Writing such a guide is not easy and trying to find the right balance between 'too much and too technical' descriptions and 'too short and simplified' is difficult. I will start with a 'summary' of differences between VPN based service and DNS redirect based service as 'bullet points' and then go on to a slightly more detailed description. I am aware that I may end up confusing some more than I help them understand and I apologise in advance if this is the case. I am just doing my best.
VPN based service
- A VPN link affects all the traffic going from and to your machine whilst the VPN link is connected.
Any service you connect to whilst first connected to a VPN service will only 'see' the VPN server you are connected to and not your machine itself.
The encryption inherent with a VPN means when you send say a picture that is 1MB in size, the actual size of the data sent between you and the VPN server will be around 1.1MB in size
Because access control is via a username and password a VPN service configured on say an iPad will work whatever internet connection you are using. So it will work from your home connection and it will work from a friends internet connection and it will work when on a 'free wifi' connection at say a cafe.
VPN's can only be set up on devices that have or can have the necessary software to establish the VPN link on them.
- A DNS redirect based service will only affect traffic to and from your machine to the specific set of predefined destinations that the service 'supports' and traffic to and from any where else on the internet is unaffected.
DNS redirect services can be configured on any device on which you can manually assign the DNS server that it should use. This, barring a few exceptions, is pretty much any device that can itself connect to the internet.
There is no 'encryption' with DNS redirect services and thus no overhead associated with such.
Access control of a DNS based service is done by attaching a given internet connection to a given service account and thus will only work with devices that are themselves connected to this singular internet connection. If and when connected to some other internet connection they will not work.