Most VPN companies nowadays advertise that they house a feature called a kill-switch – but what exactly is it, and what does it do?
This guide covers everything you need to know about this piece of technology and tackles a couple of related issues, too.
What is a VPN kill-switch?
When you're using a VPN, all of your traffic is encrypted using an encryption protocol. Most VPNs nowadays use the AES-256 bit encryption standard, which is also the scrambler of choice for classified US government information. Any traffic going from your device to the VPN server, and then from the VPN server to the internet, is protected by encryption.
However, as soon as your VPN connection drops, your data will no longer be encrypted because it won't be traveling down the VPN tunnel featured in the diagram above. This means that anyone watching your activity – be that your ISP, a hacker, etc – will now be able to see what you've been looking at with the VPN. Things that could be exposed include:
- Your IP address
- Your location at the time the connection dropped
- WebRTC traffic from your device
- DNS traffic
To avoid this problem, VPN providers invented the 'kill-switch'. A kill-switch cuts your entire internet connection if the VPN connection you're using drops. It effectively creates a situation where you can never be connected to the internet if you're not connected through a VPN server first.
Why are they important?
Kill-switches have a number of different uses, but they're especially vital for someone in a country with a government that bans VPNs or doesn't take too kindly to them. A government could, for example, monitor all VPN traffic (even though it wouldn't be able to see who's producing it) and if your connection dropped, you'd be exposed – which could have serious ramifications.
However, a kill-switch would come in handy for just about anyone using public Wi-Fi regularly. Public Wi-Fi spots are extremely insecure (largely on account of them lacking password protection) and hackers regularly use them to gain access to people's data. If you're using a public Wi-Fi in a cafe, shop, or on a train, a kill-switch will ensure there's never a moment you're not connected to a VPN.
You might also want to use a kill-switch whilst torrenting, to prevent IP leaks, or during other activities where you think your traffic might be being watched. Mobile VPN users also benefit from the protection of a kill-switch when their phones are hopping between different internet connections (Wi-Fi, 4G, etc) that regularly drop off. Check out our Android VPN or iOS VPN pages for more information.
Why do VPN connections occasionally drop?
Being able to use a VPN to unblock your favorite streaming services – or, more importantly, for those living in oppressive regimes, websites censored by the government in your region – is certainly useful. But sometimes, the connection just drops and you have to deal with it – but why does it do this?
On the VPN side of things, you might have a broken server – or one that needs an upgrade or update – that's causing the connection to drop. The VPN and its servers could also be at fault if you're experiencing any sort of routing problem. It could also be the fault of a faulty or unstable protocol.
From an end-user perspective, it could also quite easily be your own, poor Wi-Fi connection. It might be due to a firewall or even a competing VPN that's contained within an antivirus or security program you have on your computer. It may also happen when you switch from 4G to Wi-Fi or if the app itself force-closes, breaks, or crashes.
Which VPNs have reliable networks?
In terms of reliability, look no further than ExpressVPN. It's one of the best-kept networks out there and has all the security features attached that you'll need whilst using a VPN. However, I'd also recommend VyprVPN, that have more control than anyone else in the game over their network. Surfshark, NordVPN, and Private Internet Access also have top-class networks.
Kill-switch guide: which providers and which OS?
Here, we'll go through exactly which providers have kill-switches and which ones don't, as well as the operating systems they work on.
Provider | Mac OS? | Windows? | iPhone? | Android? | Linux? |
ExpressVPN | Yes | Yes | Yes* | Yes* | Yes |
NordVPN | Yes | Yes | Yes* | Yes* | Yes |
CyberGhost | Yes | Yes | Yes | Yes | No |
Private Internet Access | Yes | Yes | Yes | Yes | Yes |
Surfshark | Yes | Yes | Yes | Yes | Yes |
Ivacy | No | Yes | No | Yes | No |
Hotspot Shield | Yes | Yes | Yes | Yes | No |
VyprVPN | Yes | Yes | No | Yes | No |
IPVanish | Yes | Yes | No | Yes | No |
HMA | Yes | Yes | No | Yes | No |
Windscribe | Yes** | Yes** | No | No | No |
PrivateVPN | Yes | Yes | Yes | Yes | Yes |
PureVPN | Yes | Yes | No | Yes | Yes |
Hide.me | Yes | Yes | No | No | No |
StrongVPN | Yes | Yes | No | No | No |
Proton VPN | Yes | Yes | Yes | Yes* | Yes |
*System-level VPN kill-switches, meaning you can toggle the kill-switch in your phone settings. ExpressVPN and NordVPN integrate perfectly with your system-level kill-switches.
**Windscribe's automatic kill-switch is described by the client as a 'firewall' but does the same thing.
How to turn on a kill-switch
Before you start, make you're sure your provider specifies that they provide customers with a kill-switch on the devices you're using – you may have a VPN with an automatic kill-switch, in which case it won't appear as a setting, or your provider might not make one available for your OS.
If you're sure there is one then, make sure you're not getting the name confused. There's an awful lot of VPNs nowadays that like to name their kill-switch something fancy (ExpressVPN's is called 'network lock', for example), whilst others, like Windscribe, say they have a 'firewall'. PrivateVPN's is called 'Connection Guard'. So if you can't find it, it might just be called by a different name.
VPN apps vary widely in terms of both design and usability, so where the setting that lets you turn on a kill-switch is located is going to be different in each one. It's usually either in 'settings' or sometimes 'advanced settings' however. Plus, most top-tier VPNs have easy-to-use interfaces and help pages that can show you where to navigate to find it. If in doubt, visit the provider's website!
A baseline security feature
Kill-switches are, for all intents and purposes, a baseline VPN security feature in 2024. If a VPN you're thinking of purchasing offers absolutely no kill-switches for any device operating system, I'd approach it with extreme suspicion. Other features that, if absent, you should be worried about include:
- AES-256 bit encryption
- A commitment to keeping zero logs
- Support for the OpenVPN protocol
Although VPNs are full of different features, there are a few that, if not present, should ring some alarm bells. Another feature that not all VPNs have (looking at you, CyberGhost) but is becoming increasingly popular is obfuscated servers.