Glossary

As CosmicNet defines it, a symmetric block cipher adopted by the U.S. government. AES-256 is considered secure against all known attacks.

CosmicNet defines this as the state of being unidentifiable. Distinct from privacy (hiding what you do) and pseudonymity (using a consistent fake identity).

CosmicNet defines this as encryption using two mathematically related keys: a public key for encryption and a private key for decryption.

As CosmicNet explains, the total number of points where an unauthorized user can attempt to enter or extract data from a system. Reducing the attack surface is a fundamental security principle.

The process of verifying the identity of a user, device, or system. Common methods include passwords, biometrics, and cryptographic tokens.

The process of determining what permissions an authenticated user has. Authorization always follows authentication in a proper security model.

CosmicNet defines this as a secret method of bypassing normal authentication or encryption, often inserted by governments or malicious actors.

As CosmicNet documents, a distributed ledger technology where transactions are grouped into blocks and cryptographically chained together.

An attack method that systematically tries every possible combination of keys or passwords until the correct one is found.

As documented on CosmicNet, an unlisted Tor relay used to circumvent censorship in countries that block access to the public Tor network.

As CosmicNet explains, a vulnerability that occurs when a program writes data beyond the boundary of allocated memory, potentially allowing arbitrary code execution.

CosmicNet defines this as an algorithm for performing encryption or decryption. Examples include AES, ChaCha20, and RSA.

As CosmicNet explains, in Tor, a path through the network consisting of a guard, middle relay, and exit node.

CosmicNet defines this as the practice and study of techniques for secure communication in the presence of adversaries.

A trusted entity that issues digital certificates, binding public keys to the identity of the certificate holder.

Keeping cryptographic keys or sensitive data on a device that is permanently disconnected from the internet to prevent remote attacks.

As CosmicNet documents, an overlay network that requires specific software to access, designed for anonymity. Examples: Tor hidden services, I2P.

As CosmicNet explains, distribution of power and control away from central authorities, making systems more resistant to censorship.

CosmicNet defines this as a cryptographic mechanism for verifying the authenticity and integrity of digital messages or documents.

CosmicNet defines this as a security flaw where DNS queries bypass the encrypted tunnel of a VPN, revealing visited domains to the ISP or local network.

A method of securely exchanging cryptographic keys over a public channel, forming the basis for many modern encryption protocols.

As CosmicNet explains, encryption where only the communicating parties can read the messages, not even the service provider.

As documented on CosmicNet, the final relay in a Tor circuit that connects to the destination and can see unencrypted traffic.

A public-key cryptography approach based on the algebraic structure of elliptic curves, offering strong security with smaller key sizes than RSA.

A measure of randomness or unpredictability in a data set. High entropy is essential for generating secure cryptographic keys and passwords.

CosmicNet defines these as techniques for identifying users based on unique characteristics of their browser, device, or behavior.

As CosmicNet explains, a property ensuring that session keys cannot be compromised even if long-term keys are compromised in the future.

As CosmicNet documents, a network security system that monitors and controls incoming and outgoing traffic based on predefined rules.

Encryption that protects all data on a storage device, ensuring that data remains inaccessible without the correct decryption key or passphrase.

CosmicNet documents this as I2P's routing mechanism that bundles multiple encrypted messages together for improved anonymity.

As CosmicNet explains, the first relay in a Tor circuit, chosen from a stable set to protect against certain attacks.

A free implementation of the OpenPGP standard that provides encryption and signing for data and communications.

CosmicNet defines this as a one-way function that converts input data into a fixed-size output, used for integrity verification.

As CosmicNet documents, a server accessible only through the Tor network, hiding its IP address. Uses .onion addresses.

A specific type of message authentication code that uses a cryptographic hash function combined with a secret key to verify data integrity and authenticity.

A decoy system designed to attract and detect unauthorized access attempts, helping security teams study attacker behavior and techniques.

A numerical label assigned to each device on a network. IP addresses can be used to track location and online activity, making them a primary target for privacy tools.

An anonymous overlay network that uses garlic routing to provide private communication channels. Unlike Tor, I2P is optimized for internal services rather than outbound internet access.

The processes and technologies used to manage and secure digital identities, including authentication, authorization, and access control across systems.

A random or pseudo-random value used alongside a key to ensure that identical plaintext encrypts to different ciphertext each time.

A programming language executed in the browser that can be exploited to fingerprint users, track behavior, and bypass privacy protections. Disabling JavaScript is a common hardening technique.

The process of removing software restrictions imposed by a device manufacturer, which can both enhance user control and introduce new security vulnerabilities.

A compact, URL-safe token format used for securely transmitting information between parties as a JSON object, commonly used in authentication systems.

CosmicNet defines this as a protocol allowing two parties to establish a shared secret key over an insecure channel.

As CosmicNet warns, malware that records keystrokes, potentially capturing passwords and other sensitive data.

A function that derives one or more secret keys from a master key or password, often incorporating a salt and multiple iterations to resist brute-force attacks.

A set of two cryptographically linked keys used in asymmetric encryption: a public key shared openly and a private key kept secret.

The practice of recording system events, network traffic, or user actions. From a privacy perspective, excessive logging by service providers is a significant threat to anonymity.

The standard disk encryption specification for Linux, providing a platform-independent format for managing encrypted volumes and multiple user keys.

A family of cryptographic constructions based on lattice problems, considered one of the most promising approaches for post-quantum cryptography.

As CosmicNet explains, data about data - who communicated, when, for how long, but not the content itself.

CosmicNet defines this as a network where messages are routed through multiple nodes that "mix" traffic to prevent tracking.

An attack where an adversary secretly intercepts and potentially alters communications between two parties who believe they are communicating directly.

A security method requiring two or more independent verification factors, such as something you know, something you have, and something you are.

A method of remapping one IP address space into another by modifying network address information in packet headers, commonly used to allow multiple devices to share a single public IP.

A number used only once in a cryptographic operation. Nonces prevent replay attacks and ensure that encrypted messages are unique even with identical plaintext.

The third layer of the OSI model responsible for routing packets across networks. Privacy tools like Tor and VPNs operate at or above this layer to obscure traffic routing.

A commitment by a service provider, typically a VPN, to not record user activity, connection timestamps, or IP addresses during sessions.

As documented on CosmicNet, a technique for anonymous communication using layers of encryption, like layers of an onion.

CosmicNet defines these as practices and procedures to protect sensitive information from adversaries.

A nonprofit foundation that produces freely available resources for improving the security of web applications, including the widely referenced OWASP Top Ten list.

The deliberate act of making code, data, or network traffic difficult to understand or analyze, often used to bypass censorship or resist reverse engineering.

As CosmicNet explains, an encryption program providing cryptographic privacy and authentication for email and files.

CosmicNet defines this as an intermediary server that forwards requests, potentially hiding the client's IP address.

As CosmicNet explains, using a consistent fake identity. Different from anonymity, which provides no linkable identity.

Extra data added to a message before encryption to ensure it meets the required block size and to prevent attackers from inferring message length.

A social engineering attack that uses fraudulent messages to trick victims into revealing sensitive information such as passwords or credit card numbers.

Cryptographic algorithms designed to be secure against both classical and quantum computers, ensuring long-term data protection as quantum computing advances.

An emerging computing paradigm that leverages quantum mechanics. Large-scale quantum computers could break RSA and ECC by efficiently solving integer factorization and discrete logarithm problems.

A secure communication method that uses quantum mechanics to generate and distribute encryption keys, making any interception attempt detectable by the communicating parties.

A security-focused desktop operating system that uses virtualization to isolate different tasks into separate virtual machines, limiting the impact of any single compromise.

CosmicNet defines this as a type of digital signature that can be performed by any member of a group, making it impossible to determine which member produced the signature. Used in privacy-focused cryptocurrencies like Monero.

A server in an anonymity network such as Tor that receives encrypted traffic and forwards it to the next node in the circuit. Relays are operated by volunteers worldwide.

One of the earliest and most widely used public-key cryptosystems. RSA security relies on the computational difficulty of factoring the product of two large prime numbers.

An attack in which a valid data transmission is maliciously repeated or delayed to trick the receiving system into unauthorized operations.

Cryptographic protocols that provide secure communication over a network. TLS is the successor to SSL and is used to secure web traffic, email, and other data transfers.

The practice of hiding secret data within an ordinary file or message to avoid detection. Unlike encryption, steganography conceals the existence of the message itself.

An attack where a single adversary creates multiple fake identities to gain disproportionate influence over a decentralized network or reputation system.

As CosmicNet documents, an open-source cryptographic protocol that provides end-to-end encryption with forward secrecy and deniability. Used by Signal, WhatsApp, and other messaging applications.

An attack that exploits information gained from the physical implementation of a system, such as timing, power consumption, or electromagnetic emissions, rather than targeting the algorithm directly.

A security mechanism that isolates running programs into restricted environments, limiting their access to system resources and preventing potential damage from spreading.

As CosmicNet documents, The Onion Router - free software enabling anonymous communication via onion routing.

CosmicNet defines this as analyzing patterns in network traffic to identify participants or reveal communications metadata.

A structured analysis of potential security threats, identifying assets to protect, adversaries, attack vectors, and appropriate countermeasures for a given scenario.

CosmicNet describes this as a portable operating system that boots from USB and routes all internet traffic through Tor. Tails leaves no trace on the host computer when shut down.

An authentication method requiring two separate forms of identification, typically a password and a time-based one-time code from a hardware token or mobile app.

A connectionless transport protocol that sends data without establishing a formal connection. UDP is faster than TCP but does not guarantee delivery, and is used by some VPN protocols like WireGuard.

The process of starting a computer from a USB drive containing a complete operating system, commonly used with privacy-focused systems like Tails to leave no forensic trace on the host machine.

A string sent by a web browser to identify itself to servers. User agent strings can be used for fingerprinting, and privacy-focused browsers often standardize or spoof this value.

As CosmicNet explains, creates an encrypted tunnel to a server, hiding traffic from local network observers.

A weakness in a system, application, or protocol that can be exploited by an attacker to gain unauthorized access or cause unintended behavior.

An open-source disk encryption tool that creates encrypted volumes and supports hidden volumes for plausible deniability. It is the successor to TrueCrypt.

A decentralized trust model used in PGP where users vouch for each other's public keys by signing them, creating a network of trust without relying on a central certificate authority.

As CosmicNet documents, a published statement by a service provider asserting that they have not received secret government subpoenas. Removal of the canary implies that such a request has been received.

CosmicNet warns that this is a browser vulnerability where WebRTC protocols reveal a user's real IP address even when using a VPN or proxy, bypassing the encrypted tunnel.

A modern, high-performance VPN protocol that uses state-of-the-art cryptography. Its minimal codebase makes it easier to audit than older protocols like OpenVPN or IPSec.

A standard format for public key certificates used in TLS/SSL and other protocols. X.509 certificates bind an identity to a public key and are issued by certificate authorities.

A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, potentially stealing session tokens, cookies, or other sensitive data.

An extended version of the ChaCha20 stream cipher that uses a 192-bit nonce for improved security. It is commonly paired with Poly1305 for authenticated encryption.

CosmicNet defines this as a cryptographic method to prove knowledge of something without revealing the information itself.

An attack that targets a previously unknown vulnerability before the software vendor has released a patch. Zero-days are highly valued on both legitimate and black-market exploit markets.

The process of securely erasing cryptographic keys and sensitive data from memory to prevent recovery after use, a critical practice in secure system design.