X

All the VPN terms you need to know

This VPN glossary gives you useful terms and what they mean for your privacy.

Rae Hodge Former senior editor
Rae Hodge was a senior editor at CNET. She led CNET's coverage of privacy and cybersecurity tools from July 2019 to January 2023. As a data-driven investigative journalist on the software and services team, she reviewed VPNs, password managers, antivirus software, anti-surveillance methods and ethics in tech. Prior to joining CNET in 2019, Rae spent nearly a decade covering politics and protests for the AP, NPR, the BBC and other local and international outlets.
Rae Hodge
5 min read
gettyimages-767987767
Getty Images/Florian Haas/EyeEm

A virtual private network is a way of connecting to the internet in a more secure or private way, by sending your data through an encrypted tunnel and hiding your true IP address -- making it harder for someone to track your online activity. 

In a business environment, VPNs are often used by employees who are working remotely and need to access their company's intranet securely. Beyond that, most VPNs are used for one or more of the following purposes: to bypass internet censorship in countries without free speech; to bypass geography-based restrictions on streaming services like Netflix; to secure privacy while using peer-to-peer networks for torrenting; to hide internet activity from local network moderators such as those on a college campus; or to securely transmit user login credentials on public Wi-Fi when using outdated apps or operating systems.

When deciding on a new VPN service, the following terms can help you navigate the field and understand what a provider offers. 

Read more: Understanding VPNs and how to choose one

Encryption

Using an algorithm to securely encode data so that it appears like random, digitally illegible information. Once your encrypted data reaches its destination, a cipher is used to decrypt it. There are multiple types of encryption used by VPNs, which vary in strength. AES-256 (often called "military-grade encryption") is the industry standard. If a website address begins with HTTPS (rather than HTTP), it's using AES. 

Five Eyes

The name of mass surveillance and intelligence-sharing agreements between nations. Five Eyes members include the US, UK, Australia, New Zealand and Canada. Other international surveillance cooperatives expand on this membership, including Nine Eyes and 14 Eyes, whose existence was revealed in documents leaked by Edward Snowden in 2013. If a VPN provider is headquartered in one of the countries involved in one of these surveillance groups, it generally follows the data-sharing practices of that group, so it's usually recommended to select a VPN headquartered outside of these nations. 

Geoblocking

The process of blocking access to online content, or restricting that content to certain locations. One measurement of a VPN's strength is its ability to circumvent the geoblocking practices of streaming services like Netflix and Hulu so you can access the content you've paid for, no matter what country you travel to.

Read moreVPNs may be your best weapon against internet throttling

IP Count

The number of IP addresses used by a VPN provider. VPNs that have a larger supply of IP addresses can offer higher speeds to individual users. Those with a smaller number of IP addresses may offer slower speeds to users because of that, but it may also indicate a greater percentage of users on the network are sharing an IP address. Sharing an IP address with another user makes it more difficult for others to distinguish your personal internet activity from that of the user you're sharing with. 

Jurisdiction

The country in which a VPN provider is headquartered, and to whose laws it must adhere. For example, VPNs with a jurisdiction outside of a Five Eyes or 14 Eyes country (see above) are not beholden to the data retention policies of those countries, and are generally considered better for privacy

Kill switch

A must-have feature offered by most VPNs that kills your internet connection if your VPN connection is dropped for any reason, in order to prevent your data from suddenly becoming visible to others. 

Leak

When a VPN service fails in some way, and exposes what could be personally identifying information or unencrypted user data to either a website, network members or an internet service provider. During its review process, CNET tests VPNs for the following types of leaks: IPv4, IPv6, DNS and WebRTC

Logs

There are two kinds of logs a VPN provider might keep -- connection logs and usage logs. Connection logs are generally kept for a short amount of time by a VPN provider to assess the wider maintenance needs of its server network. Connection logs include information that is depersonalized and extremely unlikely to identify a user, such as general server-connection type, the length of a connection time and whether a VPN's desktop or mobile app was used to create a connection. Usage logs, on the other hand, should never be kept. Usage logs include personally identifying information like your IP address and a record of the websites you visit. If a VPN is caught keeping usage logs, we avoid recommending their services. 

Obfuscation

The act of making internet traffic passed through a VPN look like regular, non-VPN internet traffic. This is important in countries where VPN use is outlawed, but it is also key to accessing some streaming services and websites that bar VPN use. 

Perfect Forward Secrecy 

A widely hailed encryption function that uses one of two established key exchanges to create an additional level of security. A good VPN uses Perfect Forward Secrecy to ensure that any stolen encryption keys can't be used to decrypt past or future internet sessions.

Proxy (or proxy service)

Often used to get around content geoblocking, a proxy service can hide your real IP address by getting in between your IP address and the website you're trying to access and making you appear as though your IP address is one of its own. Proxies are usually not encrypted. They're considered lightweight, temporary workarounds that offer little actual privacy. Many services which advertise themselves as VPNs are actually proxy services. 

Server count

The number of servers maintained in a VPN's network. A larger number of servers in a larger number of locations is often a strong indicator of increased speeds. 

Split-tunneling

Creating two kinds of VPN tunnels at once, sometimes using different methods. Often, one VPN tunnel will be used to protect the internet activity you create in your browser, while another will be used to protect the internet activity created by internet-connected apps on your phone or computer. Some VPNs offer this feature, some do not. Split-tunneling is unnecessary for most people's needs but can be exceptionally handy for those with heightened privacy concerns about potential leaks.  

Tor

An abbreviation for The Onion Router, or The Tor Network. Tor is designed to allow completely anonymous communication on the internet by encrypting your data and bouncing it off of several volunteer-run receiving points called "nodes." Tor was originally designed by the US Navy and is the subject of heated debate among privacy aficionados. Tor is not a VPN, but some VPNs are now offering Tor-compatible services.