It is impossible. CPV is only going to allow the attacker to know that the device is probably not located next to the VPN server. It can only prove a positive, not a negative.
The second method you’re describing is only possible for people who control internet infrastructure and are able to infer correlations data going into your VPN server with data going out of your VPN server, which is both easier and more difficult than you’re suggesting. The attacker does not need to most of the internet routers because they only care about the data going into and out of the VPN server (it’s onion routing where the attacker needs to control many routers), but the attacker does need to have a powerful enough device to be inferring (hopefully) encrypted network flows on the public network to the packet sizes of encrypted VPN traffic for all of the traffic that is passing through that VPN server at the same time.
It is impossible. CPV is only going to allow the attacker to know that the device is probably not located next to the VPN server. It can only prove a positive, not a negative.
The second method you’re describing is only possible for people who control internet infrastructure and are able to infer correlations data going into your VPN server with data going out of your VPN server, which is both easier and more difficult than you’re suggesting. The attacker does not need to most of the internet routers because they only care about the data going into and out of the VPN server (it’s onion routing where the attacker needs to control many routers), but the attacker does need to have a powerful enough device to be inferring (hopefully) encrypted network flows on the public network to the packet sizes of encrypted VPN traffic for all of the traffic that is passing through that VPN server at the same time.