Always remember that adding a second connection in the tunneling chain adds significant complexity. This potentially increases the security and anonymity risks due to:
- The increased attack surface of secure tunneling software.
- The difficulty in anonymously paying for VPN services - a money trail is potentially the weakest link probed by adversaries.
- Potential bottlenecks with VPN providers.
Depending on the final configuration this may also: increase fingerprinting risk, remove stream isolation of activities, and lead to a permanent destination (exit node) "X" in the Tor network.
Table: Tor Project VPN/SSH Warnings 
|Activity Profiling||If the VPN is the last part of the tunnel connection, the provider can build a profile of all activities which is dangerous for anonymity.|
|Attack Surface and Data||Passive attacks by global adversaries might be more difficult, but this is counter-balanced by a larger attack surface and additional data generated by this configuration. On the other hand, this configuration provides better protection against colluding Tor nodes and hackers targeting Tor client code.|
|Tunnel Fragility||If/when the VPN connection breaks down, direct Tor connections are made without the VPN unless a fail closed mechanism has been configured; see VPN Firewall. |
|VPN/SSH Honeypots||If the VPN/SSH server is adversary-controlled, Tor protection is weakened.  For example, a malicious VPN provider could maintain detailed traffic and session logs, along with meta-data.  This configuration is also reportedly susceptible to end-to-end timing attacks, since the times users were connected to anonymity services can be measured. |
|Website Traffic Fingerprinting||VPN and SSH protocols are vulnerable to website traffic fingerprinting:  |
In this UDP tunneling context, this means that a Tor exit relay could apply website traffic fingerprinting and determine which website is being visited, even though a VPN/SSH tunnel is in effect. 
- https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN [archive]
- Without a fail closed mechanism, if the VPN "breaks down" (the connection is interrupted) then traffic is sent without the VPN. It is far safer to shut down the entire Internet connection in this event, until the VPN connection is restored.
- It is impossible to absolutely confirm whether a VPN service is a legitimate provider.
- https://www.comparitech.com/blog/vpn-privacy/how-to-access-the-deep-web-and-darknet/ [archive]
- https://www.sunnyhoi.com/which-is-better-tor-over-vpn-or-vpn-over-tor/ [archive]
- See: Touching from a Distance: Website Fingerprinting Attacks and Defenses [archive]
- This is a relatively minor threat overall. On the other hand, if a VPN/SSH tunnel is established without Tor, “website traffic fingerprinting” is a far more impressive feat.