I'm using Whonix for several years now. It's really great. You can get problems updating your distribution if you add own programs to the packet manager. I added "Gajim" a Jabber client which caused problems in my apt update. So be careful there.
Is it a good idea to use a VPN in every case? You can't 100% trust your VPN company and in case of doubt they would rather give their logs to the authorities than facing prison by themselves. So you should use a VPN with a "nolog policy" and one that hasn't their company headquarters in one of the 14-eyes-states.
But even then: Don't trust your VPN company! Don't trust anyone! Most times it's better then simply connect through TOR. Better than VPN->Tor would be Tor->VPN->Tor but thats more difficult to configure. Maybe someone will make a tutorial on that ;-)
Keep up the good work!
Exactly, expect that every aspect is already compromised. I'd rather trust the VPN than not having anything at all, but hacking wifi + VPN would be the best bet. Getting a VPN with fake details, paying in BTC that was tumbled and a no log company with a solid reputation is the answer