hypothetically speaking, if you had root on a bare metal server which the isp had no records on you being associated with (billing, user account, etc), the server had all logging disabled (syslog + vpn logs), then the only way it could be traced back to you is if the isp were to track + share with law enforcement historic src connections to the given ip, right? and how realistic is that?
the okay-ish comment resonates and has also been something i wonder about – with the plethora of vpn providers these days who are creating a business around staying completely anonymous, there’s honestly no way to truly trust what a provider is offering, logging, or affiliated with, right? if there’s a super 1337 branded vpn provider that could very well be gov run, it’d be better to use our isp. please prove me wrong!