- Domain Name Service. Arguably the single most important protocol
on the Internet, DNS is the system by which host names (i.e. www.raynersw.com)
are translated to IP addresses (188.8.131.52).
- DNS Leakage
VPN providers don't handle DNS, so your DNS requests still flow to
your regular DNS provider (your ISP or a public service like Google
DNS). This allows an eavesdropper to inspect your DNS requests and
see which sites you're looking up, even if your other traffic flows
through the VPN. NetShade has you covered here—we provide our
own private NetShade DNS service.
- Encrypted DNS
- Secure encryption of the DNS queries sent out by your device.
Although DNS queries don't contain personally sensitive information,
they do reveal which websites you visit. Encrypted DNS came around
pretty late (2020 on Apple platforms,) but it finally patches the last
glaring unencrypted security hole on the Internet. There are two
protocols for DNS encryption: DoT (DNS over TLS) and DoH (DNS over
HTTPS). They're equally secure. NetShade DNS
uses the DoT protocol.
- The process of encoding messages so that they're indecipherable by
eavesdroppers. Each end of the encrypted connection (you, and the server to which
you're connecting,) has a set of digital keys used to encrypt and
decrypt messages. Without those keys, the messages appear completely garbled.
- Hypertext Transfer Protocol. The protocol which forms the
backbone of the web. Today, most websites support the secure variant
of the protocol: HTTPS.
- HTTP Proxy
- A server which acts as a middle-man for web traffic. Similar to a VPN, but without
added encryption. HTTP Proxy, like SOCKS, is good for changing IP address but
not for privacy and security. Unlike SOCKS, HTTP proxy only handles traffic over
the HTTP and HTTPS protocols (web traffic).
- Secure HTTP. When the HTTP protocol is wrapped inside an encrypted
TLS tunnel, it's called HTTPS. When a website starts with https:// ,
you're connecting to it securely over HTTPS. When your browser shows
a lock icon, it means you're using HTTPS. Ever since LetsEncrypt
started providing free SSL certificates, adoption of HTTPS has
ballooned. Nowadays there's no good reason for a website not to use
HTTPS by default.
- IPSec is the stalwart old-timer of VPN technologies. It is a very
mature and complex protocol, favored by old-world Internet giants
like Cisco. It operates at a lower level in the network stack than
TLS-based VPNs like OpenVPN. Because of its low-level and reliance on
obscure networking schemes like AH and ESP, it is sometimes blocked
or unusable. Due to platform compatibilities (OpenVPN isn't available
in Apple's VPN frameworks on iOS), IPSec is the VPN protocol on the iOS
version of NetShade.
- The replacement for the old IPv4 addressing which has underpinned
the Internet since its inception. An ever-increasing number of home,
mobile and office Internet connections are now dual-stack, supporting
both IPv6 addresses and IPv4. IPv6 addresses are recognizable because
they have colons instead of dots, and can sometimes contain the letters
a-f. They tend to be very long and unsightly
(2601:1040:4f2a:1121:012a:39ff:6868:0001), but some addresses can be
written in a shortened form (2001:2faf::0001). NetShade
supports IPv6 on some of its servers.
- IPv6 Leakage
- IPv6 leakage is a major potential security hole with some VPN
providers. If a VPN server does not support dual-stack IPv4+IPv6
connections and the VPN app is not smart about leakage, a user's
Internet traffic can flow "in the clear" with no protection over IPv6.
NetShade patched against this vulnerability in the early days of IPv6
adoption. With NetShade, if you connect to an IPv4-only VPN server,
the app turns off your IPv6 connection.
- OpenVPN is a popular open-source VPN engine which underpins many
commercial VPN services, including NetShade. It works by intercepting
your device's Internet traffic, encrypting it, and sending it over
TCP or UDP through an intermediary server. Although its code base
has grown quite large over the years, its networking scheme is still
simpler and higher-level than those of the VPN old-timers like IPSec
- RVPN (Rayner VPN) is a brand new proprietary VPN engine developed
by Rayner Software. It's currently used in Hop, but will be coming
soon to NetShade. RVPN is a TLS-based VPN like OpenVPN, but with a
newer, simpler code base. It's written in pure no-dependency Objective-C
with llvm and ARC. It was designed from the outset to be resistant
to Deep Packet Inspection-based blocking techniques. Stay tuned.
- A proxy protocol for Internet traffic. Similar to a VPN, but without
encryption. SOCKS, like HTTP Proxy, is good for changing IP address but
not for privacy and security. Unlike HTTP Proxy, it handles additional
protocols other than HTTP/HTTPS.
- VPN Scrambler
- Some providers now
"sniff" all traffic and when they see something that looks like a VPN
connection, they block it. In response to the increasing prevalence
of Deep Packet Inspection, NetShade 8 introduces the VPN scrambler.
NetShade's scrambler is designed to thwart this means of blocking by
wrapping the whole conversation (including handshake) inside an
additional layer of generic TLS encryption. The downside of this is
that the extra encryption is unnecessary and superfluous for 99.9+%
of the traffic you're sending, as it's only helpful during the
handshake. By default, NetShade always tries a regular OpenVPN
connection first and falls back to the scrambler if needed.
- Transmission Control Protocol. Most Internet traffic flows over TCP.
It features robust error correction, which is usually a good thing but
can sometimes be a bad thing (see UDP). TCP is simple to implement, but
does not do well on poor-quality Internet connections.
- Transport Layer Security. This umbrella term refers to the
technology commonly used to facilitate secure encrypted communications
on the Internet. An HTTPS connection, for example, is HTTP wrapped
inside TLS encryption.
- User Datagram Protocol. This is probably the second most used
low-level protocol on the Internet. Its primary weakness (and also strength)
is its complete lack of error correction. Over UDP, a device sends
data over the Internet with no guarantee or confirmation that it arrived
intact. This means that error correction must be handled by the applications
at either end of the connection. UDP is the default protocol for OpenVPN,
as it performs much better than TCP on high-latency, low-quality
- Internet Key Exchange verison 2. This is the method by which
NetShade on iOS establishes the security association between you
and the VPN server. It's considered more modern and secure than older
methods such as pre-shared keys.
- Virtual Private Network. A technology for sending all your Internet
data over a secure tunnel. Traditionally used to access private
corporate networks remotely, nowadays the term often refers to
VPN-based Internet access providers like NetShade. With a VPN provider,
your traffic is directed through a secure encrypted tunnel to one of
our proxy servers, from whence it is routed to the greater Internet.
This makes your IP address show up as the address of our server.
We love talking about this kind of stuff. Send us an