You can get something like an ASUS router or one of the many routers with an opensource package on them and have the whole network go out through a VPN if you want. You can also get pretty much any enterprise class router to do it too.
As TriggerFin points out your as at the mercy of whatever VPN network you choose.
Internet is only as secure as the ISPs lets it be and their upstream providers. They 100% have the capability to inspect all headers of packets. That is by IP/RFC design.
Otherwise they would not know where to send your packets to. However, they can also look at the payload. Unless the payload is encrypted they can see everything. Even then the header will not be encrypted. They need to know your destination. Some ISPs have been known to rewrite the data as it comes back into your network so they can serve up advertisements. Now if you use sites that have https you can mitigate somewhat what the ISP and anyone they hand their packets to from seeing or manipulating the data.
The same holds true for the VPN. Except now the ISP can not see your payload as the VPN tunnel will be encrypted. They just see junk all streaming to 1 IP and the payload is encrypted. Remember you need the header to be legible by the ISP to know where to send it. A VPN just nests an IP packet inside of another IP packet as encrypted payload. But after that it is back to normal internet. It is up to you to encrypt your data and not trust your VPN either. VPN in this context only obscures you. It does not 100% hide you. It just changes your exit point onto the internet and removes your ISP from spying on you.
Okay, so how do I encrypt it? I mean, basically, what is the securest set of methods?
Scifi frauds. SF illuminates.
Culture General Contact Unit (Eccentric)