[yoloshii]

You're right that iptables rules execute in kernel space, not dedicated hardware. "Hardware kill switch" in VPN contexts typically means the protection is implemented at the network appliance level (router) rather than a software client on each device. The distinction matters because a) client-side kill switch: App crashes → traffic leaks until you notice, and b) router-level kill switch :Default DROP policy persists regardless of client state. Also, the project is for non-techies and vibe coders, so simple explanations help. For their agents, there's the juice in other docs.

[mzajc]

But this isn't a simple explanation, it's just... wrong? Could you share where else it's referred to as such.

[yoloshii]

I mean if you want to be anal about it, its just semantics, right? You know, how something is one way relative to something else, but relative to the other thing its not. Certainly not something to get bothered about.

[pa7ch]

I've not seen it called this before. I'd say something like 'fail-safe' instead.

[orev]

No, it does not. Please stop responding with AI slop. A hardware kill switch always means a hardware (i.e. physical) mechanism. ALWAYS.

You might have something interesting here, but arguing this point is burying anything else of value you might have. Just take the feedback and remove it.

[yoloshii]

Its done, but too late to edit the title of this submission. One of the unfortunate things about churning out AI slop is that the AI doesn't always catch all of its turds in one go.

[orev]

The human in the loop should be acting as an editor of the slop before it gets posted.

[yoloshii]

Some humans also put out slop.