It is my understanding that many ISPs and backbone providers sell or otherwise disclose full detailed packet metadata, including precision timestamps, and that there are companies that aggregate this data across the entire Internet.
At which point your VPN becomes just another hop in the trace.
VPNs, no matter how secure they themselves are, are effective for accessing lightly geo-locked content and defeating unsophisticated analytics and tracking. They are really not a serious privacy solution in any sense, unfortunately.
I don't understand this area well enough, I think. Doesn't a VPN encrypt the routing information that tells the packet where to ultimately end up? I.e. my ISP can see the traffic going to the VPN, but can't look inside it, and can't see where it goes from there?
Correct, but the destination ISP chain (and of course the destination service itself) can equally see the traffic coming from the VPN, and if you have packet metadata (precise timing and packet sizes) from two sources on either side of the VPN, it is trivial to correlate those two streams.
Note that Mullvad's WireGuard settings offer a "multihop" feature, meaning the VPN destination your ISP sees and the VPN endpoint the end service sees differ.
I'm not sure how that protects you though. ISP sees your traffic going into WG1. They know all of Mulvad's IPs, so isn't it just as easy to correlate that traffic when you exit through WG2?
Assuming the ISP monitors the entire network graph (your computer, the VPN server's activity, and the end service's server), you wouldn't. At that point, it's game over unless you're using mixnets or something.
If they merely monitor your computer and the end service, the correlation weakens a little with plausible deniability.
The real win is when the ISP adversary is monitoring your computer and the WG servers and NOT the end service. In that case, say they see you go to WG1, and then they see WG1 going to an end service. This is also correlation, and pretty undeniable. But say they see you go to WG1, then they see WG1 go to WG2, and they have no visibility of WG2's traffic. Then the tracking's broken; the footprints run off into the surf.
So multiple hops buy you defense in depth assuming it eventually gets you outside your adversary's monitoring range.
> VPNs, no matter how secure they themselves are, are effective for accessing lightly geo-locked content and defeating unsophisticated analytics and tracking
Circling back to this statement: aren't they also useful on public Wifi?
At which point your VPN becomes just another hop in the trace.
VPNs, no matter how secure they themselves are, are effective for accessing lightly geo-locked content and defeating unsophisticated analytics and tracking. They are really not a serious privacy solution in any sense, unfortunately.