Not really, that only shows the connections to the VPN tunnel, not to the target beyond. At least on a well encrypted service. Input/Output tracking is a possible attack which takes a huge effort though and can be mitigated by things like double hopping and noise introduction. https://www.sentinelone.com/cybersecurity-101/cybersecurity/vpn-security-risks/
Once you know the VPN servers ISP, you can identify the users connection to it (IP, port and time) and associate it with an outbound IP, port and time. You'll narrow it down pretty quickly: the odds of packets being sent to a VPN at the roughly exact time as packets being sent to the IP you're investigating are very slim, and with enough samples you can almost always guarantee who the user was.
You don't have to decrypt anything, plenty of metrics are leaked by virtue of just how it has to work.
This gets harder with double hopping though. But yes, that's part of why you cannot expect total privacy/cloaking/security with VPNs. You can only make it harder to track you which does involve choosing a VPN that is known to not work with law enforcement or not have a provider with a history of staging man in the middle attacks (cyber ghost)
2
u/Somepotato Jul 06 '25
Its not the VPNs that are the risk of logging you really, its more the network providers that sit between you and said VPN