VPN terminology guide: clear security terms explained

How to use this glossary

You don’t need to read it like a book. Select the situation matching your question, then use the cards to understand what matters and what you can safely ignore.

You are reading a VPN review

Start with no-log policy, audit, jurisdiction, kill switch, DNS leak, split tunnelling, and refund policy.

You are setting up an app

Check protocol, WireGuard, OpenVPN, split tunnelling, auto-connect, DNS, and kill switch before altering defaults.

You saw a security warning

Check for phishing, malware, HTTPS, MFA, passkeys, password managers, and data breaches before clicking links.

Everyday privacy basics

These are the terms most users encounter first: IP addresses, DNS, trackers, and the distinction between privacy and anonymity.

Core

VPN

A VPN is an encrypted link between your device and a VPN server. Websites see the VPN server’s address, not your home or mobile IP.

Why this matters It protects on public Wi-Fi and conceals visited sites from local networks or ISPs.

What to check Check if the VPN includes a kill switch, quality apps for your devices, and transparent privacy policies.

Identity signal

IP address

An IP address is the public internet address websites detect when your device connects.

Why this matters It can disclose your approximate location and ISP but doesn’t confirm who is using the device.

What to check A VPN alters your visible public IP, but logging into personal accounts can still reveal your identity.

Network

ISP

Your ISP is the company providing your internet access at home or on mobile.

Why this matters Without a VPN, your ISP can often see the domains you visit, even if page content is encrypted.

What to check Use HTTPS and a trusted VPN if you want to prevent your ISP or local network from seeing browsing destinations.

Lookup

DNS

DNS is the internet’s phone book, converting names like example.com into server addresses your device can access.

Why this matters DNS lookups can disclose which sites you visit, even before pages load.

What to check Ensure the VPN uses private DNS within the tunnel and doesn’t revert to your router or ISP DNS.

Browser

Cookies

Cookies are small files saved by websites in your browser to remember logins, carts, preferences, or tracking IDs.

Why this matters A VPN does not delete cookies; websites can still identify your browser after connecting to a VPN.

What to check Clear cookies or use a separate browser profile for a fresh session.

Tracking

Browser fingerprinting

Fingerprinting identifies a browser by combining device, screen, fonts, graphics, language, and behaviour signals.

Why this matters It can track you even if cookies are blocked, as the browser itself remains identifiable.

What to check Use a standard privacy browser setup and avoid installing numerous unusual extensions.

VPN features and app settings

These terms determine if a VPN quietly protects you or leaks when connections change.

Must check

Kill switch

A kill switch halts internet traffic if the VPN connection is lost.

Why this matters It stops your real IP from showing during brief disconnections.

What to check Enable it before using public Wi-Fi, torrents, or sensitive accounts.

Leak risk

DNS leak

A DNS leak occurs when website queries bypass the VPN tunnel.

Why this matters Your ISP or local network may see which domains you visit even if the VPN appears connected.

What to check Run a DNS leak test after connecting and ensure only VPN-controlled DNS servers are shown.

Browser

WebRTC leak

A WebRTC leak can reveal local or public network addresses via browser calling functions.

Why this matters Some browsers and websites can use WebRTC in ways that bypass expected VPN protections.

What to check Use a browser leak test and disable or restrict WebRTC if your threat model requires it.

Control

Split tunnelling

Split tunnelling allows only selected apps or websites to use the VPN while other traffic remains direct.

Why this matters It’s convenient for banking, printers, games, or local services but may leave sensitive apps unprotected.

What to check Use it only when you know precisely which apps should bypass the VPN.

Habit

Auto-connect

Auto-connect activates the VPN automatically on unfamiliar or untrusted networks.

Why this matters It lessens the risk of forgetting protection when connecting to hotel, airport, or café Wi-Fi.

What to check Set trusted networks carefully to ensure public Wi-Fi is never left unprotected by mistake.

Home

Router VPN

A router VPN safeguards devices via the router, avoiding the need to install a VPN app on each device.

Why this matters It supports smart TVs, consoles, and simple devices, though all traffic may share the same VPN path.

What to check Check router compatibility, speed restrictions, and if you can exclude devices that should remain local.

Provider trust and account terms

These words help you assess if a provider offers genuine privacy or just marketing talk.

Trust

No-log policy

A no-log policy means the VPN does not retain browsing history, traffic data, or meaningful activity logs.

Why this matters The claim matters only if the provider clarifies what isn’t stored and what temporary data might remain.

What to check Prefer providers with recent independent audits and clear explanations about connection metadata.

Evidence

Independent audit

An independent audit is an external review of apps, servers, infrastructure, or privacy assertions.

Why this matters Audits don’t guarantee perfection but are preferable to unverified promises.

What to check Check what was audited, by whom, when, and if the report is publicly available.

Legal

Jurisdiction

Jurisdiction is the country or legal framework under which a company operates.

Why this matters It impacts legal requests, business duties, and the level of trust you place in a provider.

What to check Don’t judge by country alone; consider jurisdiction alongside audit history and ownership transparency.

Privacy

Shared IP

A shared IP indicates multiple users share the same VPN server address simultaneously.

Why this matters It can enhance privacy by blending users together, but some sites may block heavily used IPs.

What to check Use shared IPs for privacy; reserve dedicated IPs for sites requiring stable access.

Trade-off

Dedicated IP

A dedicated IP is a VPN address primarily allocated to you.

Why this matters It can lower captchas and banking restrictions but offers less privacy than shared IPs.

What to check Choose it for reliable access, not maximum anonymity.

Buying

Refund policy

A refund policy explains how long you can trial a paid VPN before requesting a refund.

Why this matters Actual speed, streaming, banking, and app reliability vary by location and device.

What to check Test before committing to a long plan and keep cancellation rules handy if the service isn’t suitable.

Speed, protocols, and connection quality

These terms explain why one VPN feels faster than another, even if both claim strong encryption.

Protocol

WireGuard

WireGuard is a modern VPN protocol designed to be fast, lightweight, and easier to audit.

Why this matters It typically offers strong speeds, quick reconnects, and good battery efficiency on phones.

What to check Use it as the default unless a special compatibility mode is needed.

Protocol

OpenVPN

OpenVPN is an older, widely supported VPN protocol with a strong security record.

Why this matters It can be helpful when networks block newer protocols or if TCP mode is required.

What to check Try OpenVPN TCP if a restrictive network blocks standard VPN traffic.

Mobile

IKEv2/IPsec

IKEv2/IPsec is a VPN protocol commonly used on mobile devices due to its reliable reconnection.

Why this matters It handles switching between Wi-Fi and mobile data better than some alternatives.

What to check Use it when mobile reliability is more important than having the latest protocol.

Speed

Latency

Latency is the delay between your device and the server, often measured as ping.

Why this matters High latency causes calls, gaming, and remote desktops to feel sluggish despite good download speeds.

What to check Select a nearby server for daily use unless a specific country is required.

Speed

Bandwidth

Bandwidth is the volume of data that can pass through the connection simultaneously.

Why this matters It influences downloads, streaming quality, backups, and large app updates.

What to check Test the same server at various times before blaming your device.

Bypass

Obfuscation

Obfuscation masks VPN traffic to appear less like a VPN connection.

Why this matters It can assist on networks that block VPNs, though it may reduce connection speed.

What to check Use it only when normal VPN mode is blocked or unstable.

Account and device security

A VPN is just one layer; these terms protect accounts and devices that can identify you even if your network appears private.

Scam

Phishing

Phishing is a fraudulent message or website that tricks you into revealing passwords, codes, or payment details.

Why this matters A VPN cannot prevent you from entering passwords on fraudulent websites.

What to check Verify the domain, use a password manager, and avoid links in urgent messages.

Device

Malware

Malware is malicious software that can steal data, monitor activity, encrypt files, or control a device.

Why this matters A VPN cannot render unsafe downloads secure.

What to check Keep software updated, download from trusted sources, and use device security tools.

Login

MFA

MFA stands for multi-factor authentication: a second proof beyond your password, like an app code, passkey, or security key.

Why this matters It safeguards accounts if a password is leaked.

What to check Use app-based MFA, passkeys, or hardware keys for key accounts; avoid SMS if better options are available.

Login

Passkey

A passkey is a contemporary login method using your device or security key instead of a reusable password.

Why this matters Passkeys are harder to phish as they are linked to the genuine website.

What to check Use passkeys for email, password managers, banking, and primary identity accounts when available.

Accounts

Password manager

A password manager generates and stores strong, unique passwords for every account.

Why this matters It lowers password reuse and helps spot fake domains as autofill won’t match.

What to check Protect it with a strong master password and MFA or a security key.

Risk

Data breach

A data breach occurs when account information, passwords, email addresses, or personal details are exposed from a service.

Why this matters Breaches can result in phishing, account takeover, or identity misuse long after the event.

What to check Change reused passwords, enable MFA, and monitor key accounts after a breach notification.

Common terms people confuse

Many privacy errors occur because similar terms sound alike. These quick comparisons help you pick the right tool.

Connection layers

VPN versus HTTPS

HTTPS secures page content. A VPN conceals the destination from the local network and alters your visible IP.

Scope

VPN versus proxy

A proxy typically manages one app or browser, whereas a VPN secures all chosen device traffic via an encrypted tunnel.

Goal

Privacy versus anonymity

Privacy means fewer people can see your activity; anonymity means the activity isn’t linked to you.

Trust model

No-log versus anonymous payment

No-log concerns provider records; anonymous payment relates to billing identity. One doesn’t guarantee the other.

Leak type

DNS leak vs. IP leak

A DNS leak discloses the websites you visit. An IP leak reveals the network address visible to websites.

Decision

Encryption versus trust

Encryption secures the tunnel; trust determines what the VPN provider might still know or retain.

Before selecting a VPN, review these terms

A VPN provider may sound impressive but lack crucial details. Use this checklist when comparing plans, reviews, or app settings.

Kill switch Does it block all traffic if the VPN disconnects?

DNS handling Does DNS remain within the VPN tunnel?

Audit evidence Has the no-log claim been recently verified by an independent auditor?

Device support Do the apps support your actual devices, including Linux, routers, phones, or TVs if required?

Refund window Can you test speed, streaming, and banking before committing to a long-term plan?

Login safety Does the account support MFA or passkeys to secure the VPN account itself?

Practical rule

If a term impacts leaks, logs, or lock-in, verify it before purchasing.

Speed claims are helpful, but privacy relies on the dull details: kill switch function, DNS handling, audit evidence, refund periods, and app support for your devices.

Open the VPN provider directory

Security and VPN vocabulary FAQ

Brief answers for readers seeking practical meanings without reading the full glossary first.

Which VPN term is most important to understand first?

Begin with IP address, VPN tunnel, DNS, kill switch, and no-log policy. These five terms explain what a VPN changes, what can leak, and how much trust the provider requires.

Does a VPN make me anonymous?

Not on its own. A VPN changes your visible IP and protects traffic from local networks, but accounts, cookies, browser fingerprinting, payments, and habits can still identify you.

What is the difference between a DNS leak and an IP leak?

A DNS leak reveals the domains your device queries. An IP leak exposes the network address visible to websites. Both can occur even if the VPN app appears connected, so testing for leaks is important.

Which VPN protocol should most users choose?

WireGuard is the easiest default for most users due to its speed and reliable reconnection. OpenVPN offers compatibility, and IKEv2/IPsec is dependable on mobile networks.

Which security terms matter beyond VPNs?

MFA, passkeys, password managers, phishing, malware, and data breaches matter because a VPN can’t protect accounts after logging into fake sites or reusing leaked passwords.