Domain Name Service. Arguably the single most important protocol on the Internet, DNS is the system by which host names (i.e. are translated to IP addresses (
DNS Leakage
Many VPN providers don't handle DNS, so your DNS requests still flow to your regular DNS provider (your ISP or a public service like Google DNS). This allows an eavesdropper to inspect your DNS requests and see which sites you're looking up, even if your other traffic flows through the VPN. NetShade has you covered here—we provide our own private NetShade DNS service.
Encrypted DNS
Secure encryption of the DNS queries sent out by your device. Although DNS queries don't contain personally sensitive information, they do reveal which websites you visit. Encrypted DNS came around pretty late (2020 on Apple platforms,) but it finally patches the last glaring unencrypted security hole on the Internet. There are two protocols for DNS encryption: DoT (DNS over TLS) and DoH (DNS over HTTPS). They're equally secure. NetShade DNS uses the DoT protocol.
The process of encoding messages so that they're indecipherable by eavesdroppers. Each end of the encrypted connection (you, and the server to which you're connecting,) has a set of digital keys used to encrypt and decrypt messages. Without those keys, the messages appear completely garbled.
Hypertext Transfer Protocol. The protocol which forms the backbone of the web. Today, most websites support the secure variant of the protocol: HTTPS.
HTTP Proxy
A server which acts as a middle-man for web traffic. Similar to a VPN, but without added encryption. HTTP Proxy, like SOCKS, is good for changing IP address but not for privacy and security. Unlike SOCKS, HTTP proxy only handles traffic over the HTTP and HTTPS protocols (web traffic).
Secure HTTP. When the HTTP protocol is wrapped inside an encrypted TLS tunnel, it's called HTTPS. When a website starts with https:// , you're connecting to it securely over HTTPS. When your browser shows a lock icon, it means you're using HTTPS. Ever since LetsEncrypt started providing free SSL certificates, adoption of HTTPS has ballooned. Nowadays there's no good reason for a website not to use HTTPS by default.
IPSec is the stalwart old-timer of VPN technologies. It is a very mature and complex protocol, favored by old-world Internet giants like Cisco. It operates at a lower level in the network stack than TLS-based VPNs like OpenVPN. Because of its low-level and reliance on obscure networking schemes like AH and ESP, it is sometimes blocked or unusable. Due to platform compatibilities (OpenVPN isn't available in Apple's VPN frameworks on iOS), IPSec is the VPN protocol on the iOS version of NetShade.
The replacement for the old IPv4 addressing which has underpinned the Internet since its inception. An ever-increasing number of home, mobile and office Internet connections are now dual-stack, supporting both IPv6 addresses and IPv4. IPv6 addresses are recognizable because they have colons instead of dots, and can sometimes contain the letters a-f. They tend to be very long and unsightly (2601:1040:4f2a:1121:012a:39ff:6868:0001), but some addresses can be written in a shortened form (2001:2faf::0001). NetShade supports IPv6 on some of its servers.
IPv6 Leakage
IPv6 leakage is a major potential security hole with some VPN providers. If a VPN server does not support dual-stack IPv4+IPv6 connections and the VPN app is not smart about leakage, a user's Internet traffic can flow "in the clear" with no protection over IPv6. NetShade patched against this vulnerability in the early days of IPv6 adoption. With NetShade, if you connect to an IPv4-only VPN server, the app turns off your IPv6 connection.
OpenVPN is a popular open-source VPN engine which underpins many commercial VPN services, including NetShade. It works by intercepting your device's Internet traffic, encrypting it, and sending it over TCP or UDP through an intermediary server. Although its code base has grown quite large over the years, its networking scheme is still simpler and higher-level than those of the VPN old-timers like IPSec and L2TP.
RVPN (Rayner VPN) is a brand new proprietary VPN engine developed by Rayner Software. It's currently used in Hop, but will be coming soon to NetShade. RVPN is a TLS-based VPN like OpenVPN, but with a newer, simpler code base. It's written in pure no-dependency Objective-C with llvm and ARC. It was designed from the outset to be resistant to Deep Packet Inspection-based blocking techniques. Stay tuned.
A proxy protocol for Internet traffic. Similar to a VPN, but without encryption. SOCKS, like HTTP Proxy, is good for changing IP address but not for privacy and security. Unlike HTTP Proxy, it handles additional protocols other than HTTP/HTTPS.
VPN Scrambler
Some providers now "sniff" all traffic and when they see something that looks like a VPN connection, they block it. In response to the increasing prevalence of Deep Packet Inspection, NetShade 8 introduces the VPN scrambler. NetShade's scrambler is designed to thwart this means of blocking by wrapping the whole conversation (including handshake) inside an additional layer of generic TLS encryption. The downside of this is that the extra encryption is unnecessary and superfluous for 99.9+% of the traffic you're sending, as it's only helpful during the handshake. By default, NetShade always tries a regular OpenVPN connection first and falls back to the scrambler if needed.
Transmission Control Protocol. Most Internet traffic flows over TCP. It features robust error correction, which is usually a good thing but can sometimes be a bad thing (see UDP). TCP is simple to implement, but does not do well on poor-quality Internet connections.
Transport Layer Security. This umbrella term refers to the technology commonly used to facilitate secure encrypted communications on the Internet. An HTTPS connection, for example, is HTTP wrapped inside TLS encryption.
User Datagram Protocol. This is probably the second most used low-level protocol on the Internet. Its primary weakness (and also strength) is its complete lack of error correction. Over UDP, a device sends data over the Internet with no guarantee or confirmation that it arrived intact. This means that error correction must be handled by the applications at either end of the connection. UDP is the default protocol for OpenVPN, as it performs much better than TCP on high-latency, low-quality Internet connections.
Internet Key Exchange verison 2. This is the method by which NetShade on iOS establishes the security association between you and the VPN server. It's considered more modern and secure than older methods such as pre-shared keys.
Virtual Private Network. A technology for sending all your Internet data over a secure tunnel. Traditionally used to access private corporate networks remotely, nowadays the term often refers to VPN-based Internet access providers like NetShade. With a VPN provider, your traffic is directed through a secure encrypted tunnel to one of our proxy servers, from whence it is routed to the greater Internet. This makes your IP address show up as the address of our server.
Questions? We love talking about this kind of stuff. Send us an email: