If you’ve ever gone wading through your VPN’s settings, you’ve probably come across an ominously named feature called a VPN kill switch. With a name like that, you’d expect to hear police sirens as soon as you activate it — but don’t worry. The kill switch feature actually works to protect you.
A kill switch is one of the most important security features in a VPN’s repertoire, severing your internet connection in an emergency.
- VPN kill switches are a central piece of any VPN service, since they reinforce the basic use of a VPN — hiding your identity online.
- They work by severing your internet connection when they detect your device has lost contact with the VPN server.
- A VPN kill switch is a lifesaver in risky situations, where losing your VPN connection, even for a short while, can be disastrous.
In this article, we’ll explain what a kill switch does, how it works and what it’s used for. We also suggest some great VPNs with kill switches, including our top choice, ExpressVPN.
A VPN kill switch is an essential VPN security feature that disconnects you from the internet as soon as you lose contact with the VPN server. This prevents any periods of unprotected traffic.
Yes, your VPN kill switch should always be on. The minor inconvenience of losing your internet connection for a few seconds isn’t worth the risk of an unprotected network.
All you need to do is find the option in your VPN settings and switch it on.
How Does a VPN Kill Switch Work?
Kill switches can work in several ways. Most often, a kill switch will turn off your internet connection if your VPN app loses its connection to the VPN’s servers. Remember, if your device isn’t communicating to a VPN server, it defaults to using your ISP’s DNS servers, which means your traffic is no longer private and protected.
That’s the broad-strokes version, at least. A kill switch can work on several levels, depending on how much usability you’re willing to trade for security. We’ll go into all that in the next section, but first let’s go over what might cause your VPN connection to drop.
Causes of VPN Connection Drops
A VPN app communicates to the VPN server by exchanging encrypted data packets. If those packets become blocked or get lost on the way, your VPN will disconnect.
The reasons this could happen are numerous. There could be too much traffic on your connection (think of all the devices using your WiFi at the same time), so the VPN’s packets get lost in the shuffle. Slow connections will see more packet loss for this reason.
A faulty router or a loose router cable could also cause the VPN connection to drop. Or sometimes your internet will just decide to act up for no good reason.
If you’re using your VPN on a mobile device, such as a smartphone, anything that can cause your signal to weaken or fail will also cause VPN connection drops. This includes things like driving through a tunnel or going into an elevator, as well as interference from too many nearby devices.
Types of VPN Kill Switches
We already mentioned a VPN kill switch can work on multiple levels. Let’s take a look at what those are.
1. System-Level Kill Switch (Internet Kill Switch)
This is the standard type of kill switch. If your VPN connection goes down, it takes your internet connection down with it, kind of like the Terminator in the molten steel scene. But don’t worry, also like the Terminator, your internet connection will be back as soon as your VPN connection can be reestablished. For example, this is the way ExpressVPN’s kill switch works.
Some system-level kill switches will also prevent you from connecting to the internet if the VPN isn’t active. This can be frustrating because it means you have to set your VPN to automatically connect at system startup or it won’t connect to the internet.
Another downside of this kind of kill switch feature is it makes it hard to use the web without a VPN. You have to connect to the VPN, then manually disable the kill switch, then disconnect from the VPN. Only then can you browse the web without a VPN.
We don’t recommend browsing unprotected, though. Instead, you can use split-tunneling for apps that can’t work over a VPN connection.
2. App-Level Kill Switch
As its name suggests, an app-level kill switch does the same as the system-level kill switch but for individual apps. For example, if you’re torrenting a file and don’t want to get caught, you can tell your VPN to shut down your torrent client if the VPN connection falters. The kill switch might also prevent you from reopening that app until the VPN connection is back. NordVPN is one service that lets you do that.
Why Should You Use a VPN Kill Switch?
The kill switch is a crucial feature for a VPN. To explain why, we need to look at what a VPN does. A VPN uses an internet connection to reroute your traffic through its own servers. Without a VPN, your DNS requests (requests that let you access a website) go through your ISP’s servers. With a VPN, those requests go through your VPN’s servers instead.
This makes it so your ISP — or anyone else, for that matter — can’t see what you’re doing online. Your online activity will appear to be coming from the same IP address as the thousands of other users on the VPN server you’re connected to. This effectively hides your real IP address, and without it, no one can connect your online activity to your person.
However, if the VPN connection stops working, your DNS requests will default back to your ISP, and your IP address will be exposed. A kill switch prevents this from happening by disconnecting you from the internet the moment your device loses contact with the VPN server.
Risks of Using a VPN Without a Kill Switch
“So what?” we hear you say. “I’m not doing anything illegal, I have nothing to hide.” Well, neither did thousands of others who got their private information leaked or sold because they didn’t protect their traffic.
Let’s look at what you risk by not using the kill switch feature with your VPN.
1. Your device being hacked
This is a very real concern when using a public WiFi network. If you’re connecting to, say, the WiFi at your Starbucks, you should always be suspicious of the person wearing the black hat in the corner who’s typing away and sipping a pumpkin spice latte. They could be trying to get into a device on the network and steal sensitive data, like credit card information.
A VPN will prevent them from accessing your device’s web traffic because the first point of contact for them will be the VPN server, not your smartphone or laptop.
2. Your IP address leaking
This is a no-brainer. As soon as the VPN disconnects, your IP address is out there for the world to see. Your IP address alone might not be enough to identify you, but you’d be surprised at how little data someone online needs to profile you, especially marketers, which brings us to our next point.
3. Becoming a target for ads and misinformation
A real-world example of this is the data from the Cambridge Analytica scandal. Using shockingly few details — mostly involving Facebook “likes” — the analyst group created targeting profiles that helped politicians feed Facebook users misinformation, heavily influencing the 2016 U.S. election.
However, Facebook isn’t the only place where you get targeted without your knowledge. Nearly every website you use and every app on your phone has ads and promoted posts. These ads can do harmful things, from swaying your political opinion with fake news to outing you as gay. A VPN’s IP address can’t be targeted by ads, which can help you avoid them.
4. Getting swatted
“Swatting” refers to someone making a false call to authorities to have them dispatch a SWAT team to a person’s house. This happens frequently to gamers who anger the wrong person and even innocent people who happen to have the wrong Twitter handle. These calls sometimes result in people getting killed.
Your IP address carries information, such as your approximate location. Although it’s usually not enough to reveal your address, the person making the SWAT call could wager a guess and give your address to the police, but getting the address wrong could lead to someone else being hurt, too. This is why it’s important to keep your IP address private by making sure your VPN connection is always on.
These are just a few examples of what could happen to you. The risk might be low, but it’s better to be on the safe side and keep your kill switch active.
How Do You Test a VPN Kill Switch?
You can’t really test a VPN kill switch, but you’ll definitely know if it works. No VPN can keep a connection online 100% of the time, and when it disconnects, you’ll see a network drop. If you use the VPN for a day or two, it’s pretty much bound to trip the kill switch.
The Best VPNs With a Kill Switch
Most VPNs have a kill switch nowadays, but in case you need a recommendation, here are a few notable examples.
ExpressVPN is the Superman of VPNs. It has a kill switch — called “network lock” — that works at the system level for maximum protection, but the real highlight is its speed. Using its own open-source Lightway protocol, the VPN achieves faster speeds than nearly every other VPN, and it does so while keeping you secure.
It’s a bit expensive — its annual plan helps cut costs — but its 30-day money-back guarantee should help assuage worries about subscribing long-term. Learn more about the service in our ExpressVPN review.
Always the bridesmaid, never the bride, NordVPN is the perpetual runner-up to ExpressVPN for almost any purpose, except for torrenting. Its intuitive user interface makes it easy to connect to the country you want, and it has system-wide and app-level kill switches.
However, a blunder in its past regarding its servers keeps it from the top spot. It used to be inconsistent over longer distances, but its new NordLynx VPN protocol all but eliminates that inconsistency. Having to manually switch the protocol can be a hassle, though.
Thankfully, NordVPN is cheaper than ExpressVPN by about half on the two-year plan and also has a 30-day refund period. Learn more about the service in our NordVPN review.
Windscribe is our favorite free VPN for its dedication to the security and privacy of its users (and it’s pretty smug about it, too). The best part of Windscribe is its free plan. It comes with 10GB of data per month, which should be enough for some light browsing. Its paid plans aren’t the cheapest, but we wouldn’t call them expensive.
Its kill switch — called “firewall” — deserves mention because it prevents your device from communicating over the internet altogether without going through the VPN tunnel.
It does this using the OS’s firewall to avoid detection during the potential downtime between the VPN connection dropping and the drop being discovered. Your computer won’t have to disconnect from the internet, since it can’t send or receive anything anyway. Learn more about the service in our Windscribe review.
Final Thoughts: VPN Kill Switches
Contrary to its name, a VPN kill switch can save your hide when you’re browsing online. It’s a must-have for any VPN worth its salt, and it’s a feature you need to keep always active. We hope you now have a better grasp of what VPN kill switches do and how they work.
Does the VPN you use have a kill switch? Do you keep it on at all times or risk the vulnerability that comes with periodic network drops? Let us know in the comments, and as always, thanks for reading.