’s used to suggest that someone’s account or data has been compromised. For example, “my account was pwned in that data leak.” The website haveibeenpwned.com exists to help people easily find out if their accounts have been compromised before the scammers do.

Router

A router, by this we mean the boxes supplied by your ISP rather than a network router, is the piece of equipment that allows communication between your computer and the internet and is also, usually, the source of Wi-Fi access in your home.

Simultaneous connections

The more simultaneous connections a VPN allows, the more devices you can have connected to it at the same time. So, with 2 simultaneous connections, you could connect both a laptop and a smart phone to a VPN service without needing to disconnect one of them. With 3 you could also connect your tablet, with 4 you could also have your smart TV connected as well, and so on. The number of connections offered varies wildly from provider to provider, with some even offering unlimited simultaneous connections.

VPN (Virtual Private Network)

A privacy and security technology originally developed in order to allow remote and home workers to connect securely to their place of work, it now generally refers to VPN services that allow you to access the internet with a high degree of privacy and security. In such a setup, you subscribe to a VPN service and then connect your device (desktop, laptop, phone, etc) to a server run by the VPN provider using an encrypted connection. This means all your internet traffic is routed through the VPN server before going out into the world, keeping your data secure, and also means that nobody can see exactly where you are. If they attempt to look up your IP address, they’ll find the IP address of the VPN server instead.

VPN client

The software that connects your computer to a VPN service. We refer to such programs on desktop systems as ‘VPN clients’, and on mobile platforms as ‘VPN apps’, but they are the same thing and the terms can be used interchangeably.

VPN Tunnel

VPN Tunnel is the technical name for the encrypted connection between your computer (or smartphone, TV, etc.) and the VPN server.

Wi-Fi hotspot

A public Wi-Fi internet access point of the kind commonly found in cafes, hotels, and airports. Although these are very convenient, Wi-Fi hotspots are a godsend to hackers who can set up fake hotspots that look like the real thing, scan unencrypted internet traffic as it travels between your computer and the hotspot, or hack the Wi-Fi router itself to peek at your online activities. Because it encrypts your internet connection, using a VPN protects your data when using these public hotspots. We therefore strongly recommend against using public Wi-Fi hotspots unless you are also using a VPN.

The Advanced

Cipher

A cipher is a mathematical algorithm used to encrypt data. At the most basic level, it involves substituting letters and numbers to encode data and keep it safe from anyone you don’t want to be able to read it. The more complicated the cipher, the harder it is to break. AES-256 is considered the current “gold standard” cipher for encryption, as it has billions of permutations, making it all but impossible to crack on its own. You can read more about it in our article – How does AES encryption work?

Bitcoin (BTC or XBT)

A decentralized and open-source virtual currency (cryptocurrency) that operates using peer-to-peer technology (much as BitTorrent and Skype do). Like traditional money, Bitcoins can be traded for goods or services, or exchanged with other currencies. Unlike traditional currencies, however, there is no ‘middle man’ (such as a state controlled bank). Some VPN providers accept payment via Bitcoin as it introduces another layer of privacy between them and their customers (the provider will still know your IP addresses, but cannot learn your true name and contact details through the payment processing method). Check out our Bitcoin Guide for tips on how to stay private and secure with Bitcoin.

Bitcoin wallet

A Bitcoin/Crypto wallet is a digital wallet that can hold Bitcoin as well as other cryptocurrencies. Rather than containing actual currency like a real wallet, it holds the encryption keys needed to access and manage cryptocurrency. A bitcoin wallet comes in various flavors, such as desktop, mobile, web and even hardware options.

Connection logs

A term Afdolvpn uses to refer to records that are kept by some ‘no logs’ VPN providers. Exactly what gets logged varies from provider to provider, but typically includes details such as when you connected, how long you were connected for, how often you go online, etc. VPN providers justify the collection of these logs as being necessary for dealing with technical issues or instances of abuse. In general, this level of log keeping is acceptable, but the truly paranoid should know, at least in theory, it could help identify an individual with known internet behavior.

Copyright trolls

These are legal firms who specialize in monetizing the prosecution of piracy through seeking damages, or who aggressively pursue copyrights to try to extort money from companies and individuals. A particularly pernicious tactic commonly employed is “speculative invoicing”, wherein individuals accused of copyright piracy are sent letters demanding a cash settlement in return for avoiding legal prosecution.

Dark Web (also Dark net, Deep web etc.)

A “parallel” internet that includes any website that is not indexed by search engines. How big this Dark web is no-one really knows, although it has been famously estimated as 400 to 550 times larger than the commonly defined World Wide Web. Much of the so-called dark web simply comprises private websites (some of which have taken active measures to avoid being listed by search engines), chat forums, Usenet groups, and other perfectly legitimate web uses. There also exist publicly accessible ‘dark webs’ – secure networks that can be accessed by the public, but which allow users a very high level of anonymity. The best known and most used of these are Tor and I2P.

DD-WRT

A replacement, Open-source firmware for routers that gives you a great deal of control and customization. You can setup DD-WRT so that all connected devices are routed through a VPN, extend your Wi-Fi range, set it up as a repeater, NAS hub, print server, and more. DD-WRT can be “flashed” into your existing router (removing its factory-default firmware), or you can buy routers that come with it pre-installed. If you’d like to know more, check out our Ultimate DD-WRT Guide.

DMCA notice

Although technically this term refers to the Digital Millennium Copyright Act, which only has legal power in the United States, the term ‘DMCA notice’ is often used to refer to any copyright infringement alert sent to an ISP or content provider, regardless of jurisdiction. Content providers such as YouTube are usually pressured into removing any infringing material from their servers upon receiving such a notice, while ISPs are heavily lobbied to identify and impose sanctions on (allegedly) infringing customers, and even to pass on customers’ details for legal action by the copyright holders.

DNS leak

If DNS requests are being handled by your ISP rather than your VPN provider when you’re connected to a VPN, then you are suffering a DNS leak. These occur for a number of reasons, but the most effective way to prevent them is to use a VPN client that features “DNS leak protection”.

Favicons

A favicon is a small square image that represents a website in web browsers. You will see them in both the address bar, the favorites, and bookmarks. Favicons are usually something like a company logo, first name of the company, or another image related to that specific website.

Gag order

A legally binding order that prevents a company or individual from alerting or speaking to others about something. For example, a gag order could be used to prevent a VPN provider from alerting customers that its service has been compromised.

GCHQ (Government Communications Headquarters)

Britain’s version of America’s NSA. and it performs extensive surveillance of UK citizens.

Geo-restrictions (Also Geo-blocking)

Limiting access to online services based on geographic location. For example, only US residents are permitted to access Hulu, and only UK residents can access BBC iPlayer. Geo-restrictions are usually enforced so that copyright holders can make lucrative licensing deals with distributors around the world, at the expense of consumer choice.

Geo-spoofing

Using a VPN, SmartDNS, or proxy to ‘spoof’ your geographic location, making it appear like you are connecting from a different country. This allows you to bypass geo-restrictions and access content denied to you based on your actual location. For example, accessing Netflix to view content that’s not available where you live. See our geo-spoofing guide for more information.

HTTPS (Hyper Text Transfer Protocol Secure)

This is a protocol that uses SSL/TLS encryption to secure websites. It is used by banks, online retailers and more. It is the backbone of all security on the internet. When you visit an HTTPS website, any outside observer can see that you have visited the website, but that’s all. They cannot see, for example, any details you might have entered. You can easily see if a website is using HTTPS by looking for a closed padlock icon in your browser’s address bar, and because the website address (URL) will begin with “https://”.

Malware

Malware is a catch-all term for any number of dangerous, intrusive programs that hackers/scammers attempt to use. Examples of malware include trojans, ransomware, worms, keyloggers and more. You can learn more in our guide to the different types of malware.

Metadata

If data is “the what” – Emails, phonecalls, websites, etc, then metadata is “the when, where and who” that goes along with it. Metadata can provide a vast amount of highly personal information about our movements, who we know, how we know them, and so on. Governments and surveillance organizations are keen to downplay the significance of collecting ‘only’ metadata, but if it is so harmless, why are they so keen on obtaining it?

Non-Fungible Token (NFT)

A non-fungible token (NFT) is a unique digital code that represents some kind of digital item. Most commonly, this representation is with a piece of artwork or even just a

Think of it in terms of owning a one-of-a-kind baseball card or the like – Your particular NFT is the only one like it. NFTs are secured and stored on a public blockchain, and the buying and selling of NFTs is usually through cryptocurrencies such as Ethereum.

OpenVPN

The most commonly used VPN protocol used by commercial VPN providers, OpenVPN is Open-source, and, when backed by a strong encryption cypher (such as AES), is thought to be secure against even the NSA. Where possible we generally always recommend using OpenVPN.

P2P (Peer-to-Peer)

A term often used almost interchangeably with downloading, torrenting, or file sharing, and often associated with copyright piracy, a peer-to-peer network is a distributed and decentralized platform for sharing data (such as files) between users. The most famous application of P2P is the BitTorrent protocol. Because there is no central database, and files are shared among users, P2P networks are very resilient to attack.

PGP (Pretty Good Privacy)

The best way to keep your private email private is to use PGP encryption. However, the concepts involved are complex and often confusing; a problem compounded because setting up PGP encrypted email is unintuitive, and poorly explained in a lot of existing documentation. Secure email providers like StartMail and Posteo are attempting to make email encryption available to anyone regardless of their level of technical understanding.

WireGuard

WireGuard is, in short, the new hotness. It is the most up-to-date VPN protocol used by VPN providers. Compared to OpenVPN, it is easier to set-up, offers faster connections speeds and is even more secure. Some VPN providers, like NordVPN and ExpressVPN, offer their own custom versions of WireGuard as an option.

The technical

In this section, you’ll find some of the more obscure technical terms that you might see referenced across the site.

Adversary

This is a phrase used by IT security professionals. An “

Backdoor

A weakness or a secret cryptographic key deliberately built-in to encryption to allow it to be breached. Governments and law enforcement agencies around the world are pushing for tech companies to introduce these into their cryptography products, arguing that this is necessary in order to combat the use of encryption by terrorists and criminals.

Just about everyone else agrees that backdoors are a terrible idea, because to deliberately weaken encryption makes everyone unsafe, as a backdoor that is accessible to law enforcement will be just as accessible to criminals.

Blockchain

A distributed database or public ledger that cannot be tampered with. Blockchains are most closely associated with cryptocurrencies such as Bitcoin, where they are used to record and verify every transaction made using a whole or a fraction of that currency in order to prevent fraud and other irregularities. Other uses for the blockchain are also being developed, such as for tracking shipping containers or food distribution and provenance. You can learn more in our Blockchain Explained article.

Browser fingerprinting

A technology that uses various attributes of a web browser to create a unique ‘fingerprint’ of visitors to a website. This is then used to identify and track them as they browse the internet. Browser fingerprinting is pernicious because it is very difficult to block (in fact, every add-on used to prevent other forms of tracking only serves to make a browser more unique, and more susceptible to fingerprinting).

Closed-source software

Most software is written and developed by commercial companies. Understandably, these companies are keen to make sure that others can’t steal their hard work or trade secrets, so they hide the code away from prying eyes using encryption and threats of legal action. This is all quite understandable, but when it comes to security, it presents a major problem. If no-one can ‘see’ the details of what a program does, how can we know that it’s not doing something malicious?

The short answer is, we can’t. So we simply have to trust the company involved, which is something us paranoid security types are loath to do (with good reason). The alternative to closed-source is Open-source software.

Data authentication

In order to verify encrypted data and connections (such as VPN), something known as a cryptographic hash function is commonly used. This is an algorithm that takes an arbitrary amount of data input – a credential – and produces a fixed-size output of encrypted text called a hash value, or “hash” which can be used to verify a user’s identity. By default, OpenVPN uses SHA-1 thought this has been considered vulnerable to attack since 2015. Some VPN providers therefore offer more secure data authentication, such as SHA256, SHA512, or even SHA3.

EU Data Retention Directive (DRD)

The EU adopted the extensive and highly controversial mass surveillance legislation, the mandatory Data Retention Directive in March 2006, requiring all ISPs and communications providers to keep data for at least 12 months. Over the next few years most (but not all) EU counties incorporated the DRD into their local legislation. In April 2014, however, the European Court of Justice (ECJ), the highest court in the EU, declared the EU-wide DRD invalid on human rights grounds.

Despite this ruling, most EU counties have yet to abolish local implementation of the law (and the UK has gone so far as to strengthen it).

Encryption key length

The crudest way of determining how long a cypher will take to break is the raw number of ones and zeros used in the cypher. Similarly, the crudest form of attack on a cypher is known as a brute force attack (or exhaustive key search), which involves trying every possible combination until the correct one is found. Ciphers used by VPN providers are invariably between 128-bits to 256-bits in key length (with higher levels used for handshake and data authentication).

ETags

These are a part of HTTP (Hyper Text Transfer Protocol), the protocol for the World Wide Web. Their purpose is to identify a specific resource at a URL, and track any changes made to it. The method by which these resources are compared allows them to be used as a kind of digital fingerprint, as the server gives each browser a unique ETag, and when it connects again, it can look the ETag up in its database. ETags are sometimes used to by websites to identify and track visitors for advertising purposes.

Five Eyes (FVEY)

A surveillance alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. Intelligence is freely shared between security organizations of member countries, a practice that is used to evade legal restrictions on spying on their own citizens. There are other such alliances in place, including Nine Eyes, Fourteen Eyes and others.

Handshake

This is the process used by SSL/TLS to exchange and authenticate certificates, and to establish an encrypted connection. To ensure this process cannot be tampered with, OpenVPN can use either RSA encryption possible (up to RSA-4096).

History stealing

History stealing is a way of exploiting how the Web is designed. It allows a website to discover your past browsing history. The simplest method, which has been known about for a decade, relies on the fact that web links change color when you click on them (traditionally from blue to purple). When you connect to a website, it can query your browser through a series of yes/no questions to which your browser will faithfully respond, allowing the attacker to discover which links have changed color, and therefore to track your browsing history. You can read more about it in our “

I2P (Invisible Internet Project)

A decentralized network built using Java on similar principles to the Tor network, but which was designed from the ground up as a self-contained darkweb. As with Tor, users connect to each other using peer-to-peer encrypted tunnels, but there are some key differences, including the use of a distributed peer-to-peer directory model. The end result is that I2P is faster than Tor, more secure, and more robust. It is however not at all user-friendly, and has a high learning curve.

IP Leak

If for any reason a website or other internet service can see your true IP address or detect your ISP, then you have an IP leak. To determine if you are suffering an IP leak, visit our VPN Leak Testing Tool page.

This is the default system used to define IP address values (see the IP Address entry in the Basics section). Unfortunately, thanks to the unprecedented rise in internet use and connected devices over the last few years, IPv4 addresses are running out, as IPv4 only supports a maximum 32-bit internet address. This translates to 2^32 IP addresses available for assignment, or about 4.29 billion total, and we’ve already used almost all of them.

Internet Protocol Version 4 (IPv4)

This is the default system used to define IP address values. The range of IPv4 addresses runs from 0.0.0.0 to 255.255.255.255, which means there can be a maximum of over 4 billion unique addresses which, back in the day, was thought to be more than enough!

Unfortunately, thanks to the unprecedented rise in internet use and connected devices over the last few years, IPv4 addresses actually ran out back in 2011 and we’ve been re-using them ever since. IPv4 has now been superseded by IPv6.

Internet Protocol Version 6 (IPv6)

While various mitigating strategies have been deployed to extend the shelf-life of IPv4, the real solution comes in the form of a new standard – IPv6. This utilizes 128-bit web addresses, thus expanding the maximum available web addresses to 2^128 (340,282,366,920,938,000,000,000,000,000,000,000,000 or 340 trillion trillion trillion), which should keep us supplied for the foreseeable future.

Unfortunately, adoption of IPv6 has been slow, mainly due to upgrade costs, backward capability concerns, and sheer laziness. Consequently, while all modern Operating Systems support IPv6, many websites do not yet bother.

L2TP/IPsec

A VPN tunneling protocol and encryption suite. Built into most internet enabled platforms, L2TP/IPsec has no major known vulnerabilities, and if properly implemented may still be secure. However, Edward Snowden’s revelations strongly hinted at the standard being compromised by the NSA, and it may have been deliberately weakened during its design phase. Check out our Ultimate Guide to VPN Encryption for more information on L2TP/IPsec.

The National Security Agency (NSA)

The American organization responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes. The NSA collects vast amounts of information on US citizens, and the staggering power and scope of both its domestic and foreign intelligence gathering are on a scale that few imagined possible.

The term ‘the NSA’ is sometimes used as a general catch-all phrase to refer to any hugely powerful government funded global agency.

Obfuscation/obfuscated

An “

Open-source software

An open access software development model where the software code is made freely available for any developer to improve, use, or distribute as they wish. This is particularly important for security and privacy related programs, as it means that ‘anyone’ can look at the code and make sure that it does not contain engineered weaknesses or backdoors, is not sneakily sending users’ details to the NSA, or doing something else malicious.

There are few people with the expertise, time, and inclination to audit often very complex code (usually for free), so the vast majority of Open-source code remains un-audited. Nevertheless, that the code can be examined offers the best guarantee that it is ‘clean’ we have.

Point-to-Point Tunneling Protocol (PPTP)

An old VPN protocol, available as standard on just about every VPN capable platform and device, and thus easy to set up without the need to install additional software, PPTP remains a popular choice both for businesses and VPN providers. It is, however, widely known to be very insecure, and can be easily cracked by organizations such as the NSA. Perhaps even more worrying is that the NSA has (or is in the process of) almost certainly decrypting the vast amounts of older data it has stored, which was encrypted back when even security experts considered PPTP to be secure.

PPTP will probably protect you against a casual hacker, but should only be used when no other option is available, and even then not for protecting sensitive data.

Proxies

A proxy server is a computer that acts as an intermediary between your computer and the internet. Any traffic routed through a proxy server will appear to come from its IP address, not yours. Unlike VPN servers, proxy servers do not usually need to devote resources to encrypting all traffic that passes through them, and therefore can accept simultaneous connections from a great many more users (typically tens of thousands).

A recent survey found that most public proxies are very unsafe, so if you must use a public proxy, then only use one that permit HTTPS, and try to stick to visiting only HTTPS secured websites.

RSA encryption

In order to set up a secure VPN connection, SSL (and therefore OpenVPN and SSTP) typically uses the RSA asymmetric public-key cryptosystem (asymmetric because a public key is used to encrypt the data, but a different private key is used to decrypt it.) RSA acts as an encryption and digital signature algorithm used to identify SSL/TLS certificates, and has been the basis for security on the internet for the last 20 years or so. As we know that RSA-1048 has been cracked by the NSA, for VPN we recommend using the strongest RSA key length possible (RSA-4096 is very good).

Safe Harbor Framework/Privacy Shield

The Privacy Shield.

The European Court of Justice ruled in July 2020 ruled that Privacy Shield was not a suitable mechanism for the lawful transfer of EU personal data to the US. As of February 2022, there has been no replacement put in place for Privacy Shield, though negotiations are ongoing between the EU and US.

Shared IP addresses (Shared IPs)

Shared IPs (as opposed to static IP addresses); a common strategy used by VPN providers to increase customer’s privacy is to assign many customers the same IP address (which they’ll share). This makes it very difficult (but not necessarily impossible with enough effort) for both outside observers and the VPN provider to determine which user of a given IP is responsible for any specific action.

SmartDNS

This refers to services that allow you to evade geo-blocking restrictions by connecting to DNS servers in different counties. When a device is configured to connect to these, it appears to be located in that country. How many countries are supported depends on the service, but almost all have servers in the United States and the UK thanks to the popularity of their online TV services (such as Hulu and BBC iPlayer).

Because no encryption or other fancy stuff is involved, SmartDNS is much faster than VPN (so fewer buffering issues), but it provides none of the privacy and security benefits of VPN. If your only concern is to access geo-restricted media content from abroad, then SmartDNS may be a better option than VPN. If you are interested in finding out more, check out our list of the best VPN providers who also offer SmartDNS.

Software audit

This is when experts carefully examine a program’s code to determine if it is free of backdoors, deliberately engineered weaknesses, or other similar security concerns. Open-source software is open for independent audit at any time, although in practice there are few people with the expertise, time, and inclination do actually do it. Some companies (such as ProtonMail) have released products that are closed source, but which have been professionally audited by independent and respected experts.

This introduces the tricky question of which can be trusted more – code that is closed but has been independently audited, or code that is open as is therefore available for anyone to audit, but hasn’t been…

Secure Socket Layer and Transport Layer Security (SSL/TLS)

TLS is the successor to SSL, but the terms are often used interchangeably. It is the cryptographic protocol used to secure HTTPS websites (https://). OpenVPN uses an Open-source implementation of it, called OpenSSL. SSL encryption is considered fairly secure, but concern is growing over the certificate system used to authenticate connections.

SSL/TLS certificates

Certificates used by SSL/TLS to verify that the website you connect to is the website you think you are connecting to. If a browser is presented with a valid certificate, then it will assume a website is genuine and set up a secure connection. It will then display a locked padlock in its URL bar to alert users that it considers the website secure. SSL certs are issued by a Certificate Authority (CA).

Supercookies

A catch-all term used to refer to bits code left on your computer that perform a similar function to cookies, but which are much more difficult to find and get rid of than regular cookies. The most common type of super-cookie is the Flash cookie (also known as an LSO or Local Shared Object), although ETags and Web Storage also fall under the moniker. In 2009, a survey showed that more than half of all websites used Flash cookies.

The reason that you may never have heard of super-cookies, and the reason they are so hard to find and get rid of, is that their deployment is deliberately sneaky and designed to evade detection and deletion. This means that most people who think they have cleared their computers of cookies might still have these hiding in the corners.

Lots of people want to sell you stuff, and one way that has proven very successful at doing this is to display ads to tailored to individual internet users that speak to their own personal interests, tastes, hobbies, and needs. In order to deliver this kind of personalized advertising, the advertisers need to learn as much about you as they can. This is why companies Google and Facebook scan all your emails, messages, posts, likes, and searches made.

This allows them to build up a scarily accurate picture of you (including your political views, sexual preferences, and of course, the things you like to buy!). They and a host of smaller advertising and analytics companies also use a variety of deeply underhand technologies to uniquely identify you and track you across websites as you surf the internet.

Threat model

When considering how to protect your privacy and stay secure on the internet, it is useful to consider exactly who or what you are most worried about. Not only is defending yourself against everything difficult to the point of being impossible, but any attempt to do so will probably seriously degrade the usability (and your enjoyment) of the internet.

Accepting that being busted for downloading an illicit copy of Game of Thrones is likely a bigger threat than being targeted by a crack NSA team for personalized surveillance will not only leave you less stressed, but likely also with more effective defenses against the threats that matter to you.

Tor (The Onion Router)

An anonymity network that provides free software designed to allow you to access the internet anonymously. Unlike VPN, where the VPN providers know your real IP address and can see your internet traffic at the exit point (the VPN server), with Tor your signal is routed through a number of nodes, each of which is only aware of the IP addresses in front of the node and behind it.

This means that at no point can anyone know the whole path between your computer and the website you are trying to connect with. Tor, therefore, allows for true anonymity while surfing the web, but does come with a number of important downsides.

Tor hidden services

One of the biggest dangers of using the Tor anonymity network is Tor exit nodes – the last node in the chain of nodes that your data travels through, and which exits onto the web. Tor exit nodes can be run by any volunteer, and who can potentially monitor your internet activities. This is not as bad as it sounds, as thanks to the random path your data takes between nodes, the exit node cannot know who you are.

However, a global adversary with unlimited resources (such as the NSA) could, in theory, take control of enough nodes to endanger the anonymity of Tor users. In order to counter this threat, Tor allows users to create “

Two-Factor Authentication (2FA)

Something you know + something you have. One factor authentication requires a single step to verify your identity, such as knowing your username and password (something you know). Two-Factor Authentication provides an additional layer of protection against hackers by also requiring you to have something. For online services, this is typically something in the shape of a text sent to your phone, or an email with a code. It can also be a third-party service like Google Authenticator or a USB key.

URL (Uniform Resource Locator)

The alphanumeric address of websites that humans use (e.g. afdolvpn.com). All browsers have a URL address bar at the top, where if you enter the URL, you will be taken to the named website. Computers do not understand the URL, so this is where DNS comes in. DNS converts that URL into the numeric IP address that computers understand.

Usage Logs

Our term for the collection and storage of details about what users actually get up to on the internet – as opposed to the collection of metadata (connection logs). Many VPN providers who claim to keep no logs are, in fact, only referring to keeping no usage logs, and do keep various (often extensive) connection logs.

Virtual Private Server (VPS)

A Virtual Private Server is where you rent a space on a physical (bare metal) server run by a VPS company. This provides a closed environment that acts as if it was a complete physical remote server. You can install any operating system on a VPS (as long as the provider allows it), and basically treat the VPS as your own personal remote server. Renting a VPS tends to be a cheaper option than actually purchasing or renting your own server in a data center, as each server can have multiple customers using it at the same time.

Warrant canary

A method used to alert people that a gag order has been served on a provider. This typically takes the form of a regularly updated statement that no gag order has been served. If the statement does not receive its regular update, then the

However, this notion has not been legally tested in most counties, and it is entirely possible that courts would find the use of a warrant canary in contempt of the gag order and the need to keep warrant canaries up-to-date is routinely ignored, making their existence completely pointless!

Web storage (also known as DOM storage)

Web storage is a feature of HTML5 (the much-vaunted replacement to Flash), which allows websites to store information on your browser in a way similar to cookies, but which is more persistent, has a greater storage capacity, and which cannot normally be monitored, read, or selectively removed from your web browser. Unlike regular HTTP cookies, which contain 4 kB of data, web storage allows 5 MB per origin in Chrome, Firefox, and Opera, and 10 MB in Internet Explorer. Websites have a much greater level of control over web storage and, unlike cookies, web storage does not automatically expire after a certain length of time and is set to permanent by default.

WebRTC leak

A WebRTC leak is like a DNS or IPv6 leak in that it reveals your real IP address, even when you are connected to a VPN. A WebRTC leak can happen when you’re trying to establish video or audio communication through a browser that uses WebRTC technology. Google Hangouts uses WebRTC, as does the popular messaging platform Discord. WebRTC was developed by Google and is built into many modern browsers, including Edge, Firefox, Chrome, Safari and Opera.