between two points. It is analogous to you sending a letter to your cousin using USPS versus sending the same letter to a location near you ( again using USPS ), then that place bundles your letter with a bunch of other letters and puts them all in a Manila envelope and sending that package via FedEx to someplace near your cousin. At the destination, somebody opens the manila envelope and takes your letter and drops it in a mailbox using USPS to deliver it to your cousin. The postmark on the envelope "appears" to be from the destination person that opened the manila envelope. That's all that the USPS knows about the letter.
That said, someone could possibly look at the TIME it took for the letter from you (the sender) to some destination ( say Netflix ) and decide that yours took too long compared to where your letter was postmarked ( the destination of the VPN where the letter was removed from the manila envelope and dropped into the USPS ).
The Internet is essentially doing the same thing. All IP packets have a wrapper around the actual message which have things like address of sender/receiver, postmarks, etc. A VPN takes that entire message ( your data plus the wrapper data ), encrypts it, and puts a new wrapper around the encrypted message and then sends THAT message to their destination... where it is decrypted and unwrappered... and then sends the original message to the destination you intended.
This is why it is called a "tunnel". It makes it appear (except for the time it takes for the message) as if you are really at the tunnel end point instead of being at the tunnel origination point ( your location ).
There are even more ways to detect this ( using a commercial VPN service allows them to flag all such services because of their fixed addresses in the various cities that have their "endpoints", for example ).
this is a ip traffic traceroute from my laptop to DU.
Tracing route to www.democraticunderground.com.cdn.cloudflare.net [104.21.6.48]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms NANO-ROUTER [10.0.0.1]
2 1 ms 1 ms 1 ms 192.210.25.113
3 3 ms 2 ms 2 ms 192.210.25.45
4 3 ms 4 ms 75 ms 10gigabitethernet5-9.core2.fmt2.he.net [216.218.193.29]
5 4 ms 2 ms 3 ms 100ge10-1.core3.fmt2.he.net [72.52.92.29]
6 * * * Request timed out.
7 5 ms 12 ms 4 ms equinix-sanjose.as13335.net [206.223.116.237]
8 5 ms 17 ms 5 ms 172.69.132.2
9 4 ms 3 ms 3 ms 104.21.6.48
Trace complete.
This is with NordVPN (same laptop)
Tracing route to www.democraticunderground.com.cdn.cloudflare.net [104.21.6.48]
over a maximum of 30 hops:
1 55 ms 53 ms 52 ms 10.5.0.1
2 58 ms 58 ms 53 ms 185.187.168.125
3 62 ms 56 ms 56 ms vl204.sjc-eq10-core-2.cdn77.com [185.229.188.118]
4 53 ms 55 ms 66 ms sjo-b23-link.ip.twelve99.net [62.115.40.17]
5 56 ms 88 ms 83 ms cloudflare-ic-363853.ip.twelve99-cust.net [213.248.79.53]
6 61 ms 57 ms 54 ms 172.71.156.4
7 64 ms 60 ms 65 ms 104.21.6.48
Trace complete.
= new reply since forum marked as read