A browser add-on/extension, or software, that prevents advertisements from displaying on web pages.
The majority of these will also help to block ad-based malware and cross-site tracking, which is when companies collect your data across multiple websites.
One of the most commonly used encryption protocols, AES-256 is the cipher of choice for the US federal government.
It is considered completely unbreakable, and since its creation (over a decade ago) has undergone excessive testing to prove exactly how secure it is.
AES is, in our opinion, the best encryption standard available to VPN users.
An open source digital currency – or “cryptocurrency” – that’s been around since 2009 and isn’t linked to any banks or administrative bodies.
Bitcoin operates using peer-to-peer technology and transactions take place directly between users, cutting out the need for ‘middle men’ like financial institutions. It can be exchanged for goods and services or for other currencies.
Many VPN providers allow payment via Bitcoin as it provides customers with an additional layer of privacy. This is because funds are linked to Bitcoin addresses rather than real-life entities with further steps possible (ie Bitcoin mixing or tumbling) that make them untraceable.
One of the most common peer-to-peer (P2P) protocols used to download and distribute files over the internet. To get started, you’ll need BitTorrent client software along with a small torrent file that contains the information needed to download the file you want. These torrent files are most notoriously available on torrenting sites such The Pirate Bay but also on forums and other sites.
Unless you use a VPN, your IP address will be exposed to anyone involved in data transfers, so check out our best VPNs for torrenting in order to protect yourself from unwanted snooping.
A plug-in, or add-on, that can be downloaded and installed to your web browser for increased functionality. Most major browsers (Google Chrome, Firefox, Opera and Safari) offer online stores that allow you to find extensions, however not all extensions will work with every browser.
Many VPN providers offer browser extensions very popular with browser-focused users looking for a more lightweight online experience. In most cases, these are proxies rather than full VPN extensions (see our definition of proxy below), so your web traffic isn’t actually encrypted.
The only actual VPN extension currently available is ExpressVPN’s add-on.
A mathematical algorithm used for data encryption. Modern-day ciphers are almost impossible to crack, even with the help of advanced supercomputers, as they’re made up of incredibly complex algorithms. AES-256 is considered to be the strongest cipher for a VPN.
These are also known as metadata logs, and are used by VPN providers (in most cases) for troubleshooting and dealing with technical issues.
The amount of data collected varies from one VPN service to the next, but generally includes anonymous details such as: connection time, amount of data transferred and the number of devices that are connected to the VPN.
Some providers will also log your originating IP address, but we don’t recommend using a VPN that logs your IP.
As a general rule, connection logs aren’t too much of a concern as long as they’re anonymous, not overly detailed, and are only stored for a very short period of time. Providers such as ExpressVPN are a good example of this: they only collect your connection date, server choice and total amount of data used, none of which can be used to personally identify you.
Other VPN services such as HideMyAss! are a little more intrusive, storing your originating IP address for up to three months.
A digital currency that can be exchanged for goods or services, using cryptography as a means of securing and verifying transactions.
Some more well-known examples of cryptocurrencies include Bitcoin, Litecoin, Ethereum and Dash, some of which are accepted by VPN providers as a means of payment.
Also known as the Dark Net, the Dark Web includes all the websites you can’t find using regular search engines such as Google or Yahoo.
It is only accessible through networks such as Tor (“The Onion Router”, see our definition below) or I2P (“Invisible Internet Project”), and users become incredibly difficult to track due to the high level of encryption.
More and more people are being pushed towards the Dark Web simply because they’re concerned about the online privacy laws where they live, and not to access any illegal content. However, criminals do also use the Dark Web to carry out illegal activity without being detected.
A Linux-based open source firmware for wireless routers.
You can “flash” DD-WRT into your existing router, which will remove the default factory settings and give you more control, or you can purchase one that’s been pre-flashed.
This enables you to configure a VPN at router level, so every device you connect wirelessly will be routed through the VPN without you having to install individual apps.
DMCA stands for Digital Millennium Copyright Act and a DMCA notice refers to a copyright infringement notification that’s sent to ISPs by copyright holders.
Since VPN users take on an IP address registered with their VPN provider, any alert relating to alleged infringement goes to the VPN service rather than the ISP of the user doing the alleged infringing.
It’s worth looking closely at a VPN provider’s terms of service, and logging policy, if you are a heavy torrenter to understand how a VPN service responds to these notices.
The internet’s method of translating web addresses (URLs) into numeric IP addresses.
For example, the domain name www.top10vpn.com converts to an IP address of 151.101.50.49.
This translation process is usually performed by your Internet Service Provider, but when you’re connected to a VPN, all DNS should firstly be routed through the VPN tunnel and then resolved by the VPN provider, rather than by your ISP.
These occur when your DNS requests go through your ISP rather than your VPN provider, and mean your true IP address is being exposed. You can check for DNS leaks by reading our leak-testing guide.
The best way to prevent this from happening is to choose a VPN provider that offers built-in ‘DNS leak protection’.
DoH is a protocol for performing remote domain name system (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks. As of March 2018, Google and the Mozilla Foundation are testing versions of DNS over HTTPS.
DNS over HTTPS currently lacks native support in most operating systems, so a user wishing to use it must install additional software.
‘ESNI’ is a new technical standard for encrypted server name indication announced by Cloudflare in 2018. The technology enhances the privacy protections of HTTPS by helping to hide the identity of the sites you visit—particularly when a large number of sites are hosted on a single set of IP addresses. ESNI can also work over VPNs or Tor, adding another layer of privacy protections.
ESNI technology is currently in a preliminary phase. Only users of certain versions of Mozilla Firefox will be able to use it, and only when accessing services hosted by Cloudflare. When it’s been shown to work properly, we hope to see it supported by other browsers and content delivery networks (CDN), and eventually used automatically for the majority of web traffic.
The method of converting data to an encrypted form, using a mathematical algorithm known as a cipher.
It’s used to protect sensitive information and prevent it from being viewed by unauthorized parties, and is incredibly difficult to ‘crack’ unless you have access to the correct ‘keys’.
You can read more about encryption in our in-depth guide.
A free, open-source web browser developed by Mozilla Foundation, a non-profit organization.
It still isn’t quite as widely-used as Google Chrome, but Firefox is becoming more popular with security-conscious users due to the abundance of privacy enhancing add-ons on offer.
These are the Firefox VPN extensions we recommend.
Often abbreviated as FVEY, Five-Eyes is an intelligence alliance made up of Australia, Canada, New Zealand, the UK and the US.
The countries work together to collect mass surveillance data and share it between their respective security organizations, sneakily bypassing the laws that prevent them from spying on their own citizens.
Read more about Five-Eyes, Nine-Eyes and 14-Eyes, and try to avoid VPN providers based in any of these countries, unless they operate a zero-logs logging policy.
Restricting access to web content based on the user’s geographical location. For example, BBC iPlayer is only accessible to UK residents, and Hulu is only available in the US.
It is also used by governments in high-censorship countries to block websites that are deemed inappropriate or those that are illegal under local laws.
VPNs can be used to access content that isn’t usually available in your country, however you must be careful not to infringe any copyright laws.
A more secure version of HTTP, the protocol that’s the foundation of the web. HTTPS uses secure port 443 by default and encrypts all user data, making it far less vulnerable to man-in-the-middle and eavesdropping attacks.
Previously it was mainly used by banks and online retailers, however it is increasingly becoming the norm for mainstream websites.
When you visit a HTTPS website, anyone monitoring your activity can tell that you’ve visited the site, however they won’t be able to see anything specific that you’ve done, such as the pages you visited or any details that you entered into forms.
Look for a padlock icon in your browser’s URL bar and try to only use websites where the address begins with “https://”.
As defined by Access Now, an Internet Shutdown is an intentional disruption of internet or electronic communications, rendering them inaccessible or effectively unusable, for a specific population or within a location, often to exert control over the flow of information.
A unique numerical address given to your internet connection by your ISP. These can be rotated on a regular basis or randomly reassigned every time a connection resets, but everything you do online is linked to one.
One of the main reasons for using a VPN is to mask your true IP address so that your browsing activity can’t be traced back to you as an individual, protecting you from unwanted surveillance from your ISP and other third parties.
This happens when a website or app you’re using can see your real IP address instead of the one your VPN is showing.
You can test for IP leaks by reading our leak-testing guide.
In order to prevent this happening you should select a VPN provider that offers DNS and IPv6 leak protection, such as CyberGhost.
Short for Internet Protocol Version 4. The current default system for defining numerical IP addresses (see our definition of DNS above).
Due to an increase in internet use in recent years, IPv4 addresses are running out, as only a limited number were available for assignment.
Internet Protocol Version 6, a new standard introduced to solve the problems presented by IPv4. It utilizes 128-bit rather than 32-bit internet addresses, meaning the total number available should keep us supplied for years to come.
Unfortunately a lot of VPNs fail to direct IPv6 traffic through the VPN tunnel, so if you connect to a website that supports IPv6, your DNS request will be handled by your ISP, therefore exposing your true IP address.
Some VPN services, that don’t work on IPv6 connections, block your Internet connection altogether in order to stop your IP from being revealed.
Look for providers that are either work on IPv6, like Perfect Privacy, or that offer IPv6 leak protection, like IPVanish.
The company that supplies your internet connection. Unless you use a VPN, your internet data remains unencrypted, meaning your ISP can see everything you’re doing online.
ISPs in many countries (notably the US, most of Europe, Australia and Russia) are legally required to store customer metadata to allow government access if necessary.
Some ISPs even monitor internet traffic in real time and feed it directly to law enforcement agencies and intelligence networks.
A feature offered by most popular VPN providers that prevents your true IP address from being exposed should the VPN connection drop for any reason.
Some VPNs allow you to choose certain sites or apps to bypass the kill switch (known as split-tunnelling) however most will simply cut off all internet connections until the VPN tunnel is re-established.
Note that not all providers will call it a kill switch, for example ExpressVPN call it a Network Lock. Some VPNs come with a kill switch built in, such as CyberGhost, which is great for those who might otherwise forget to switch it on.
Wherever possible, you should try to choose a provider that offers this feature.
Layer 2 Tunneling Protocol, a commonly used VPN protocol that’s built into most popular operating systems.
It’s quick and easy to set up and is secure enough if implemented correctly, however there are some concerns that the NSA (US National Security Agency) might have deliberately weakened it, although this isn’t backed up by any solid evidence.
There are no major vulnerabilities to note, but if you’re planning to use it in a high-censorship country you could have some issues, as it isn’t very effective at bypassing firewalls.
Where possible, you should stick with OpenVPN.
Any information collected or retained by your ISP or VPN provider.
Some VPN providers incorrectly claim to be zero logs, so make a clear distinction between those who don’t collect logs and those that do. Providers are classed as collecting usage logs (where your online activity and browsing history is monitored), connection logs (where just your connection information is collected) or no logs at all.
It’s best to choose a provider that collects a minimal amount of logs to protect your online privacy, or even better a VPN that doesn’t collect any logs whatsoever, such as NordVPN. This way, everything you do online remains completely private and can in no way be traced back to you as an individual.
The industry-standard VPN protocol and the one we recommend you use wherever possible. OpenVPN is an open-source software that’s highly configurable and offers the best balance between performance and privacy.
OpenVPN encryption is comprised of two parts: data channel and control channel encryption. Data channel encryption secures the data itself, while control channel encryption uses TLS to secure the connection between your computer and the VPN server. You can find out how exactly this works in our guide to VPN encryption.
It isn’t natively supported by any platforms, but is available on most of them through third-party software. The majority of VPN providers will offer custom apps that run on OpenVPN.
It runs best on a UDP port, but can be set to run on any, including TCP port 443, which is the port used by regular HTTPS traffic.
While OpenVPN in its default configuration is blocked in high censorship countries like China, it continues to work well combined with some form of custom obfuscation. ExpressVPN, Astrill and VyprVPN for example all do this.
P2P is a type of network in which computers, or other devices, share files with each other rather than downloading them centrally from a server.
Even before a file download is complete, devices in the P2P network will upload parts of the file to other devices requesting that file. This data transfer continues even after the initial download is complete, which can make large P2P networks an incredibly efficient means of sharing data.
There are different types of P2P platforms or systems, many of which revolve around large media files, often causing copyright infringement issues.
Some of the most popular uses of P2P networks today are torrenting, Kodi and services like Popcorn Time. It’s also being used to innovate in areas like micro-finance.
Short for Point-to-Point Tunneling Protocol, an outdated VPN protocol with lots of known security issues.
It’s available on almost all major platforms and is very easy to set up without the need for third-party software, therefore remains popular with many VPN providers.
We advise against using PPTP, as even though it’s quick, it can be decrypted easily and won’t protect your sensitive data.
A proxy server acts as an intermediary between your computer and the internet, so any traffic routed through it will appear to come from an IP address different from your own.
Unlike using a VPN, connections to proxies are not encrypted. So while the website you’re visiting won’t know your true IP address, your ISP will still be logging your activity. The owner of the proxy server will also be able to see your originating IP address.
Most VPN browser extensions are proxies, so check our reviews before you start using one. They’re handy for heavy browser users just looking to mask their IP address, however most of them aren’t VPN substitutes.
The only provider with browser extensions that encrypt your web traffic is ExpressVPN, with extensions for Chrome, Safari and Firefox.
SNI is an extension of the Transport Layer Security (TLS) protocol by which a client (e.g. a web browser) indicates which hostname it is attempting to connect to at the start of the handshaking process.
SNI technology allows a server to present multiple ‘digital certificates’ on the same IP address. This allows multiple secure (HTTPS) websites to be served by the same IP address without requiring all of these sites to use the same certificate. Ultimately, this allows a single server to effectively host multiple HTTPS websites.
Unfortunately, SNI itself is unencrypted, so an eavesdropper can see which site (the hostname) is being requested. This means ISPs and anyone monitoring a WiFi network can collect a list of the sites you visit, helping security companies to filter web traffic and governments to implement censorship.
Sideloading an app means installing its APK file onto an Android device.
In terms of VPNs, this means setting up the APK of your VPN app onto your Android device, most likely a Firestick or an Android smartphone.
You will need to use a File Manager in order to find and ‘load’ the APK file.
The number of devices you can use your VPN on at the same time. The more simultaneous connections a VPN provider allows, the better, as it means you can protect your family’s devices as well as your own.
Three to five is standard but watch out for restrictions on the most basic or free plans, which limit you to just one.
A handful of VPN providers, such as Surfshark, don’t place any restrictions on the amount of devices connected at the same time.
A sophisticated technology that allows you to connect to DNS servers in different countries and therefore appear to be located in that country. This means you can access geo-restricted content that isn’t available where you live.
Smart DNS differs from a VPN in that it doesn’t encrypt your traffic and is therefore a lot faster, making it a good choice for those who are mainly interested in streaming media content from abroad.
It’s also really easy to use on devices that usually lack native VPN apps, such as games consoles, Apple TV and other streaming devices.
Speed throttling, or bandwidth throttling, is when your ISP (Internet Service Provider) intentional slows down the speed of your internet connection. This is usually used as a way of regulating network traffic and therefore minimizing any potential bandwidth congestion.
Often, ISPs will detect users taking part in high-bandwidth activities such as streaming or torrenting and intentionally throttle their traffic to even out the usage across the network. A good VPN service will prevent this from happening as your ISP won’t be able to see what you’re doing online.
Free software that anonymizes your browsing by randomly routing your web traffic through a network of servers, or ‘nodes’, to hide the origin of the data.
While it’s best known for providing access to the Dark Web, it’s actually becoming increasingly common amongst everyday internet users seeking the highest possible levels of privacy.
It’s also an excellent way of bypassing government restrictions and accessing blocked content in high-censorship countries, however be warned, it is incredibly slow.
Connecting to Tor through a VPN is an excellent way of ensuring your security, and some VPN providers actually offer servers optimized for that purpose.
Secure Sockets Layer (SSL) is the standard technology used for establishing an encrypted connection between two systems. This could be between a web server and a client (e.g. an e-commerce website and a browser) or server to server (e.g. an application that processes financial details).
This connection ensures that all data passing between the two parties remains encrypted, private, and whole, and prevents malicious parties from reading or modifying the information transferred.
In order to create an SSL connection, a web server requires an SSL Certificate. To receive this, you will be required to answer a number of questions regarding the identity of your website and your company. The server will then create two cryptographic keys: a Public Key and Private Key.
Along with your website’s details, the Public Key is then placed into a data file called a Certificate Signing Request (CSR), which you can then submit to a certification authority like Let’s Encrypt. This third party will then validate your details and issue you with an SSL Certificate, allowing you to use the protocol on your website. Your server will match your issued SSL Certificate to your Private Key, and will then be able to establish an encrypted link between the website and a user’s web browser.
When a browser connects to a secure website it will retrieve the site’s SSL Certificate and ensure it up-to-date, is issued by an Authority the browser trusts, and it is being used for the correct website. If it fails any of these checks, the browser will display a warning to the user that the site is not secured by SSL.
When a website is successfully secured by an SSL certificate, HTTPS (Hyper Text Transfer Protocol Secure) will appear in the URL. The details of the certificate can be viewed by clicking on the lock symbol in the browser bar.
TLS (Transport Layer Security) is an updated, more secure version of SSL. While many still refer to their security certificates using the term SSL, when you are implementing SSL from an authority today you are actually using the most recent TLS certificates.
If you’d like to look into the configuration of any SSL server on the web, you can use an independent auditing tool like Qualys SSL Labs, which will assess and rate the SSL/TLS connection of any given server.
First defined in 1999, TLS is a proposed Internet Engineering Task Force (IETF) standard that builds on earlier SSL specifications to provide secure communications over a network. Websites, email services, instant messengers, and VoIP services can use TLS to secure all communications between their servers and a user’s browser.
The protocol primarily aims to provide privacy and data integrity between two or more communicating applications. When secured by TLS, connections between a client (e.g. a web browser) and a server (e.g. wikipedia.org) are encrypted, authenticated, and regularly checked for integrity.
The technology is comprised of two layers: the TLS record and the TLS handshake protocols. The former provides connection security, while the latter enables the server and client to authenticate one another and to negotiate encryption keys before any data is transmitted.
TLS is more efficient and secure than SSL thanks to stronger authentication, encryption, key-material generation, and a range of other processes. This includes the use of secure remote passwords, pre-shared keys, elliptical-curve keys, and lots more — all of which SSL does not support. TLS and SSL are not interoperable, but TLS does offer backward compatibility for older devices.
In addition to the properties above, certain configurations of TLS can provide additional privacy-related features such as ‘perfect’ forward secrecy, which ensures that future disclosure of encryption keys cannot be used to decrypt TLS communications recorded in the past.
Uniform Resource Locator, otherwise known as a website address to you and me (e.g. www.top10vpn.com or www.google.com).
All browsers have a URL address bar at the top, where if you type in the URL you’ll be taken directly to that website. These alphanumeric addresses are converted into IP addresses by a DNS translation service so they can be understood by your computer.
Also known as activity logs. A term for the collection and storage of details about what you are actually doing online, such as the websites you visit and so on.
Very few VPN providers collect these types of logs, as this would make them no more private than your ISP.
A VPN gives you privacy and security online, unblocks restricted content and allows you to appear to be in another country.
It does this by encrypting your internet connection and diverting you via a remote VPN server in order to replace your IP address.
Read our “What is a VPN” guide for a more detailed description and the reasons why you you should you use a VPN.
The software that you use to connect your device to a VPN server. The term “VPN client” is generally used to refer to a VPN provider’s desktop (or mobile) app.
The processes and sets of instructions VPN clients rely on to establish secure connections between a device and a VPN server in order to transmit data.
A VPN protocol is a mix of transmission protocols and encryption standards. Read our “Guide to VPN Encryption” for a more detailed explanation of how these protocols work.
The encrypted connection between your device and a VPN server.
Commonly found in cafés, hotels, and airports, these are public internet access points that can be used by anybody and everybody.
While they do come in very handy if you don’t want to use up your data allowance when you’re out and about, a major downside is that they are not secure.
It’s easy for hackers to set up fake hotspots that look like the real thing, detect your web traffic as it travels from your device to the hotspot, or hack the router itself.
The only way to protect yourself when using these free WiFi hotspots is to first connect to a VPN, as this will encrypt your internet connection so it cannot be intercepted by anyone else.
