VPN vocabulary guide: simple security terms explained

How to use this glossary

You do not need to read it like a book. Pick the situation that matches your question, then use the cards to understand what matters and what you can safely ignore.

You are reading a VPN review

Start with no-log policy, audit, jurisdiction, kill switch, DNS leak, split tunneling, and refund policy.

You are setting up an app

Look up protocol, WireGuard, OpenVPN, split tunneling, auto-connect, DNS, and kill switch before changing defaults.

You saw a security warning

Check phishing, malware, HTTPS, MFA, passkeys, password manager, and data breach before clicking anything.

Everyday privacy basics

These are the words normal users meet first: IP addresses, DNS, trackers, and the difference between privacy and anonymity.

Core

VPN

A VPN is an encrypted connection from your device to a VPN server. Websites see the VPN server address instead of your home or mobile IP address.

Why it matters It helps on public Wi-Fi and hides visited sites from the local network or internet provider.

What to check Check whether the VPN has a kill switch, good apps for your devices, and clear privacy claims.

Identity signal

IP address

An IP address is the public internet address websites see when your device connects to them.

Why it matters It can reveal your approximate location and internet provider, but it does not prove who is sitting at the device.

What to check A VPN changes the visible public IP. Logging into personal accounts can still identify you.

Network

ISP

Your ISP is the company that gives you internet access at home or on mobile.

Why it matters Without a VPN, your ISP can often see the domains you connect to, even when page content is encrypted.

What to check Use HTTPS and a trusted VPN if you do not want the ISP or local network to see browsing destinations.

Lookup

DNS

DNS is the phone book of the internet. It turns a name like example.com into the server address your device can reach.

Why it matters DNS lookups can reveal which sites you open, even before the page loads.

What to check Check that the VPN uses private DNS inside the tunnel and does not fall back to your router or ISP DNS.

Browser

Cookies

Cookies are small files websites save in your browser to remember logins, carts, preferences, or tracking IDs.

Why it matters A VPN does not remove cookies. A site can still recognize your browser after you connect to a VPN.

What to check Clear cookies or use a separate browser profile when you want a clean session.

Tracking

Browser fingerprinting

Fingerprinting recognizes a browser by the combination of device, screen, fonts, graphics, language, and behavior signals.

Why it matters It can follow you even when cookies are blocked, because the browser itself looks recognizable.

What to check Use a common privacy browser setup and avoid installing many unusual extensions.

VPN features and app settings

These terms decide whether a VPN protects you quietly in the background or leaks when the connection changes.

Must check

Kill switch

A kill switch blocks internet traffic if the VPN connection drops.

Why it matters It prevents your real IP address from appearing during a short disconnect.

What to check Turn it on before using public Wi-Fi, torrents, or sensitive accounts.

Leak risk

DNS leak

A DNS leak happens when website lookups go outside the VPN tunnel.

Why it matters Your ISP or local network may see which domains you visit even though the VPN appears connected.

What to check Run a DNS leak test after connecting and check that only VPN-controlled DNS servers appear.

Browser

WebRTC leak

A WebRTC leak can expose local or public network addresses through browser calling features.

Why it matters Some browsers and websites can use WebRTC in ways that bypass what users expect from a VPN.

What to check Use a browser leak test and disable or limit WebRTC if your threat model needs it.

Control

Split tunneling

Split tunneling lets only selected apps or websites use the VPN while other traffic stays direct.

Why it matters It is convenient for banking, printers, games, or local services, but it can also leave sensitive apps outside protection.

What to check Use it only when you know exactly which apps should bypass the VPN.

Habit

Auto-connect

Auto-connect starts the VPN automatically on unknown or untrusted networks.

Why it matters It reduces the chance that you forget protection when joining hotel, airport, or cafe Wi-Fi.

What to check Set trusted networks carefully so public Wi-Fi never stays unprotected by accident.

Home

Router VPN

A router VPN protects devices through the router instead of installing a VPN app on each device.

Why it matters It helps smart TVs, consoles, and simple devices, but all traffic may share the same VPN route.

What to check Check router support, speed limits, and whether you can exclude devices that should stay local.

Provider trust and account terms

These words help you judge whether a provider is making a useful privacy promise or only using marketing language.

Trust

No-log policy

A no-log policy says the VPN does not store browsing history, traffic content, or useful activity records.

Why it matters The claim matters only if the provider explains what is not stored and what temporary data may still exist.

What to check Prefer providers with recent independent audits and clear wording about connection metadata.

Evidence

Independent audit

An independent audit is an external check of apps, servers, infrastructure, or privacy claims.

Why it matters Audits do not make a provider perfect, but they are better than promises with no outside review.

What to check Check what was audited, who did it, when it happened, and whether the report is public.

Legal

Jurisdiction

Jurisdiction is the country or legal system a company operates under.

Why it matters It affects legal requests, business obligations, and how much trust you place in a provider.

What to check Do not judge by country alone. Combine jurisdiction with audit history and ownership transparency.

Privacy

Shared IP

A shared IP means many customers use the same VPN server address at the same time.

Why it matters It can improve privacy because individual users blend together, but some websites may block crowded IPs.

What to check Use shared IPs for privacy, dedicated IPs only when a site needs stable access.

Trade-off

Dedicated IP

A dedicated IP is a VPN address assigned mainly to you.

Why it matters It can reduce captchas and banking blocks, but it is less private than blending into a shared address.

What to check Choose it for access reliability, not for maximum anonymity.

Buying

Refund policy

A refund policy tells you how long you can test a paid VPN before asking for your money back.

Why it matters Real speed, streaming, banking, and app reliability vary by location and device.

What to check Test before buying a long plan and save cancellation rules in case the service does not fit.

Speed, protocols, and connection quality

These terms explain why one VPN feels fast and another feels slow, even when both claim strong encryption.

Protocol

WireGuard

WireGuard is a modern VPN protocol designed to be fast, small, and easier to audit.

Why it matters It usually gives strong speed, fast reconnects, and good battery behavior on phones.

What to check Use it as the default unless you need a special compatibility mode.

Protocol

OpenVPN

OpenVPN is an older, widely supported VPN protocol with a long security history.

Why it matters It can be useful when networks block newer protocols or when you need TCP mode.

What to check Try OpenVPN TCP if a restrictive network blocks normal VPN traffic.

Mobile

IKEv2/IPsec

IKEv2/IPsec is a VPN protocol often used on mobile devices because it reconnects well.

Why it matters It can survive switching between Wi-Fi and mobile data better than some alternatives.

What to check Use it when mobile reliability matters more than having the newest protocol.

Speed

Latency

Latency is the delay between your device and the server, often shown as ping.

Why it matters High latency makes calls, gaming, and remote desktops feel slow even when download speed is high.

What to check Choose a nearby server for daily use unless you need a specific country.

Speed

Bandwidth

Bandwidth is how much data can move through the connection at once.

Why it matters It affects downloads, streaming quality, backups, and large app updates.

What to check Test the same server at different times before blaming your device.

Bypass

Obfuscation

Obfuscation disguises VPN traffic so it looks less like a VPN connection.

Why it matters It can help on networks that block VPNs, but it may slow the connection.

What to check Use it only when normal VPN mode is blocked or unreliable.

Account and device security

A VPN is only one layer. These terms protect the accounts and devices that can identify you even when your network looks private.

Scam

Phishing

Phishing is a fake message or website that tricks you into giving away passwords, codes, or payment details.

Why it matters A VPN does not stop you from entering a password on the wrong website.

What to check Check the domain, use a password manager, and avoid links in urgent messages.

Device

Malware

Malware is harmful software that can steal data, spy on activity, encrypt files, or control a device.

Why it matters A VPN cannot make dangerous downloads safe.

What to check Keep software updated, download from trusted sources, and use device security tools.

Login

MFA

MFA means multi-factor authentication: a second proof beyond your password, such as an app code, passkey, or security key.

Why it matters It protects accounts when a password leaks.

What to check Use app-based MFA, passkeys, or hardware keys for important accounts; avoid SMS when better options exist.

Login

Passkey

A passkey is a modern login method that uses your device or security key instead of a reusable password.

Why it matters Passkeys are harder to phish because they are tied to the real website.

What to check Use passkeys for email, password managers, banking, and main identity accounts when available.

Accounts

Password manager

A password manager creates and stores strong, unique passwords for each account.

Why it matters It reduces password reuse and helps you notice fake domains because autofill will not match.

What to check Protect it with a strong master password and MFA or a security key.

Risk

Data breach

A data breach happens when account data, passwords, email addresses, or personal details leak from a service.

Why it matters Breaches can lead to phishing, account takeover, or identity abuse long after they happen.

What to check Change reused passwords, enable MFA, and monitor important accounts after a breach notice.

Common terms people mix up

Many privacy mistakes happen because two similar terms sound like the same thing. These quick comparisons help you choose the right tool for the job.

Connection layers

VPN vs. HTTPS

HTTPS protects the page content. A VPN hides the destination from the local network and changes your visible IP.

Scope

VPN vs. proxy

A proxy usually handles one app or browser. A VPN usually protects all selected device traffic through an encrypted tunnel.

Goal

Privacy vs. anonymity

Privacy means fewer people can see your activity. Anonymity means the activity is not linked back to you.

Trust model

No-log vs. anonymous payment

No-log is about provider records. Anonymous payment is about billing identity. One does not automatically guarantee the other.

Leak type

DNS leak vs. IP leak

A DNS leak reveals the sites you look up. An IP leak reveals the network address websites can see.

Decision

Encryption vs. trust

Encryption protects the tunnel. Trust decides what the VPN provider could still know or store.

Before you choose a VPN, check these terms

A VPN provider can sound impressive while still missing the detail you need. Use this shortlist when comparing plans, reviews, or app settings.

Kill switch Does it block all traffic when the VPN drops?

DNS handling Does DNS stay inside the VPN tunnel?

Audit evidence Was the no-log claim checked recently by an independent auditor?

Device support Do the apps cover your real devices, including Linux, router, phone, or TV if needed?

Refund window Can you test speed, streaming, and banking before you are locked into a long plan?

Login safety Does the account support MFA or passkeys so the VPN account itself is protected?

Practical rule

If a term affects leaks, logs, or lock-in, check it before paying.

Speed claims are useful, but privacy depends on the boring details: kill switch behavior, DNS handling, audit evidence, refund windows, and whether the apps support your devices.

Open the VPN provider directory

Security and VPN vocabulary FAQ

Short answers for readers who want the practical meaning without reading the full glossary first.

What is the most important VPN term to understand first?

Start with IP address, VPN tunnel, DNS, kill switch, and no-log policy. Those five terms explain what a VPN changes, what can leak, and how much you must trust the provider.

Does a VPN make me anonymous?

Not by itself. A VPN changes your visible IP address and protects traffic from local networks, but accounts, cookies, browser fingerprinting, payments, and habits can still identify you.

What is the difference between a DNS leak and an IP leak?

A DNS leak exposes which domains your device looks up. An IP leak exposes the network address websites can see. Both can happen even when a VPN app looks connected, so leak testing matters.

Which VPN protocol should most people use?

WireGuard is the easiest default for most people because it is fast and reconnects well. OpenVPN is useful for compatibility, and IKEv2/IPsec can be reliable on mobile networks.

What security terms matter beyond VPNs?

MFA, passkeys, password managers, phishing, malware, and data breaches matter because a VPN cannot protect an account after you log into a fake site or reuse a leaked password.