Sign in Subscribe

Privacy Glossary

I thought it might be helpful to add an evergreen glossary of terms that come up often in the world of privacy. This will be a work in progress.

Have a term you'd like added in here? Not sure what something means? Drop me a line at kl@womensprivacyproject.org.

Biometrics

Biometrics are a means of accessing a device using only your physical person—fingerprints, facial recognition, etc.—rather than a password or PIN. In many jurisdictions, the law treats biometrics differently than passwords. While you generally cannot be forced to reveal a password (thanks to 5th Amendment protections against self-incrimination), some courts have ruled that law enforcement can legally compel you to provide a fingerprint or face scan to unlock a device.

Safety Tip: If you are in a high-risk situation (like a protest or a sensitive crossing), it is often safer to disable biometrics and rely solely on a strong PIN or password. Most phones have a "lockdown mode" or a way to quickly disable TouchID/FaceID.

Browser Fingerprint

The specific combination of your screen resolution, battery level, fonts installed, and browser version creates a unique "fingerprint" that can identify your device across different sites. Browser fingerprinting can be used to create shadow profiles (see below).

Cookies

Cookies are trackers that are downloaded to your computer when you visit a website. Cookies can be helpful, like if you don't want to keep signing into your email account every time or if you selected dark mode on a website and don't want to re-select it every time you visit, or cookies can track what you do across websites, often used to sell data about your habits for personalized ads. Learn more about cookies in this deep dive:

Ok, but like, what ARE cookies?
You’ve probably swatted away 14 cookie notifications just today, but what exactly are cookies and should you be concerned?
Women's Privacy ProjectKL

Data Broker

Data brokers or 'people listing sites' are companies that collect personal information from various sources (social media, public records, buying history) to create a profile of you and sell it to others. Here's how to deal with them:

Remove Yourself from People Listing Sites
Whitepages, Peoplesearch, Spokeo—whatever they call themselves, get off their lists.
Women's Privacy ProjectKL

Deceptive Design (previously: Dark Patterns)

Deceptive design is when an interface is designed to trick users into doing things that they either don't intend or aren't in their best interests—like sharing more data than necessary or making it difficult to delete an account. Common deceptive design patterns can be found in cookie banners (making it easy to opt into cookies but difficult to opt out) and privacy settings (making it difficult to find or change privacy settings).

Encryption

Encryption is the process of scrambling readable data (plaintext) into an unreadable format (ciphertext) using a mathematical algorithm and a specific key. This key acts like a digital "secret code" that only authorized users or devices possess. Without the correct key to decrypt the information, the data just looks like gibberish to anyone who tries to intercept it.

End-to-End Encryption (e2ee)

End-to-End Encryption refers to the process of sending encrypted data from one device to another, in which the encryption is maintained through the entire trip (end-to-end). The information/message is encrypted on one device (all scrambled up), travels as encrypted content, and then can only be decrypted by the authorized user or device it was intended for. If anyone—including the companies or servers handling the messages—were to try and intercept the message or access it, it would just look like gibberish.

Incognito/Private Mode

Many web browsers like Google Chrome, Safari, Brave, Firefox, and others have the option to view the web via an "incognito window" or a "private browser window". This is often misunderstood as "stealth mode." In reality, it only hides your activity from your own device. When you close an incognito window, your browser "forgets" your history and deletes any cookies from that session. It does not hide your activity from the websites you visit, your employer, or your internet provider. They can still see your IP address and track your movements. Use Incognito to hide your Christmas shopping from your spouse on a shared computer—don't use it to hide your identity from the internet.

Internet Protocol (IP) Address

An IP address is a unique string of numbers assigned to every device and website. Think of it like a digital return address—it tells the internet where to send the data you requested. Because your IP address is linked to your internet provider, it can also be used to reveal your approximate physical location (like your city or zip code). When you're using a shared network, like at a coffee shop or an office, dozens of different devices might appear to the outside world as having the same IP address.

Virtual Private Networks (VPNs) can hide your real IP address by replacing it with one of their own, making it much harder for websites to track your location or identity.

VPNs aren’t just for VIPs
One of the easiest ways to protect your privacy is with a good VPN.
Women's Privacy ProjectKL

Metadata

Metadata is any piece of data that is secondarily created when someone accesses a website, app, or digital service. Some refer to it as "data about data." Metadata may include but is not limited to your IP address, your GPS location, what type of device you're using, what software is installed on that device, etc. Think of it this way: if you were on a phone call, the data would be the conversation itself, the metadata would be who you talked to for how long and exactly where you were standing when you made the call. For photos, metadata (EXIF data) can often reveal the GPS coordinates of where the picture was taken.

Shadow Profile

Shadow profiles refer to the collection of data about an individual who has not signed up for a specific service (like Facebook or Google). Even if you don't have an account, companies can "see" you across the web via Meta Pixels, Google Analytics, or "Like" buttons embedded on other websites. They collect metadata like your IP address and browsing habits to build a profile of your interests, location, and even your political or health-related leanings. These companies can track your digital life without your explicit consent or the ability for you to easily delete the data since you don't have an "account" to log into.

Tracking Pixel

A Tracking Pixel is just that, a tiny, invisible 1x1 pixel image embedded in emails or websites. When you load the page or open the email, that tiny image "calls home" to a server (like Meta or Google), telling them exactly when you opened it, what device you used, and your IP address. It’s the primary tool used to build Shadow Profiles.

Two-Factor Authentication (2FA)

Two-Factor Authentication is an extra layer of security that requires not just a password, but also something only the user has (like a code from an app). 2FA makes it more difficult for someone to access an account since the password alone won't allow them access. Deep dive into 2FA (and set it up) here:

What is two/multi-factor authentication and why should you turn it on?
A rare delve into ‘security’ for this publication!
Women's Privacy ProjectKL

Have a question about a privacy term that I've missed? Send me an email at kl@womensprivacyproject.org and let me know! I'm happy to make additions!