The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission. Why trust us?

VPN definitions: What do some of the commonly used terms mean?

Verified by Amy Reeves

The world of VPNs can be a confusing one for those who are less technically savvy. What does encryption mean, and why does it matter what kind of encryption your provider uses? Why does everyone focus on servers when talking about VPNs? All of the terms used by companies – and even in Independent Advisor reviews – can make it difficult to work out what you should be thinking about when choosing a provider. 

To help you cut through the jargon, we’ve put together this handy guide containing some of the words you might see in our articles, what they mean, and why they matter when we talk about VPNs.

What is a VPN?

VPN diagram
A VPN may seem complicated, but it’s a great tool for protecting your online activity. (Adobe)

A virtual private network (VPN) is a service that enables users to keep their online activity private and secure. It does this by creating a tunnel between the user’s device and the internet where their data is encrypted and routed through a remote server on its way to its final destination. In addition to encrypting data, a VPN hides your device’s true identity and location. This ensures your data is invisible to anyone who might be monitoring your connection, which is very important when it comes to online banking or using public wifi networks.

Find out more about what a VPN is and why you should use one. Read our full article on VPN tunnels to learn more.

What is encryption?

Encryption diagram
Encryption is a way of making your data unreadable to the human eye without a key to unlock the code. (Adobe)

Encryption is a process that turns human-readable data (otherwise known as plaintext) into a cipher that appears to the human eye as a random selection of characters – usually letters, numbers and symbols. Without the correct “key” to unlock the cipher, it’s unlikely someone will be able to read the encrypted data, keeping it safe from unauthorised parties.

What is an IP address?

An Internet Protocol (IP) address is a long string of characters that identifies devices on a network and their location. Devices use this code to communicate with each other and share data. VPNs are designed to mask your IP address and location, which creates a private and secure environment for you to use the web. A VPN can also make it look like your IP address – and therefore your device – is located in another country.

What is a public network?

A public network is an unsecured network that allows any device to freely gain access, such as a public wifi network you can access at a cafe. Your device is vulnerable when connected to a public network and can easily be targeted by unwanted parties such as hackers. This is where a VPN can help, as it keeps your IP address hidden or makes it appear as if your device is located in another country, thus making your access more secure. Encrypting your data is especially useful if you want to carry out financial transactions online when connected to a public network – something that is usually not recommended.

Read our article explaining why you should use a VPN when accessing public wifi.

What is a private network?

A private network is a network – such as a wifi network – whereby restrictions have been put in place to prevent unauthorised devices from gaining access. Private networks are usually used by organisations to create a secure environment for their employees’ computers. The wifi router at your home is also classed as a private network, as long as access is protected by a password. You can also use some VPNs to create your own private network, such as by installing it on your wifi router so all devices using your wifi are protected. Others, like NordVPN, offer features that allow you to set up a private network for a certain number of devices.

What is a Local Area Network (LAN)?

Local area network diagram
A LAN creates a private network for devices to communicate with each other. (Adobe)

A Local Area Network (LAN) is a type of private network that is usually based in a physical location, such as an office building or home. All devices on a LAN communicate with each other and share data through the network.

What is an ISP?

An Internet Service Provider (ISP) is the company that provides a home or business’ access to the internet. In most cases, your ISP is allowed to monitor your online activity, including what websites you’re visiting, the files you download and how much data you’re using on their network. In some cases, companies will use this information to throttle (slow down) your connection speed in order to reduce strain on the network at times of high demand. In countries with internet censorship laws, ISPs are the main parties keeping users from viewing prohibited websites and material.

When you have a VPN activated on your device, your ISP will only be able to see the IP address of the server you’re browsing from, as well as your VPN’s protocol, your connection timestamps and how much bandwidth you’re using.

What are geo-restrictions?

Some information on the internet is restricted in certain regions, and some internet searches will only show country-specific websites in those countries. Also, some content is often only allowed to be viewed in specific locations – usually because of copyright laws or royalty agreements.

Your computer’s IP address shows where it is physically located, which is how the network knows to restrict access to locked content.

What is a firewall?

Firewall diagram
A firewall can block unwanted traffic from accessing a private network. (Adobe)

A firewall is a type of network security that keeps track of incoming and outgoing traffic and decides whether to block or allow specific IP addresses based on a defined set of rules. A firewall can be a physical piece of hardware, digital software, or both. Some websites will use a firewall to stop unauthorised traffic, such as where there are geo-restrictions in place (China is notorious for its strict and hard-to-crack firewall). 

Most VPNs can bypass firewalls to give you unrestricted access to content, but if the website owner or administrator determines that an IP address belongs to a VPN server, it can block that address with the firewall. This is why providers sometimes have to take servers offline and add new ones.

What are servers and why do they matter?

A server is either a physical device or computer programme that performs specific functions. It fulfils requests from client programmes, such as your VPN or an app on your phone. When you’re connected to a VPN, your data will be routed through a server – which can be physical or virtual – and encrypted. The more servers a provider has, the better, as it means its network can maintain faster speeds at times of high demand.

Why do server locations matter?

The reason VPN providers have servers in countries around the world is so your traffic appears to be coming from a place other than your physical location. In other words, if you want to view a website that is only available in Australia, you can choose an Australian server to make it appear as though you’re in the country. The more server locations a provider has, the better, as it means you have more options for creating a private connection.

There are ways to find out your VPN server’s true location to help you determine if your provider can be trusted.

What is bandwidth?

Bandwidth is the volume of data being transmitted over an internet connection at any given time, usually calculated in megabits per second (Mbps). This is different from internet speed, which is a measure of how long it takes for data to be transmitted back and forth between your device and a server. Many ISPs monitor each user’s bandwidth and can impose speed restrictions if you’re using a lot of data. Your ISP can still see how much bandwidth you’re using when you’re connected to a VPN, but they won’t be able to see what you’re using it for.

What is download speed?

This is the measure of how long it takes for data to be transmitted from the internet to your device, usually measured in megabits per second (Mbps) or kilobits per second (Kbps). Routing your internet connection through a VPN server will often slow your download speed, particularly if that server is located on the other side of the world. A good provider will invest in more and better servers to mitigate this loss of speed. There are also steps you can take to speed up your connection when using a VPN.

What is upload speed?

This is similar to download speed, but in reverse; it’s the measure of how fast it takes to transmit data from your device to the internet. Again, a VPN can slow down your upload speed, so choosing a provider with more servers means you can mitigate this loss.

What is latency (ping)?

Latency (sometimes called ping) is how long it takes for data to be transmitted from one point on a network to another. In other words, the amount of time it takes for a packet of data to be transferred from your device to a server and back again, or vice versa. This is usually measured in milliseconds (ms). The higher the latency, the longer it will take to receive data on your device. VPNs can impact this speed, which is why Independent Advisor uses it as a key measurement in our performance tests for reviews.

What is AES-256?

Advanced Encryption Standard (AES) is a type of cipher used by the US government to protect classified information. There are different levels of AES: 128-bit, 192-bit and 256-bit. These numbers refer to the length of key used to unlock the cipher. AES-256 offers the highest level of encryption and is allegedly yet to be cracked by hackers, though most experts agree any encryption can be broken given enough time and resources. However, NordVPN says it would take billions of years using the technology currently available to crack AES-256.

Most major VPN providers use AES-256 to encrypt data routed through their servers, so it’s a good idea to make sure the VPN you choose offers this level of protection.

What is a no-logs policy and why is it important?

Put simply, this type of policy means a VPN provider stores little to no information about its users’ online activity on its servers. Some providers say they keep logs of basic data, such as which server location a user is connected to, the date of connection, the amount of bandwidth used and app updates, though this is mostly used for maintenance and to help the company’s engineers troubleshoot any issues on the network.

A no-logs policy is important because it means your data is kept private and anonymous – something that is vital in a world where dubious parties are willing to steal users’ information and sell it to the highest bidder.

But having a no-logs policy in place isn’t enough for some users, which is why the best providers invite independent third parties to audit their privacy and security measures. Users can take this as proof that their data is safe with their chosen provider.

What is split tunnelling?

Split tunnelling is a VPN feature that allows users to route some apps through the secure connection, with everything else going through the open web. This is helpful if you only want to protect some of your traffic – for instance when using internet banking or making online purchases – and want to maintain a fast connection for websites where privacy is not a concern. There is also inverse split tunnelling, which allows you to encrypt your whole connection and choose which apps go through the open network. Not all providers offer split tunnelling, so, if this is important to you, choose one that does.

What is a DNS leak?

DNS diagram
A DNS server is a key component when accessing websites from any device. (Adobe)

DNS stands for domain name system. This is the system that is used to translate domain names (website addresses or URLs) to IP addresses, which are required to route data across the internet. When you enter a URL on your browser, your computer will contact a DNS server to request the IP address. Most ISPs assign their customers to a DNS server that they control so they can log and record your online activity. 

When using a VPN, your connection to these DNS servers is supposed to remain private, but in some circumstances a DNS leak can happen, meaning third parties may be able to see and log your activity, including any sensitive information. You can run a DNS leak test to find out if your VPN connection is secure. Most VPN providers offer DNS leak protection as standard.

What is WebRTC?

Web Real-Time Communication (WebRTC) is an open-source technology developed by Google that allows web browsers to communicate with each other through application programming interfaces (APIs) without the need for an intermediate server. It is primarily focused on audio and video communications, and its popularity has been boosted by the Covid-19 pandemic, with more people working from home and communicating with colleagues online. 

However, in order for WebRTC to work, both devices need to know each other’s IP addresses, which can pose a threat to your privacy. To find out if you’re experiencing a WebRTC leak, you can run a leak test to find out if your IP address is exposed.

When you’re connected to a VPN, the test should only show the IP address of the server you’re browsing from rather than your true address. Some providers have their own WebRTC leak tests you can use, but there are also plenty of free third-party tests out there.

What is a kill switch?

If you’re using a VPN to keep your connection private, it’s important to maintain that privacy the entire time you’re online. However, sometimes your connection to a server can drop, leaving you vulnerable to external monitoring. To mitigate risk to users, most VPNs have what’s called a kill switch, which is a feature that will stop all internet traffic to and from your device if your connection cuts out, preventing any leaks.

Find out more about VPN kill switches here.

What is a double VPN?

A double VPN – also called a multi-hop VPN – adds a second layer of encryption and provides even more privacy to your connection. In a normal connection, your data is encrypted on your device, sent to the provider’s server to be decrypted, and finally sent off to its final destination. 

In some cases, because your ISP or attackers can see that you’re connected to a VPN, they can find a correlation between the data you’re sending to the server and what’s coming out of it. In a double VPN, there are two layers of encryption added to your data. This packet is sent to one server, where the second layer of encryption is removed, then to a second server for the remaining layer to be removed, before being sent to its final destination. Your ISP and potential attackers cannot see the second server in that scenario, meaning it’s nearly impossible for any correlation to be made.

What are VPN protocols?

A VPN protocol is a set of rules that govern how data moves between a device and an encrypted server. There are several protocols, and each provider can choose which ones they use to provide their services. Each protocol has benefits and drawbacks, which is why more technically savvy users will research which ones a provider uses before choosing to purchase.

These are the most common protocols used by providers:

  • OpenVPN: As an open-source protocol (meaning the programming code is freely available for others to use or to develop their own protocol), OpenVPN is one of the most popular protocols used by the majority of providers. It uses modern security measures to ensure data privacy and can easily bypass firewalls. However, if it is not configured properly by the provider, data leaks can happen. It can run over User Datagram Protocol (UDP – one of the core communication protocols used to send messages across an IP network) or Transmission Control Protocol (TCP – a communications standard that allows applications and devices to exchange messages over a network).
  • Layer 2 Tunnelling Protocol and Internet Protocol Security (L2TP/IPSec): A pair of protocols that work in tandem to provide an extra layer of encryption, making it ideal for those who want to use a VPN for privacy reasons. The downside is that L2TP takes up a lot of computer processing power, which can slow down the connection. 
  • Internet Key Exchange Version 2 (IKEv2): Another protocol that is layered with IPSec, but it is primarily designed for mobile devices running on mobile networks such as 4G because it’s good at reconnecting when the connection to the VPN server drops.
  • WireGuard: A relatively new open-source VPN protocol that is used by many providers as a basis for their own unique protocol (such as NordVPN’s NordLynx). It’s become popular in recent years because of its speed and reliability, which it owes to its relatively simple coding.
  • Lightway: Developed by ExpressVPN, Lightway was designed to be simpler and less laden with unnecessary features, thus offering a faster, smoother and more secure user experience. It allows devices to stay connected to the VPN even when they switch networks. ExpressVPN has made the protocol open-source so other providers can use it as well.
  • Point to Point Tunnelling Protocol (PPTP): One of the oldest VPN protocols, PPTP is the fastest on the market but comes at the cost of encryption and security features since it’s run on an outdated authentication suite. It’s easy to crack, which is why most major VPN providers no longer use it.  
  • Secure Socket Tunnelling Protocol (SSTP): Developed by Microsoft along with Windows Vista, SSTP is similar to PPTP and is mainly used for securing web pages alongside Security Sockets Layer (SSL) – an encryption-based internet security protocol commonly used by websites to create a secure connection with users. It’s another protocol that is not supported by major VPN providers.

Read our full article on VPN protocols to find out more.

What is Perfect Forward Secrecy?

Perfect Forward Secrecy (PFS – also sometimes called forward secrecy) is an encryption system where the keys used to encrypt and decrypt data are changed frequently – in some cases every time a user starts a new session. This ensures that if one session key is compromised, data transferred during other sessions remains safe. 

PFS is supported by a number of VPN protocols, including IKEv2, OpenVPN and Wireguard. However, it requires more computing power so can result in slower speeds.

What is a Secure Hashing Algorithm (SHA)?

Hashing is a type of one-way encryption that is used by some VPN providers to enable secure access to their servers. Like AES, there are multiple types of encryption, with SHA-512 being the most robust. In a nutshell, it turns your credentials into 512 random binary digits, which are compared to the hashes that were generated when you created your account. If these match, your device will be granted access to the server.

Why does your VPN provider’s HQ location matter?

Every country has its own laws around what kind of data companies must collect and store, as well as whether authorities have the right to request that data for any reason. Some nations are more relaxed about data collection, while others have strict rules in place that all companies must follow. This is why VPN providers are careful about where they operate their main headquarters. If they’re located in a country with no data laws, it’s easier for them to operate a no-logs policy and offer a guarantee that their users’ activity will remain private. As such, we recommend choosing a VPN based in a country with relaxed data laws – NordVPN, for instance, is headquartered in Panama, while ExpressVPN is headquartered in the British Virgin Islands.

However, it’s important to note that even countries with relaxed local data laws are sometimes members of intelligence-sharing groups of countries such as the Five Eyes, Nine Eyes, or 14 Eyes. This means companies can still be compelled to share customer data with the members of those groups. Examples include Surfshark being based in the Netherlands (a Nine Eyes member) and VPNSecure in Australia (a Five Eyes member). The number included in the name of the different ‘Eyes’ alliances is a reference to the number of countries signed up to the pact; so in theory, the higher the membership, the more countries that can request user data.

What is a VPN router?

A VPN router is a device designed to enable network communications within a VPN tunnel. In other words, it’s a wifi router with a VPN installed directly onto it, creating a private environment for all devices connected to that network. While most major services can be installed on your existing router, you can also buy routers with built-in protection. Examples include ExpressVPN’s Aircove and the Asus RT-AX58U. 

The benefit of having a VPN on your router is that all traffic on your network will automatically be protected without you having to activate the service on each device – although you may still choose which devices connect through the tunnel and which ones access the net directly.

What is Onion Over VPN?

In the world of privacy, there is something called The Onion Router (Tor) network, which is open-source software that enables anonymous communications online. It adds multiple layers of encryption, much like the layers of an onion. Some VPN providers use this network for added privacy on a specific type of server called an Onion Over VPN server. Once your data is encrypted on your device by the VPN client, it is sent to the server and decrypted. This (now-private) data is routed through the Tor network on its way to its final destination.

What is an obfuscated server?

As we’ve already discussed, your ISP is able to see when you’re routing your traffic through a VPN, but they can’t see what the data is. An obfuscated server hides the fact that you’re using a VPN to reroute your traffic. This adds another layer of privacy when you’re browsing the web.

What is a dedicated IP?

Normally, when you connect to a VPN your IP address changes, but it can be shared with other users. Shared IPs can be blocked by websites and services if it becomes obvious that multiple users are attached to it. To get around this, some providers offer a dedicated IP for an extra fee, which will provide you with an address that is unique to your account. This will reduce the chances of a connection disruption. It’s particularly useful for business users, as many company system administrators will restrict access to their network to select IP addresses. It’s also handy if you do a lot of online banking, as it won’t appear as if you’re logging in from a different location every time.

What is a RAM-only server?

In computer terms, there are two things that are important to remember: memory and storage. The two are easily confused, but there is a key difference. When we talk about memory, we most often mean random access memory (RAM). RAM temporarily stores data while the computer’s central processing unit (CPU) is performing other tasks. Without RAM, your computer wouldn’t be able to perform any functions and, if there’s not enough RAM available, your computer will operate slowly. Storage, however, most often refers to the amount of space on your device’s hard drive, usually measured in gigabytes (or terabytes for larger hard drives) – in other words, how much data you can store on your computer at any one time. 

A RAM-only server does not have any storage capacity outside of the available RAM, so it does not store any data long-term. This is preferred for VPN servers because it means customer data will not be kept, thereby maintaining privacy.

What is the dark web?

Some VPN providers offer dark web monitoring or protection, but what exactly is the dark web? It’s a secret collection of websites that can only be accessed using a specialised browser. Almost like a VPN, it’s used to keep internet activity private and anonymous. Most people know the dark web as a tool used by hackers and criminals to conduct illegal online activity, but it does have beneficial uses for others, such as anonymous communication with journalists and the ability to bypass government censorship. 

The problem with the dark web is that it’s much easier for cyber criminals and scammers to target people, and it’s also most often the place where hackers and identity thieves will sell the sensitive information they’ve stolen. Some VPN providers, such as NordVPN, offer dark web monitoring, which will scan sites on the dark web for any mention of your credentials and alert you if they’re found so you can take action to protect your accounts.

Independent Advisor does not endorse the streaming of content from regions other than where the subscription is held, nor does it endorse the downloading or consumption of illegally pirated content.

Molly Dyson


After growing up with a passion for writing, Molly studied journalism and creative writing at university in her home country of the United States.

She has written for a variety of print and online publications, from small town newspapers to international magazines. Most of her 10-year career since relocating to the UK has been spent in business journalism, writing and editing for admin professionals at PA Life magazine and business travel managers at Business Travel News Europe and representing those titles at conferences around the world.

Now an Editor at the Independent Advisor, Molly is an expert in a broad range of consumer topics, that include solar panels and renewables, home improvements and home insurance, and consumer technology such as home security and VPNs.

In her free time, Molly can usually be found exploring the outdoors with her husband and their young son or gardening.

Amy Reeves


Amy is a seasoned writer and editor with a special interest in home design, sustainable technology and green building methods.

She has interviewed hundreds of self-builders, extenders and renovators about their journeys towards individual, well-considered homes, as well as architects and industry experts during her five years working as Assistant Editor at Homebuilding & Renovating, part of Future plc.

Amy’s work covers topics ranging from home, interior and garden design to DIY step-by-steps, planning permission and build costs, and has been published in Period Living, Real Homes, and 25 Beautiful Homes, Homes and Gardens.

Now an Editor at the Independent Advisor, Amy manages homes-related content for the site, including solar panels, combi boilers, and windows.

Her passion for saving tired and inefficient homes also extends to her own life; Amy completed a renovation of a mid-century house in 2022 and is about to embark on an energy-efficient overhaul of a 1800s cottage in Somerset.