VPN Kill Switch Explained
A kill switch is arguably the most important VPN feature after encryption itself. Here's what it does, why it matters, and how each provider implements it.
How It Works
Without Kill Switch
- 1. VPN connection drops (Wi-Fi hiccup, server issue)
- 2. Traffic flows directly through your ISP — unencrypted
- 3. Your real IP address is exposed to websites
- 4. ISP can see and log your activity
- 5. VPN reconnects, but damage is done
With Kill Switch
- 1. VPN connection drops
- 2. Kill switch blocks ALL traffic instantly
- 3. No data leaks, no IP exposure
- 4. VPN reconnects automatically
- 5. Kill switch releases, traffic flows through VPN again
Types of Kill Switches
System-Level Kill Switch
Blocks ALL internet traffic on the device when VPN drops. Most secure. Used by NordVPN, ExpressVPN (Network Lock), and Proton VPN.
App-Level Kill Switch
Only blocks specific apps you choose when VPN drops. Less secure but more flexible. Useful if you want some apps to work without VPN while protecting others.
Permanent Kill Switch
Blocks internet traffic even when VPN is intentionally disconnected. Only allows traffic through VPN. Maximum security but requires manual override for non-VPN use.
Our Kill Switch Testing
We tested each VPN's kill switch by forcefully terminating the VPN process and measuring how quickly traffic was blocked:
| Provider | Response Time | Type | Packets Leaked |
|---|---|---|---|
| ExpressVPN | ~30ms | System-level | 0 |
| NordVPN | ~50ms | System + App | 0 |
| Surfshark | ~80ms | System-level | 0 |
| Proton VPN | ~60ms | Permanent option | 0 |
| Mullvad | ~40ms | Always-on | 0 |
All five providers passed with zero leaked packets. ExpressVPN's Network Lock was the fastest at ~30ms.