[fulafel]

An adversary who can see your vpn traffic can use traffic analysis [1] to correlate known protocol packet patterns and timestamps to netflow traces to known destinations serving known content with matching timestamps from vpn termination points.

[1] https://en.m.wikipedia.org/wiki/Traffic_analysis

[OminousWeapons]

Would this still be an effective attack if you used a single VPN provider with multiple hops and your adversary was not someone like a nation state? Alternatively, what if you did basic VPN chaining (e.g. you vpn to a pfsense instance or something on a VPS and configure outbound traffic on that server to be routed through a commercial VPN)?

[fulafel]

Don't know about multiple hops but generally you don't need to be nsa to do this. bgp hacks can be used to divert traffic, your wlan can be monitored for TA, your adversary might already be someone on-path like your isp, employer, or law enforcement, your isp (or any upstream transit provider including ones in different countries) can be bribed to monitor and sell traffic traces sufficient for TA, etc.

[nyanpasu64]

The adversary doesn't have to be a nation state, they can just buy the netflow data to run correlation attacks on it.