[ementally]

If your ISP suspects your IP address (can see your are connected to specific VPN server) they can just contact top websites, example: twitter, facebook or google and ask them if there are any users connected with the same IP at given specific time.

[woofcat]

This is a confusing take to me. So my ISP which has my billing information is trying to find out who I am by calling Google? They know who I am.

The inverse is what you're trying to prevent. Service ABC has malicious activity and calls Google to ask which accounts are accessing from that IP address. However this has two main problems.

a) Why would Google give this info over willingly.

b) Most VPN's assign the same outbound IP address to multiple users. So it's not a 1-1 mapping.

c) People who are using a VPN for something malicious are not also signed into Google.. I'd think.

[autoexec]

It's not a 1-1 mapping but it can narrow things down to you and maybe a handful of others. If you're doing something like file sharing repeatedly over several days/weeks they can pull data for all of that time and when your IP is the only constant they'd know it was you. If they have only a handful of people it could potentially be, and they care enough they can seize and search the devices of everyone to find the person.

Also, you don't have to be logged into google for google to know who you are. If you're using windows, your OS is also phoning home constantly with identifying data. If you use steam, it's also phoning home. Run wireshark sometime and see how much your computer is sending to random servers without you doing anything or being "logged in".

[ementally]

a) If they are unable to identify the user by any means then this is their only resort and google is going to happily hand it over.

b) Depends on the country you are in. You might be the only one connected to a specific VPN server at specified time, this also answers point c.

c) Would be surprised. Have a read of this recent Affidavit https://s3.documentcloud.org/documents/23723268/pompourin-af...

[kijin]

a) This is why you go through the legal system instead of asking Google directly. Report malicious activity to a three-letter agency of your choice, and let them do the dirty work.

b) You can reduce the list of suspects significantly by correlating activity on multiple services from the same IP address around the same time.

c) You'd be wrong... especially since Google never really forgets who you are, even when you are not signed in.

[Darthy]

I assume you mean "If any opponent suspects your IP address..."

You can counter that easily. That's why you should use a multihop VPN.