What is a VPN kill switch, and who needs it today

Ruheni Mathenge Last updated: June 16, 2022
Disclosure

A kill switch is a VPN feature not deemed essential but very helpful nevertheless. This article explains what it is, how it works, why you should use it, and who offers it.

Sneak peek at the VPN kill switch

Many top-notch VPN services available today have employed unique features to provide their customers with robust security and privacy. One of those is “Kill Switch,” which lets the users stay secure even when the VPN connection drops. This feature works by blocking your internet access. Kill Switch efficiently detects when you are not connected with a VPN server and makes you offline. Hence, no online traffic will generate until your connection is fully restored. That way, not a single byte of your internet traffic will go unencrypted or without a masked IP. Learn more about the VPN Kill Switch feature in this guide.

Suppose you’re a VPN user on any device of your choice (phone, tablet, or computer). What happens if, for whatever reason, your VPN disconnects without you knowing? If your VPN provider has a kill switch feature, then your device would go offline automatically.

That action would ensure that no information leaves your device on the open Internet without protecting your VPN’s secure tunnel. Furthermore, once you’re offline like this, your IP address won’t be exposed to the world because you’re cut off from the Internet until you restore a secure link to your VPN server. Thus a kill switch will keep your online session’s anonymity and security intact.

Those VPN vendors who include a kill switch have it activated by default most often. However, you can disable it if you so wish. If you do, then you will remain online even as your VPN connection goes offline.

This means that you won’t notice any disruption in your VPN service, but it also means that you will be sending and receiving unencrypted traffic from your device and that your actual IP address will be out there for the rest of the world to find. The whole point in a kill switch is that you cannot receive or send any data at all unless you are within the secure VPN tunnel.

How the kill switch actually works

A VPN kill switch is an exceedingly vigilant piece of software. It keeps monitoring your internet connection, detecting irregularities, blocking your access to the world wide web if you’re not linked to a VPN server, restoring it once things are back on track.

So, as you can see, the kill switch is always performing several tasks simultaneously; let’s have a closer look at each:

  • Monitoring. The VPN kill switch is always keeping a digital eye on your internet connection to your VPN server. It keeps looking for changes in IP address or status.
  • Detection. Monitoring will reveal any change that could render your connection unsafe; then, the kill switch detects that change.
  • Blocking. This is the real trick. Different providers have different blocking policies. Some will stop a set of specific apps only, and some will block everything in your device from reaching the Internet.
  • Restoration. Of course, the issue will be solved-either automatically, or you will do it by hand. So her the monitoring and detection work again to figure out that everything is ok again, and then the kill switch restores your internet access.

So when does the activation happen?

The VPN kill switch comes to life when it detects you’re not within the VPN network anymore. There are a variety of circumstances in which this can happen:

  • Your Internet goes off. If you’re not online with your ISP’s carrier signal, then you can’t possibly be connected to a VPN server, and so the kill switch activates itself.
  • You choose to switch VPN servers. If you need to use a different server in the VPN network ( so you can unlock additional material on a website or improve your connection’s quality), you will have to be off the VPN grid for a few seconds. The kill switch will detect this and kick in.
  • Unreliable connections. Public WiFi hotspots are the main offenders in this regard.
  • Automatic updates. It is possible for your operating system to perform a full update overnight. Then, once all the new software is installed, up and running, it connects back to the Internet but without the VPN active.
  • New firewalls. If you don’t add a rule to your new firewall so that your VPN is accessible, at all times, the firewall will keep it blocked, thus triggering the kill switch.
  • Rebooting or restarting a device. If you forget to connect to your VPN after a restart, your kill switch will keep you offline.

Flavors of VPN kill switches

VPN kill switches come in two varieties: application level and system level.

System-level

The system-level kill switch will disconnect your whole device from the Internet when the VPN connection is severed. Every app or software on your computer, phone, or tablet will thus go offline.

In other words, a system-level kill switch renders your device utterly useless except for the tasks you can perform using your locally available resources only. Your whole device will remain offline until you’re back within the VPN network.

It’s a radical approach, but it has its benefits. This kind of kill switch is very effective in preventing your IP address from leaking.


Application-level

If you’re experienced in digital security issues, you already know that sometimes the best security practices come at the cost of functionality and vice versa. VPN kill switches are no different in that regard. For example, the application-level VPN kill switch can never be as safe as the system-level option.

However, it’s a better option from the functionality point of view because it only works on a limited set of applications previously specified by yourself. Thus, you can still keep using your regular Internet service with unprotected apps when the VPN connection is lost.

The application-level VPN kill switch allows you to pick the apps that should always remain protected with a VPN connection. These will be the apps that will go offline when the connection is lost, while the rest will remain online. This option will be particularly handy for you if you already know which apps could leak your IP address in a way you should prefer to avoid.

You probably already noticed that the application-level VPN kill switch is more flexible than the monolithic system-level option. As a result, it allows you for a more functional system — although it will also be more vulnerable.

So what are the apps that you should be considering to include in your VPN protection list?

  • Browsers
  • Email clients
  • Video calling applications
  • BitTorrent clients

Why use VPN kill switches

VPN Kill Switch
(Alamy)

Connections over the Internet drop every now and then. It’s just a fact of life. Kill the best VPN vendors usually feature switches, but even they can’t guarantee that every connection will be flawless all the time.

The best providers are very reliable indeed, but external factors such as your local weather, your ISP’s maintenance routines, and other things can temporarily force a VPN connection to drop, leaving your traffic exposed without encryption or IP masking.

There are several reasons to use a good, reliable (which means paid for) VPN service. An increasingly popular use case is spoofing your physical location so that you can use the Internet as it’s meant to be for the domestic users of another country.

While that is a perfectly valid reason, the use case that brought VPNs into existence has more to do with keeping your online activities secured, confidential, and anonymous, away from the prying eyes of your ISP or governmental agencies. And this is when the VPN kill switch makes sense to you as a user.

If keeping your sensitive online information safe is your priority, then you want all of your traffic to go through the VPN at all times. This ensures that all the information is encrypted and that your IP address remains hidden from every website or server you visit online — and these are the two primary tasks that make all VPNs worthy of the names. But what happens if you lose your connection to your VPN, for whatever reason?

Well, without a kill switch, your traffic will go in and out of your device without encryption, and your actual IP address will become visible to the world at large. In other words: you lose every advantage you had, regarding privacy and anonymity, while you were inside the VPN network. 

So a VPN kill switch is a good thing if security is crucial for you. It could look on the surface as an awkward measure, something of an overkill. However, consider that it’s an emergency measure, your last line of defense to protect your data. Also, keep in mind that a good VPN network will be reliable most of the time and that connection failures will not trigger the kill switch too often.

Who needs a VPN kill switch?

Suppose that you lose your VPN connection for a bit. A few of your bytes go around the Internet unencrypted, and a couple of servers or BitTorrent clients find out what your actual IP is. What is the big deal, I hear you ask? Granted, this is not such a significant threat for most users globally, even the most privacy-aware enthusiasts.

However, there are those among us who really need to keep their traffic protected at all times because they are constantly managing sensitive data that could endanger them if their IP or unencrypted data finds its way to a third party.

You should use a VPN with a kill switch feature if your activities belong in the following list:

  • Journalists and activists. Suppose the work you do professionally or on behalf of a cause can put you on the wrong side of the powers that be. In that case, anonymity and security are essential for your activities to succeed.
  • Peer-to-peer network users. If you use P2P networks of any kind (BitTorrent is the most common example) and want your IP masked from other users in the network, you should use a kill switch.
  • Holding confidential data. Lawyers, social workers, physicians, and other professionals who need to keep privileged information safe from online snoopers can benefit from kill switches too.

Using a VPN without a kill switch: The risks

Virtual Private Networks (VPNs) are excellent digital tools that will go a long way in keeping your online activities secure, anonymous, and private. But helpful as they are, VPNs are not infallible silver bullets. They have their limitations as any other tool. For example, even the best VPN network will experience some intermittence in the service it provides.

If your traffic hits the Internet without protection, then your traffic will hit the Internet without encryption, and your IP address will show to the world. That’s where the kill switch becomes helpful.

Of course, you can choose a VPN network without a kill switch feature. If the vendor is worth its salt, your IP address will remain masked and your traffic encrypted. But are there any risks associated with lacking a kill switch? There are some indeed:

  • You become an easy target if your VPN connection is severed. This means that any third party monitoring your connection will be able to see what you’re doing.
  • WiFi dangers. Do you like to use public WiFi hotspots in public places like cafes, hotels, airports, and train stations? Hackers love those places because the connections there are rarely secured. As a result, they have a great time collecting data from unsuspecting users who happily broadcast their information to the world. The kill switch will ensure that all the traffic in and out of your devices will remain encrypted and safe even in that unsafe environment.
  • Your IP address gives your physical position away. IP addresses can reveal a user’s physical location to a very high degree of accuracy. If somebody finds out your actual IP number, they can pinpoint your position on a map. This can be especially harmful to bloggers, journalists, or activists. If you want to ensure that your IP never leaves your device by accident, the kill switch can help.
  • Traceability. Without a VPN kill switch, any third party can trace everything you do online and build up a profile on you. This could be relatively harmless, like a corporation figuring out the best advertisers for you. But this type of big-brotherish activity can quickly escalate to more sinister purposes. The kill switch gives you peace of mind in this regard.

VPN disconnections: Why and how do they happen

Even the highly sophisticated Internet system is imperfect, and things go wrong sometimes, so even if you have the best ISP in town and hired the most fantastic VPN network, you will lose your connection at one point — not very often, hopefully.

It can be bad local weather or just some admin having a bad hair day. But you can prevent some of those situations if you know about them in advance. Therefore, what are the leading causes of VPN disconnections? Let’s see:

  • Router and firewall settings. It’s not just about physical firewalls and routers. Your antivirus or spyware software could also be interfering with your VPN connection and cutting it off more frequently than necessary. You can fix this issue in two ways. You can either disable them, or you can add your VPN to your firewall’s exceptions.
  • VPN protocol. Different VPN protocols offer different degrees of stability. For instance, TCP (Transmission Control Protocol) can be more reliable than UDP (User Datagram Protocol). So if you notice that your connection drops too often, have a look under the hood and select the most stable protocol available in your VPN network manually.
  • Weak WiFi signals. If the WiFi signal you have at hand is not strong enough to support an internet connection, you will go offline. The kill switch will detect that you’re not in the VPN anymore, so it disconnects the whole device. You can prevent this problem by configuring your WiFi router correctly to the maximal transmission power available and also your device.
  • Network congestion. Do not forget that the ethereal digital reality is anchored in a physical reality. Information packets do exist as electric or optical signals in a medium. If your local network experiences more traffic than it can manage comfortably, that could disconnect you from the VPN.
  • ISP interference. Yes, your very own ISP can interfere with your VPN connection (especially in the UAE and other countries with a hostile stance towards VPN services). The best VPN vendors, however, know how to work around this issue.
  • VPN client-server issues. The best VPN networks are extensive, with hundreds or thousands of servers scattered around the globe. So it’s no surprise that a few among those could experience issues sometimes. If this is your case, choose another server, and you’ll be good to go.

Best VPNs with a kill switch

Fortunately, there is no shortage of excellent VPN providers that offer the kill switch feature — and they’re usually among the best in the industry. But you won’t even need to search very hard for them. We have done the leg work in your stead, and here we will give you the names of three top-notch VPN providers who don’t only have a kill switch feature but are also among the best in the business.

1. NordVPN

NordVPN kill switch

NordVPN is our favorite VPN for every possible task that needs this type of service. And when it comes to kill switches, it doesn’t disappoint.

The NordVPN kill switch is on by default, and it’s extra versatile because it features both a system-level and an app-level kill switch. The feature is available for desktop and mobile environments (iOS, Android, macOS, and Windows).


2. Surfshark

Surfshark kill switch

Surfshark, the new kid on the block that’s been disrupting the VPN world for the last couple of years, has a kill switch indeed — but it’s disabled by default. Just find the “Settings” alongside the toggle on the “kill switch” button.

This switch is system-level, and it works on every primary operating system.


3. ExpressVPN

ExpressVPN kill switch

There is a kill switch in ExpressVPN, but they call it “Network Lock” instead, so don’t be fooled. It’s the same feature regardless of the name.

The switch is system-level, and it works in every primary operating system, plus Linux, which is something of a rarity but indeed welcome news for the geekiest among us.


How to test a VPN kill switch

Seeing if your VPN’s kill switch is working as it should is easy. Here’s how you do it:

  1. Launch your VPN, pick a server.
  2. Use your Internet as you regularly do.
  3. Use your firewall settings to block your VPN app, but alter nothing else.
  4. If your device is suddenly offline, then the kill switch is working correctly.

Final thoughts on VPN kill switches

While a kill switch is not the feature that makes or breaks a VPN service (that’s encryption and IP masking), there’s no doubt that it greatly enhances the protection that a good VPN can provide for you. However, accidents happen, and you should not be caught with your pants down when they do. That’s why a kill switch is something you should require from the VPN provider you choose.

The kill switch doesn’t only give you an extra security layer, but it also guarantees that your traffic will never slip by going away unencrypted or revealing your IP address. In addition, it’s a safety net against accidents (external or otherwise) so that you can always remain sure that whatever data is leaving your device is secured.

In this guide, we’ve given you three excellent VPN providers that include a kill switch feature so you can just pick one and start using it in a matter of minutes.

So whether you’re a BitTorrent enthusiast, a privacy-conscious web surfer, a financial operator, or any other kind of user, a VPN will keep you safe while it’s on, and the kill switch will keep you away from danger when it’s off.

And there’s an added advantage to the three providers we’ve chosen: their service is so reliable that it can even support HD video streams through their servers. In other words: the connections are so good that the chances that you will actually see your kill switch activated are pretty slim. Nevertheless, when it happens, it’s always better to know that your safety is protected.

So now you know all about kill switches and the worthy VPNs that offer them. Don’t hesitate. If you’re considering signing up with a VPN provider that doesn’t give you a kill switch, think again. This feature could make all the difference if push comes to shove. So choose wisely, and, above all else, stay safe!

FAQs

Share this article

About the Author

Tech researcher and writer with a passion for cybersecurity. Alex is a strong advocate of digital freedom and online privacy.

More from Ruheni

Comments

No comments.