If you’re already using a VPN, it means you’re keen on your privacy. While getting a VPN is the first step in protecting your online identity and activities, there are unforeseen risks that lie ahead, and potentially lead to your identity being unmasked and online activity tracked. One of the major threats is the VPN connection dropping due to network issues, which can leave your IP address exposed. That’s where the VPN Kill Switch kicks in.

What Is A VPN Kill Switch?

It goes by different names. Some VPN providers call it the Internet Kill Switch. CyberGhost labels it ‘Connection Guard’. With ExpressVPN, it’s been called the ‘Network Lock Kill Switch’. They all function on the same principle.

Basically, the Kill Switch is a feature that will automatically shut down your internet connection immediately you’re disconnected from the VPN service. That way no data will be sent over the network until you enable the VPN. If the Kill Switch has been turned off, then the internet connection would still be used as normal even when you’ve not connected to the VPN. 

There are two general modes of how the Kill Switch operates:

• You can have an Active Skill Switch that detects the moment you lose the connection to the VPN service, which sends the information to the device and stops it from connecting to other networks. 
• On the other hand, a Passive Kill Switch doesn’t wait for information from the VPN server. Immediately it loses the signal from the VPN server, it will automatically stop your device from sending out traffic.

In a nutshell, with a Kill Switch activated: 

Lost VPN Connection = No Internet Connection 

Why Do You Need A VPN Kill Switch?

The moment your network connection drops, your device will default back to its assigned public IP address. All your activity from that point onwards can be traced back to you. What’s worse is that you may not know it has even happened. For instance, those who remain connected to the VPNs for a long time – like when downloading torrents, they may not be around the computer to notice the drop in connection, and the device with default to the public connection without you knowing it. 

As an extra security measure, the VPN Kill Switch ensures that there will be no chance of your IP getting accidentally exposed in case the security of the internet connection is compromised. Since hacking a VPN server is not feasible, hackers opt to use cookies, spyware and malware, waiting for the VPN connection to drop for them to attempt mounting an attack on the phone, computer or network. It may also be a surveillance issue, for those in authoritarian regimes where online activities are constantly being monitored, and you don’t want an IP leak putting you in Big Brother’s line of sight. 

Say you were in the middle of an online transaction, whistle-blowing, or browsing a geo-restricted website, and then your VPN connection drops – even without your interference. This exposes your IP address, thus location. The site will notice that you’re reaching it from an unpermitted zone, and lock you out. Whatever activity you were doing at that time, be it accessing documents, streaming some entertainment or educational material, or even downloading a media file,  it will instantly get halted. 

Mainstream VPN providers come with the Kill Switch feature, from ExpressVPN, CyberGhost and NordVPN, to Private Internet Access and IPVanish. The mode of operation may vary based on the particular advances and capacity of the provider, but the gist of it is the same. For the mentioned ones, the Kill Switch will kick in immediately there is an interference with your internet connection. 

Is The VPN Kill Switch Automatic?

This varies depending on the VPN provider. For instance, with ExpressVPN, the Kill Switch will be activated the moment you make a connection since it has been enabled by default.  For others like VyprVPN, you’ll need to access the settings of the application to activate it. 

For some of the VPN providers, you also get to tweak the Kill Switch settings, to select when you want the feature to kick in. For instance, VyprVPN allows you to toggle between two settlings: ‘Application Level’ – the  Kill Switch is activated when the internet connection is disrupted while you’re running the application; and ‘System Level’ – here the Kill Switch will be active as long as you’ve been logged into the VPN, even when you don’t have the application itself running. 

Why Would You Get Disconnected?

Disruptions to your internet connection can happen due to a myriad of reasons. Don’t fret, you don’t need to get into geek-mode and start worrying about them, as long as the VPN installation process was properly followed. You may need to tweak some of the settings to suit your particular situation though. For instance, when it comes to the selected VPN protocol with ExpressVPN, switching from UDP (default setting) to TCP protocol may result in better connection stability. 

A common issue is a weak signal from your ISP, or a congested network. This is bound to affect the stability of your connection to the VPN provider. This also includes situations when you’re accessing the internet through a Wi-Fi connection, where if it is unstable then it will definitely affect the performance of the VPN service. 

The antivirus, firewall or anti-spyware of your device may also be interfering with the operation of the VPN service. In this case, you should include the VPN connection and an exception in the settings of the particular antivirus or antimalware program, whitelisting it. 

Conclusion

You use a VPN to protect your online identity, preventing your IP address, personal information and internet traffic from being exposed.  The VPN Kill switch will reinforce your defence, ensuring that there will be zero possibility of a data leak from your device. This is more critical if you use a connection for long periods, since it makes you more prone to issues that come with VPN network reliability.

So you’ve got the core elements covered. You’ve set up the VPN connection, and your data is private and secure. Your internet traffic won’t be traced back to you, and the information sent over the VPN tunnel is encrypted. Your identity is safe. However, there’s just one ‘problem’. Your ISP and government have the tools needed to detect that you’re using a VPN. Sure, they can’t read the traffic itself and know what you’re accessing or sending over the internet, but it does put you on their watchlist. Governments keen on identifying VPN traffic want to gather intelligence on what persons in their territories are up to – and in authoritarian regimes they go further to ban VPNs altogether. For the ISPs, it usually comes down to issues related with copyrights. 

There are regions where VPN users are even fined. For instance, in China, you must register with the government before being permitted to use a VPN, and in Chongqing province, VPN users failing to meet the legal requirements are fined $2,210.  In Iran, it can land one in prison for up to a year, and the population is restricted to just a couple of government-approved VPNs. Turkey and Belarus regimes are strict on internet usage, and within the UAE and Oman one can only pick from the list of ‘approved’ VPNs. Russia actively cracks down on VPN providers, with Putin legislation banning VPNs already in effect. 

So, you don’t want Big Brother to know you’re using a VPN service. That’s where VPN obfuscation comes in. 

What Is VPN Obfuscation?

It’s basically masking your internet traffic so that it hides that you’re using a VPN, and instead shows that data from your device is ordinary internet traffic. It comes by different names, including ‘stealth VPN’ and “VPN obfuscation”. Some providers have their unique names for it, like “NoBorders mode” with Surfshark VPN and “Chameleon protocol” when using VyprVPN.

It doesn’t change your traffic, but rather masks it, obscuring it from anyone looking to pinpoint VPN traffic. That way you can continue transferring the encrypted data, but also circumvent blocks that have been placed for VPN traffic, making your internet usage indistinguishable from the rest of the general public.

How VPN Obfuscation Works

When connecting to the internet and exchanging data over networks, the protocols used have their distinctive signatures. Third parties analysing the data packets can detect the signature. 

For instance, the most common VPN protocol, OpenVPN, has its digital signature. When the third party is analysing your connection, be it a government body, hacker, or the ISP you’re using, methods like the deep packet inspection are used.

VPN obfuscation comes in to dupe those analysing the traffic into believing that you’re using normal data packets, while in actual sense the VPN is still transmitting the encrypted data packets over its secure tunnel. 

Different methods can be used when masking the traffic. The goal is generally to add an encryption layer that makes the VPN traffic look like regular traffic. These include: 

• Obfsproxy

This is part of the Tor Project, which was developed due to Tor traffic being blocked in territories like China. It will obfuscate the Tor traffic, preventing it from being detected.

While Obfsproxy was primarily developed for being used with Tor, you can also use it with OpenVPN. The setup uses different pluggable transports to hide the OpenVPN traffic, which will vary based on the block that is to be circumvented. For instance, obfs4 is one of the pluggable transports used with OpenVPN traffic, where it scrambles the traffic and makes it essentially look like nothing meaningful. 

• Stunnel

This is open-source software that routes the VPN traffic through a TLS/SSL tunnel. Anyone snooping on the data packets will think that it is regular HTTPS traffic, because the TLS/SSL is one of the encryptions that is used by HTTPS.

• OpenVPN XOR Scramble

Here, the OpenVPN traffic is disguised using the simple XOR cipher, which replaces the values of the bits of data, that way the data packet inspection methods will not detect the OpenVPN signature. Speaking of which, malware developers have also taken advantage of this to prevent their malicious code from being detected. The simplicity of the cipher means that it doesn’t always offer much protection especially from authoritarian governments cracking down on VPN usage. 

Mainstream VPN providers also offer obfuscation features as part of their services. These include:

• ExpressVPN, which is renowned for even bypassing restrictions in countries like China that have loads of blocks, and has over 2000 servers for its network.
• NordVPN, that also enables you to bypass the VPN blocks including regional firewalls like the Great Firewall and circumventing all regional geo-restrictions. 
• SurfShark, with its over 1000 servers spread across over 61 countries, and where you get to obfuscate your VPN traffic by using the “NoBorders” feature
• PrivateVPN, where you’ll need to enable the “Stealth VPN” feature, after which no one will detect that you’re connected to a VPN. 
• Hotspot Shield that features fast connection speeds and relays your traffic through the “Catapult Hydra” protocol to ensure that it is secure and discreet. 
• VyprVPN, where the feature is available by switching to the Chameleon protocol, obfuscating 256-bit OpenVPN encrypted traffic then transmitting it using port 443.

How VPN Obfuscation Protects You

Here are the benefits of VPN obfuscation, and how it keeps you safe from prying eyes:

1. Bypassing government censorship

For territories with heavy restrictions on internet usage – like China, Iran, Pakistan, Egypt and North Korea, VPNs are widely used. Here, the governments block traffic to specific sites, like the “Great Firewall” of China that prevents users from accessing and using sites like Twitter, Pinterest, Google, The New York Times, Facebook and WhatsApp. As such, people turn to VPNs, where the content of the traffic is encrypted. The VPN, in turn, routes its traffic through secondary servers, that way when one is inspecting it, the traffic would be seen to have been directed to the VPN server, and not the banned website. However, the government knows this. The regimes are well aware that its citizens are using VPNs to circumvent the blocks. So they put in measures to block the VPN traffic. 

Governments can block VPN traffic in different ways. For instance, if they know the VPN server, they’ll simply block the traffic that is directed to it. This is why VPN providers keep on changing servers. Port 1194 that is usually used by OpenVPN traffic, can also be blocked. Techniques like Deep Packet Inspection (DPI) can be used, where they’ll detect the OpenVPN signature, and block the traffic. With obfuscation, where the VPN traffic is disguised as ordinary internet traffic, one will be able to bypass these measures.

2. Bypass network blocks

For those in commercial facilities, educational institutions, offices and the like, some of the network administrators may have put in place detection measures that will identify VPN traffic. With obfuscation, you can circumvent them, and proceed using the VPN as normal.

3. Prevent your ISP from throttling your internet speed

ISPs have a tendency to throttle one’s internet speed, especially when they detect that you’re making downloads, streaming or accessing specific websites. Sure, with ordinary VPN usage, the ISP will no longer get to see your specific internet content, or the websites you’re visiting. However, they may know that you’re using a VPN service, and slow down your speed. 

Note that the encrypting/decrypting measures that come with using VPNs, plus routing the internet traffic through different servers, means that the traffic will be slower than normal internet connections. However, when the ISP is throttling VPN traffic indiscriminately, it will be much slower. VPN obfuscation helps in protecting you from this. 

4. Extra layer of privacy

The VPN already protects your identity and maintains your privacy, and obfuscating the traffic takes this a step further. That way in addition to your data being encrypted and your IP hidden, your traffic will be indistinguishable from the rest of the population using the internet. 

This security feature is available with a few VPN companies, and is usually included in the top-tier packages. What does it mean? Should you cough up some extra cheddar to get it? In this article, we will break down Double VPN, and explain what you get from the extra layer of protection.

Double VPN 101: How It Works

First, the basic VPN connection. When you connect to your VPN server it becomes the intermediary between your device and the internet, passing your data through a secure tunnel. The data to and from the internet is encrypted, that way third parties will not be able to decipher it. 

Here, outgoing data is encrypted on your device (the laptop, smartphone, tablet, etc), then sent to the VPN server, where it is decrypted and sent to the target website, online service or app. 

Incoming data reverses this – it is encrypted on the server, and decrypted on your device. 

With Double VPN, a second server is added to this path.

This means that you get a second layer of encryption. The second server can even be in a different city or continent. 

With this path, there are two approaches:

• This first is Nested Double VPN. Here, for outgoing data:

1. It is encrypted on your device twice. 
2. This data is sent to the first VPN server, which removes one layer of encryption. 
3. The result is then sent to the second VPN server, where the other layer of encryption is removed.
4. The fully decrypted data is then sent to the destination website. 

Incoming data follows the reverse process. Each server encrypts the data it receives, and your device decrypts both layers of encryption. 

• For the second approach, the data is not encrypted/decrypted twice on the end user device. Instead, for the outgoing traffic: 

1. The device applies a single layer of encryption to the data. 
2. This layer is removed at the first VPN, and the data is taken through a second round of encryption
3. The data is then sent to the second server for decryption. 

This means that the data passing through the tunnels will only have a single layer of encryption, and both servers will be able to view the unencrypted traffic. 

This second approach is less common, and nested Double VPNs are more popular given that they provide the most private and secure configuration. 

Can more servers be added to the chain? Yes. This is referred to as VPN server cascading or VPN server chaining, where you get to have triple, quadruple or even more VPN setups. At every subsequent server, the IP is changed, and the data gets decrypted and re-encrypted before being sent along.

Why All The Fuss?

Well, while encrypting data gives you anonymity, since your ISP or any other third-party snooping on the traffic will find it difficult to decrypt, scrambling already-encrypted data makes it twice as difficult, and not worth the time, energy or money it would take to do so. 

In addition, neither of the VPN servers themselves can see both the source and destination of the internet traffic at the same time. While the first VPN sees that the encrypted data is coming from your device, it cannot tell where the data is going past the second VPN, meaning it won’t know the destination website. On the other hand, while the second VPN will decrypt the data and send it to the destination site, it will only know that it came from the first server, and not the original device that sent it. This gives the user an extremely high level of anonymity, and secures the data. 

What’s more, issues that would result from normal VPN connections – like the occasional IP and DNS leaks, will not be a concern here. Even if there is a leak due to a disruption in connection with the server, and the third part gets to unscramble some bits of data, this would only direct them to the location of the first server, and you will still have the second server clocking your identity. If the security of one of the servers is compromised, then the data getting to the second server will still be encrypted, meaning that third parties will not be able to read it.

Who Gets To Benefit From Double VPN?

Anyone who really wants to protect their privacy and anonymity. These are the likes of whistle-blowers, political activists, and citizens in locations where there are high levels of internet censorship. For instance, there are counties with authoritarian regimes that are forceful, cracking down hard on online freedom of speech. The Double VPN enables you to ensure that the chances of your online activities being traced through your network connection are virtually non-existent. 

The Disadvantages Of Double VPN

All that encrypting and decrypting is bound to weigh on your internet speed. Watching live broadcasts and buffering movies can be slow and frustrating. Certainly, it also depends on the speed that you get from the ISP provider. So, if you opt for Double VPN, ensure that you have sufficient bandwidth to accommodate it. 

Next is the price. As mentioned, this security feature is usually included as one of the top-tier packages with the VPN provider. Providers may also choose to separate the security options within the package, allowing you to use the default VPN normally and switch to the Double VPN when the need for the extra security arises. 

Tests To Check How Secure Your VPN Is

One of the dirty little secrets of the VPN industry is that many of them leak. For instance, an analysis of VPN android apps shows that as much as 84% and 66% of them leak IPv6 and DNS traffic respectively, with 18% of them lacking encryption for their tunnelling technologies. These are the likes of not routing the IPv6 traffic through the required VPN tunnel making it easier for user monitoring, or failing to forward the DNS traffic through the tunnel, which allows the in-path observers to monitor the user’s DNS networking activity. 

The result? Users are not sufficiently protected from tracking and online surveillance. Risks are higher with the free VPNs, but there will be some premium VPNs that leak out your information. The security of the VPN is not dependent on whether you’re using free or paid software, mobile or PC versions, since they can have both intentional and unknown anomalies that result in the leaks. For example, the leakage can be due to a bug in the software, or the VPN provider has actually set up the software to collect and share data with third parties. 

How Private Is Your Connection?

With the VPN market growing – and predicted to exceed $35 billion by 2022, the popularity of the software is undeniable, but so are the security concerns. The traffic leaks can be attributed to actual design decisions – like skipping out on IPv6 support, or errors by the developers when making the routing parameter configurations of the VPN software. There are also abusive practices by the VPNs themselves, such incorporating JavaScript for user tracking and advertisement needs, to redirect e-commerce traffic to their affiliate partners. You end up with a situation where a majority of the VPN services marketing themselves as the optimal privacy solutions actually leak out your DNS requests and/or IP address all over the net. 

Are you truly protected? Here, we will look at VPN tests that you can carry out to determine if your identity and network activities are kept private and secure:

Quick and easy tests

• DNS Leak Test

DNS – Domain Name System, is the technology allowing easy website access. To connect to the internet, the DNS server translates the address of a website like “www.heidi.ie” into a numerical IP address like 168.251.226.14. 

This DNS service is usually provided by your ISP, unless you indicate a particular DNS server that you want to connect to. In such a situation, your ISP (Internet Service Provider) will still know that you have connected to the different DNS server. What’s more, the ISP can log the results, which are clear test logs showing each website that you’ve visited. This data can then be sold off to third parties, like advertisers. 

Enter the VPN. Your actual IP address is replaced by one from the VPN server, thus preventing the connection from being traced back to you. Anyone monitoring the connection should, ideally, not see beyond the address that you’ve been assigned by the VPN, thus preventing the traffic from being identified with you. The DNS leak takes place when the translation request gets leaked out of the VPN tunnel, which exposes the location and IP address of your Internet Service Provider. This information can then be linked back to you, which includes exposing your browsing history. 

The DNS leak test comes in to ensure that your VPN software is performing its role of hiding your location, and not leaking the IP address out of the protected VPN tunnel. For this, simply run an IP check. A simple “What is my IP” search on Google will show you the result, which you then compare to the IP from your VPN. 

You can also use these checks: 

• https://www.dnsleaktest.com/ 
• https://thevpn.guru/what-is-my-ip-address/ 
• https://torguard.net/vpn-dns-leak-test.php 
• https://ipleak.net/ 

For a properly functioning VPN, it should show the private address assigned to you by the VPN. It should not show your actual IP address. Some DNS leak tests end up showing the IP address of the Internet Service Provider. While this still gives you a level of privacy, it shows that there is problem with this configuration of the VPN. 

For instance, on firing up a VPN and connecting to its Texas server, these were the results: 

This is the address that is provided to us by the VPN service, and the location is that of its server. We are actually a continent (and an ocean) away, meaning that there is no leakage – since the region itself is not even remotely close. 

If you notice that your VPN is leaking your DNS data, then you should switch to a different service provider, preferably one that operates its own DNS system which is fully encrypted. This will hide both your location and that of your ISP address. 

There are also those who choose to alter the operating system configurations manually, setting it to use a third-party DNS provider, such as the alternative DNS options provided by WikiLeaks. Remember that you still run the risk of these DNS providers keeping request logs, thus the emphasis on getting a VPN provider has been verified to be keeping no logs. 

• IP Address Leak Test

This takes you a step further, to identify whether the VPN you’re using is leaking out your location and IP address. This test should be done when connecting to the internet, and reconnecting to it. Why? Because there are situations where your connection to the VPN is dropped, necessitating the software to reconnect with the internet, and in the process leaks out your IP address. This is where the “Kill Switch” feature of the VPN provider should kick in. Here, the VPN completely disconnects you from the internet. 

This is how you perform the test: From our initial test with our VPN provider, the resultant IP address was 155.94.250.98. So, we disconnect from the internet, and then reconnect. The VPN automatically reconnects to the server, and these are the results: 

The same result was obtained. Meaning that there was no leakage. Note that you should take the extra measure of ensuring that your VPN service has the “Kill Switch” feature in place. 

For the reconnection bit, the test has a couple of more steps:

1. Establish the connection to the internet and to the VPN service.
2. Open your browser and head to an IP address test page. You can use any of the tools mentioned above. Here’s the kicker: Open multiple tabs. Certainly, at this point, they are all showing the same address that has been assigned by the VPN. 
3. Disconnect from the internet. Keep the VPN running. 
4. Allow some time to pass. A couple of seconds should do. 
5. Reconnect to the internet, and quickly refresh the open tabs while the VPN is in the process of establishing the connection. 
6. Stop refreshing the tabs immediately the VPS has reconnected to the internet. 
7. Check the results in each of the browser tabs. 

If there is an IP address leak during the reconnection, then you should notice your real IP address in one or even more of the tabs. In case you establish that there is a leak, you should activate the Kill Switch feature in the VPN app. If the leakage is still occurring when the feature is active, then you should switch to a different VPN provider. 

You can also set up firewall rules that will block all the non-VPN traffic. However, this is a manual process, and can be quite the hassle.

Sites like IPLEAK.NET give you an extended IP address test. Here, it looks at your Java, Flash, and DNS, ensuring that they don’t leak out your IP. It looks through all the sources that are in the browser being used, showing the IP that has been detected. 

• WebRTC Leak test

While this is a common issue when discussing VPN services, the WebRTC leaks are actually a vulnerability with the web browsers being used. These are the likes of Chrome, Safari, Firefox, Microsoft Edge, Opera and Brave browsers, which essentially become the weak link in the chain. 

What is it? WebRTC – short for “Web Real-Time Communication”, allows P2P filesharing, voice and video chats within the browser. This technology enables real-time communication without requiring additional browser extensions. The leak occurs when your IP address is exposed through the chats and file-sharing sessions, which can occur even when the VPN is working as intended. 

You can use these tools to check for the WebRTC leaks:

• https://browserleaks.com/webrtc 

• https://ipleak.net 
• https://torguard.net/vpn-webrtc-leak-test.php

To prevent the WebRTC leaks, disable the feature from the browser itself. For instance, with Firefox, type in “about:config” into the address bar. 

A warning will pop. Agree to it, and click “continue”. In the search box, proceed to type “media.peerconnection.enabled”. Toggle the preference to false, as shown below. 

For Chrome and other Chromium-based browsers where WebRTC disabling is not possible, you can use add-ons or extensions, such as webrtc.org’s official extension for Chrome. 

Advanced Tests

These will be technical, and will require more proficiency to be properly executed. They will point out any leaks that may be happening with your VPN provider. These are the likes of Express VPN’s testing suite that is used for in-depth testing of leaks. You can get the open source tools from GitHub. They use these tools when testing their own VPN to ensure that it is leak-proof. To carry out the test, setting up the machines and identifying the leaks, use this quick start guide.

Closing Remarks

It is recommended that you run the VPN leak test even when using the premium service providers. If they are functioning as intended, then there shouldn’t be any leak detected, meaning that your connection is private and secure.