A browser add-on/extension, or software, that prevents advertisements from displaying on web pages.
The majority of these will also help to block ad-based malware and cross-site tracking, which is when companies collect your data across multiple websites.
AES (Advanced Encryption Standard)
One of the most commonly used encryption protocols, AES-256 is the cipher of choice for the US federal government.
It is considered completely unbreakable, and since its creation (over a decade ago) has undergone excessive testing to prove exactly how secure it is.
AES is, in our opinion, the best encryption standard available to VPN users.
An open source digital currency – or “cryptocurrency” – that’s been around since 2009 and isn’t linked to any banks or administrative bodies.
Bitcoin operates using peer-to-peer technology and transactions take place directly between users, cutting out the need for ‘middle men’ like financial institutions. It can be exchanged for goods and services or for other currencies.
Many VPN providers allow payment via Bitcoin as it provides customers with an additional layer of privacy. This is because funds are linked to Bitcoin addresses rather than real-life entities with further steps possible (ie Bitcoin mixing or tumbling) that make them untraceable.
One of the most common peer-to-peer (P2P) protocols used to download and distribute files over the internet. To get started, you’ll need BitTorrent client software along with a small torrent file that contains the information needed to download the file you want. These torrent files are most notoriously available on torrenting sites such The Pirate Bay but also on forums and other sites.
Unless you use a VPN, your IP address will be exposed to anyone involved in data transfers, so check out our best VPNs for torrenting in order to protect yourself from unwanted snooping.
A plug-in, or add-on, that can be downloaded and installed to your web browser for increased functionality. Most major browsers (Google Chrome, Firefox, Opera and Safari) offer online stores that allow you to find extensions, however not all extensions will work with every browser.
Many VPN providers offer browser extensions very popular with browser-focused users looking for a more lightweight online experience. In most cases, these are proxies rather than full VPN extensions (see our definition of proxy below), so your web traffic isn’t actually encrypted.
The only actual VPN extension currently available is ExpressVPN’s add-on.
A mathematical algorithm used for data encryption. Modern-day ciphers are almost impossible to crack, even with the help of advanced supercomputers, as they’re made up of incredibly complex algorithms. AES-256 is considered to be the strongest cipher for a VPN.
These are also known as metadata logs, and are used by VPN providers (in most cases) for troubleshooting and dealing with technical issues.
The amount of data collected varies from one VPN service to the next, but generally includes anonymous details such as: connection time, amount of data transferred and the number of devices that are connected to the VPN.
Some providers will also log your originating IP address, but we don’t recommend using a VPN that logs your IP.
As a general rule, connection logs aren’t too much of a concern as long as they’re anonymous, not overly detailed, and are only stored for a very short period of time. Providers such as ExpressVPN are a good example of this: they only collect your connection date, server choice and total amount of data used, none of which can be used to personally identify you.
Other VPN services such as HideMyAss! are a little more intrusive, storing your originating IP address for up to three months.
A digital currency that can be exchanged for goods or services, using cryptography as a means of securing and verifying transactions.
Some more well-known examples of cryptocurrencies include Bitcoin, Litecoin, Ethereum and Dash, some of which are accepted by VPN providers as a means of payment.
Also known as the Dark Net, the Dark Web includes all the websites you can’t find using regular search engines such as Google or Yahoo.
It is only accessible through networks such as Tor (“The Onion Router”, see our definition below) or I2P (“Invisible Internet Project”), and users become incredibly difficult to track due to the high level of encryption.
More and more people are being pushed towards the Dark Web simply because they’re concerned about the online privacy laws where they live, and not to access any illegal content. However, criminals do also use the Dark Web to carry out illegal activity without being detected.
A Linux-based open source firmware for wireless routers.
You can “flash” DD-WRT into your existing router, which will remove the default factory settings and give you more control, or you can purchase one that’s been pre-flashed.
This enables you to configure a VPN at router level, so every device you connect wirelessly will be routed through the VPN without you having to install individual apps.
DMCA stands for Digital Millennium Copyright Act and a DMCA notice refers to a copyright infringement notification that’s sent to ISPs by copyright holders.
Since VPN users take on an IP address registered with their VPN provider, any alert relating to alleged infringement goes to the VPN service rather than the ISP of the user doing the alleged infringing.
It’s worth looking closely at a VPN provider’s terms of service, and logging policy, if you are a heavy torrenter to understand how a VPN service responds to these notices.
DNS (Domain Name System)
The internet’s method of translating web addresses (URLs) into numeric IP addresses.
For example, the domain name www.top10vpn.com converts to an IP address of 188.8.131.52.
This translation process is usually performed by your Internet Service Provider, but when you’re connected to a VPN, all DNS should firstly be routed through the VPN tunnel and then resolved by the VPN provider, rather than by your ISP.
These occur when your DNS requests go through your ISP rather than your VPN provider, and mean your true IP address is being exposed. You can check for DNS leaks by reading our leak-testing guide.
The best way to prevent this from happening is to choose a VPN provider that offers built-in ‘DNS leak protection’.
The method of converting data to an encrypted form, using a mathematical algorithm known as a cipher.
It’s used to protect sensitive information and prevent it from being viewed by unauthorized parties, and is incredibly difficult to ‘crack’ unless you have access to the correct ‘keys’.
You can read more about encryption in our in-depth guide.
A free, open-source web browser developed by Mozilla Foundation, a non-profit organization.
It still isn’t quite as widely-used as Google Chrome, but Firefox is becoming more popular with security-conscious users due to the abundance of privacy enhancing add-ons on offer.
These are the Firefox VPN extensions we recommend.
Often abbreviated as FVEY, Five-Eyes is an intelligence alliance made up of Australia, Canada, New Zealand, the UK and the US.
The countries work together to collect mass surveillance data and share it between their respective security organizations, sneakily bypassing the laws that prevent them from spying on their own citizens.
Restricting access to web content based on the user’s geographical location. For example, BBC iPlayer is only accessible to UK residents, and Hulu is only available in the US.
It is also used by governments in high-censorship countries to block websites that are deemed inappropriate or those that are illegal under local laws.
VPNs can be used to access content that isn’t usually available in your country, however you must be careful not to infringe any copyright laws.
A more secure version of HTTP, the protocol that’s the foundation of the web. HTTPS uses secure port 443 by default and encrypts all user data, making it far less vulnerable to man-in-the-middle and eavesdropping attacks.
Previously it was mainly used by banks and online retailers, however it is increasingly becoming the norm for mainstream websites.
When you visit a HTTPS website, anyone monitoring your activity can tell that you’ve visited the site, however they won’t be able to see anything specific that you’ve done, such as the pages you visited or any details that you entered into forms.
Look for a padlock icon in your browser’s URL bar and try to only use websites where the address begins with “https://”.
As defined by Access Now, an Internet Shutdown is an intentional disruption of internet or electronic communications, rendering them inaccessible or effectively unusable, for a specific population or within a location, often to exert control over the flow of information.
IP (Internet Protocol) Address
A unique numerical address given to your internet connection by your ISP. These can be rotated on a regular basis or randomly reassigned every time a connection resets, but everything you do online is linked to one.
One of the main reasons for using a VPN is to mask your true IP address so that your browsing activity can’t be traced back to you as an individual, protecting you from unwanted surveillance from your ISP and other third parties.
This happens when a website or app you’re using can see your real IP address instead of the one your VPN is showing.
You can test for IP leaks by reading our leak-testing guide.
In order to prevent this happening you should select a VPN provider that offers DNS and IPv6 leak protection, such as CyberGhost.
Short for Internet Protocol Version 4. The current default system for defining numerical IP addresses (see our definition of DNS above).
Due to an increase in internet use in recent years, IPv4 addresses are running out, as only a limited number were available for assignment.
Internet Protocol Version 6, a new standard introduced to solve the problems presented by IPv4. It utilizes 128-bit rather than 32-bit internet addresses, meaning the total number available should keep us supplied for years to come.
Unfortunately a lot of VPNs fail to direct IPv6 traffic through the VPN tunnel, so if you connect to a website that supports IPv6, your DNS request will be handled by your ISP, therefore exposing your true IP address.
Some VPN services, that don’t work on IPv6 connections, block your Internet connection altogether in order to stop your IP from being revealed.
ISP (Internet Service Provider)
The company that supplies your internet connection. Unless you use a VPN, your internet data remains unencrypted, meaning your ISP can see everything you’re doing online.
ISPs in many countries (notably the US, most of Europe, Australia and Russia) are legally required to store customer metadata to allow government access if necessary.
Some ISPs even monitor internet traffic in real time and feed it directly to law enforcement agencies and intelligence networks.
A feature offered by most popular VPN providers that prevents your true IP address from being exposed should the VPN connection drop for any reason.
Some VPNs allow you to choose certain sites or apps to bypass the kill switch (known as split-tunnelling) however most will simply cut off all internet connections until the VPN tunnel is re-established.
Note that not all providers will call it a kill switch, for example ExpressVPN call it a Network Lock. Some VPNs come with a kill switch built in, such as CyberGhost, which is great for those who might otherwise forget to switch it on.
Wherever possible, you should try to choose a provider that offers this feature.
Layer 2 Tunneling Protocol, a commonly used VPN protocol that’s built into most popular operating systems.
It’s quick and easy to set up and is secure enough if implemented correctly, however there are some concerns that the NSA (US National Security Agency) might have deliberately weakened it, although this isn’t backed up by any solid evidence.
There are no major vulnerabilities to note, but if you’re planning to use it in a high-censorship country you could have some issues, as it isn’t very effective at bypassing firewalls.
Where possible, you should stick with OpenVPN.
Some VPN providers incorrectly claim to be zero logs, so make a clear distinction between those who don’t collect logs and those that do. Providers are classed as collecting usage logs (where your online activity and browsing history is monitored), connection logs (where just your connection information is collected) or no logs at all.
It’s best to choose a provider that collects a minimal amount of logs to protect your online privacy, or even better a VPN that doesn’t collect any logs whatsoever, such as NordVPN. This way, everything you do online remains completely private and can in no way be traced back to you as an individual.
The industry-standard VPN protocol and the one we recommend you use wherever possible. OpenVPN is an open-source software that’s highly configurable and offers the best balance between performance and privacy.
It isn’t natively supported by any platforms, but is available on most of them through a third-party software, and the majority of VPN providers will offer custom apps that run on OpenVPN.
It runs best on a UDP port, but can be set to run on any, including TCP port 443, which is the port used by regular HTTPS traffic.
While OpenVPN in its default configuration is blocked in high censorship countries like China, it continues to work well combined with some form of custom obfuscation. ExpressVPN, Astrill and VyprVPN for example all do this.
P2P is a type of network in which computers, or other devices, share files with each other rather than downloading them centrally from a server.
Even before a file download is complete, devices in the P2P network will upload parts of the file to other devices requesting that file. This data transfer continues even after the initial download is complete, which can make large P2P networks an incredibly efficient means of sharing data.
There are different types of P2P platforms or systems, many of which revolve around large media files, often causing copyright infringement issues.
Some of the most popular uses of P2P networks today are torrenting, Kodi and services like Popcorn Time. It’s also being used to innovate in areas like micro-finance.
Short for Point-to-Point Tunneling Protocol, an outdated VPN protocol with lots of known security issues.
It’s available on almost all major platforms and is very easy to set up without the need for third-party software, therefore remains popular with many VPN providers.
We advise against using PPTP, as even though it’s quick, it can be decrypted easily and won’t protect your sensitive data.
A proxy server acts as an intermediary between your computer and the internet, so any traffic routed through it will appear to come from an IP address different from your own.
Unlike using a VPN, connections to proxies are not encrypted. So while the website you’re visiting won’t know your true IP address, your ISP will still be logging your activity. The owner of the proxy server will also be able to see your originating IP address.
Most VPN browser extensions are proxies, so check our reviews before you start using one. They’re handy for heavy browser users just looking to mask their IP address, however most of them aren’t VPN substitutes.
The only provider with browser extensions that encrypt your web traffic is ExpressVPN, with extensions for Chrome, Safari and Firefox.
Sideloading an app means installing its APK file onto an Android device.
You will need to use a File Manager in order to find and ‘load’ the APK file.
The number of devices you can use your VPN on at the same time. The more simultaneous connections a VPN provider allows, the better, as it means you can protect your family’s devices as well as your own.
Three to five is standard but watch out for restrictions on the most basic or free plans, which limit you to just one.
A handful of VPN providers, such as Surfshark, don’t place any restrictions on the amount of devices connected at the same time.
A sophisticated technology that allows you to connect to DNS servers in different countries and therefore appear to be located in that country. This means you can access geo-restricted content that isn’t available where you live.
Smart DNS differs from a VPN in that it doesn’t encrypt your traffic and is therefore a lot faster, making it a good choice for those who are mainly interested in streaming media content from abroad.
It’s also really easy to use on devices that usually lack native VPN apps, such as games consoles, Apple TV and other streaming devices.
While it’s best known for providing access to the Dark Web, it’s actually becoming increasingly common amongst everyday internet users seeking the highest possible levels of privacy.
It’s also an excellent way of bypassing government restrictions and accessing blocked content in high-censorship countries, however be warned, it is incredibly slow.
Connecting to Tor through a VPN is an excellent way of ensuring your security, and some VPN providers actually offer servers optimized for that purpose. These are the best VPN services to use with Tor.
All browsers have a URL address bar at the top, where if you type in the URL you’ll be taken directly to that website. These alphanumeric addresses are converted into IP addresses by a DNS translation service so they can be understood by your computer.
Also known as activity logs. A term for the collection and storage of details about what you are actually doing online, such as the websites you visit and so on.
Very few VPN providers collect these types of logs, as this would make them no more private than your ISP.
VPN (Virtual Private Network)
A VPN gives you privacy and security online, unblocks restricted content and allows you to appear to be in another country.
It does this by encrypting your internet connection and diverting you via a remote VPN server in order to replace your IP address.
Read our “What is a VPN” guide for a more detailed description and the reasons why you you should you use a VPN.
The software that you use to connect your device to a VPN server. The term “VPN client” is generally used to refer to a VPN provider’s desktop (or mobile) app.
The encrypted connection between your device and a VPN server.
Commonly found in cafés, hotels, and airports, these are public internet access points that can be used by anybody and everybody.
While they do come in very handy if you don’t want to use up your data allowance when you’re out and about, a major downside is that they are not secure.
It’s easy for hackers to set up fake hotspots that look like the real thing, detect your web traffic as it travels from your device to the hotspot, or hack the router itself.
The only way to protect yourself when using these free WiFi hotspots is to first connect to a VPN, as this will encrypt your internet connection so it cannot be intercepted by anyone else.