Originally Posted by Spud1200
Another draw back is the Last Hop in the chain for TOR. I'm not sure about the specific vulnerability of this but I know the NSA apparently had cracked it and mabie the FBI but I'm unsure about the latter.
My understanding is not so much that the "agencies" have "cracked" tor, so much as many exit relays may be "agency run" - i.e in the case of some exit nodes, people are actually purposefully routing traffic for anonymity through government systems...
if your exit node is agency run, then suffice to say they know your destination, and could attempt to figure out the source person based on other information, (e.g. like usernames used, searches made, browser strings etc.)
As for VPN... I can't quite understand what you mean...
are you planning on routing your VPN through TOR? - in which case where is the benefit? your communication still has a fixed endpoint - the VPN provider, where presumably you need to sign up for an account.
or are you planning on encrypting traffic with VPN to your entry node?
I suppose that the answer to your question depends mostly on what you are expecting to achieve.