VPNRank.io

VPN Glossary

Every VPN term explained in plain English — no jargon, no fluff. Definitions are maintained by the VPNRank editorial team and kept consistent with our testing methodology.

AES-256 Encryption

AES-256 (Advanced Encryption Standard with a 256-bit key) is a symmetric encryption algorithm used to scramble data so that only someone with the correct key can read it. It's the encryption standard adopted by the US government, banks, and most top VPNs, and is considered effectively unbreakable by brute force — testing all 2^256 possible keys would take longer than the age of the universe with current technology. When a VPN advertises 'military-grade encryption,' it almost always means AES-256.

Dedicated IP

A dedicated IP is a VPN IP address reserved exclusively for one user, rather than the shared IP addresses that most VPN connections assign — where hundreds of users appear to come from the same address. A dedicated IP gives you a consistent address that only you use, which reduces CAPTCHAs and blocklist problems and keeps banking and work logins from being flagged, at the cost of some of the anonymity that shared IPs provide.

DNS Leak

A DNS leak is a flaw where your device's DNS queries — the lookups that translate website names like example.com into IP addresses — travel outside the encrypted VPN tunnel to your ISP's DNS servers instead of the VPN's. The result: even with the VPN connected and your IP address hidden, your ISP (or anyone watching) can still see every website you request, defeating much of the VPN's privacy benefit.

Double VPN

A double VPN (also called multi-hop) routes your internet traffic through two separate VPN servers in sequence instead of one. Your data is encrypted on your device, decrypted and re-routed at the first server, then sent to a second server before reaching the internet — so your traffic exits from a different location than it entered, and no single server sees both your real IP address and your final destination.

Five Eyes / Nine Eyes / 14 Eyes

The Five Eyes, Nine Eyes, and 14 Eyes are intelligence-sharing alliances between governments that cooperate to collect and exchange surveillance data. For VPN users, they matter because a VPN provider headquartered in a member country can, in principle, be compelled to hand over user data that may then be shared across the alliance — which is why VPN jurisdiction (the country a provider is legally based in) is a factor in choosing a privacy-focused VPN.

IP Address

An IP address (Internet Protocol address) is the unique numerical label assigned to your device when it connects to the internet — for example 203.0.113.42. It works like a return address: every website and online service you contact sees your IP and uses it to send data back. Because IP addresses are allocated geographically by internet providers, your IP also reveals your approximate location (city or region) and identifies your ISP — which is exactly what a VPN hides by replacing your real IP with the VPN server's.

No-Logs Policy

A no-logs policy is a VPN provider's commitment not to record data that could link you to your online activity — browsing history, traffic contents, DNS queries, original IP addresses, or session timestamps that could correlate you with destinations. Because using a VPN shifts trust from your ISP to the provider, the credibility of this policy — ideally verified by independent audits and tested by real legal cases — matters more than any technical feature.

Obfuscated Servers

Obfuscated servers are VPN servers that disguise your VPN traffic to look like ordinary, non-VPN internet traffic — typically regular HTTPS web browsing. This defeats deep packet inspection (DPI) systems that detect and block recognizable VPN protocols, allowing a VPN to work in places that actively block VPNs: China, Iran, the UAE, Russia, and on restrictive school or corporate networks.

RAM-Only Servers

RAM-only servers (also called diskless servers) are VPN servers that run entirely in volatile memory (RAM) with no hard drives or persistent storage. Because RAM is wiped every time the server restarts or loses power, no data can survive a reboot — making it physically impossible to recover user information from a server after the fact, even if it's seized. RAM-only infrastructure is a hardware-level reinforcement of a VPN's no-logs policy.

Smart DNS

Smart DNS is a technology that unblocks geo-restricted streaming by rerouting only the DNS queries that reveal your location, rather than encrypting and tunneling all your traffic the way a VPN does. Because it doesn't encrypt anything or route your full connection through a distant server, Smart DNS is faster than a VPN and works on devices that don't support VPN apps (like many smart TVs and game consoles) — but it provides no privacy or security, only access.

Split Tunneling

Split tunneling is a VPN feature that routes only some of your traffic through the encrypted VPN tunnel while the rest uses your regular internet connection. You choose the split — by app, by website, or by IP range. It solves the everyday conflict of needing a VPN for some things (streaming a home-country service, privacy) while needing your real location or full speed for others (local services, banking, printers).

VPN (Virtual Private Network)

A VPN (Virtual Private Network) is a service that encrypts your device's internet traffic and routes it through a remote server operated by the VPN provider. This hides your real IP address from the websites you visit and hides your browsing activity from your internet service provider, while making your traffic unreadable to anyone monitoring the network you're on.

VPN Kill Switch

A VPN kill switch is a safety feature that immediately blocks your device's internet traffic if the VPN connection drops unexpectedly. Without it, your device silently falls back to the unprotected connection — exposing your real IP address and unencrypted traffic until the VPN reconnects. With a kill switch active, nothing leaves your device except through the encrypted tunnel.

WebRTC Leak

A WebRTC leak is a browser-level flaw that can reveal your real IP address even while a VPN is connected. WebRTC (Web Real-Time Communication) is a feature built into browsers to enable video calls and peer-to-peer connections directly — but to do so it can query your real IP address and expose it to websites through JavaScript, bypassing the VPN tunnel. The result: a site can see your true IP despite the VPN, undermining the location privacy you connected for.

WireGuard

WireGuard is an open-source VPN protocol designed for simplicity and speed. At roughly 4,000 lines of code (versus hundreds of thousands for OpenVPN/IPsec stacks), it is dramatically easier to audit, connects in milliseconds, and delivers significantly higher throughput using modern cryptography — ChaCha20 for encryption and Curve25519 for key exchange. It has been part of the Linux kernel since version 5.6 (2020).