Say I'm using a VPN to talk with a server, and Bob is eavesdropping for packets at the VPN.
Basically a special kind of man-in-the-middle attack.
If I'm using HTTPS, how clever would Bob have to be to bypass HTTPS and get the data from my packets?
How about metadata (e.g. my IP, target IP, time sent)?