Five Internet Privacy Terms Most People Use Wrong

The average internet user encounters privacy-related vocabulary daily. Browser pop-ups mention cookies. News articles reference encryption after a data breach. Someone at work says they "use a VPN" without elaborating on what that means or why. The words exist everywhere, but an accurate understanding of them does not.

A 2025 survey by the National Cybersecurity Alliance found that 78% of Americans consider online privacy important, but fewer than 30% could correctly define the tools meant to protect it. That gap between concern and comprehension is where most privacy mistakes happen. Not through negligence, but through confusion.

"VPN" Does Not Mean "Anonymous"

VPN stands for Virtual Private Network. The term entered mainstream vocabulary around 2015, though the technology dates back to the late 1990s when Microsoft developed PPTP (Point-to-Point Tunneling Protocol) for corporate remote access. The original purpose was narrow: allow employees to securely connect to an office network from home or while traveling.

What a VPN does, in practical terms, is create an encrypted tunnel between a device and a remote server. Internet traffic passes through that tunnel, which means the user's ISP (Internet Service Provider) can no longer see what websites are being visited. The VPN server's IP address replaces the user's real one, which changes their apparent location.

What a VPN does not do is make someone invisible. The VPN provider itself can potentially see the traffic passing through its servers. That is why the provider's logging policy matters enormously. A VPN that keeps detailed logs of user activity offers privacy from an ISP while creating the same exposure somewhere else. The distinction between "private" and "anonymous" is one most people skip over entirely.

Cost used to be the standard excuse for not using one. That argument has weakened considerably. Several established providers now offer free tiers with reasonable data allowances, functional speeds, and verified no-log policies. Gizmodo maintains a regularly updated comparison of what qualifies as a good free VPN, rating each on transparency, server availability, speed throttling, and whether the free version is genuinely usable or just a demo pushing an upgrade. For someone who wants connection-level privacy on public Wi-Fi or basic IP masking, a well-chosen free tier handles both.

Encryption Is Not a Single Thing

When a news headline says a company "uses encryption," that statement is about as informative as saying a restaurant "uses heat." The word covers a massive range of implementations, strengths, and contexts. AES-256 (Advanced Encryption Standard with a 256-bit key) is a government-grade cipher used by banking apps and password managers. TLS (Transport Layer Security) is what puts the "S" in HTTPS and protects data moving between a browser and a website. End-to-end encryption, as used in Signal or WhatsApp, means only the sender and recipient can read a message, with no access for the company running the service.

The confusion enters when people assume encryption means total protection. An encrypted messaging app protects message content. It does not prevent the app from collecting metadata: who messaged whom, when, how often, and from which IP address. An encrypted website connection protects data in transit. It does not mean the website is trustworthy, or that it won't store and sell the information once it arrives. Encryption is a mechanism, not a guarantee. The question is always: what exactly is encrypted, by whom, and who holds the keys?

Proxy Servers and VPNs Are Not Interchangeable

This particular mix-up is persistent. A proxy server acts as an intermediary between a user and a website. The request goes to the proxy first, then to the destination, so the website sees the proxy's IP address instead of the user's. Sounds like a VPN. It is not.

The critical difference is encryption. Most proxy servers (HTTP and SOCKS proxies) do not encrypt traffic. They reroute it, which changes the apparent origin but leaves the actual data unprotected. An ISP or anyone monitoring the network can still see what is being sent and received. A VPN encrypts the full connection. Free browser-based proxies, which are popular among users trying to access region-locked content, often inject ads, track browsing behavior, or both. A 2023 study from the University of California, Berkeley analyzed 40 popular free proxy extensions for Chrome and found that 27 of them collected browsing data beyond what was disclosed in their privacy policies.

Proxy: redirects traffic. VPN: redirects and encrypts it. The three-word version is worth remembering.

Cookies Are Older Than Most Users Realize

Lou Montulli, an engineer at Netscape, invented the HTTP cookie in 1994. The original purpose was practical: online shopping carts needed a way to remember what a user had added without requiring a login. Cookies are small text files stored on a user's device by a website, and in their basic form, they are harmless. Session cookies keep a user logged in. Preference cookies remember language or layout choices.

Third-party cookies are the ones that earned cookies their bad reputation. These are placed by domains other than the one a user is visiting, typically by advertising networks. They track browsing across multiple sites, building a behavioral profile that gets sold to advertisers. Google announced in 2020 that Chrome would phase out third-party cookies, then delayed the timeline repeatedly before ultimately dropping the plan in 2025, opting instead for a user-choice model in Chrome settings. As of early 2026, Safari and Firefox have blocked third-party cookies by default for years. Chrome still has not.

The EU's GDPR, enforced since 2018, requires websites to get explicit consent before placing non-essential cookies, which is why those consent banners appear on nearly every European-facing site. California's CCPA provides a weaker version of the same idea: the right to opt out of data sale, but not necessarily of cookie placement itself. The banners are annoying. The underlying principle (that tracking should require permission) is sound.

An IP Address Is a Location, Not an Identity

IP stands for Internet Protocol. An IP address is a numerical label assigned to every device connected to a network. It identifies where data should be sent and received. In privacy discussions, it gets treated as a kind of digital fingerprint, and that framing is partially correct but mostly misleading.

An IP address reveals an approximate geographic location (usually accurate to the city level) and identifies the ISP. It does not directly reveal a person's name, physical address, or browsing history to a random website. That said, an ISP can match an IP address to a subscriber, and law enforcement can subpoena those records. For advertising purposes, IP-based geolocation is enough to target ads by region without needing cookies at all, which is why IP-based tracking is increasingly replacing cookie-based tracking as browsers tighten restrictions.

Masking an IP address is one of the primary reasons people use VPNs or proxy servers. The practical effect depends on what someone is trying to avoid. Hiding an IP from a website prevents rough geolocation. Hiding it from an ISP prevents activity logging at the network level. Neither makes a user untraceable to a determined adversary with legal authority, but for ordinary browsing privacy, IP masking removes the lowest-hanging fruit.

Language Shapes Behavior

People who misunderstand the vocabulary tend to either overestimate or underestimate their own exposure. Someone who thinks "encryption" means total security will behave carelessly. Someone who thinks a VPN makes them anonymous might take risks they otherwise wouldn't. And someone who thinks cookies are inherently dangerous will click "reject all" on every banner without understanding that first-party cookies are the reason their login stays active.

The internet has been a mass-market technology for roughly thirty years. The vocabulary it generated during that time evolved faster than public understanding of it. Closing that gap is not a technical project. It is a literacy one. And like any literacy, it starts with getting the definitions right.