VPN Glossary: VPN Terms Explained
Demystify VPN jargon with definitions to these common terms like split tunneling and kill switches.
A virtual private network, or VPN, boosts your privacy by masking your IP address and making it look like you're connecting to the internet from a different geographical area. For instance, you can use a VPN to trick websites and apps into thinking you're in a different city, state or country.
VPNs are excellent for general privacy, streaming service geo-unblocking, gaming, bypassing censorship or throttling restrictions, and even work. Whether you're selecting a VPN for the first time, switching to a different VPN provider or simply trying to decipher the settings menu of a recently installed virtual private network, there's a lot of jargon to untangle. Here are the most common VPN terms to help you better understand the space.
- DNS leak
- Double VPN
- Encryption
- Five Eyes, Nine Eyes, 14 Eyes
- Gateway
- Geoblocking, geo-unblocking
- IP address
- Jurisdiction
- Kill switch
- Lag
- Logs
- Mobile VPN
- Obfuscation
- Perfect forward secrecy
- Protocol
- Proxy
- Server count
- Split tunneling
- Tor
- Tunnel
DNS Leak
The domain name system transcribes IP domain names, like CNET.com, into IP addresses -- for instance, 111.111.111.111. When you visit a website, your computer, tablet or phone sends a request to a DNS server for that site's IP address. Without a VPN enabled, your device typically uses your internet service provider's DNS server, meaning your ISP has a record or log of your internet activities. With a VPN, your virtual private network provider encrypts your internet traffic, keeping DNS requests private from your ISP. A DNS leak occurs when domain name system requests are sent to your ISP's DNS servers, meaning the encryption is not working properly.
Double VPN
By default, most VPNs use a single VPN server to encrypt your connection. But with a double VPN -- also known as multi-hop or double-hop -- your traffic is encrypted twice. The added layer of encryption makes it even harder to trace internet traffic back to its source, which is your device. Using multi-hop, your web traffic is encrypted, goes through a VPN server, gets encrypted again, travels through another VPN server then is decrypted and finally reaches its destination securely. Folks with critical privacy needs, like investigative journalists or political activists, may benefit from the beefed-up privacy of a double-hop connection.
Encryption
Encryption hides data in code, making that data appear random until it's deciphered. VPNs encrypt your internet traffic using AES-256 -- or "military-grade encryption" -- with the OpenVPN or IKEv2/IPSec protocols, or ChaCha20 with WireGuard.
Five Eyes, Nine Eyes, 14 Eyes
The Five Eyes is an international data-sharing alliance consisting of the US, Canada, UK, Australia and New Zealand. These countries participate individually and collectively in mass surveillance and intelligence-gathering. Countries within this alliance pass information back and forth in the name of global or national security. So folks with serious privacy concerns may seek a VPN provider with jurisdiction headquartered outside of the Five Eyes. Similarly, "Nine Eyes" adds France, Denmark, the Netherlands and Norway to the group, and 14 Eyes expands the list to Belgium, Germany, Italy, Sweden and Spain.
Gateway
A gateway, or node, connects two different internet networks together. Like a gate you'd pass through into a yard, an internet gateway serves as an entry and exit for web traffic. Your Wi-Fi router is an example of a gateway, because it bridges your home network to the internet.
Geoblocking, geo-unblocking
Access to some content is restricted based on geographic location, a practice called geoblocking. Region-specific licensing agreements mandate where certain content is hosted in different countries -- for example, Star Trek the Next Generation is available on Paramount Plus in the US, but Netflix in the UK. Circumventing region restrictions is known as geo-unblocking. Using a VPN, you can route your internet traffic through a server in another country from where you're physically located, like being in the US but hopping on a UK server, to unblock UK Netflix or Disney Plus libraries.
IP Address
An IP address is a unique set of numbers used to identify every internet-connected device. Like a home address, an IP address includes potentially identifying information, such as your general geographical location and your ISP. When you tunnel through a VPN, apps you use and websites you visit don't see your actual IP address, but instead that of your VPN provider.
Jurisdiction
The country where the VPN provider is headquartered is known as its jurisdiction. VPN companies must abide by the laws of the country they're based in when served with legal action requests. Some VPN providers, like Proton, NordVPN and ExpressVPN, have privacy-friendly jurisdiction because they're based in countries outside of the Five, Nine and 14 Eyes intelligence-sharing alliances.
Kill switch
A kill switch shuts off your internet connection in the event of an unexpected VPN disconnection to prevent your actual IP address from being exposed.
Lag
Lag, or latency, is the delay between your actions -- like pressing a button on your controller while gaming or tapping a key on a keyboard -- and a server's reaction. All VPNs slow down your internet speeds because your traffic gets encrypted and decrypted in the process of reaching its destination. But a VPN could reduce your lag while gaming if you use a VPN server geographically close to a game server -- like tunneling through a New Zealand VPN server while on a game server in the land Down Under while you're physically located in the US.
Logs
A VPN log refers to data that a VPN provider collects. Usually connection logs -- which include anonymous information about VPN apps and session lengths -- might be kept briefly. Usage logs, which feature personally identifiable data like IP addresses and internet histories, should never be saved. In fact, I don't recommend any VPN without a strict no-logs policy. While zero-logging practices are tough to fully verify, audits help back up these claims.
Mobile VPN
A mobile VPN is capable of switching between different networks, like a cellular network and Wi-Fi, seamlessly without interrupting the encrypted tunnel.
Obfuscation
Obfuscation hides the fact that you're using a VPN, so apps and websites don't view your traffic as originating from a VPN server. This is useful in scenarios like on school Wi-Fi where VPNs don't play nicely with the wireless network.
Perfect Forward Secrecy
When a VPN uses perfect forward secrecy, or PFS, it uses a new unique encryption key with each new session (an instance of connecting to a VPN server). By switching up the encryption and decryption keys, PFS mitigates situations where an encryption key may become compromised.
Protocol
VPN protocols determine how a device communicates to the VPN server. The most common modern VPN protocols are WireGuard, OpenVPN and IKEv2/IPSec. WireGuard boasts the fastest possible speeds, but it's not ideal for obfuscation or hiding the fact that you're using a VPN. OpenVPN is extremely secure, great for obfuscation but slower than WireGuard. IKEv2/IPSec is fast and engineered for seamless switching between different networks, like hopping from Wi-Fi to cellular or vice versa. VPN protocols consist of a network protocol -- either UDP or TCP -- paired with a type of encryption, either AES-256 (OpenVPN and IPSec/IKEv2) or ChaCha20 (WireGuard).
Proxy
Similar to a VPN, a proxy is a privacy tool that sits in between your IP address and websites or apps you're accessing, so both VPNs and proxies mask your IP address. Most often, a proxy service isn't encrypted whereas a VPN connection is.
Server count
A VPN provider's server count is the number of servers it maintains and operates. You'll usually see this reported as the number of total servers and individual countries. For instance, NordVPN has over 6,300 servers peppering 111 countries. A high overall server count is beneficial because you've got a lot of choices, so if you're on a server in a particular country that's bogged down by other users, you can easily switch to another within that country. By the same merit, several thousand servers spread across a small number of countries may not be as helpful for frequent international travelers. It's important to consider the overall number of servers as well as the individual country count when picking out a VPN.
Split tunneling
With split tunneling, you can use your VPN for some traffic while excluding it for others. For instance, you can route your Netflix app through a VPN tunnel to unblock foreign content libraries to stream movies or TV shows otherwise unavailable in your area, while excluding your Blizzard games client so you get the fastest possible download speeds when installing Diablo IV.
Tor
Tor stands for The Onion Router and is a server network designed for privacy and pseudo-anonymity. (Nothing is ever truly anonymous.) The Tor network bounces your data off three or more servers, or nodes. By comparison, a standard VPN connection uses a single server. The Onion Router network may offer slightly stronger pseudo-anonymity than a VPN because of its multi-layered node approach, which makes tracing the path of information back to its source -- your machine -- extremely difficult. However, Tor slows down your internet connection noticeably more than most VPNs. You can use Tor and a VPN at the same time; some VPN providers, like NordVPN and Proton VPN, even feature Tor-over-VPN servers.
Tunnel
A VPN tunnel refers to the encrypted connection established between your device -- like a computer or phone -- and a VPN server.