As you learn about digital security and privacy, you may encounter words that you’re not familiar with. This glossary has simple, short definitions.
Authentication: Proving that you are who you say you are.
Bad actor: A person, group, or organization that is acting maliciously.
Blacklist: A list of disapproved items. A system that uses a blacklist allows all items that are not on the blacklist. Opposite approach of a whitelist.
Cloud: Internet-based; using remote servers. A cloud service is an online service. Cloud storage is online storage.
Cookie: A file that contains information which identifies you to a website, so that it can keep track of who you are. Cookies are simply part of how users interact with websites, and aren’t inherently a privacy risk. But when cookies are used to track users around the Web, they are considered a privacy risk.
Credentials: Proof that you are who you say, or that you have the right to access something. For example, your username and password.
Cryptography, cryptographic, crypto-: Having to do with encoding data to make it secret and not easily readable.
Cyber-: A prefix meaning related to computers or computing. For example, cybersafety, cybersecurity, cybercrime, cyberspace, cyberbullying, cyberstalking.
Cyberbullying: Bullying done with digital devices, such as through social media or messengers.
Cyberstalking: Repeated harassment using digital devices. Often used interchangeably with cyberbullying.
Data: Facts; pieces of information. Computers and digital devices store and process data. “Data” is a plural word (the singular is “datum”), but data is commonly used as singular.
Defense in depth: Using multiple security layers to increase your overall security.
Device: Generic term for computing hardware, such as computer, phone, or tablet.
Digital parenting: A broad term dealing with the intersection of parenting and technology; helping kids use digital tech in a safe, healthy, wise way.
Domain name: Main part of an Internet address. For example, google.com, wikipedia.org, irs.gov.
Encrypt, encryption: To encode data to make it secret and not easily readable. Data that’s not encrypted is unencrypted (also called plain text or cleartext). Undoing/reversing encryption is decryption.
End-to-end encryption: Encryption that keeps data secret along the entire path from sender to intended recipient, so that only the intended recipient can see/hear it. It keeps data encrypted while in transit (traveling) and at rest (in storage). This prevents not only hackers, but also governments and even the companies transmitting the data from seeing it.
Filter: To restrict access to. Usually used in the context of an Internet filter, Web filter, or content filter, which disallows access to particular websites, images, videos, and other content.
Hack, hacking, hacker: A person who maliciously breaks into computer systems, networks, and digital devices. Originally hacker was a positive term (you may have heard of life hack as meaning finding a shortcut), and cracker was the corresponding negative term (meaning to crack into). Over time hacker has evolved into a mostly negative term, though the term white hat hacker survives as meaning a person who hacks with good intent, to find vulnerabilities before malicious people do.
HTTPS (Hypertext Transfer Protocol Secure): Technology that creates a secure, encrypted connection between a web browser and a website, to protect transmitted data from eavesdroppers. Browsers will show the web address (URL) starting with https:// and may also show a padlock symbol.
Internet of Things (IoT): The wide range of devices that have processors and are connected to the Internet, generally referred to as “smart” devices. Includes smart speakers, thermostats, home entertainment systems, home security systems, car systems, baby monitors, and many more devices.
Internet Service Provider (ISP): The company that provides your Internet connection. At your home, that could be a cable, DSL, or fiber company, such as Comcast, Spectrum, or AT&T. For your mobile devices, that’s your wireless carrier, such as Verizon, Sprint, or AT&T.
Key: The digital equivalent of a physical key; text, code, or software that unlocks something.
Mac: Abbreviation of Macintosh, a computer manufactured by Apple. Note that it’s not spelled MAC (all caps) because it’s not an acronym. There is an acronym MAC, for Media Access Control address (a unique identifier for a device on a network).
Malware: Generic term for malicious software. Includes viruses, spyware, ransomware, trojans, rootkits, and more.
Metadata: Data about data. For example, the metadata of a phone call are the details about the call, such as phone number called, time of call, and duration of call. The metadata of an email are the details about the email, such as email address sent to, time sent, and subject.
Online predator: A person who sexually exploits one or more children over the Internet (or attempts to).
Operating system (OS): The main software that runs on a computer or other digital device, which other software runs inside. Common computer operating systems are Windows, macOS (Apple), and Linux. Common mobile operating systems are iOS (Apple) and Android.
Parental controls: software that allows a parent to control what their child can do with device, which may include limiting screen time, disallowing apps, or filtering content.
Personally identifiable information (PII): Information by which you can be identified, such as name, Social Security number, driver’s license number, phone number, and email address.
Phishing: Fraudulent messages that attempt to steal info. For example, you may receive an email that appears to be from your bank, asking you to click a link to log in. But the link actually points to a malicious website disguised to look like your bank, which steals your login info as soon as you enter it.
Principle of Least Privilege: Give users, accounts, and services only as much access and capability as they truly need, to limit the damage they can do (deliberately or accidentally).
Privacy: Keeping hidden or secret the data that you want to keep hidden or secret.
Ransomware: Malware that encrypts your files (so that you can’t access them) and holds them for ransom. There’s no guarantee that you’ll get your files back if you pay the ransom.
Revenge porn: Distributing sexual images or videos of a person (often an ex) to get revenge.
Security: Restricting access to an object or data, ensuring that only the proper people or systems can access it.
Security questions: Questions that must be correctly answered to authenticate you. Often used as a secondary way to authenticate if you forget your password.
Security theater: Measures that give the appearance of security to put people at ease, but which do little or nothing to actually increase security.
Sensitive: Data that is valuable and you don’t want to fall into the wrong hands. For example, Social Security number, home address, financial information, medical information.
Sexting: Sending nude or partially-nude photos, or sexually explicit text. In the US, federal law makes it illegal for minors to sext (due to child pornography legislation).
Sextortion: Threatening to harm a person, or if they don’t provide sexual images, videos, or favors, or money. The threat may involve distributing sexual images or videos of the target, or some other form of threat or blackmail.
Short Message Service (SMS): Technical name for text messaging, text messages, texting. Technically, only text can be sent by SMS. If you send anything else (images, audio, etc.) you’re using MMS (Multimedia Messaging Service).
Smishing: Fraudulent SMS/text messages that attempt to steal info; phishing done by SMS/text message.
Social engineering: Manipulating or tricking people into giving access to information or systems.
Spam: Unsolicited “junk” messages received by email, text/SMS message, social media messaging system, or some other messaging system. Note that it’s not spelled SPAM (all caps) because it’s not an acronym. A person who sends junk messages is a spammer; the action is spamming.
Special characters: Written symbols that aren’t letters or numbers. Examples: ~ ! @ # $ % ^ & * ( _ + [ \ ; ‘ < . ?
SSL (Secure Sockets Layer): Obsolete, insecure protocol that’s been replaced by TLS (see TLS below). Because the term SSL is more widely-known than TLS, people use SSL when they usually mean TLS. But it’s wise to confirm, because SSL is obsolete and insecure.
Surveillance: Watching, observing, tracking. Digital surveillance can be done by a human, but most surveillance is done automatically by systems.
TLS (Transport Layer Security): Protocol that encrypts data in transit (while it’s traveling). Used in HTTPS Web traffic and in many other forms of secure communication.
Two-factor authentication (2FA), multi-factor authentication (MFA): Using more than one means to prove that you are who you say you are. A password is commonly one factor; other factors could be a code generated by an authentication app, or biometrics (fingerprint, iris scanner, etc.).
Verify, verification: To prove or provide evidence for.
Virtual Private Network (VPN): A secure tunnel from your device to a remote server. Can be used to protect your Internet traffic when you’re on an insecure network (such as public Wi-Fi) or to make it look like you’re located somewhere else, allowing you to get around Internet restrictions (such as in China).
Vishing: Fraudulent phone calls or voicemails that attempt to steal info; phishing done by phone.
Vulnerable, vulnerability: Capable of being attacked or exploited because of a flaw.
Whitelist: A list of approved items. A system that uses a whitelist blocks all items that are not on the whitelist. Opposite approach of a blacklist.
Zero-day, 0-day: A zero-day vulnerability is a software or hardware flaw that is generally unknown, so no one has yet created a defense against it; it can be attacked or exploited immediately.