VPNs are significantly better wrt protection than HTTPS.

VPNs create a separation between the client and the server (as you mentioned) so not only can the server (or those eavesdropping on the server's connection) not see the client's IP, those eavesdropping on the client can't see what services they are connecting to (other than the VPN).

Of course by combining knowledge from multiple sources you can still build a fingerprint but VPNs with sufficient utilization can serve as a mixer to obfuscate which users are taking part in which traffic. Doubly so if the VPN supports multi-hop routing where the client side VPN and the server side VPN are at different sites.

Really as long as you aren't leaking DNS and you use a reasonably secure + well utilized VPN, your client should appear as a black box that shouts opaque contents at a single server without leaking many details about the actual communication taking place.

Compare this with HTTPS + no VPN where only the contents are obscured and everyone eavesdropping (aka the ISP or anyone on the same network) can see every service you are connected to. That alone should be enough to fingerprint a given connection to a specific user.

I assume there's a sizable segment of VPN users who enjoy torrenting without DMCA letters catching up with them, FWIW. HTTPS doesn't help much with that.

I agree that VPNs are generally over-hyped, but they absolutely offer an increase in protection here.

ISPs have historically done slimey things like hijacking DNS, and HTTPS leaks tons of metadata like what sites you’re browsing and for how long, and what user agents you have can easily be fingerprinted. And there are still too many IoT and mobile apps that don’t strictly use TLS for everything.