What is a VPN kill switch and how does it work?
A VPN kill switch is a feature that automatically disconnects your computer, phone, or tablet from the internet if your VPN connection drops out. This means there’s no chance that your IP address and other sensitive information could be exposed if your VPN stops working. So the security and anonymity of your internet connection won’t be compromised.
VPNs often have the kill switch feature activated by default, but you can choose to deactivate it if you want. If you switch it off, you can continue to use the internet as normal, even if your VPN isn’t connected. But if you switch it on, you can’t send any data via your internet connection if your VPN is disconnected.
How does a VPN kill switch work?
A VPN kill switch works by constantly monitoring your connection, detecting issues, blocking your access to the internet, and restoring your connection as soon as it’s safe.
Here’s a more detailed breakdown on how VPN kill switches work:
- Monitoring: A VPN kill switch continuously monitors your connection to your VPN server by scanning for changes in status or IP address.
- Detecting: The VPN kill switch will then instantly detect any changes that could prevent your VPN from working properly.
- Blocking: Depending on what type of VPN you’re using (more on that a bit further down), your VPN kill switch will either block certain apps or your entire device from accessing the internet.
- Restoring: As soon as the issue is resolved, your VPN kill switch will restore your internet connection without you having to do anything.
When does a VPN kill switch activate?
A VPN kill switch will kick in as soon as it detects that your VPN connection has gone down.
Here are a few examples of when this might happen:
- If your internet is disconnected from your VPN server because it’s struggling with connectivity issues.
- If you decide to switch VPN servers.
- If you experience unreliable network connections, such as using public Wi-Fi.
- If your computer does an update overnight and then reconnects to the internet without opening your VPN.
- If you start using a new firewall and forget to add an exception for your VPN, meaning that the firewall then blocks your VPN.
- If someone borrows your device and they restart it without switching your VPN back on.
Types of VPN kill switches
There are two different types of VPN kill switches: system level VPN kill switch and application level VPN kill switch
1. System level VPN kill switch
A system-level VPN kill switch notes when you’re disconnected from the VPN service. It then sends that information to your device to prevent it from connecting to the internet via your wifi or mobile data.
When it’s enabled, a system level VPN kill switch completely blocks your internet connection to your computer until the VPN connection is restored or by resetting the network adapter. This makes it very effective at avoiding IP leaks.
It’s really easy to set up an active VPN kill switch. If it’s not already switched on by default, all you’ll probably need to do is select a checkbox on your VPN.
2. Application level VPN kill switch
An application-level kill switch protocol may not sound as safe as a system level kill switch, but it’s arguably the better option of the two as it’s limited to the applications you choose.
It works by letting you choose the specific apps you want to stop from connecting to the internet when the kill switch activates. Whichever apps you’ve selected will then stop working in the event of a VPN connection failure to protect your data. This is very handy if you want to hide your IP address while using certain apps.
It’s more flexible than the active VPN kill switch because it gives you more control over how the switch operates.
The most common apps for an application level VPN kill switch include:
- Browsers, such as Chrome or Firefox
- Email apps, such as Gmail and Outlook
- Video calling apps, such as Skype and WhatsApp
- Torrent client, such as uTorrent and Vuze
Why should you use a VPN kill switch?
Even the most reliable VPNs experience occasional drops in connectivity. And if you’re relying on a VPN to keep your sensitive information secure, you’ll likely want an extra safety measure to protect your data in case your VPN fails. This will guarantee that you’ll get the level of security and privacy you want at all times.
A VPN kill switch is your last line of defense to make sure that your IP address is never uncovered. It also makes sure no one can access your unencrypted data if your VPN goes down.
Who should use a VPN kill switch?
While an occasional drop in connectivity of your VPN may not be the end of the world for most people, there are certain groups of people who need this level of privacy at all times. And those who definitely need to use a VPN kill switch include:
- Activists and journalists who don’t want to be tracked down.
- Users of peer-to-peer transfer software who need to mask their IP addresses.
- Anyone holding confidential documents who can’t afford to have their security compromised, such as lawyers or social workers handling incredibly sensitive data.
- Torrent users who wish to remain anonymous.
Risks of using a VPN without a kill switch
Using a VPN is a great way to keep your online activity private and secure. But VPNs aren’t foolproof. As we've discussed earlier, there are times when your VPN connection might drop, which will leave your IP address and sensitive data exposed.
Here are some of the biggest risks of using a VPN without a kill switch:
- It leaves you vulnerable if your VPN connection drops, meaning that your ISP (and thus the government in some cases) can see what you’re up to online or access your IP address until your VPN is back up and running.
- Using free Wi-Fi can be dangerous, as it’s often not secure. Wi-Fi hotspots and public connections at cafes, hotels and train stations are easy targets for hackers. And if your VPN drops while you’re connected to an unsecured network, your data will be particularly vulnerable.
- Your public IP address would give your location away, so it can be used to pinpoint where you are. This is more of a problem if you’re an activist, journalist or blogger. By not using a VPN kill switch, your location could be traced if your VPN connection drops.
- Your online activity could become traceable, meaning that advertisers and businesses can use your IP address to develop a profile on you. If your VPN cuts out and you don’t have a kill switch enabled, third parties can start to build up information on you.
List of VPNs with a kill switch
Luckily, loads of VPNs offer a kill switch feature as part of their service. Here’s a list of some of our favourites:
NordVPN kill switch
NordVPN has its kill switch function on by default. It automatically prevents your device, or whichever apps you’ve selected from accessing the internet outside its secure VPN tunnel. NordVPN offers two versions of its kill switch:
- NordVPN desktop offers both a system level kill switch and an application level kill switch. It’s compatible on Windows and macOS.
- NordVPN mobile has a system level kill switch that works on Android and iOS.
ExpressVPN’s Network Lock
ExpressVPN has a VPN kill switch, which it’s called Network Lock. This is a system level kill switch that prevents any network traffic from moving outside ExpressVPN’s encrypted connection tunnel.
One of the best things about Network Lock is that it’s available on Linux as well as on Mac and Windows. But it doesn’t offer the ability to set it to work only on specific apps. You can only use it on your whole system.
Surfshark VPN kill switch
Surfshark offers a VPN kill switch to make sure your traffic is always completely encrypted. It’s not switched on by default, but it’s really easy to enable. All you need to do is go to the Settings and toggle on the Kill Switch button.
Surfshark’s kill switch is a system level kill switch that’s available on all the major operating systems.
PureVPN kill switch
Although PureVPN is one of the oldest VPNs on the market, it still has all the latest features. And in response to complaints about PureVPN’s connectivity issues, it has added a system-level kill switch to help its customers retain anonymity at all times.
PureVPN’s kill switch works on Android, Windows, Mac and Linux.
StrongVPN kill switch
Just like PureVPN, StrongVPN calls its feature as kill switch. Sadly, it offers only a system level version without the ability to toggle it for particular apps. It works on Windows and Mac.
If you still want to give it a shot, here is our list of the best VPNs with a kill switch feature.
Thinking of trying out a VPN service? Read one of our VPN guides or reviews
Here, we’ll answer all your burning questions about VPN kill switches.
How do you test a VPN kill switch?
It’s really easy to test if your VPN kill switch works. Just follow this step-by-step guide:
1. Run your VPN and connect to a server.
2. Use the internet by going on websites, sending emails or torrenting.
3. Block the VPN app using your firewall but don’t stop your online activity.
4. If your internet no longer works, you’ll know that the kill switch is working as it should.
Can you disable a VPN kill switch?
Many VPN kill switches are enabled by default. But if you want to disable it, all you need to do is go to the Settings in your VPN, find the Kill Switch or Network Lock button and switch it off.
How reliable is a kill switch for a quality VPN?
There are many ways how kill switches are implemented. It could be done via a rule in the firewall or with driver and priorities. The failure rate will depend on the implementation more than anything else, so you should look for a VPN service provider with well-made software.
Is it bad to always leave a kill switch on?
It's not. In fact, it's the only way to make sure that none of your traffic ever goes through insecure tunnels. However, this also means that your Internet connection will greatly depend on your VPN service provider's uptime.