Re: Ensure your *router* is doing your VPNing ...
I disagree.
A lot of VPN providers out there provide badly configured clients.
Ive seen many that don't hide your DNS traffic and even more thst fail to set the VPN tunnel as the default route.
These two flaws alone render the privacy benefits flakey at best.
Sure, as techies we can easily resolve those issues. But Granny can't. It's largely a false sense of security. Unless some homework is done.
I test network security for a living and have done for years and I can tell you first hand that theres an awful lot of VPN providers and clients that are weak as fuck rendering the standard "get a VPN in a different country" advice generally very poor because it is incomplete advice.
If purchasing a VPN service you must ensure the following:
1. Does the VPN use a cryptographically secure cipher?
2. Can you use a VPN client of your choice? Can you keep the connection open permanently?
3. Is your default gateway the VPN tunnel?
4. Is DNS being sent entirely over the tunnel? (check www.dnsleaktest.com makre sure your ISP DNS servers arent showing up) can the DNS provider the VPN provider uses be trusted?
5. Can you use DNSCrypt over the VPN?
6. Don't enable flash.
7. Disable location tracking in your browser.
8. Disable WebRTC in your browser. (www.whoer.net to see the info your browser is giving away).
9. Install uBlock and HTTPS everywhere plugins.
10. Install noscript.
11. Disable all browser pre-fetching features.
Follow these steps and you're on your way. This should minimise the amount of leakage.
Or
Just get a VPN in another country!
Choose your advice wisely.