A VPN kill switch is an advanced security setting designed to protect your IP address and internet activity from accidental exposure. The kill switch will automatically disconnect your device from the internet if your VPN connection drops, and reconnect it once the connection to the VPN server has been restored.
When you’re connected to a trusted VPN server, all your internet activity flowing through it is private and secure.
However, if your VPN connection drops for even a second, due to a weak WiFi signal for instance, your IP address and internet data/activity becomes visible to the web services you’re using as well as your internet service provider (ISP).
A VPN kill switch is an advanced feature, included in most reputable VPN apps, that blocks access to the internet when your connection to a VPN server fails.
By blocking web access altogether, a kill switch ensures that your IP address, geolocation, and web activity remain private.
That’s why we strongly recommend enabling your VPN’s kill switch, especially if you’re concerned about what someone can do with your IP address.
Sadly, not every VPN comes with a kill switch or has one that works properly. Its effectiveness also varies greatly based on the device, VPN protocol, and VPN service you’re using.
We’re fully independent and have been reviewing VPNs since 2016. Our advice is based on our own testing results and is unaffected by financial incentives. Learn who we are and how we test VPNs.
You should keep a kill switch on at all times to ensure your data is kept private and secure.
However, there are specific situations where a functioning kill switch is essential:
You are more vulnerable to cyberattacks when using public WiFi. On a public network it’s not clear who set it up, who else it connected to it, and if it’s being monitored.
Here are some common risks associated with public Wifi:
As many devices often connect to a public WiFi network simultaneously, these networks tend to be unstable and frequently drop connections. This unreliability can cause the VPN to disconnect, potentially exposing your sensitive data.
To protect against this, you can use a VPN optimized for public WiFi to encrypt your connection and conceal your browsing activity.
We used ExpressVPN to safely connect to our local coffee shop’s WiFi.
However, if your VPN connection fails while on a public network then you risk exposing your personal data to all the threats listed above. As such, it is vital you use a VPN with a kill switch on public WiFi.
You should always torrent while connected to a VPN to conceal your real IP address and file-sharing activity.
Without a safe torrenting VPN, your true IP address and identity will be visible to your ISP, copyright trolls, and even the content owners.
A VPN protects you when torrenting by:
A VPN kill switch is essential for torrenting or any form of file-sharing. Torrenting without a kill switch runs the risk of your real IP address being exposed, leaving you vulnerable to all of the above.
You can see the IP addresses of other peers at all times while torrenting.
If your VPN connection drops, even for a second, then your online identity will be visible to everyone in the torrent swarm.
If you’re using a VPN to bypass censorship in a restricted region, like China or Russia, it’s essential you’re not caught doing so. Since VPNs tend to be prohibited in these regions and the content you’re accessing outlawed, a faulty VPN connection and can lead to fines or even imprisonment.
Countries where VPNs are illegal or restricted.
To prevent this from happening, you should keep your kill switch on at all times. This ensures your personal data, and the fact you’re using a VPN, won’t be revealed to any government censors or monitoring third-parties.
Here’s exactly how a VPN kill switch works:
Though all kill switches broadly follow the process outlined above, exactly how they work depends on their implementation.
Most notably, VPN kill switches vary by what causes them to activate and how they are applied.
The kill switch engages when it detects a disconnection from the VPN, blocking your device’s connection to the internet. Your internet connection resumes once your VPN connection reestablishes or the VPN app is closed. This is the most common type of kill switch and is available from the vast majority of VPN services.
Your entire device is blocked from the internet once you lose connection to the VPN server. Your internet connection cannot resume until you reconnect to the VPN, even once the VPN app is closed. This is also referred to as an ‘advanced kill switch’ or ‘network kill switch’ and is only offered by a handful of VPN services, like PIA or Windscribe.
Permanent kill switches offer the greatest level of protection as disconnecting your entire device’s connection makes IP leaks far less likely.
Only pre-selected apps are disconnected from the internet in case of an unexpected VPN disconnection. The rest of your device continues to function as normal. This is the rarest type of kill switch and is only offered by select VPN services, such as NordVPN.
Application-level kill switches can be useful if you have a specific use-case for your VPN. For example, if you’re using a VPN to torrent then you may want to only block your torrenting client.
This offers greater flexibility as you can continue to browse freely while keeping your torrenting traffic safe.
You can find the option to enable a kill switch in your VPN’s settings. On Windows and macOS this generally only involves ticking a box or toggling a switch.
On Android and iOS the process is usually more complicated. Your VPN may not support a kill switch on mobile, or it may require access to your device’s settings to set one up.
Here’s a video demonstrating how to turn on a VPN kill switch. We’ve used ExpressVPN’s Windows app as an example:
ExpressVPN's kill switch is called 'Network Lock' on both desktop clients.
You can read instructions on how to turn on a kill switch for the following devices:
Enabling a kill switch is a simple process on your PC. It typically involves clicking on a checkbox, toggle, or widget within your VPN app settings and in most cases is enabled by default.
VPN services usually offer the most advanced features on Windows and this is true for kill switches, too.
For example, Private Internet Access (PIA) is equipped with two levels of kill switch on Windows. The standard kill switch operates as you would expect, disabling your PC’s internet connection as soon as your VPN drops.
You can customize PIA’s Windows kill switch.
The advanced kill switch is far stricter, preventing any traffic from leaving your device. Your computer will not reconnect to the internet, even if your VPN client is closed.
Customizable kill switches are normally only found on Windows apps, and occasionally on macOS. You won’t find this level of customization from any VPN service on mobile.
In most cases, enabling a kill switch on macOS is a straightforward process. Similar to Windows, you only need to locate the kill switch in your app settings and click on the appropriate toggle or button.
You also won’t notice much difference in the functionality of a macOS or Windows kill switch. Depending on the VPN service, the macOS kill switch may have slightly less features than the Windows equivalent.
PIA’s kill switch operates in exactly the same way as its Windows counterpart.
The difference is less noticeable with top-rated providers such as ExpressVPN, NordVPN, and PIA where the kill switch is identical on both desktop apps.
Activating a kill switch on Android can be an invasive process as the VPN may require access to your device’s permissions.
For most VPNs, their Android app does not include a kill switch and instead uses Android’s native Always-on VPN and Block connection without VPN features. These are both found within your device’s system settings.
PIA allows you to choose between an ordinary kill switch and the native Android feature.
We’ve also come across Android VPNs in our testing that include am ‘invisible’ kill switch which cannot be toggled on or off. The kill switch will automatically trigger in the event of a VPN disconnection and prevent any traffic from leaving your Android device.
ExpressVPN’s Android kill switch is an exception – you can find it within the app’s settings. Similarly, Surfshark and PrivateVPN both have kill switches that can easily be toggled on and off without redirecting you to your device’s settings.
Alternatively, some VPN services do not provide a kill switch on their Android apps at all.
Apple only implemented a native VPN kill switch feature as part of an iOS 14 update in September 2020.
This native feature is called VPN On Demand and Apple’s Platform Deployment guide explains that it allows developers to create rules for your VPN connection. This includes pre-configured instructions for your device when responding to a loss in VPN connection.
As a result, not every VPN service has adopted this new software. Some notable examples of this include CyberGhost and PrivateVPN.
If your VPN does support an iOS kill switch, you can expect it to be limited in both its function and customization.
For example, PIA does offer a kill switch on its iOS app, but the option to select the advanced tier has been removed.
PIA only offers the standard kill switch on iOS.
Alternatively, your VPN may have an iOS kill switch automatically enabled by default despite not referencing the feature anywhere on the app itself.
For example, NordVPN implements an automatic kill switch on iOS without any accompanying information.
There’s no downside to leaving a kill switch on permanently, but you may find it disruptive to your online activity.
If you play online video games you might want to use an application level kill switch. This ensures that your connection to the game won’t be severed if the kill switch activates.
Leaving a kill switch on won’t affect your device’s performance, the VPN’s effectiveness, or your internet connection speeds.
Every VPN kill switch functions differently depending on the provider and platform. You may need to manually enable the VPN kill switch or it could be active automatically.
You should always check the VPN’s settings to make sure the kill switch is enabled before connecting to a VPN server.
If you’re not sure your kill switch is on, use our kill switch testing tool to verify that your data is protected.