Why You Need a Kill Switch on a VPN
February 13, 2019 - Written by Daniel OKeeffe
A kill switch is an important feature that all good VPN providers provide. They are designed to prevent the connection from accidental exposure and to shut down (i.e “kill”) essential services when a network is being hacked or compromised in some fashion.
A kill switch is a vital component for modern VPN’s as the cybercrime syndicates get more innovative at infiltrating individual computers and larger networks. Along with a no log policy, a kill switch is the most important component that a VPN provider can offer.
What is a Kill Switch?
A kill switch is sometimes referred to as internet kill switch and provide an additional layer of protection. In the event that a VPN connection might fail, for whatever reason, the kill switch makes sure that the true IP address is not revealed. It kills the internet connection when the network is being compromised, preventing any data from being sent over the exposed connection.
In many ways, it is quite simple to understand. When the VPN connection fails the kill switch kicks in and prevents any vulnerable data from being sent. A kill switch may activate when switching VPN servers, but not always.
The kill switch feature will be written into the software of the provider that you subscribe to. It constantly monitors the internet connection for changes in IP address. If there is any change to the IP address assigned by the VPN provider, then it will shut down internet access using administrator privileges. Because it reacts instantaneously, it offers additional advantages.
It is best to look for a provider that explicitly states that they have a kill switch. If they don’t mention it, the most likely do not have one. Many of the top VPN’s such as Nord VPN, Express VPN, and Private Internet Access, have kill switch technology implemented. These providers also have 99.99% uptime without interruptions.
Total VPN and Buffered do not offer kill switch technology, though they are generally well-regarded. Be wary of companies that share servers, as they can have much less reliability. The three primary reasons for a dropped connection are:
- Firewall/router/anti-virus settings
- Choice of VPN Protocol
- Network Congestion
Why You Need One.
In the event that the VPN server goes down, your connection could be exposed. Your computer will then proceed to connect to the internet in the traditional manner, without the VPN acting as an intermediary that changes the IP address and encrypts messages.
Without the kill switch feature, you are at increased exposure to hackers looking at your data. While VPNs are often used to navigate around geo-blocks, their primary purpose is to change the IP address. Without a kill switch, this core purpose is compromised.
It is important to understand that there is usually no alert or warning when the VPN server goes down. People connect securely to their VPN and the connection can be severed in the middle of a browsing session. Without the kill switch feature, there is no way of knowing what is happening. This known as a “dropped” connection and the device connects to the internet without any encryption and with the public IP address.
With the kill switch, no traffic is sent when the connection drops, and the user is alerted to the fact that the connection has dropped. This means that the user can simply reconnect to the VPN again so that all communications are secured.
The reliability of VPN servers will depend on the particular provider. Practically all providers claim to have the fastest speeds and the lowest dropped connections. VPN providers can only provide security when the software comes with a kill switch. There is no way to guarantee 100% that the connection won’t drop at some stage, resulting in vulnerable data being exposed to government entities, ISP’s, and individual hackers.
Whether you are an activist, a torrent downloader, a remote worker, or just a regular individual who wants to protect your data, a kill switch is a necessity. It is most important for torrent downloaders who need to remain connected for a long time to download a file, meaning they are more exposed than others.
Different Kinds of Kill Switch
There are two primary kinds of kill switch – application and system. The system-level kill switch is the most popular. With this kind of kill switch, the entire connection is completely blocked off in the event of a dropped connection. Traffic will only be sent when the VPN connection is restored or the network adapter is reset.
The application level kill switch is a little more sophisticated, as it allows users to block or allow specific applications in the event of a dropped connection or an IP address change. They are sometimes referred to as “app killers”.
For most users, it is much easier to have a system level kill switch. Express VPN has a has a system level kill switch known as “Network Lock” which is automatically applied upon connection. It also offers split tunneling, where customers can choose for certain applications to use the VPN while others to connect without going through the VPN.
VyprVPN offers either a system or application level kill switch that users have to manually select. Nord VPN offers application-level kill switch technology for its desktop users and system level for its mobile users. This kill switch is enabled by default, though it can be switch off in the settings.
The Importance of the Kill Switch
A kill switch is a vital feature for modern VPN’s. A provider that is well known with a kill switch feature and 99.9% uptime is very, very secure (once the no logging policies are adhered to). In an increasing era of cybercrime proliferation, the kill switch is pivotal to online security.
Choosing a VPN provider without a kill switch undermines the purpose of purchasing a VPN in the first place. People who are interested in VPNs will be interested in kill switch features, for the same reasons – privacy and encryption of online data.
If you are tech savvy, it might be a good idea to check that your kill switch is working effectively. There are a variety of ways to do this (virtual network, router with VPN client, firewall block etc), and it never hurts to double check. If all traffic is not blocked upon disconnect, contact your provider and demand an immediate refund or resolution.