I've seen a lot of users recommending the use of a VPN, however I haven't seen the evidence to support they actually increase operational security. There are 2 main points, a VPN doesn't necessarily hide the fact that you use tor and that using a VPN increases your attack surface.
1) VPN's will not hide the fact that you're using tor from your ISP [1]. VPN/SSH fingerprinting has been around for a while now, if you need to hide your tor usage you should be using a bridge and obfsproxy.
2) VPN's increase your attack surface. Firstly, you have to trust that the vpn provider is honest, that every employee who could steal sensitive data is honest, and that the provider and employees are competent enough to run a secure business.
In the Snowden leaks he brought forth evidence that nations were likely compromising VPN companies. Here is an excerpt from an NBC article[2]:
When p0ke clicked on the link, however, JTRIG was able to pull up the IP address of the VPN (virtual private network) the hacktivist was using. The VPN was supposed to protect his identity, but GCHQ either hacked into the network, asked the VPN for the hacker's personal information, or asked law enforcement in the host nation to request the information.
A representative of the VPN told NBC News the company had not provided GCHQ with the hacker's information, but indicated that in past instances it has cooperated with local law enforcement.
The NSA runs a program codenamed Bullrun that is dedicated to thwarting internet encryption, there are much better security researchers than myself who have speculated on what the capabilities may be but it is certain that Five Eyes has succesfully defeated encryption via hardware backdoors and software exploitation.
Via Wikipedia[3]:
According to a Bullrun briefing document, the agency had successfully infiltrated both the Secure Sockets Layer as well as virtual private network (VPN). The New York Times reported that: "But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government's nuclear department and another's Internet service by cracking the virtual private networks that protected them. By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300."
Yeah, its worded a little funny at the beginning, but it shows that the agencies have had success in the past and will continue to expand their efforts. As a regular user you probably don't have to worry about this except for parallel investigation. However, anyone who operates a darknet market or provides services on/to a dnm should definitely be worried about Five Eyes spying.
In conclusion, VPN's are a risk with no reward. If you care about your anonymity then tunneling tor through a VPN is not the answer. Professional security researchers agree[4].
Sources:
[1] https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN#VPNSSHFingerprinting
[3] https://en.wikipedia.org/wiki/Bullrun_%28decryption_program%29
[4| PDF] https://grugq.github.io/presentations/Keynote_The_Grugq_-_OPSEC_for_Russians.pdf
[4| VID] http://www.youtube.com/watch?v=9XaYdCdwiWU
[>] For more reading on anonymity:
[*] http://freehaven.net/anonbib/topic.html#Anonymous_20communication
[*] https://www.torproject.org/docs/pluggable-transports.html.en
There's also the possibly of your VPN being a honeypot ala Cumbajohnny