ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

What is a VPN kill-switch and how do they work?

Most VPN companies nowadays advertise that they house a feature called a kill-switch – but what exactly is it, and what does it do?

This guide covers everything you need to know about this piece of technology and tackles a couple of related issues, too. 


What is a VPN kill-switch?

When you're using a VPN, all of your traffic is encrypted using an encryption protocol. Most VPNs nowadays use the AES-256 bit encryption standard, which is also the scrambler of choice for classified US government information. Any traffic going from your device to the VPN server, and then from the VPN server to the internet, is protected by encryption. 

diagram showing how a VPN works

However, as soon as your VPN connection drops, your data will no longer be encrypted because it won't be traveling down the VPN tunnel featured in the diagram above. This means that anyone watching your activity – be that your ISP, a hacker, etc – will now be able to see what you've been looking at with the VPN. Things that could be exposed include:

  • Your IP address 
  • Your location at the time the connection dropped
  • WebRTC traffic from your device
  • DNS traffic

To avoid this problem, VPN providers invented the 'kill-switch'. A kill-switch cuts your entire internet connection if the VPN connection you're using drops. It effectively creates a situation where you can never be connected to the internet if you're not connected through a VPN server first. 

Why are they important?

Kill-switches have a number of different uses, but they're especially vital for someone in a country with a government that bans VPNs or doesn't take too kindly to them. A government could, for example, monitor all VPN traffic (even though it wouldn't be able to see who's producing it) and if your connection dropped, you'd be exposed – which could have serious ramifications. 

However, a kill-switch would come in handy for just about anyone using public Wi-Fi regularly. Public Wi-Fi spots are extremely insecure (largely on account of them lacking password protection) and hackers regularly use them to gain access to people's data. If you're using a public Wi-Fi in a cafe, shop, or on a train, a kill-switch will ensure there's never a moment you're not connected to a VPN.

You might also want to use a kill-switch whilst torrenting, to prevent IP leaks, or during other activities where you think your traffic might be being watched. Mobile VPN users also benefit from the protection of a kill-switch when their phones are hopping between different internet connections (Wi-Fi, 4G, etc) that regularly drop off. Check out our Android VPN or iOS VPN pages for more information.

Why do VPN connections occasionally drop?

Being able to use a VPN to unblock your favorite streaming services – or, more importantly, for those living in oppressive regimes, websites censored by the government in your region – is certainly useful. But sometimes, the connection just drops and you have to deal with it – but why does it do this?

On the VPN side of things, you might have a broken server – or one that needs an upgrade or update – that's causing the connection to drop. The VPN and its servers could also be at fault if you're experiencing any sort of routing problem. It could also be the fault of a faulty or unstable protocol. 

From an end-user perspective, it could also quite easily be your own, poor Wi-Fi connection. It might be due to a firewall or even a competing VPN that's contained within an antivirus or security program you have on your computer. It may also happen when you switch from 4G to Wi-Fi or if the app itself force-closes, breaks, or crashes. 

Which VPNs have reliable networks?

In terms of reliability, look no further than ExpressVPN. It's one of the best-kept networks out there and has all the security features attached that you'll need whilst using a VPN. However, I'd also recommend VyprVPN, that have more control than anyone else in the game over their network. Surfshark, NordVPN, and Private Internet Access also have top-class networks.

Kill-switch guide: which providers and which OS?

Here, we'll go through exactly which providers have kill-switches and which ones don't, as well as the operating systems they work on. 

Provider  Mac OS?  Windows? iPhone?  Android? Linux?
ExpressVPN Yes Yes No No Yes
NordVPN Yes No* Yes Yes Yes
CyberGhost  Yes Yes Yes Yes No
Private Internet Access Yes Yes Yes Yes Yes
Surfshark  Yes Yes Yes Yes Yes
Ivacy  No Yes No Yes No
Hotspot Shield  Yes Yes Yes Yes No
VyprVPN Yes Yes No Yes No
IPVanish  Yes Yes No Yes No 
HMA  Yes Yes No Yes No
Windscribe  Yes** Yes** No No No
PrivateVPN No Yes No No No
PureVPN Yes Yes No  Yes Yes Yes Yes No No No
StrongVPN Yes Yes No No No
ProtonVPN Yes Yes Yes No*** Yes
*NordVPN has an alternative method for Windows users that achieves a similar effect. 
**Windscribe's automatic kill-switch is described by the client as a 'firewall' but does the same thing. 
***ProtonVPN has a tool for Android that achieves the same effect. 

How to turn on a kill-switch

Before you start, make you're sure your provider specifies that they provide customers with a kill-switch on the devices you're using – you may have a VPN with an automatic kill-switch, in which case it won't appear as a setting, or your provider might not make one available for your OS. 

If you're sure there is one then, make sure you're not getting the name confused. There's an awful lot of VPNs nowadays that like to name their kill-switch something fancy (ExpressVPN's is called 'network lock', for example), whilst others, like Windscribe, say they have a 'firewall'. PrivateVPN's is called 'Connection Guard'. So if you can't find it, it might just be called by a different name. 

VPN apps vary widely in terms of both design and usability, so where the setting that lets you turn on a kill-switch is located is going to be different in each one. It's usually either in 'settings' or sometimes 'advanced settings' however. Plus, most top-tier VPNs have easy-to-use interfaces and help pages that can show you where to navigate to find it. If in doubt, visit the provider's website! 

A baseline security feature

Kill-switches are, for all intents and purposes, a baseline VPN security feature in 2023. If a VPN you're thinking of purchasing offers absolutely no kill-switches for any device operating system, I'd approach it with extreme suspicion. Other features that, if absent, you should be worried about include:

Although VPNs are full of different features, there are a few that, if not present, should ring some alarm bells. Another feature that not all VPNs have (looking at you, CyberGhost) but is becoming increasingly popular is obfuscated servers. 

Written by: Aaron Drapkin

After graduating with a philosophy degree from the University of Bristol in 2018, Aaron became a researcher at news digest magazine The Week following a year as editor of satirical website The Whip. Freelancing alongside these roles, his work has appeared in publications such as Vice, Metro, Tablet and New Internationalist, as well as The Week's online edition.


There are no comments yet.

Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service