A digital security glossary

Updated:July 2016

This glossary is linked to from throughout the digital security resource section.

Air gap
This is essentially taking an activity you might want to do online and finding a way to take it offline, creating a gap in the possibly/likely recorded chain of communication logs. For example, you could send a file to someone by first sending it to someone else and have them deliver it via USB stick to the actual recipient.

Burner phone
This is a mobile that is obtained for the purpose of short-term usage. It's usually paid for in cash, as would be the SIM card used inside it. The user would typically avoid adding any personal information in the phone that could readily link its use back to their identity. A similar concept is used for "burner accounts", such as email addresses or social network profiles, which can also form part of an anonymous communication strategy.

Cookies
These are small files added to your computer by various websites you visit. These files are what create a tailored experience when you’re on a website and can also transmit information from one site to the next. Managing these is important if you’re concerned about web services looking at these to analyse your online activity.

Email client
An email client is a program on your computer or mobile that downloads, displays and sends email.

Encryption
Encryption is a method of disguising information from outside parties. It works by using a mathematical formula to hide data being sent by the one party to another, turning it into a code that can only be unlocked by the recipient if they have the specific key or password, and thus preventing outside parties from accessing the information. 

End-to-end encryption
When both parties are using the same encryption, this is called end-to-end. It’s by far the most secure because it encrypts both sides of the conversation.

Firewall
This is a security system that checks whether incoming or outgoing data violates a specified set of rules or conditions that are correlated to security risks. The system can often be set to either give warnings or block data that appears to pose a risk.

Geo-tagging
This is functionality that lets websites and programs see where you are. Mobiles use this to identify your location and provide service. Social sites use geo-tagging to make it easier to share your location with your friends. As a freelancer, there are likely many times you don’t want this information being public, and you may want to disable this on social networks and take precautions about when and how you use your mobile.

HTTPS
HTTP is the protocol for accessing web pages, and HTTPS is a more secure method for accessing them. It encrypts pages you load in your browser in an attempt stop third parties from being able to see what you’re looking at on the web and stop hackers from being able to modify content as it appears in your browser. It also acts as a verification that the content was actually provided by the URL you accessed.

IMEI number
An International Mobile Station Equipment Identity number uniquely identifies a mobile phone to the network provider.

IMSI number
An International Mobile Subscriber Identity number is a uniquely identifies a SIM card that's active in a mobile phone.

Interception attack
An interception attack happens when a hacker gets between you and the online service you're trying to access, usually with the goal of collecting the information as it's in transit from your computer or mobile to the service. The attacker may either simply be collecting the data for later use, or altering it in some way to trick you into doing something you didn't intend, or take over your account.

IP Address
Every device connected to the internet is assigned an Internet Protocol (IP) Address. This unique number is used to identify the location of a computer accessing a server, and is how requested data is delivered to the correct recipient. The ISP can identify the user of an address provided they are keeping logs of this. When it comes to mobiles, this is certainly the case.

ISP
This is an abbreviation for ‘internet service provider.’

Jailbreaking
This often refers to removing limitations on what you can install on your smart phone. Sometimes called “rooting” it allows you to disable pre-installed security that keeps non-approved software from being added to your phone.

Malware
This is software designed to damage your computer or mobile device, often times to give a hacker access to your files or use your device remotely without your knowledge.

Metadata
This is information contained in a file that describes when it was made, which program created it, and sometimes includes where the file was made and other information as well. It can include author data, revision data and list how many times a file has been edited and by whom.

MNO logs
Mobile Network Operator logs records metadata about your mobile usage, including calls the user makes or receives, text messages the user sends or gets and data usage. MNO records also keep the times and approximate locations of every activity the mobile transmits.

Open source
In terms of software and technology, this refers to a product that has had its entire source code available for inspection, modification or use in other projects. Open source software allows for independent auditing and confirmation of how it works and what it's doing.

OTR
This acronym is often used for off-the-record messaging software. The basic components of OTR messaging technology ensure that communication between parties is strongly encrypted; that there is some method of authenticating everyone in the conversation; that messages do not include digital signatures relating back to a user's identity, and that the encryption keys are specific to that session and can't be used to access the conversation once it's done. Strong OTR services should also keep the minimal logs required to run the service, and nothing that identifies individual users. 

p2p
Peer-to-peer (p2p) is a way to organise computer communications, creating ad-hoc networks with very little infrastructure. Each computer connected to a p2p session acts as both a server and client, allowing each user to privately share files and communicate.

Perfect Forward Secrecy
This is an encryption standard that's often used in OTR messaging. When used, the digital conversations can't be compromised later on should a private encryption key be compromised.

PGP
This is short for “Pretty Good Privacy” and is a method for encrypting and decrypting anything from email messages to computer directories. It’s also often used for signing emails as a way of verifying the authenticity of the sender. Users send encrypted messages that require keys to access and view, keeping third parties or unintended recipients from being able to view the contents of a message.

Phishing (or spear phishing)
Phishing refers to various kinds of common hacking attacks in which the adversary attempts to gain confidential details (such as usernames, passwords or other account access information) by attempting to trick the target that the request is legitimate. This can come in the form of an email, a counterfeit website, text message or any number of sources. The term is often used interchangeably with "spear phishing" but the latter is an attack of a similar nature, but one that's only focused on a single individual or organisation.

Proxies
A proxy is a program that forces your computer to access websites via an intermediary server. Instead of accessing websites, email and other things online directly, your computer will instead send requests through the proxy. This can better conceal what you’re really trying to access online, and can allow you to bypass blocked websites and browse anonymously.

Signature file
This is an electronic file that often accompanies software to confirm that it's the authentic version created by the developer.. You can compare a signature file that comes with the software with a version the author has published to determine authenticity. It's created using an encryption algorhym from the author's encryption keys. For examples of how to find and check these, see The Tor Project's web page on its own signature file.

Single site browser (SSB)
This is a program, often for mobiles, dedicated to accessing web pages from a single source. These keep your social activity in a box, away from the rest of your work.

Spyware
This is a specific type of program often installed on a device without the owner’s knowledge and collects information about the device’s usage, which is accessible to someone else.

SSL
It literally stands for “Secure Socket Layer,” but that’s not as descriptive as explaining what’s going on. SSL, and more recently TLS (Transport Layer Security), are methods that provide computer security over the internet using electronic cryptography. These methods are used in many websites, email services and instant messaging and voice-over-internet programs.

Terminal
All computers have this, but few people look at it. It’s where you can type raw commands into your computer to run tasks.

Tor
Tor is open source proxy software. It connects users to a network of “virtual tunnels” that increases privacy and access to blocked content by routing encrypted data through random servers scattered around the globe. Your internet traffic is encrypted and bounced around the Tor network, hiding who you are and what you're doing.

VOIP
Voice over Internet Protocol (VOIP) is software that enables users to call each other over the internet instead of using a telephone or mobile phone network. 

Volatile file sharing
This is a method of sharing an electronic file without keeping it stored permanently online. You can create a temporary link that only keeps the file available through a link for a short period of time. When you close the connection, the file is no longer accessible.

VPN
This stands for "Virtual Private Network", which is a kind of proxy internet service. A VPN service encrypts and forwards your internet traffic to one of its own servers and then sends that data on to the internet destination you're trying to reach. The VPN then receives data back and forwards it to you. This way, your internet service provider doesn't have information about what you're doing.

Created: July 2013

Help us be a better resource!

Give us feedback about this page. What was helpful here, or what could be included to make it more useful?

Create a comment
Create a Comment
  • Security code

This website uses cookies. For more information about these please click here.
By continuing to browse you consent to the use of cookies

News letter sign up