Originally Posted by gathermewool
I use Avira free (came with the free AV software). I used to use NORD, but it's painfully slow.
With a virtual private network, your internet use is routed through a 3rd party (usually) company's network of servers (they may have sets of servers all over the country and all over the world.) In doing this, you've created your own virtual network to surf the internet through. This has the benefit of hiding your internet use from your internet provider and others. If a VPN server you're using is in, say Buffalo, NY, the internet thinks you're in Buffalo, NY, meaing advertisers also will show ads based on you being in Buffalo, NY. I don't really care as much about this feature, but if you don't want ads (et al) knowing where you are, it's a nice trick.
I used a VPN in Oman several years back to bypass the country's nanny blocks. I had access to the entire internet, with really not much of a speed hit.
W/ out VPN: Your computer --> Your router/modem --> Your Internet Service Provider --> Internet
-----Your ISP sees EVERYTHING; the internet sees your location, roughly if you have location settings turned off
WITH VPN: Your computer --> Your router/modem --> Your internet Service Provider --> VPN --> Internet
-----Your ISP and the internet only sees the address for the VPN; VPN promises not to sell your data (usually)
Keep in mind, your ISP only sees unencrypted traffic, including DNS queries (even if they aren't resolving them, DNS traffic is usually unencrypted). So they don't see "everything", as most sites use encryption nowadays, so they'd know what the site is you are visiting, but that's it.
Of course the VPN providers all utilize ISP's and have egress points where traffic, once unencapsulated, is visible in the same manner. So the primary benefit here is that you are obscuring your browsing habits from your ISP and assuming that whomever is the provider for the VPN, that they have less interest in where you go.
To use your method I'd revise it thusly:
W/ out VPN: Your device --> Your NAT/PAT gateway --> Your ISP --> Internet
-----Your ISP sees DNS and other unencrypted traffic, subsequent hops can see unencrypted traffic (IP addresses visited for example, but not the DNS queries unless you use a 3rd party DNS provider)
WITH VPN: Your device --> encapsulation begins (assuming device-level, not router-level) -> Your NAT/PAT gateway--> Your ISP --> VPN --> encapsulation ends --> Internet
-----Your ISP sees the DNS query and/or socket attempt made to the VPN provider. VPN provider can see all traffic exiting their link, their provider can see all the same traffic your ISP could see including DNS queries if DNS isn't performed inside the scope of the VPN provider's local link, but even that will use forwarders.
Ad providers will typically use the physical location associated with an assigned subnet, so, as noted, if the VPN provider is located in Moncton, that's where these services will think you are. It's not overly specific, most ads think I'm in a village about 20 minutes away from the city I live in because that's where my ISP is based out of.