Spicy Analyzer - can it determine WireGuard traffic shape?

[SDF07S]

There is a monitored network to which I connect via WireGuard), but those monitoring the network say they can more or less tell what I am doing online. For example, they can always tell with 100% accuracy when I am using torrent or P2P sharing software on any of my devices. I don't think they know exactly what I am sharing, but they do know that I am doing it, regardless of software or hardware or VPN exit nodes I use. I have strict firewall rules for every device, allowing only WireGuard to connect from my real IP and only through UDP port 51820, which is the only outbound port allowed. Inbound connections (those not initiated by me) are not allowed for any device and for router, even within VPN tunnels. Multicast is fully disabled on all devices, in router kernel, IPTables, and EBTables. All torrent software is configured to be as private as possible, allowing only encrypted traffic, only over VPN interface, without seeking local peers, etc. Every time I inspect traffic from any of my device and/or from the router itself I see one and only traffic stream over UDP port 51820. Nothing ever leaks outside of VPN tunnels from any of my devices and from the router itself.

Those monitoring my traffic hint at using Spicy Analyzer to try to figure out my online activities. Is that something that can tell overall shape of network traffic, even one encrypted by WireGuard? Those analyzing my traffic don't want to tell me more, but they put grape vines on my table and make allusions to branches, branching out, and listening sockets every time I use torrent network. Can Spicy Analyzer actually determine with high accuracy that someone is using torrent software within encrypted WireGuard VPN tunnel without knowing private keys?

There is one variable that appears to mess up their analysis and that's the number of hops. If I use 2-hop WireGuad VPN servers, then they get agitated and tell me monitoring my traffic is becoming expensive when I do that.

 

[eibgrad]

There are numerous resources on the web that explain DPI (Deep Packet Inspection).

https://www.prodigitalweb.com/deep-packet-inspection-strategies/

It's an endless game of cat and mouse between those seeking security and privacy, vs. those with a need/desire to invade it. So I'm NOT surprised, given sufficient time, resources, and patience, that anyone being specifically scrutinized will eventually reveal at least some information about their activities WITHOUT having to necessarily having the ability to decrypt their encrypted traffic. Meta data (which necessarily must be exposed) + traffic analysis can reveal quite a bit where you go, where you hang around, for how long, do you take more than you give (think torrents), etc.

Most any specific type of activity will eventually reveal unique patterns when analyzed over long periods (almost nothing in this world is truly random). Those patterns are then compared to other traffic to see if they match. Not complicated, just expensive and time consuming. It's NOT perfect, but often good enough to at least KNOW what you're doing, and if desired, block it.