Now to your point about stopping 95% of the population from hiding their ID online, have they done so successfully in the past?

They never really saw a great need to. Western capitalism was strong enough it could afford to pretend to have these liberal freedoms and tolerance of speech and so on. Now it's not and it's discarding that mask.

My understanding is, that this makes any VPN useless for anonymity

Against a resourced threat actor directly attacking you yes. If you're a "terrorist group" then you're fucked by opsec mistakes like that. More complicated is that tech companies like Google, your email provider, bank, etc aren't really going to be interested in helping the feds coordinate and unmask VPN users. They'll either block VPN access entirely for their own reasons (risk compliance) or not. Facebook a bit more up in the air given how they're basically an info gathering operation for the west but still I don't think they're going to unless forced hand over lists of time, IP address, real name access logs of people connecting from VPNs for what? Hunting down people viewing porn? To do that you'd need either a tap on the porn provider's infrastructure or their cooperation (they'd rather just block VPN addresses at that point I think) or else to have compromised the VPN itself. You could try and do timing attacks I suppose. I tend to doubt that much effort will be expended on porn because it's simply not the real target just a convenient moral hazard to panic about and bulldoze over initial opposition with.

So in an absolute sense yes you shouldn't connect to things that connect back to your real identity while on your VPN, especially while on your VPN and in the same session from the same end-point doing things you want to hide from threat actors of a government kind. So for example if you create an anonymous Twitter account and post some violent threats on your VPN and then log into and browse facebook and do this a few times that's a way of potentially being caught or at least an attack surface you don't want. But in that example both Twitter and facebook are cooperating actively whereas I think porn sites would be less keen to cooperate on unmasking users rather than just blocking VPNs at that point. It could happen I suppose for government blackmail but I tend to think they'd just prefer the porn sites end up blocking VPNs at that point and force people to browse after submitting ID.

As to the hiding in a crowd thing. If they can actually use machine learning to sift through the vast NSA gathered signals intelligence in bulk at scale that would be the end of that strategy having any merit because they'd have total visibility and insight into most things and could even do traffic timing coordination attacks on a bulk scale and without significant mitigations that wouldn't be possible to easily defeat.

I tend to suspect things like Signal are compromised by a National Security Letter or other means. But those are "deep secrets" meant for catching valuable fish so not likely to be blown on anything too mundane like a moral panic. E-mail isn't really safe at all. You can hide message content using PGP (but unless you're exchanging your keys in person or taking great pains to obfuscate them that may not help if you exchange keys online via the same or similar mechanism) but not metadata which is what they most care about for crushing activists which allows them to create relationship graphs mapping out people with relations to others like members of an org.