The KillSwitch is actually one of the best tools available to users concerned with online privacy.
If the VPN connection suddenly fails, a killswitch automatically stops all internet traffic until the user can properly reconnect to the VPN server.
Without this system in place, the network traffic would have to go through the ISP (internet service provider). This means the user’s IP address and the entirety of their network traffic would be exposed, as if they didn’t have a VPN in the first place.
Most users won’t need such levels of security.
But for those who are majorly concerned about their security – for example, journalists looking to uncover government corruption or other crimes – this feature is essential.
When Does a Killswitch Activate?
This feature can be turned on or off according to each user’s preference. In general, it is recommended to keep it on, otherwise, there will be times when the network traffic is routed through the ISP, causing a privacy leak. The killswitch can activate in the following cases:
- When the VPN server has connectivity issues and disconnects the user.
- The killswitch option is persistent – so when a user decides to switch server countries, it also goes into effect.
- In case of an unreliable network connection (such as Wi-Fi with poor signal), this function will not allow the connection to resume through the ISP-assigned IP address.
How Does a VPN Killswitch Work?
An example of a killswitch mechanism is one based on firewall rules. A firewall is tasked with blocking unauthorized connections to the system, although exceptions can be added to the firewall rules so that users may still access a majority of trusted services.
The killswitch makes use of this functionality to route all network traffic through the VPN “tunnel”. It also blocks all connections when there is no network connectivity – thus removing the risk of traffic going through the ISP-assigned IP address and exposing one’s online identity.
These are the steps of such a mechanism:
- Before connecting to the VPN, the current firewall rules are backed up.
- All outgoing network connections are then disabled.
- The following exceptions are added as firewall rules: the local tunnel IP (i.e. the IP address assigned to the device by the VPN), the VPN server IP (the one that will be displayed on IP detection websites), and the VPN provider’s website.
Upon disconnecting from the VPN completely, the firewall rules above are deleted and the backup made at the first step is restored. This allows users to browse the internet using their ISP-assigned IP address.