Tor in Whonix, VPN in the host

Just picked in : http://www.darkreading.com/attacks-breaches/how-the-massive-tor-botnet-failed/240161160

Meanwhile, The Tor Project today also addressed questions raised by researchers about whether the NSA or U.K.'s spy agency have been able to crack Tor's encryption. "It's not clear what the NSA or GCHQ can or cannot do. It's not clear if they are 'cracking' the various crypto used in Tor, or merely tracking Tor exit relays, Tor relays as a whole, or run their own private Tor network," The Tor Project's Phobos said in a blog post. "What we do know is that if someone can watch the entire Internet all at once, they can watch traffic enter Tor and exit Tor. This likely de-anonymizes the Tor user."

Would’nt the last sentence justify the use of a VPN in the host?

Not really. If they can see the whole internet, they can see you going into Tor and out your VPN. It’s not Tor specific in that case.

It’s true that adding a VPN (either before or after Tor) may add a layer of complexity that can confuse and annoy the adversary. And if one is broken, the other may hold.

But a VPN also adds more surface for them to attack. VPNs also aren’t completely private (even “no log” vpns), and require the transfer of money (which is often the weakest link and easiest way to find you).