Glossary definitions

Backdoor – A method of bypassing normal authentication, securing unauthorized remote access to a computer, while remaining undetected.

BIOS (Basic Input/Output System) – Firmware used during the booting process (power-on startup) of PCs.

Botnet – A group of computers controlled from a single source that run software programs and scripts. These can be used for both legitimate (Internet Relay Chat, shared processing for applications) and malicious (propagation of viruses, crashing servers or sending email spam) purposes.

Buffer – A holding place for data that is en route between other hardware devices or software processes. The buffer regulates the flow of data and allows each device or process to operate without being held up by the other.

Ciphertext – is encrypted plaintext.

Command line – a text-based interface used for entering computing commands.

Content – The substance of communication; what the communication conveys, as opposed to information about the communication, which is known as metadata.

Cryptography – the science, including mathematical theories and algorithms used to develop methods for secure, encrypted communication.

Cryptographic backdoor – A hidden feature of a cryptographic system that enables someone with knowledge of the backdoor to manipulate the system in a way that others cannot, for example by obtaining information from the system that would otherwise be kept secret.

Deep Packet Inspection – A form of filtering and examination of data as it passes an inspection point. Deep packet inspection is used by Internet Service Providers to block the spread of computer viruses, identify illegal downloads, and prioritize data transmitted by latency-sensitive applications like voice and video in order to alleviate network congestion and improve service. On the other hand it can also be used to intercept communications, scan content for keywords or block access to specific websites and networks.

Domain name system (DNS) – The Internet’s equivalent of a phone book. DNS is used to translate a user-friendly domain name such as “” into an Internet Protocol (IP) address such as “”. It is the numerical address that is used by computers to identify each other on the network.

Downstream – Collection of metadata and content stored by service providers.

Encryption – encoding digital content so that it is unrecognisable to people who do not have access to passwords or private keys that will decode the information. PGP/GPG requires two separate keys, one that is a private key and the other which is a public key. These are used to encrypt and decrypt messages. A public key is used to encrypt plaintext or to verify a digital signature. In contrast, a private key is used to decrypt ciphertext or to create a digital signature.

Facial recognition – A biometric technology used to detect and recognize human physical characteristics. The technique is used to identify individuals by comparing facial features from an image against those stored in a database.

Federated Query Mechanism (federated search) – The ability to search multiple databases at once in real time enabling search of different content sources with one query.

Feed – A mechanism for users to receive data from a variety of sources within a single interface.

Fibre-optic cable – A high-speed data transmission medium containing glass or plastic threads that carry light beams. Digital data is transmitted through the cable via rapid pulses of light. Because fibre-optic cables provide high bandwidth, they are used for a large part of the Internet backbone. Most transatlantic telecommunications cables between the U.S. and Europe are fibre optic. In recent years, fibre optic technology has been deployed for regional and local Internet connections. These connect major regions of the world to each other. Maps: and

Five Eyes – The intelligence alliance between Australia, Canada, New Zealand, the United Kingdom, and the United States.

Forward Secrecy – ensures that every new connection uses unique and ephemeral key information, this ensures that if long-term keys (e.g. PGP/GPG) are compromised that the content of messages cannot be decrypted.

Friend-to-Friend – a type of peer-to-peer computer network where users make connections only to people that they know. Also referred to as a ‘darknet’.

Front-end– The part of an application that users interact with directly, made up of control and display components such as search forms. The front end connects the user to ‘back end’ components such as databases and algorithms that enable the application to function.

Garlic routing – in the case of I2P refers to both its layered encryption of messages as well as its bundling together of multiple messages into a “clove”.

Internet backbone – A network of high-bandwidth connections that link together nodes across the globe. These nodes route incoming data to smaller networks across local regions. Most backbone connections consist of fibre-optic cables bundled together to increase capacity.

Malware – Short for “malicious software,” any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Man-in-the-middle – An attack in which communication between two systems is intercepted by a third system. The attacker acts as a proxy, able to read, modify, insert and delete data in the intercepted communication channel.

Man-on-the-side – An attack similar to a man-in-the-middle attack, where instead of completely controlling a communication channel, the attacker only has regular access to the communication channel, enabling the attacker to read traffic and insert new messages, but not to modify or delete messages sent by other participants. A man-on-the-side attack relies on a timing advantage to ensure that the attacker’s response to the victim’s request arrives before the legitimate response.

Metadata – Information about communication, as opposed to the substance of the communication, which is known as content. In UK law, metadata is called “communications data”. Metadata describes who a person communicates with, where they are when they communicate, how long they communicate for, and how their communications are transmitted and received.

Mix Network – a routing protocol that uses a chain of proxy servers called ‘mixes’. It shuffles messages from multiple sources and sends them out in a random order to another mix node, thus breaking the link between the source of a request and its destination.

Onion routing – a technique for anonymous communication over a computer network where messages are encapsulated in layers of encryption (hence the onion analogy). Encrypted data is sent through a series of nodes called onion routers, each of which “peels” away a single layer, uncovering the data’s next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.

Overlay network – a computer network built on the top of another network (also known as a peer-to-peer network). These networks run over, or on top of, the Internet.

Packet injection – The process of interfering with an established network connection, by constructing packets (units of data) to appear as if they are part of the normal communication stream. It is commonly used in man-in-the-middle attacks.

Pattern-of-life analysis –The aggregation of data from a variety of sources to develop a profile of past and present human behaviour. It is also used to predict future behaviour based upon recent activity such as travel, purchases and communications.

Peer-to-Peer – systems are composed of a distributed architecture where separate computers work together to share processing tasks and store data. They provide more anonymity because there is no centralised source for data transmission that could more easily be monitored.

Plausible deniability – The ability to deny knowledge of a online conversation or file transfer using encryption and network relays

Proxy – A computer system or application that acts as an intermediary for requests from clients seeking resources from other servers. It enables the monitoring of activities and filtering of content.

Pseudo-top-level domain – name for a computer network that does not participate in the official Domain Name System and may not even participate in the Internet, although may use a similar domain name hierarchy.

Relay network – Information takes a random path across a variety of nodes [WIK07], which allow users to remain anonymous by effectively gaining access to information via a host surrogate address.

RST packet spoofing – Also known as a TCP reset attack, RST packet spoofing exploits a feature of the Transmission Control Protocol (TCP) that allows unwanted connections to be closed without confirmation. It can be used to disrupt a wide range of Internet-based applications.

Sentiment analysis – A data analysis technique to collect, analyse and categorize opinions, attitudes and emotions as represented through online communications. It also maps idea propagation across social networks.

Standard – A technical standard is a document that describes a technical system in such a way as to enable interoperable implementations to be produced. Standards are often formulated by working groups within standards organisations. The members of a working group may include representatives of commercial, governmental and academic bodies. Once a standard is agreed it is written into documents that establish uniform technical criteria, methods, processes and practices.

Switch – A device used to network multiple computers together. High-end switches can have more than 50 ports. They can limit traffic to and from each port ensuring that each device connected to the switch has a sufficient amount of bandwidth. They do not provide either firewall or logging capabilities.

Tunnel routing – encapsulates data packets in a layer that runs separately to the Internet public network.

Trojan (Trojan horse) – Malware that is disguised as legitimate software.

Upstream –Collection of metadata and content in transit across communication networks.