What is a kill switch and when is it needed?
A kill switch is a security feature that protects your privacy. It ensures that you won't connect to the internet thinking you are protected by a VPN when, in fact, you are not. While using a private network (VPN), your device connects to a VPN server and creates an encrypted connection between your device and this server. This means that your internet service provider (ISP) cannot see what you are doing online (only that you are connected to a VPN server), and no one on the internet (such as websites and P2P peers) can see your real IP address (only the one that belongs to the VPN server). However, if your VPN connection is interrupted for any reason, your internet service provider will be able to see any of your internet connections, as well as websites or any other network participants. They will be able to identify you by your unique internet protocol (IP address). To prevent this, the kill switch feature was created. If you unexpectedly disconnect from the VPN server, the kill switch blocks all external network traffic to and from your device until the VPN connection is restored or you manually disable the kill switch.
Who needs a kill switch?
This feature ensures that you will never use an unprotected internet connection in the event of a sudden VPN disconnection. This makes it a valuable privacy and security tool for activists, journalists, and anyone for whom heightened security online is critical. During normal internet surfing, your real IP address usually becomes visible only when you actively click on a link or enter a URL. However, this does not apply to users of P2P downloads, who often leave their active connections to P2P peers unattended for extended periods. This makes the use of a kill switch especially important for those engaged in torrenting.
How does a kill switch work?
There are two main types of kill switches:
Reactive
A reactive kill switch monitors your device's internet connection to ensure it is connected to a VPN server. If it detects a disconnection, it disables the internet connection. The reactive kill switch is not as popular among IT professionals for two reasons: 1. There is an inevitable delay between the moment the VPN connection is interrupted, the kill switch detects this interruption, and the subsequent disconnection of the internet connection. This delay can be just a few milliseconds, but it is enough for your real IP address to be exposed on the internet. 2. A reactive kill switch usually cannot detect connections that your operating system makes outside of the VPN interface. For example, it may monitor your IPv4 connection to ensure the VPN connection is active, while at the same time, it does not see that your device is connecting to a server via IPv6, thereby exposing your IPv6 address.
Systemic
A systemic kill switch uses firewall rules and other platform-specific mechanisms to ensure that no traffic can enter or exit your device outside of the VPN interface. On Windows, most kill switches utilize the Windows Filtering Platform, whereas Android 8.0+ has a built-in Always-On VPN & Kill Switch feature. macOS and iOS devices have their own mechanisms, but they come with limitations. A properly configured systemic kill switch makes it impossible to connect to the internet without an active VPN connection. Since no connections can enter or exit your device outside its VPN interface, if the VPN is not active, then no connections are possible. The systemic kill switch is passive and therefore much more reliable than the reactive one. There's no need to detect whether the VPN connection is working, so there's no need to disconnect the internet connection. If the VPN connection is not active, then an internet connection will simply be impossible. This means that nothing leaks during the connection process and when switching between VPN servers.