As you learn about Internet security, privacy, and digital parenting, you may encounter words that you’re not familiar with. This glossary has simple, short definitions.
Adware: Software that automatically displays unwanted ads, to make money for the adware creator.
Anti-malware: Software that prevents and/or removes malware (malicious software) from a device. The term antivirus is often used for software that’s actually anti-malware, because it fights not only viruses but other forms of malware.
Authentication: Proving that you are who you say you are.
Bad actor: A person, group, or organization that is acting maliciously.
Blacklist: A list of disapproved items. A system that uses a blacklist allows all items that are not on the blacklist. Opposite approach of a whitelist.
Cloud: Internet-based; using remote servers. A cloud service is an online service. Cloud storage is online storage.
Cookie: A file that contains information which identifies you to a website, so that it can keep track of who you are. Cookies are simply part of how users interact with websites, and aren’t inherently a privacy risk. But when cookies are used to track users around the Web, they are considered a privacy risk.
Confidential: Secret, private.
Credentials: Proof that you are who you say, or that you have the right to access something. For example, your username and password.
Credential stuffing: When hackers take login credentials they’ve acquired for one account and try them on other accounts, assuming that the owner has used the same login credentials for multiple accounts.
Cryptography, cryptographic, crypto-: Having to do with encoding data to make it secret and not easily readable.
Cyber-: A prefix meaning related to computers or computing. For example, cybersafety, cybersecurity, cybercrime, cyberspace, cyberbullying, cyberstalking.
Cyberbullying: Bullying done with digital devices, such as through social media or messengers. Generally refers to behavior targeting minors, whereas cyberstalking refers to behavior targeting adults.
Cyberstalking: Repeated harassment using digital devices. Generally refers to behavior targeting adults, whereas cyberbullying refers to behavior targeting minors.
Dark Web (or Dark Net or Darknet): Websites that aren’t indexed by search engines, so you can’t get to them through Google or other search engines. They can’t be visited using a normal browser, and typically require a Tor browser to visit, and that you know the website address or click a link to it. The Dark Web is home to an underground trade in illegal goods and services (though not all Dark Web content is illegal).
Data: Facts; pieces of information. Computers and digital devices store and process data. “Data” is a plural word (the singular is “datum”), but data is commonly used as singular.
Deep Web: Websites and webpages that aren’t indexed by search engines, so you can’t get to them through Google or other search engines. You can get to them using a normal browser, as long as you know the website address or click a link to it. There are good and bad, legal and illegal sites in the Deep Web.
Defense in depth: Using multiple security layers to increase your overall security.
Device: Generic term for computing hardware, such as computer, phone, or tablet.
Digital parenting: A broad term dealing with the intersection of parenting and technology; helping kids use digital tech in a safe, healthy, wise way.
DNS (Domain Name System): The system that translates a domain (for example, defendingdigital.com) to an IP (Internet Protocol) address (for example, 188.8.131.52). This translation is necessary because humans use domains, but computers use IP addresses.
Domain name: Main part of an Internet address. For example, defendingdigital.com, wikipedia.org, irs.gov.
Encrypt, encryption: To encode data to make it secret and not easily readable. Data that’s not encrypted is unencrypted (also called plain text or cleartext). Undoing/reversing encryption is decryption.
End-to-end encryption (E2EE): Encryption that keeps data secret along the entire path from sender to intended recipient, so that only the intended recipient can see/hear it. It keeps data encrypted while in transit (traveling) and at rest (in storage). This prevents not only hackers, but also governments and even the companies transmitting the data from seeing it.
Filter: To restrict access to. Usually used in the context of an Internet filter, Web filter, or content filter, which disallows access to particular websites, images, videos, and other content.
Fingerprinting: Identifying users based on the characteristics of their device or browser, such as operating system (OS), browser extensions, language, and installed fonts. Often done by web advertisers and other third-party trackers.
Grooming: When a predator forms a relationship with a victim and earns the victim’s trust, preparing to exploit the victim. Usually done by an adult to a minor. Predator’s goal may be sexual exploitation (online or in-person), human trafficking, or radicalization.
Hack, hacking, hacker: A person who maliciously breaks into computer systems, networks, and digital devices. Originally hacker was a positive term (you may have heard of life hack as meaning finding a shortcut), and cracker was the corresponding negative term (meaning to crack into). Over time hacker has evolved into a mostly negative term, though the term white hat hacker survives as meaning a person who hacks with good intent, to find vulnerabilities before malicious people do.
HTTPS (Hypertext Transfer Protocol Secure): Technology that creates a secure, encrypted connection between a web browser and a website, to protect transmitted data from eavesdroppers. Browsers will show the web address (URL) starting with https:// and may also show a padlock symbol.
Internet of Things (IoT): The wide range of devices that have processors and are connected to the Internet, generally referred to as “smart” devices. Includes smart speakers, thermostats, home entertainment systems, home security systems, car systems, baby monitors, and many more devices.
Internet Protocol (IP) address: The Internet address given to your device by your network or Internet Service Provider (ISP).
Internet Service Provider (ISP): The company that provides your Internet connection. At your home, that could be a cable, DSL, or fiber company, such as Comcast, Spectrum, or AT&T. For your mobile devices, that’s your wireless carrier, such as Verizon, Sprint, or AT&T.
Key: The digital equivalent of a physical key; text, code, or software that unlocks something.
Keylogger: Software that records the keys being typed, often used to steal login info or other sensitive data.
Mac: Abbreviation of Macintosh, a computer manufactured by Apple. Note that it’s not spelled MAC (all caps) because it’s not an acronym. There is an acronym MAC, for Media Access Control address (a unique identifier for a device on a network).
Malware: Generic term for malicious software. Includes viruses, spyware, ransomware, Trojans, rootkits, and more.
Metadata: Data about data. For example, the metadata of a phone call are the details about the call, such as phone number called, time of call, and duration of call. The metadata of an email are the details about the email, such as email address sent to, time sent, and subject.
Online predator: A person who sexually exploits one or more children over the Internet (or attempts to).
Operating system (OS): The main software that runs on a computer or other digital device, which other software runs inside. Common computer operating systems are Windows, macOS (Apple), and Linux. Common mobile operating systems are iOS (Apple) and Android.
Parental controls: software that allows a parent to control what their child can do with device, which may include limiting screen time, disallowing apps, or filtering content.
Personally identifiable information (PII): Information by which you can be identified, such as name, Social Security number, driver’s license number, phone number, and email address.
Phishing: Fraudulent messages that attempt to steal info. For example, you may receive an email that appears to be from your bank, asking you to click a link to log in. But the link actually points to a malicious website disguised to look like your bank, which steals your login info as soon as you enter it.
Potentially unwanted program (PUP): Software which is suspicious but not clearly malicious. Anti-malware software can’t tell whether you want it, so it labels it “potentially unwanted.” If you don’t know that you need it, uninstall it to be safe.
Principle of Least Privilege: Give users, accounts, and services only as much access and capability as they truly need, to limit the damage they can do (deliberately or accidentally).
Privacy: Keeping hidden or secret the data that you want to keep hidden or secret.
Ransomware: Malware that prevents you from accessing your files (often by encrypting them) until you pay a ransom. There’s no guarantee that you’ll get your files back if you pay the ransom.
Revenge porn: Distributing sexual images or videos of a person (often an ex) to get revenge.
Security: Restricting access to an object or data, ensuring that only the proper people or systems can access it.
Security questions: Questions that must be correctly answered to authenticate you. Often used as a secondary way to authenticate if you forget your password.
Security theater: Measures that give the appearance of security to put people at ease, but which do little or nothing to actually increase security.
Sensitive: Data that is valuable and you don’t want to fall into the wrong hands. For example, Social Security number, home address, financial information, medical information.
Sexting: Sending nude or partially-nude photos, or sexually explicit text. In the US, federal law makes it illegal for minors to sext (due to child pornography legislation).
Sextortion: Threatening to harm a person, or if they don’t provide sexual images, videos, or favors, or money. The threat may involve distributing sexual images or videos of the target, or some other form of threat or blackmail.
Short Message Service (SMS): Technical name for text messaging, text messages, texting. Technically, only text can be sent by SMS. If you send anything else (images, audio, etc.) you’re using MMS (Multimedia Messaging Service).
Smishing: Fraudulent SMS/text messages that attempt to steal info; phishing done by SMS/text message.
Social engineering: Manipulating or tricking people into giving access to information or systems.
Spam: Unsolicited “junk” messages received by email, text/SMS message, social media messaging system, or some other messaging system. Note that it’s not spelled SPAM (all caps) because it’s not an acronym. A person who sends junk messages is a spammer; the action is spamming.
Special characters: Written symbols that aren’t letters or numbers. Examples: ~ ! @ # $ % ^ & * ( _ + [ \ ; ‘ < . ?
SSL (Secure Sockets Layer): Obsolete, insecure protocol that’s been replaced by TLS (see TLS below). Because the term SSL is more widely-known than TLS, people use SSL when they usually mean TLS. But it’s wise to confirm, because SSL is obsolete and insecure.
Surveillance: Watching, observing, tracking. Digital surveillance can be done by a human, but most surveillance is done automatically by systems.
TLS (Transport Layer Security): Protocol that encrypts data in transit (while it’s traveling). Used in HTTPS Web traffic and in many other forms of secure communication.
Two-factor authentication (2FA), multi-factor authentication (MFA): Using more than one means to prove that you are who you say you are. A password is commonly one factor; other factors could be a code generated by an authentication app, or biometrics (fingerprint, iris scanner, etc.).
Verify, verification: To prove or provide evidence for.
Virtual Private Network (VPN): A secure tunnel from your device to a remote server. Can be used to protect your Internet traffic when you’re on an insecure network (such as public Wi-Fi) or to make it look like you’re located somewhere else, allowing you to get around Internet restrictions (such as in China).
Virus: Malicious software that replicates itself like a biological virus. A virus is a specific type of malware, but the word virus is often used to refer to all malware.
Vishing: Fraudulent phone calls or voicemails that attempt to steal info; phishing done by phone.
Vulnerable, vulnerability: Capable of being attacked or exploited because of a flaw.
Whitelist: A list of approved items. A system that uses a whitelist blocks all items that are not on the whitelist. Opposite approach of a blacklist.
Zero-day, 0-day: A zero-day vulnerability is a software or hardware flaw that is generally unknown, so no one has yet created a defense against it; it can be attacked or exploited immediately.
Zero-knowledge encryption: A form of encryption in which the service provider has no knowledge (zero knowledge) of the user’s encryption key, so the provider is not able to view the user’s data. For example, a zero-knowledge storage or backup company can’t view the files users store on its servers.