NETSHADE GLOSSARY

VPN
Virtual Private Network. A technology for sending all your Internet data over a secure tunnel. Traditionally used to access private corporate networks remotely, but nowadays the term often refers to VPN-based Internet access providers like NetShade. With a VPN provider, your traffic is directed through a secure encrypted tunnel to one of our proxy servers, from whence it is routed to the greater Internet. This makes your IP address show up as the address of our server.
SOCKS
A proxy protocol for Internet traffic. Similar to a VPN, but without encryption. SOCKS, like HTTP Proxy, is good for changing IP address but not for privacy and security. Unlike HTTP Proxy, it handles additional protocols other than HTTP/HTTPS.
HTTP Proxy
A proxy protocol for Internet traffic. Similar to a VPN, but without encryption. HTTP Proxy, like SOCKS, is good for changing IP address but not for privacy and security. Unlike SOCKS, it only handles traffic over the HTTP and HTTPS protocols (web traffic).
HTTP
Hypertext Transfer Protocol. The protocol which forms the backbone of the web. Today, most websites support the secure variant of the protocol: HTTPS.
HTTPS
Secure HTTP. When the HTTP protocol is wrapped inside an encrypted TLS tunnel, it's called HTTPS. When a website starts with https:// , you're connecting to it securely over HTTPS. When your browser shows a lock icon, it means you're using HTTPS. Ever since LetsEncrypt started providing free SSL certificates, adoption of HTTPS has ballooned. Nowadays there's no good reason for a website not to use HTTPS by default.
Encryption
The process of encoding messages so that they're indecipherable by eavesdroppers. Each end of the encrypted connection (you, and the server to which you're connecting,) has a set of digital keys used to encrypt and decrypt messages. Without those keys, the messages appear completely garbled.
TLS
Transport Layer Security. This umbrella term refers to the technology commonly used to facilitate secure encrypted communications on the Internet. An HTTPS connection, for example, is HTTP wrapped inside TLS encryption.
OpenVPN
OpenVPN is a popular open-source VPN engine which underpins many commercial VPN services, including NetShade. It works by intercepting your device's Internet traffic, encrypting it, and sending it over TCP or UDP through an intermediary server. Although its code base has grown quite large over the years, its networking scheme is still simpler and higher-level than those of the VPN old-timers like IPSec and L2TP.
TCP
Transmission Control Protocol. Most Internet traffic flows over TCP. It features robust error correction, which is usually a good thing but can sometimes be a bad thing (see UDP). TCP is simple to implement, but does not do well on poor-quality Internet connections.
UDP
User Datagram Protocol. This is probably the second most used low-level protocol on the Internet. Its primary weakness (and also strength) is its complete lack of error correction. Over UDP, a device sends data over the Internet with no guarantee or confirmation that it arrived intact. This means that error correction must be handled by the applications at either end of the connection. UDP is the default protocol for OpenVPN, as it performs much better than TCP on high-latency, low-quality Internet connections.
IPSec
IPSec is the stalwart old-timer of VPN technologies. It is a very mature and complex protocol, favored by crusty old Internet giants like Cisco. It operates at a lower level in the network stack than TLS-based VPNs like OpenVPN. Because of its low-level and reliance on obscure networking schemes like AH and ESP, it is sometimes blocked or unusable. Due to platform compatibilities (OpenVPN isn't available in Apple's VPN frameworks on iOS), IPSec is the VPN protocol on the iOS version of NetShade.
IKEv2
Internet Key Exchange verison 2. This is the method by which NetShade on iOS establishes the security association between you and the VPN server. It's considered more modern and secure than older methods such as pre-shared keys.
RVPN
RVPN (Rayner VPN) is a brand new proprietary VPN engine developed by Rayner Software. It's currently used in Hop, but will be coming soon to NetShade. RVPN is a TLS-based VPN like OpenVPN, but with a newer, simpler code base. It's written in Objective-C with llvm and ARC. It was designed from the outset to be resistant to Deep Packet Inspection-based blocking techniques. Stay tuned.
Deep Packet Inspection
A method by which Internet providers can analyze, and optionally block a user's Internet activities. This technique is more sophisticated and far more resource-intensive than traditional blocking methods which only look at packet headers. Deep Packet Inspection allows an ISP to block traffic based on its content, rather than just its destination. In recent years Deep Packet Inspection has been deployed by a number of governments and ISPs for blocking OpenVPN connections. Although the contents of OpenVPN connections are encrypted and immune to inspection, the handshake which occurs at the beginning of an OpenVPN connection is distinctive and identifiable.
VPN Scrambler
Some providers now "sniff" all traffic and when they see something that looks like a VPN connection, they block it. In response to the increasing prevalence of Deep Packet Inspection, NetShade 8 introduces the VPN scrambler. NetShade's scrambler is designed to thwart this means of blocking by wrapping the whole conversation (including handshake) inside an additional layer of generic TLS encryption. The downside of this is that the extra encryption is unnecessary and superfluous for 99.9+% of the traffic you're sending, as it's only helpful during the handshake. By default, NetShade always tries a regular OpenVPN connection first and falls back to the scrambler if needed.
DNS
Domain Name Service. Arguably the single most important technology on the Interet, DNS is the system by which host names (i.e. www.raynersw.com) are translated to IP addresses (64.62.244.50).
DNS Leakage
In recent years, DNS has become a topic of security concerns. Many VPN providers don't handle DNS, so your DNS requests still flow to your regular DNS provider (your ISP or a public service like Google DNS). This allows an eavesdropper to inspect your DNS requests and see which sites you're looking up, even if your other traffic flows through the VPN. NetShade has you covered here—we provide our own private NetShade DNS service.
IPv6
The replacement for the old IPv4 addressing which has underpinned the Internet since its inception. An ever-increasing number of home, mobile and office Internet connections are now dual-stack, supporting both IPv6 addresses and IPv4. IPv6 addresses are recognizable because they have colons instead of dots, and can sometimes contain the letters a-f. They tend to be very long and unsightly (2601:1040:4f2a:1121:012a:39ff:6868:0001), but some addresses can be written in a shortened form (2001:2faf::0001). NetShade supports IPv6 on some of its servers.
IPv6 Leakage
IPv6 leakage is a major potential security hole with many VPN providers. If a VPN server does not support dual-stack IPv4+IPv6 connections and the VPN app is not smart about leakage, a user's Internet traffic can flow "in the clear" with no protection over IPv6. NetShade patched against this vulnerability in the early days of IPv6 adoption. With NetShade, if you connect to an IPv4-only VPN server, the app turns off your IPv6 connection.
Questions? We love talking about this kind of stuff. Send us an email: support@raynersw.com