- Virtual Private Network. A technology for sending all your Internet
data over a secure tunnel. Traditionally used to access private
corporate networks remotely, but nowadays the term often refers to
VPN-based Internet access providers like NetShade. With a VPN provider,
your traffic is directed through a secure encrypted tunnel to one of
our proxy servers, from whence it is routed to the greater Internet.
This makes your IP address show up as the address of our server.
- A proxy protocol for Internet traffic. Similar to a VPN, but without
encryption. SOCKS, like HTTP Proxy, is good for changing IP address but
not for privacy and security. Unlike HTTP Proxy, it handles additional
protocols other than HTTP/HTTPS.
- HTTP Proxy
- A proxy protocol for Internet traffic. Similar to a VPN, but without
encryption. HTTP Proxy, like SOCKS, is good for changing IP address but
not for privacy and security. Unlike SOCKS, it only handles traffic over
the HTTP and HTTPS protocols (web traffic).
- Hypertext Transfer Protocol. The protocol which forms the
backbone of the web. Today, most websites support the secure variant
of the protocol: HTTPS.
- Secure HTTP. When the HTTP protocol is wrapped inside an encrypted
TLS tunnel, it's called HTTPS. When a website starts with https:// ,
you're connecting to it securely over HTTPS. When your browser shows
a lock icon, it means you're using HTTPS. Ever since LetsEncrypt
started providing free SSL certificates, adoption of HTTPS has
ballooned. Nowadays there's no good reason for a website not to use
HTTPS by default.
- The process of encoding messages so that they're indecipherable by
eavesdroppers. Each end of the encrypted connection (you, and the server to which
you're connecting,) has a set of digital keys used to encrypt and
decrypt messages. Without those keys, the messages appear completely garbled.
- Transport Layer Security. This umbrella term refers to the
technology commonly used to facilitate secure encrypted communications
on the Internet. An HTTPS connection, for example, is HTTP wrapped
inside TLS encryption.
- OpenVPN is a popular open-source VPN engine which underpins many
commercial VPN services, including NetShade. It works by intercepting
your device's Internet traffic, encrypting it, and sending it over
TCP or UDP through an intermediary server. Although its code base
has grown quite large over the years, its networking scheme is still
simpler and higher-level than those of the VPN old-timers like IPSec
- Transmission Control Protocol. Most Internet traffic flows over TCP.
It features robust error correction, which is usually a good thing but
can sometimes be a bad thing (see UDP). TCP is simple to implement, but
does not do well on poor-quality Internet connections.
- User Datagram Protocol. This is probably the second most used
low-level protocol on the Internet. Its primary weakness (and also strength)
is its complete lack of error correction. Over UDP, a device sends
data over the Internet with no guarantee or confirmation that it arrived
intact. This means that error correction must be handled by the applications
at either end of the connection. UDP is the default protocol for OpenVPN,
as it performs much better than TCP on high-latency, low-quality
- IPSec is the stalwart old-timer of VPN technologies. It is a very
mature and complex protocol, favored by crusty old Internet giants
like Cisco. It operates at a lower level in the network stack than
TLS-based VPNs like OpenVPN. Because of its low-level and reliance on
obscure networking schemes like AH and ESP, it is sometimes blocked
or unusable. Due to platform compatibilities (OpenVPN isn't available
in Apple's VPN frameworks on iOS), IPSec is the VPN protocol on the iOS
version of NetShade.
- Internet Key Exchange verison 2. This is the method by which
NetShade on iOS establishes the security association between you
and the VPN server. It's considered more modern and secure than older
methods such as pre-shared keys.
- RVPN (Rayner VPN) is a brand new proprietary VPN engine developed
by Rayner Software. It's currently used in Hop, but will be coming
soon to NetShade. RVPN is a TLS-based VPN like OpenVPN, but with a
newer, simpler code base. It's written in Objective-C with llvm and
ARC. It was designed from the outset to be resistant to Deep Packet
Inspection-based blocking techniques. Stay tuned.
- Deep Packet Inspection
- A method by which Internet providers can analyze, and optionally
block a user's Internet activities. This technique is more sophisticated
and far more resource-intensive than traditional blocking methods
which only look at packet headers. Deep Packet Inspection allows
an ISP to block traffic based on its content, rather than just its
destination. In recent years Deep Packet Inspection has been deployed
by a number of governments and ISPs for blocking OpenVPN connections.
Although the contents of OpenVPN connections are encrypted and immune
to inspection, the handshake which occurs at the beginning of an
OpenVPN connection is distinctive and identifiable.
- VPN Scrambler
- Some providers now
"sniff" all traffic and when they see something that looks like a VPN
connection, they block it. In response to the increasing prevalence
of Deep Packet Inspection, NetShade 8 introduces the VPN scrambler.
NetShade's scrambler is designed to thwart this means of blocking by
wrapping the whole conversation (including handshake) inside an
additional layer of generic TLS encryption. The downside of this is
that the extra encryption is unnecessary and superfluous for 99.9+%
of the traffic you're sending, as it's only helpful during the
handshake. By default, NetShade always tries a regular OpenVPN
connection first and falls back to the scrambler if needed.
- Domain Name Service. Arguably the single most important technology
on the Interet, DNS is the system by which host names (i.e. www.raynersw.com)
are translated to IP addresses (18.104.22.168).
- DNS Leakage
- In recent years, DNS has become a topic of security concerns. Many
VPN providers don't handle DNS, so your DNS requests still flow to
your regular DNS provider (your ISP or a public service like Google
DNS). This allows an eavesdropper to inspect your DNS requests and
see which sites you're looking up, even if your other traffic flows
through the VPN. NetShade has you covered here—we provide our
own private NetShade DNS service.
- The replacement for the old IPv4 addressing which has underpinned
the Internet since its inception. An ever-increasing number of home,
mobile and office Internet connections are now dual-stack, supporting
both IPv6 addresses and IPv4. IPv6 addresses are recognizable because
they have colons instead of dots, and can sometimes contain the letters
a-f. They tend to be very long and unsightly
(2601:1040:4f2a:1121:012a:39ff:6868:0001), but some addresses can be
written in a shortened form (2001:2faf::0001). NetShade
supports IPv6 on some of its servers.
- IPv6 Leakage
- IPv6 leakage is a major potential security hole with many VPN
providers. If a VPN server does not support dual-stack IPv4+IPv6
connections and the VPN app is not smart about leakage, a user's
Internet traffic can flow "in the clear" with no protection over IPv6.
NetShade patched against this vulnerability in the early days of IPv6
adoption. With NetShade, if you connect to an IPv4-only VPN server,
the app turns off your IPv6 connection.
We love talking about this kind of stuff. Send us an