Are you getting all the VPN features you've paid for?

Word cloud of VPN features
(Image credit: WordArt.com)
Audio player loading…
In association with PureVPN (opens in new tab)




In association with PureVPN (opens in new tab)

You've installed a top-notch VPN, and make sure you use it every time you go online. So your online privacy is well and truly protected. Right? 

Well, maybe not. A former Ubiquiti developer reportedly used a reputable VPN to download proprietary data, and then attempted to extort his employer for some $3.8 million. His internet connection failed, though, exposing his real IP address. Fast forward to December 2021, he's been indicted for extortion, and Ubiquiti has seen a plummeting share price and $4 billion loss in market capitalization as a result of the affair.

Didn't he turn on the kill switch? We don't know for sure, but Surfshark (along with many other VPNs) leaves the kill switch off by default. You won't be fully protected until you head off to the Settings box, find the relevant option and turn it on yourself.

This isn't just about kill switches. From DNS leak protection to anti-phishing and malware blocking, key privacy features to a pile of troubleshooting tricks, VPN apps have all kinds of important tools which aren't necessarily enabled by default. Here we'll explore some of the key terms to look for, and explain the kind of features you can turn on, right now, in just a couple of clicks.

Kill switch on/off

A VPN kill switch protects your privacy by watching the VPN connection and blocking your internet if it fails, preventing your real identity being exposed. It's an essential feature, but as unexpectedly cutting someone's internet connection is quite a drastic step, many providers don't turn your kill switch on by default.

No matter how much your provider's website boasts about its brilliant kill switch, then, don't assume it's automatically protecting you just because you're running the app. Click the Settings button and confirm that one crucial detail: it's actually turned on.

If you don't see any kill switch option, beware, some providers don't make the feature available on all platforms (you might get a kill switch on Windows but not Mac, for instance.) Check your provider's support site for more details.

The ExpressVPN Windows app Settings box

(Image credit: ExpressVPN)

VPN privacy settings

VPNs are all about privacy, at least in theory, but it's surprising just how often key privacy features aren't enabled unless you handle it yourself.

DNS and IPv6 leaks are networking issues which can give away clues to your identity, for example, even if the kill switch is turned on. Some VPNs enable leak protection by default, but others leave it up to you. Browse the Settings area for sections like Connectivity or Advanced to find out what's available for you.

Other mobile VPN apps include crash reporting and other tools which send provider information about what you're doing. This normally isn't sensitive in any way - it might just be anonymized reports on connection failures or the speeds you're getting, for instance - but if you're looking for the maximum possible privacy, you might prefer not to send any data at all.

To check what your provider is doing, browse your settings for anything report-related. NordVPN's is called 'Help us improve', for instance; ExpressVPN's is a similar 'Help Improve ExpressVPN', and Surfshark has an option called Crash Reports at Settings > Advanced. Check the Support site for more information on what this is doing, and turn it off if you're unhappy.

VPN usability tricks

VPN apps don't always work exactly as you'd like, but applying a sprinkling of settings-related tweaks can make all the difference.

If you're always manually connecting to the same server every time you launch the VPN, for example, browse the app for a relevant startup setting. Enable ExpressVPN's option 'Connect to the last used location when ExpressVPN is launched' and the app will automatically handle connections for you.

Other clients either drown you in connection alerts or notifications, or maybe display none at all. NordVPN and several other providers have a 'Show Notifications' setting to help control how many alerts you see.

We regularly see apps that don't reconnect by default if the connection drops, leaving you to do it manually. That's not exactly convenient, but there's often a setting that can help. Hide.me's Windows app has a 'Reconnect automatically' option at the Settings > Kill Switch screen.

Surfshark's Windows settings box with the CleanWeb option highlighted

(Image credit: Surfshark)

Malware blocking

Some VPNs support blocking of malicious and phishing domains, a valuable extra which can do a lot to protect you online alongside your core antivirus. But often these are turned off by default.

Install NordVPN's malware-blocking CyberSec and it’s usually disabled, for instance, but you can turn it on at Settings > General. 

Surfshark's similar CleanWeb is more likely to be on, but check it anyway by clicking Settings > Connectivity.

Keep in mind that if you do turn on a web filter, there's some scope for problems, for example if it prevents an app accessing a legitimate site. If anything starts misbehaving when you're connected to the VPN, disable the filter and check again to see if that makes any difference.

VPN troubleshooting

VPNs typically have a range of tools to help you solve common connection issues. They're so small that providers don't bother advertising them, though, so you'll never even realize they're available unless you go looking.

If you're using OpenVPN in a VPN-unfriendly country, for instance, you might find the connection is blocked. But IPVanish and several other providers have a 'Scramble' option which makes your traffic harder to spot, and could get you online.

If you're connecting via OpenVPN and the connection keeps dropping, look for a UDP/ TCP setting. By default, most apps connect using the UDP protocol, giving you the best speeds at the expense of a little reliability. But just checking a 'TCP' box, or choosing it in a list, could solve your problem by connecting with the more stable TCP, instead.

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.