Yes, there could be bugs in the implementation and there could be intentional leaks, too; all of which, a VPN app that is subject to & compatible with “killswitch” will prevent.
Why? All PG recommended public VPN providers are subject to similar data collection regime as the ISPs.
Did mention Windows, which does have a functional killswitch, from what I can tell (but I don’t use Windows, so I can’t test this). As do Linux-based OSes.
Are we saying it is okay for VPN clients to not be compatible with “killswitches” even when the OS provides one (which all major OSes do)? If so, where does the client-side guarantee PG claims on behalf of VPN providers for “hiding the traffic” then come from?
Note that, without “killswitch” there’s absolutely no guarantee that the VPN client itself isn’t leaking any traffic either unintentionally (due to bugs) or intentionally (compromise). Going back to e2ee Drive analogy, is PG comfortable recommending e2ee products that may miss encrypting docs due to bugs or even deliberately?