22 pojęć z branży VPN — prostym językiem, bez marketingu.
Albo wciśnij ⌘F, by znaleźć konkretny termin.
A modern, audited VPN protocol that connects in milliseconds.
WireGuard is a VPN protocol designed in the late 2010s as a lighter, faster alternative to OpenVPN and IPsec. Its codebase is small (a few thousand lines vs hundreds of thousands), which makes it easier to audit. On mobile networks it reconnects almost instantly when you switch between Wi-Fi and cellular, which is one of the things you actually notice as a user.
Powiązane: OpenVPN, IKEv2 / IPsec
The classic open-source VPN protocol, still widely used.
OpenVPN has been the de-facto VPN standard since the 2000s. It is feature-rich, well-audited, and works on virtually every platform — but it is heavier than WireGuard and slower to connect. Most VPN apps offer it as an alternative protocol.
Powiązane: WireGuard, IKEv2 / IPsec
A fast, mobile-friendly protocol built into iOS and macOS.
IKEv2 (Internet Key Exchange version 2) is a VPN protocol integrated into Apple platforms. It survives network changes well, which makes it great for phones moving between Wi-Fi and cellular. It is the protocol many iOS VPN apps use under the hood.
The encryption layer behind HTTPS.
TLS 1.3 is the current standard for encrypting traffic between a browser and a server. A VPN sits below TLS — it encrypts everything, including the metadata (which sites you visit) that TLS alone leaks to your ISP.
Bank-grade symmetric encryption used by major VPNs.
AES-256 is a 256-bit key symmetric cipher used by governments, banks, and password managers. It is the standard data-encryption algorithm in modern VPNs (FREE VPN FAST included). At time of writing no practical attack against AES-256 exists.
A fast cipher used on devices without AES hardware acceleration.
ChaCha20-Poly1305 is a stream cipher used by WireGuard. On older phones without dedicated AES hardware, ChaCha20 can be significantly faster than AES while providing comparable security.
Algorithms designed to resist attacks from future quantum computers.
In 2024–2025 the NIST finalized the first post-quantum cryptography standards (ML-KEM, ML-DSA, SLH-DSA). VPN providers are gradually rolling out PQ key exchanges to defend against the 'harvest now, decrypt later' risk. FREE VPN FAST tracks platform support and will ship PQ-safe key exchange as iOS, WireGuard, and OpenVPN upstreams enable it.
Powiązane: AES-256
Past sessions stay safe even if a key is later compromised.
Forward secrecy (or "perfect forward secrecy") means each session uses a fresh ephemeral key. If a long-term key is leaked years later, past sessions are still unreadable. WireGuard and modern TLS both provide forward secrecy.
Blocks internet access if the VPN connection drops.
A kill switch monitors your VPN tunnel and immediately cuts the rest of your internet if the tunnel goes down — so your real IP and traffic never leak in the gap before the VPN reconnects. Essential on mobile, where networks change constantly.
Route some apps through the VPN, others directly.
Split tunneling lets you decide on a per-app basis which traffic goes through the VPN and which goes through your normal connection. Useful when you want a streaming app to use the VPN but your banking app to hit its bank's IP directly.
Disguises VPN traffic as ordinary HTTPS.
Obfuscation makes encrypted VPN traffic look like normal web traffic, which helps get through firewalls and deep-packet-inspection systems that block standard VPN protocols. Sometimes called 'stealth' or 'XOR' depending on the implementation.
The provider does not record what users do.
A no-logs policy means the VPN service keeps no record of websites visited, DNS queries, connection timestamps tied to user identity, or original IP addresses while the VPN is active. The strongest implementations are audited by independent firms and published as transparency reports.
Powiązane: Transparency report
Public log of government requests and what the provider produced.
A transparency report tells users how many subpoenas, court orders, and law-enforcement requests the provider received in a given period — and what data was handed over. A no-logs policy means there usually isn't much to give. See our own at /transparency/.
Powiązane: No-logs policy, Warrant canary
A regularly-updated statement that absence reveals.
A warrant canary is a public statement like 'we have never received a national security letter,' published with a recent date. Because some legal processes prohibit the recipient from disclosing them, the canary's removal becomes a signal. Combined with a transparency report it gives users a way to detect coerced silence.
Powiązane: Transparency report
Your device asks your ISP's DNS even with VPN on.
A DNS leak happens when DNS lookups bypass the VPN tunnel and go to your ISP's resolver instead, revealing the hostnames you visit. Properly built VPN apps route DNS through the tunnel; you can verify with our /tools/dns-leak/ checker or external test sites.
Your browser reveals your real IP via WebRTC.
WebRTC is a browser API for peer-to-peer audio/video. By default it exposes your local and public IP addresses to JavaScript on the page, which can defeat the IP-hiding part of a VPN. Browsers like Brave and Safari mitigate this by default; Chrome and Firefox need an extension or config change.
The number that identifies your device on the internet.
Every device on the internet has an IP address. Sites can use it for rough geolocation, rate-limiting, and identity stitching across visits. A VPN replaces your IP with the VPN server's IP — sites then see you as coming from the VPN's location.
The newer, larger internet address space.
IPv6 is the successor to IPv4 and uses 128-bit addresses instead of 32-bit. Many home networks still use IPv4 only. If your VPN does not properly handle IPv6, your real IPv6 traffic could leak around the tunnel — modern VPN apps route or block IPv6 explicitly.
Your ISP intentionally slows specific traffic.
ISP throttling is when an internet provider deliberately reduces the speed of certain traffic types (streaming, BitTorrent, gaming) to manage congestion or push customers to higher tiers. Because a VPN encrypts what you do, the ISP cannot tell which traffic to throttle.
Shared networks where other clients can see metadata.
Public Wi-Fi at cafes, airports, and hotels is convenient but exposes metadata (which sites you visit) to whoever runs the network and, in some cases, to other clients on it. HTTPS protects contents; a VPN protects metadata as well.
Identifying you without cookies via device signals.
Browser fingerprinting combines signals like screen size, installed fonts, GPU model, time-zone, and behavioral patterns into a near-unique ID — without cookies. A VPN hides your IP (one big signal); blocking the rest requires a privacy-focused browser like Safari or Brave, or anti-fingerprinting browser extensions.
Mandatory ID checks to access certain content.
Starting with the UK Online Safety Act 2025 and similar laws in Australia and several US states, an increasing number of sites are required to verify visitors' ages before showing content. These checks usually involve uploading ID to a third-party 'age assurance' company. A VPN lets you connect from a country where these laws don't apply, restoring open access.
