Everything you do on the Internet has to pass through your own ISP before reaching the destination. So, when you request Google, for example, the information is sent, unencrypted, to your ISP and then passes through some other channels before reaching the server that holds Google’s website. Basically, VPN services privatize information that can be read by ISPs or any other agency that inspects your traffic.
Thankfully, there's a workaround for this problem. Instead of using the VPN app from the company from which you've purchased a subscription, you can download the standalone OpenVPN app. Open it, and you can enter your subscription information from the VPN company you've decided to work with. The OpenVPN app will then connect to the VPN company's servers using our preferred protocol.
To access your own home network, you want a VPN server running on either your home router or an attached device (like a Raspberry Pi or even an always-on desktop computer). Ideally, you’ll run the VPN server at the router level for best security and minimal power consumption. To that end, we recommend either flashing your router to DD-WRT (which supports both VPN server and client mode) or purchasing a router that has a built in VPN server (like the previously reviewed Netgear Nighthawk and Nighthawk X6 routers).
Usually, it's the free services that throttle your usage in these ways. Some paid services will offer a trial, where you can transmit up to a certain data cap before being asked to sign up as a paying customer. That's actually pretty cool, because it gives you a chance to try out the performance of their service before paying, but it also gives the vendor a chance to make the money necessary to operate the service.
The encryption and decryption processes depend on both the sender and the receiver having knowledge of a common encryption key. Intercepted packets sent along the VPN connection in the transit network are unintelligible to any computer that does not have the common encryption key. The length of the encryption key is an important security parameter. Computational techniques can be used to determine the encryption key. Such techniques require more computing power and computational time as the encryption key gets larger. Therefore, it is important to use the largest possible key size.
A lot of people avoid using VPN providers based out of the United States on the premise that US law would compel those providers to log all VPN activity. Counterintuitively, there are no such data logging requirements for US-based VPN providers. They might be compelled under another set of laws to turn over data if they have any to turn over, but there is no requirement they even keep the data in the first place.
Many VPN services also provide their own DNS resolution system. Think of DNS as a phone book that turns a text-based URL like "pcmag.com" into a numeric IP address that computers can understand. Savvy snoops can monitor DNS requests and track your movements online. Greedy attackers can also use DNS poisoning to direct you to bogus phishing pages designed to steal your data. When you use a VPN's DNS system, it's another layer of protection.