Does routing crypto node traffic through a VPN actually improve privacy, or just shift the trust assumption?

I've been thinking about the privacy model for running a full node (Ethereum/Bitcoin) behind a VPN, and I'm not sure the threat model holds up under scrutiny.

The common advice is: "use a VPN so your ISP can't see you're running a node." That's true, but it just moves the trust boundary from your ISP to the VPN provider. Unless you're running your own exit node or using something like Tor/i2p, you're still relying on a centralized party not to log your IP ↔ wallet activity correlations.

What I'm actually exploring is whether there's a meaningful privacy gain when:

1. Mempool snooping your node IP is visible to peers the moment you broadcast a tx. A VPN masks your real IP from peers, but your VPN provider sees it all.
2. Timing analysis even with VPN, chain-analysis firms can correlate tx broadcast timing with known VPN exit IPs.
3. dVPN alternatives protocols like Orchid or Sentinel theoretically distribute this trust, but I haven't seen rigorous analysis of whether their anonymity sets are large enough to matter in practice.

My current thinking: for most users, a VPN is security theater for on chain privacy. The real gains come from Tor broadcasting (Bitcoin's -proxy flag) or using a privacy coin at the protocol level.

Curious if anyone has done actual traffic analysis or knows of research comparing these approaches. Am I missing something in the threat model?