Privacy glossary

Online privacy can be confusing. What’s fingerprinting? Why are trackers bad? In this easy-to-read list you’ll find short definitions of essential privacy terms.



Ad blocker
An ad blocker is a browser feature, or a browser extension, that prevents your Web browser from showing ads on webpages, videos, streams, podcasts, or apps. Ad blockers often improve your browsing experience, but can bring security risks.
AML stands for “anti-money laundering.” The term refers to the practices that financial institutions—like banks and payment services—use to make sure their customers’ money does not come from illegal activity. Financial regulators require institutions to have robust AML, as part of their efforts to fight financial crime.
AMP stands for “Accelerated Mobile Pages,” a limited version of HTML, developed by Google. Website owners can create AMP versions of their pages, which look like they’re coming from the original publisher’s site. But in fact an AMP page is a cached version of the original page that lives on Google’s servers. This makes AMP harmful to privacy, security, and the openness of the Web. Google positioned AMP as a way for website owners to make their pages faster but, ironically, they’re often slower than the original publisher versions.
In the context of Web privacy, anonymity means that when you visit a website it can’t distinguish you from any other visitor, or even know whether you’ve visited previously. There’s an important difference between anonymity and pseudonymity, which is a related (and far more common) concept. Pseudonymity means that when you visit a website the site can tell whether you’ve been to the site before, and may even remember what you did in previous visits, but otherwise doesn’t know anything about your real-world identity.
API stands for “application programming interface.” Most generally, an API is a way for software systems or pieces of code to communicate with each other—generally, for one system or piece of code to “ask” another to perform tasks, transfer data, or both. One system’s API defines what other systems/code can ask it to do, and the technical details of the communication (such as data formats).


Big tech
“Big tech” is a blanket term for large tech companies that make widely used hardware and software, and generally have a huge amount of influence on technology, the Internet, and the economy as a whole. When capitalized as “Big Tech,” the term often refers to five companies: Amazon, Apple, Google (or Alphabet), Meta (formerly Facebook), and Microsoft. Several of the major Internet brands you may know are actually part of these companies, such as YouTube (Google), Instagram and WhatsApp (Meta), and LinkedIn (Microsoft).
Bounce tracking
Bounce tracking is a technique used by Web trackers. It involves inserting an intermediary link between you and the website you want to visit, allowing a tracker to know you and / or your interests, and thus use this data to sell more targeted ads. This technique is also sometimes known as “redirect tracking.”
A browser (or Web browser) is an app for your computer, tablet, or smartphone that lets you look at and interact with websites. The browser “calls” the server on which a website is hosted, and then renders that site for you in an intelligible way. Note that a browser is different than a search engine.


Cache (also known as “browser cache” or “Web cache”) is a temporary storage area on your device that holds copies of frequently accessed webpages, images, and other online content. Allowing your browser to store some data about previously visited websites prevents the need for future requests, and helps those sites / pages load faster the next time you visit.
The California Consumer Privacy Act (CCPA) is a privacy law enacted in California in 2020, amended and strengthened in 2023 by the California Privacy Rights Act (CPRA). The CCPA/CPRA provides residents of California with specific rights regarding the collection and use of their personal data—to know what data is collected; to have data deleted; and to opt out of, or opt into, the sale of their data. CCPA requires businesses to accommodate these consumer rights and applies civil fines if not complied with.
A certificate is a digital document that a website or other Internet service uses to prove its identity to users. If you see a lock icon in your Web browser’s address bar, that means the website you’re viewing has presented a valid certificate. And this generally means that anyone who might be spying on your Internet connection (like someone else on your Wi-Fi network) wouldn’t be able to see or modify the content you’re seeing on that website.
A client is the hardware or software that accesses a service on a server. The term “client” may refer to a person using the service, or a piece of software (like a Web browser) or hardware (like a phone or computer) the person is using to access the service. A server is a piece of software or hardware whose purpose is to offer a service over a computer network, such as the Internet.
A cookie is a small piece of data that a website (the server) places on your device (the client). The exact meaning of cookie contents is specific to each website. In some cases these are benign, and required for the site or app to function (e.g. to know you put an item in a shopping cart). In other cases, cookies can be used to track your browsing activity, search history, and to follow you across the Web. Note that the term “cookie” is used in two different ways: to describe a specific way of setting values on browsers; and as a general term for all ways sites can store values on clients.
Cyberbullying is harassment that occurs online, typically through social media, email, or messaging. The harm to the victim is intentional and usually repeated, and can be perpetrated by an individual or a group. Cyberbullying can be more harmful than in-person bullying because it can happen anywhere at any time—it doesn’t rely on in-person interactions. Cyberbullying can also overlap with in-person bullying.
Cybersecurity is the practice of protecting computing devices and networks from external threats. For purposes of this article, “cybersecurity” refers to practices that IT and security professionals use to protect the systems they’re in charge of, or whole groups of employees. The related term “security” is more general, and can also refer to practices an individual might take to stay safe online or a business might use to secure the buildings they use.


Dark Web
The Dark Web is the portion of the Internet that can only be accessed through specific software. Most casual surfing of the Web takes place on a small piece (5-10%) of the total World Wide Web; this is sometimes called the Surface Web. The other 90-95%—the Deep Web—is basically all the content not indexed by search engines. The Dark Web, by turn, is a fractional part of the larger Deep Web, and requires special browsers to view and navigate.
A database is an organized collection of data, stored and accessed electronically, usually via a computer system. A database can be small or large, simple or complex depending on the situation. It can contain any type of information, and is a critical component of many computer systems.
Deep Web
The Deep Web is the portion of the Internet not indexed by traditional search engines. It often requires a login (such as a username and password) or special software to access. The part of the Web that’s accessible using search engines—sometimes called the Surface Web—is actually just a small piece of the overall World Wide Web. The much larger, less visible, piece is called the Deep Web. Some estimates suggest that 90-95% of the overall World Wide Web is actually the Deep Web.
Digital footprint
A digital footprint is the trail of data created by a person’s online activity. These activities include things like searching the Web, visiting social media, and online shopping, along with less obvious data sources like physical location or website visits. Businesses collect, trade, and analyze digital footprint data, and use this data to create profiles of people (often, though not always, for the purposes of targeted advertising).
The Domain Name System (DNS) is an Internet protocol that enables a browser and operating system to look up the IP addresses that correspond to domain names. IP addresses and domain names are each a type of identifier for devices on the Internet. IP addresses are numerical (like, while domain names are human-readable (like “”).


Encryption is a cryptography term that means a message or data is indecipherable to outside observers. In Web browsing, this can mean data is unreadable as it moves across the Internet. If the data is also only readable by the site or app you want to view, it would be “end-to-end” (E2E) encrypted. Note that E2E encryption has very specific technical requirements, and most services that claim to offer it actually don’t. Also note that in some cases the parties on the website you’re viewing can see your message content (e.g. Facebook can see what you post in the WhatsApp client).
A browser extension (usually just “extension”) is a mini-app that can be downloaded and added to a Web browser to augment it’s out-of-the-box functionality or to add a new feature. Common browser extensions include ad blockers, spell-checkers, dark-mode / visual altering tools, and crypto wallets. Extensions are usually made by third parties (i.e. not the browser), and not always policed or vetted for security / privacy risks.


Filter list
A filter list is a list of criteria that ad blockers and tracker blockers use to determine which content to block. This can include ads, trackers, pop-ups, cookie consent notifications, or other website annoyances.
A fingerprint is a combination of many characteristics of your browser and device that uniquely identify you to a website. Fingerprinting is a tracking technique that doesn’t rely on cookies, which more browsers are blocking by default.
First-party ad
A first-party ad is a Web ad whose content is loaded from the same domain as the page showing the ad. The domain is the part of the URL after the “://” and before the next slash. For example, the domain of this page’s URL is “” The opposite of a first-party ad is a third-party ad, which is loaded from a different domain than the page showing the ad.


The General Data Protection Regulation (GDPR) is a European Union (EU) law. It provides individuals with rights over the use of their personal data, and sets out rules that companies and organizations must follow when collecting and using personal data about individuals. GDPR has been in force since 2018.


HTML (short for “HyperText Markup Language”) is a system of special notations that specify what a webpage should look like and how it should work. HTML is how webpages—including their text, images, tables, links, forms, and so on—are transmitted over the Internet to your device. HTML is the standard coding (or “markup”) language used to build pages that render in a Web browser.
HTTPS (HyperText Transfer Protocol, Secure) is a secure version of HTTP, the standardized method by which Web browsers and Web servers talk to each other over a network. HTTPS generally protects data in transit between a server (where a website or app “lives”) and the client (the phone or computer) you’re browsing from. Some browsers now automatically upgrade sites to HTTPS, or will warn you if HTTPS isn’t available; sites where HTTPS is not available should be visited with caution.


IP address
An Internet Protocol (IP) address is a numerical label (like that identifies a device on a network, and allows computers to talk to each other. Any device on any network will need an IP address so it can receive data from other devices; the IP address is how the network gets data to the right place. Some IP addresses are public, while others are private. Sometimes, your IP address can be used to identify and track you across sites and apps.
IPFS stands for Interplanetary File System, a decentralized peer-to-peer file sharing system. Different from the common Internet scheme (HTTP/HTTPS), IPFS is an Internet protocol (or system) that allows people to access content without the need for a centralized server. IPFS provides a similar Web experience as HTTP/HTTPS, but with faster response time and improved reliability. It also shifts power and control of the Internet out of the hands of big tech companies.
An Internet service provider (ISP) can provide home or work access to the Web, along with things like domain name registration and Web hosting. For many home Internet users, being online means all data must go through some sort of ISP (and this ISP can see all your traffic and online activity unless you take steps to prevent it). Some examples of ISPs include Comcast, AT&T, and Verizon.


KYC stands for “Know Your Customer.” The term refers to the practices that financial institutions—like banks and payment services—use to make sure they know the true identities of the people and organizations they serve, and to assess the risks of serving them. The term can also refer to the government regulations that require these practices. Financial regulators require institutions to have robust KYC, as part of their effort to fight financial crime.


Malware is any software that has a malicious purpose. Common uses of malware are to steal private information, steal or extort money, disrupt infrastructure, or to simply cause chaos. Examples of malware include viruses, Trojans, ransomware, and Spyware. When browsing the Web, it’s important to take adequate steps to protect yourself from malware.
Essentially, metadata is data about data; it’s often (though not always) machine-readable information that determines the structure or organization of human-readable information or content. Metadata can appear on websites, databases, or elsewhere.


Open source
Open-source software is software whose source code—the instructions that define what the software does—is published and freely available. The opposite of open source is closed source. Source code is human-readable, and software developers create software by writing it. To run software on a device, though, the source code has to be transformed into a form that’s mostly unreadable to humans. That unreadable form is what you get when you download an app. Open-source software is often developed in a collaborative manner, and considered a public good, free for anybody to use. The Brave Browser, Linux operating system, and OpenOffice are examples of open-source software.


Password manager
A password manager is software that stores the usernames and passwords to your online accounts. It can automatically fill in usernames and passwords on login pages, generate new random passwords, and sync your passwords across multiple devices. Using a password manager can save you a lot of hassle and—when used properly—dramatically improve your privacy, safety, and security online.
Phishing (pronounced “fishing”) refers to stealing people’s passwords by tricking them, using a fake website that mimics a legitimate one. Phishing often takes place via email, with the sender pretending to be a well known person or company. Phishing messages typically invoke a sense of urgency or panic, and compel readers to take immediate action.
In the context of computing, privacy means that your personal data isn’t seen by anyone whom you don’t want to see it, and isn’t used by anyone in ways you don’t approve of. Personal data means both information about you (e.g. your name, email address, or phone number) and also about what you do (e.g. which websites you visit, what you post online, who you talk to, or what you buy).
Privacy policy
A privacy policy is a document from a company or organization that describes how they collect and store personal information, what they do with it, and what your rights are with regard to your personal information.
Private (incognito) window
A private window (or incognito window), is a browser window that forgets everything you did in it when you close it. Different browsers use different names for the same feature. Brave, Safari, and Firefox use “private window,” while Chrome uses “incognito window” and Edge uses “InPrivate window.” Note that this “forgetting” only refers to data stored on your device.


Randomness is the property of lacking structure or organization, or otherwise being unpredictable. In the context of digital security, randomness plays an important role in cryptography and encryption—often used to generate random strings of characters and numbers known as “keys.”
Ransomware is a type of malicious software (malware) that encrypts the contents of your device so it’s unusable, then offers to restore your device (your phone, computer, or tablet) in exchange for a payment to the ransomware operator.
Retargeting is a specific type of ad targeting, in which you’re shown ads for something that you’ve shown interest in buying. For example, if you put an item in your shopping cart on an e-commerce site, but you don’t check out, you might start seeing ads for that item all over the Web. Those ads are retargeted.


Safe Browsing
Safe Browsing is a service, run by Google, that catalogs fraudulent or malicious websites. It’s integrated into several major browsers—including Brave, Chrome, Safari, and Firefox—so that they can warn you if you’re about to visit such a site. Edge uses a similar (though slightly different) service that’s run by Microsoft.
A script is a sequence of instructions that can be executed by a computer or programming language. A script is a common type of computer program, its defining characteristic being that it does not have to be compiled in advance of being run. It’s interpreted and executed in real time.
Search engine
A search engine is a service, accessible over the Web, that finds information on the Web in response to your queries. The most widely used search engine, by far, is Google Search, usually just called “Google.” Google Search is so ubiquitous that “to google” has become a verb meaning “to search the Internet.” Some large sites, like YouTube, have search functionality that only finds items on that site (videos and channels, in YouTube’s case). That’s sometimes called a search engine too.
Computer security is the protection of computing devices, networks, and data from external threats.
A server is a piece of software or hardware whose purpose is to offer a service over a computer network, such as the Internet. Servers can be physical machines, virtual machines, or software that performs server-like functions. The consumers of the service are called clients. The term “client” may refer to a person using the service, or a piece of software (like a Web browser) or hardware (like a phone or computer) the person is using to access the service.
Social engineering
Social engineering describes a variety of tactics used by malicious actors to trick an individual into doing something they wouldn’t normally do, especially (but not exclusively) online. Phishing is one common type of online social engineering; others include scareware, pretexting, and pharming. The success of a social engineering attack often relies on manipulating an individual person, rather than attacking a whole system, or a company’s software or hardware.
Spam is unwanted, unsolicited communications such as emails, text messages (SMS), or calls, sent in bulk to many recipients at once.
Storage is a general term in computing that means keeping data over a period of time. In the context of Web browsers, it has a more specific meaning: Web browsers set aside a limited amount of space on your device, where websites can store data. This is usually called “local storage.” Common uses of local storage are to store your settings for the site (such as your dark mode / light mode preferences) and to save work in progress. Some sites may also use local storage to enable limited offline functionality (such as the ability to continue editing a Google doc, even without a Wi-Fi connection).
Surveillance economy
The surveillance economy describes the business of collecting and monetizing people’s personal information at scale, and the companies that are involved in this business.


Third-party ad
A third-party ad is a Web ad whose content is loaded from a different domain than the page showing the ad. The domain is the part of the URL after the “://” and before the next slash. For example, the domain of this page’s URL is “” The opposite of a third-party ad is a first-party ad, which is loaded from the same domain as the page showing the ad.
A tracker is a small piece of software, embedded in a website, that records your activity on the site. Trackers send information about the activity they’ve recorded to a tracking server, owned by the company that made the tracker. Web ads usually include trackers, though you couldn’t tell just by looking at an ad. Social media buttons on other sites (such as “Like” buttons) also include trackers. Most trackers are invisible.


A URL (short for Uniform Resource Locator) is a string of letters, numbers, and special characters that identifies a place on the Internet, such as a website, and provides a method for reaching it. When browsing the Web, URLs appear in the address bar of your browser, as with For this reason URLs are sometimes called “addresses.”
A UTM is a parameter that can be appended to the end of a website address (or URL), and share information about where you got the URL from. UTMs are a common way for marketers to learn how visitors are finding their site, and are often associated with tracking.


A virtual private network (VPN) enables data to be sent from your device over the Internet (e.g. to a website) via an encrypted tunnel. VPNs can be used to remotely access private networks, or to shield personal info like your IP address, and generally allow for added privacy and security. But note that not all VPNs are created equal.

Ready for a better Internet?

Brave’s easy-to-use browser blocks ads by default, making the Web cleaner, faster, and safer for people all over the world.


Almost there…

You’re just 60 seconds away from the best privacy online

If your download didn’t start automatically, .

  1. Download Brave

    Click “Save” in the window that pops up, and wait for the download to complete.

    Wait for the download to complete (you may need to click “Save” in a window that pops up).

  2. Run the installer

    Click the downloaded file at the top right of your screen, and follow the instructions to install Brave.

    Click the downloaded file, and follow the instructions to install Brave.

    Click the downloaded file at the bottom left of your screen, and follow the instructions to install Brave.

    Click the downloaded file at the top right of your screen, and follow the instructions to install Brave.

    Click the downloaded file, and follow the instructions to install Brave.

  3. Import settings

    During setup, import bookmarks, extensions, & passwords from your old browser.

Need help?

Get better privacy. Everywhere!

Download Brave mobile for privacy on the go.

Download QR code
Click this file to install Brave Brave logo
Click this file to install Brave Brave logo
Click this file to install Brave Brave logo