A VPN kill switch is a feature built into some VPN apps that cuts off your internet if the connection to the VPN server drops.
A VPN routes all the internet data going to and from your phone or laptop through a server in a location of your choosing. Between your device and the VPN server, all incoming and outgoing data is encrypted.
For any number of reasons, your secure connection to the VPN server can be disrupted. Without a VPN kill switch, data would continue to flow over a direct, unencrypted connection. Even a momentary failure can reveal information that VPNs are meant to keep private, including:
- Your location
- IP address
- DNS traffic
- IP traffic
- WebRTC traffic
If a kill switch is active, it will kick in as soon as the VPN connection is no longer being used. Until the VPN connection is reestablished, no data can be transmitted over the internet, keeping your data, IP address, and location private.
When to use a VPN kill switch
We recommend enabling your VPN’s kill switch at all times if you want to maximize privacy. But here are a few situations when kill switches are particularly handy:
- Torrenting, to prevent leaking your IP address to peers in a swarm
- On public wi-fi connections that could be compromised by hackers
- On mobile, when connections frequently drop and reconnect
- When using Tor browser, to hide your Tor connection from your ISP
- If you think your connection is being spied on or monitored
In short, kill switches are a must in scenarios when even a very brief lapse in privacy is not tolerable.
What VPNs have kill switches?
Most quality VPN providers offer kill switches on at least some of their apps. Kill switches are more common on desktop than on mobile. Here’s a breakdown of some of the top VPNs and their support for kill switches on major operating systems:
Note that newer versions of Android have a built-in kill switch feature that you can enable in the operating system’s settings. Some VPNs, such as NordVPN, advise users to employ Android’s built-in kill switch instead of putting one in their apps.
Why do VPN connections fail?
VPN connections drop for a number of reasons:
- Your internet connection temporarily drops or is disrupted, perhaps due to a poor signal
- The VPN server goes down
- You change connection interfaces, such as from wi-fi to mobile data, or from LAN to wi-fi
- You change networks, such as from one wi-fi network to another
- Your firewall or antivirus settings cause your connection to drop
- The connection to the server is blocked, such as by China’s Great Firewall
- Routing issues between the user and VPN server
- The VPN app crashes
Not all kill switches are equal
We often discuss VPN kill switches in black and white terms; either a VPN has a kill switch or it doesn’t. But kill switches vary in how they work and how well they work in all of the potential disruption scenarios listed above. In some scenarios, between your VPN disconnecting and the app detecting that it did, data can leave your computer over the direct, unencrypted connection.
For example, a VPN’s kill switch might kick in if your wi-fi router goes down, but not if the VPN app crashes. A 2017 study by Comparitech found that most VPNs leak data in certain network disruption scenarios despite having kill switches. ExpressVPN and NordVPN proved to be the most leak-proof in those tests.
Most kill switches are all or nothing, meaning that all internet traffic is halted when the kill switch kicks in. But some VPN providers, such as NordVPN and Hide My Ass!, have app-specific kill switches. This allows the user to choose which apps are cut off from the internet in the event of a failed VPN connection, and which continue to use an unencrypted, direct connection.
How do I activate my VPN kill switch?
Every app is different, but you can usually enable or disable a VPN app’s kill switch somewhere in the settings. Some VPNs enable their kill switch by default while others require users to activate it.
Some VPNs have a different name for their kill switch. ExpressVPN calls its kill switch a “network lock”, while Windscribe simply calls it a firewall.
Some VPNs might have always-on kill switches that can’t be turned off.
You can turn on Android’s native kill switch by going to Settings > Wireless and networks > More > VPN. This works in Android 7 and later.
Can I make my own kill switch?
It is possible to configure a firewall to only allow internet traffic while the VPN is connected. But every server needs to be configured manually, and it’s easy to overlook certain types of data leaks or disruption scenarios. We don’t recommend configuring your own kill switch unless you’re confident in your networking skills.