No, they actually make much less strong statements such as “you may increase or decrease your security and privacy, depending on how you do it”.
Yes thats right. I just simplified it a bit.
But if you’re using Tor over VPN, all the VPN can “harvest” and sell is “he’s using Tor”. The VPN can’t see what sites you’re accessing or any of your traffic contents.
You think here a bit to short. Yes, your TOR Traffic cant be analysed but keep in mind that all your systems traffic go over these VPN connections. You can be identified under some circumstances just by the applications you are using (P2P is a good example for this).
Yes, if you’re using HTTP, then VPN (or ISP if you’re not using a VPN) can see all of it. The lesson there is “use HTTPS”, not “don’t use VPN”.
Yes oc. Only unencrypted traffic matters here. But unencrypted traffic can come in more cases than just a HTTP Connection over your browser. The VPN tunnels the hole system traffic. If you running Windows there is a big chance that a old Programm like some FileManager or whatever ask a server for updates over plain FTP. If your VPN Provider can link this requests to a very specific FTP Server with your TOR usage, there is a potential to use this information to identify you.
True. Don’t trust either your VPN or your ISP. Encrypt, compartmentalize, give fake data, use blockers, etc.
I trust my ISP more than NordVPN oder PIA but I know what you mean.