X

VPN Kill Switch: What Is It and Should You Enable It?

A kill switch is an essential privacy feature. Make sure you're using a VPN that has one.

attila-tomaschek.png
attila-tomaschek.png
Attila Tomaschek
Attila is a Staff Writer for CNET, covering software, apps and services with a focus on virtual private networks. He is an advocate for digital privacy and has been quoted in online publications like Computer Weekly, The Guardian, BBC News, HuffPost, Wired and TechRepublic. When not tapping away on his laptop, Attila enjoys spending time with his family, reading and collecting guitars.
Expertise Attila has nearly a decade's worth of experience with VPNs and has been covering them for CNET since 2021. As CNET's VPN expert, Attila rigorously tests VPNs and offers readers advice on how they can use the technology to protect their privacy online and
Attila Tomaschek
5 min read
VPN service on a laptop

You need to dump your VPN provider if it doesn't offer a kill switch. Otherwise, you're putting your privacy at risk.

Sarah Tew/CNET

If your virtual private network doesn't have a kill switch, you need to switch to a VPN that does. A kill switch is an essential VPN privacy feature that instantly disables your internet if your encrypted VPN connection drops out for any reason. This prevents your online activity from being exposed outside the VPN tunnel, which is important because that exposure can be dangerous in many situations.

VPN routes your internet traffic through an encrypted tunnel to a secure server in a location of your choosing. During this process, your visible IP address is changed to the IP address of the server you're connecting through. In addition to allowing you to access geographically restricted content, the VPN connection conceals your true IP address and your internet traffic from your ISP, government entities, cybercriminals and others who may want to snoop on you online. So if your VPN connection suddenly drops and there's no kill switch to act as a safety net to protect your data, you may as well not have a VPN at all.

Here's what to know about how a VPN kill switch works, why you need one and how to make sure your VPN's kill switch is working properly. 

Read more: The Best VPN Services

Why do VPN disconnections happen?

No piece of technology is perfect, and even the best VPNs can have their connections drop from time to time. A VPN disconnection can happen for a number of reasons, including:

  • You're on a Wi-Fi connection that's weak or overloaded -- like a public Wi-Fi hotspot at a cafe, hotel or airport.
  • You switch to a different Wi-Fi network or switch from Wi-Fi to mobile data.
  • Your computer goes to sleep.
  • An antivirus program or firewall on your computer is interfering with your VPN connection (be sure to whitelist your VPN software in this case).
  • You jump from one VPN server to another... or if you rapidly jump servers and exceed your VPN provider's simultaneous connection limit.
  • You're using the OpenVPN UDP protocol, which is less stable than the TCP protocol (switch to TCP if you notice your VPN dropping).
  • The VPN server you're connecting to goes down.
  • Your VPN app crashes.

What happens if your VPN disconnects without a kill switch?

If your VPN disconnects, and you don't have a kill switch enabled, your internet connection will stay active, your true IP address will be exposed and your web traffic from the moment of disconnection will continue unencrypted. This could expose your online activity and compromise any sensitive personal data you may have been accessing while connected to the VPN, in addition to revealing your true location (based on your IP address).

This can be a headache if you're using a VPN to access geographically restricted content, but it can be downright dangerous if you're a dissident, activist, journalist, attorney, physician or anyone else using a VPN for critical privacy needs. Using a VPN without a kill switch is also risky for anyone in a region with strict government control over and censorship of the internet. 

Read more: How We Test VPNs

How does a VPN kill switch work?

When enabled, your VPN kill switch constantly monitors your VPN connection and scans for changes in your IP address or the status of your network. The kill switch will immediately engage and block access to the internet whenever it detects a change in the status of either. When you reconnect to a VPN server or the VPN tunnel automatically reestablishes itself, the kill switch will allow your internet to reconnect and will continue to monitor your VPN connection.

There are two different types of VPN kill switches: ones that work on an application level and others that work on a system level. 

An application-level VPN kill switch allows you to choose specific applications on your device to kill in the event of a VPN disconnection. While certain applications will be blocked, any others connected that you didn't designate to be killed will remain connected and could potentially put you at risk. An application-level kill switch gives you a certain amount of flexibility, but you'll need to be mindful of what apps you do or do not choose to include. A system-level kill switch is a more secure option overall because it kills all network traffic on your device system-wide whenever it detects that the VPN tunnel has failed.

Some VPNs like NordVPN offer both an application-level and a system-level kill switch, while others like ExpressVPN only offer a system-level kill switch. ExpressVPN's Network Lock kill switch is enabled automatically, but not all VPNs with a kill switch have them enabled by default. If your VPN's kill switch isn't enabled by default, you can go to the settings section of your VPN client and activate it there. 

How to test your VPN kill switch

To test your VPN kill switch, you'll first need to ensure your regular internet connection is working properly. Once you've confirmed your internet is working, connect to your VPN and enable the kill switch if not already enabled. Then, you can either disconnect from the VPN server or simulate a VPN failure by doing something like manually killing then reestablishing your network connection, closing then reopening your laptop, or activating and then deactivating airplane mode on your mobile device. If you notice that you've lost access to the internet or the apps you've flagged with your application-level kill switch have been closed, then your kill switch is working properly.

Alternatively, you can use an automatic page refreshing website like PageRefresher and add the following into the appropriate field: http://ip-api.com/csv 

Then, set the page refresh time to one second. With your VPN disconnected, click Start and make note of your regular IP address that's displayed in the new window that pops up. Then, connect to your VPN (preferably to a server in another country) and click Start again. You should then see the IP address and location of the VPN server you're connecting through. Now, simulate a VPN disconnection and pay attention to what's happening in the page refresher window. If you see a "no internet" error message or something similar, your VPN kill switch is working as it should.

For more VPN advice, check out CNET's coverage on how to speed up your VPN connection, VPN red flags to look out for and what to know about VPN trackers