VPN is a sophisticated technology. But it doesn’t have to be. Most users don’t care about what goes in the technology that enables the experience; they just want to live the experience. But if you are curious about what the terms mean in the technical jargon, then this blog is for you.
There are too many terms to begin with, so the idea is not to overwhelm you with detailed information. I will try to keep things as simple as possible while also giving you some technical briefs.
Virtual Private Network is a network established between a user and a remote server. The VPN server acts as a proxy for the user’s internet requests; it allows you to mask your virtual details such as the IP address and your geographic location. Hiding those two details allows you to bypass restrictions and censorship that may have been imposed by the Internet Service Provider (ISP).
A VPN can also be created for multiple users to communicate with each other through the central remote server.
An IP address is your digital ID on the internet. With so many computers connected to the internet, each of them has to have a unique identifier to make reliable communication possible. Every device connected to the internet or a local network will use an IP address to communicate.
Internet Protocol version 4 is a standard that defines an IP address range for networks. IPv4 is a 32-bit protocol, which means it can handle roughly (2^32) 4 billion unique IP addresses. It is the dominant protocol used today for public web addresses.
IPv6 is the successor to IPv6. It was introduced to handle the growing number of devices on the internet. As a 128-bit protocol, It increases the capacity of IP addresses from 4 billion to roughly 340 undecillion addresses.
The internet is a collection of computers on a global scale. Where an intranet is a network based on a much smaller scale, the internet hosts billions of computers. Multiple routers and gateways via Internet Service Providers connect the computers for communication. Servers on the internet act as computers that fulfill some purpose, such as hosting websites that users can access.
A web address is simply the address of a destination, also called a URL (Universal Resource Locator), or domain name when the identity of the website is concerned. Underneath a web address lies an IP address. We refer to web addresses in names and not the IP address because it’s easier to remember names. The name acts as a mask on the IP address.
Domain Name Service (DNS) is a phonebook of the internet. All the domain names, such as this website, have an IP address attached to it. A DNS server looks up the correct address and delivers the webpage to you when you request it.
Network Address Translation handles the conversion of local IP address to a public IP address for connecting to the internet. It is an assistant that keeps a record of every request and the device on the local network that requested it and delivers it reliably back to the device. Without NAT, we would have run out of IPv4 addresses much faster.
VPN protocols are standards for communication. They provide set rules for devices to authenticate each other and reliably share data. There are multiple protocols used in VPNs today. One protocol may be faster than the other, and one may reach provide a stronger level of security over the other. You can learn about VPN protocols in-depth in our blog here.
Encryption is the holy grail of a VPN. It involves a cipher that uses complex algorithms to scramble data into an unreadable format. A special key is used to decrypt the encrypted data. It makes sharing data over the internet secure.
AES stands for Advanced Encryption Standard. It is one of the many ciphers available to help encrypt data. It’s a symmetric cipher, which means the key that is derived using complex math at the time of encryption is also used to decrypt the data.
The strength of the encryption lies in the key’s length; 128-bit and 256-bit. It would take the world’s fastest supercomputer roughly 1 billion-billion years to run every combination and crack it an AES 128-bit encryption. You can imagine now how much an AES 256-bit encryption would take.
Symmetric encryption defines the process of encrypting using a shared key. Both parties use the same key for encryption and decryption.
Unlike symmetric encryption, it uses a shared key (public key) and a private key. User A encrypts data with a public key and its private key and sends it to User B. The other user decrypts the data using a public key and its private key.
It’s a feature that terminates the internet connectivity if the connection to the VPN server is lost. Kill Switch prevents your real IP address from leaking out.
Tunneling is the concept of establishing a secure link between two endpoints. The virtual ‘tunnel’ moves data within it, preventing any third-party from seeing the data.
Spoofing is the term used to describe when you hide your digital identity, such as by using a VPN. Your IP address reveals your geographic location. So by using a VPN, you spoof your actual IP address with another IP address.
It refers to a form of restriction where content on the web will be inaccessible outside of its intended region. For example, many movies and TV shows on Netflix are only available to audiences in the United States.
Censorship is different from geo-restriction. It occurs at the ISP’s level, possibly at the request of the government. It blocks users from accessing content that has been banned by the ISP or the government, like how China blocks access to Facebook.
The Digital Millennium Copyright Act (DMCA) is a law that protects online content from copyright infringement. DMCA Protection & Takedown Services is an authority that actively works to bring down content that has been produced unlawfully.
Data Retention is the practice of recording activities of users on the internet. Such as what websites they visit, what time they visit, and from where they visit. ISPs follow this practice on the orders of the government.
In the context of internet service, logs are records about your internet activities, such as the websites you visit. It delivers a compiled history of your time and location to the service provider.
Jurisdiction is the legal power given to an authority by the law. It confines the authority to act within the space of its boundaries. For example, state laws have jurisdiction over their respective state.
Operating outside of the jurisdiction of laws that compel service providers to log user data allows VPN services to offer a “no-logs” policy.
Deep Packet Inspection
It is a form of packet inspection technique that allows service providers or network managers to see the contents of the data packets. It can protect users by detecting malware, but can also be used for censorship by the government.
Five Eyes is an alliance of five countries of the world: the United States, the United Kingdom, Canada, Australia, and New Zealand. The alliance works to share signals intelligence. Learn more about the Five Eyes in our blog.
Man-in-the-Middle acts as an intruder that eavesdrops on a connection between a user and a server. It can steal data that you transmit, such as personal information. Such an attack is easy to carry out on public Wi-Fi networks due to weak security.
Malware is an umbrella term for all malicious codes that do only harm. Virus, ransomware, rootkit, worm, spyware, are all types of malware. We’ve got a blog for you that will help you understand the various malware that exists today.
HyperText Transfer Protocol Secure is a protocol and the secure version of HTTP for web communication. It provides encryption to secure sessions between a user and a website. HTTPS is used by nearly every other website today.
Secure Sockets Layer is an encryption protocol used to establish a secure link between a user and a web server. It authenticates both parties through a handshake before sending over the data.
HTTPS relies on SSL encryption.
CA stands for Certificate Authority. It verifies and grants websites a digital certificate to let users know that it’s a legitimate website. The SSL handshake verifies the authenticity by looking at the digital certificate to verify the website is real and not a domain set up to trick you.
This feature lets you decide what apps will run through the VPN server and what apps will run without it. Split Tunneling is useful when you want to access your private networks while using some apps through the internet and VPN.
Latency is the time that it takes for data to travel to its destination. Distance to the destination plays a major role in determining latency. A lower latency gives the best performance, which is why it is always recommended to connect to the nearest VPN server.
Web Realtime Communications enables web browsers to handle video and audio without any plugins. Firefox, for example, is a WebRTC compatible browser that does not require a plugin such as Flash player for video and audio playback.
Peer-to-Peer is a type of network with no central server. It is a decentralized network that treats every node (user) on the network as equal. Users can share files without relying on a server to process that request.
DNS leak occurs when a VPN fails to hide your DNS queries. By exposing your DNS queries, the ISP and the DNS server that handles them can see what websites you visit.
Run a DNS leak test at least once when connected to a VPN service.
WebRTC allows devices to communicate with websites for video and audio playback. It works by revealing your IP address to the website. A flaw in the WebRTC technology itself can expose your real IP address to a website when you are connected to a VPN. Some VPNs feature WebRTC leak protection through their browser extension.
A proxy server acts as an intermediary between the client and the server. It masks the client’s IP address and delivers internet requests to the destination. It is like a VPN but without encryption and several other features that make VPN a much more secure option.
Deep Web is the part of the internet that is not indexed by search engines. Google crawls links on the internet for indexing. But some content on the internet has no links that search engines can pick up.
The Dark Web is synonymous with bad elements of the internet. It refers to the part of the deep web where illegal activities take place. Because the deep web allows users to be anonymous, the dark web has fostered criminal activities for years. Deep Web is safe to use, but visiting Dark Web websites has serious moral implications.
The Dark Web is just a concept to help users differentiate websites of the Deep Web that are dangerous.
The Onion Router is a special website that allows you to access the dark web. More specifically, it allows you to open onion websites that cannot be accessed through regular web browsers.
An onion website is part of an anonymous and decentralized network that can only be accessed if you know the address. It takes a special browser like Tor to view the webpage. The websites carrying the .onion suffix are not indexed or available in the DNS databases.
Onion Over VPN
Onion Over VPN provides a layer of security by passing the encrypted internet traffic through the VPN server then through the Tor’s nodes. The benefit is that the first node in the Tor’s network cannot see your IP address.
A dedicated IP is also known as a static IP. This public IP address is always assigned to you when you connect to the VPN server, unlike Dynamic IP, which randomly assigns the IP.
That’s pretty much all there is to get you going with terms associated with VPN. I’ll update the list to add more if more terms pop up, or some that I may have forgotten. Check out other blogs linked in this blog if you want to read in-depth about the terms.