A VPN is completely different from the messaging applications.
A VPN will protect data leakage from other applications, and potentially help out a little against DPI and dns logs.
> So why use these apps?
Because (theoretically) Signal/Wickr cannot read your messages. Meanwhile facebook has access to all Facebook Messenger conversations, even if you used a VPN.
You can't trust that the endpoint of a call is on a secure network. If you need to interact with multiple stakeholders from an organizational POV, you may not trust identity of the other parties either, so a traditional Skype/Teams/Jabber type thing won't get it. Signal lets you do that ad-hoc, at least for low trust level validation.
The VPN provides security for the LTE or Wifi connection. The network that the VPN terminates on may not be a "trusted" network either. Think of an office LAN. You usually don't require a VPN to join the office Wifi or wired ethernet. The LAN provides a level of trust sufficient to access the printer or something similar, but you still secure a connection to your server with SSH.
Let's assume that Signal is fully encrypted and there's no feasible way to read the messages.
The problem is that the phone is likely used for other things too, and you don't want [insert important app here] to leak information that could've been protected with a VPN. Also things like dns logs and the IP connection will still be revealed without a VPN so an attacker will be able to know that you're using Signal, when you're using it, potentially with DPI they might get to know when you send/receive a message. Collect this information across a wide enough network and compare the times, you may be able to tell who is messaging who and when.
With a VPN there's no risk of other apps leaking data, it hides your dns queries, and the end connection. This means it will be difficult you're using Signal specifically at all, and should make DPI at least more difficult.
> But they probably don't fully trust their vpn
The VPN isn't necessarily be in charge of keeping the messages themselves secure, but for preventing other data leaks. The messaging application is responsible for that part, and they had to use something like Signal, because (theoretically) signal cannot read their messages. Slack/MS Teams/Facebook messanger/etc still have access to your messages regardless of any VPN.
As a prior technology acquisitions professional, the contract for that capability will touch so many different '4 letter' offices and can arguably be bid under each service's acquisition arm that the pain and dollar amount associated with it simply isn't high on the priority list.
There is a reason the DoD shells millions to msft to provide xp support past EoL
Can you expand on this? Trusting a VPN is equivalent to trusting the VPN provider. As long as you believe the VPN provider is more trustworthy than the network you're tunneling through, I don't see why trusting VPN is bad practice.
This is a good assumption. VPNs do not protect your identity. At best a public VPN will mix your traffic with other users at some exit IP, but it's very hard to trust that the VPN itself is not logging your traffic (or at least the metadata).
The Military might not care about people knowing they are talking, just what they are talking about. In that case, using a VPN makes sense because they can tunnel traffic to a server that is exposed to a private network and use a central chat server there or something. All traffic to that central server would be encrypted.
You'd have to use a technology like TOR to get closer to real anonymous communications on the internet (although even that isn't perfect).
So, the whole point of a vpn is to route all your traffic through the vpn. To websites, all your traffic looks like vpn's traffic. The trust point is to the vpn, because they can only forward your requests if they know it's "you".
