>Wouldn't the smartest way be to download Tor after hopping onto a VPN?
This probably wouldn't hurt, but wouldn't help either, because the ISP can find out whether someone is using tor, and so can the NSA, I'd assume. Worse, if I were the NSA, I'd assume, that people, who are making it hard for themselves to download tor, are the most promising targets.
People simply should use tor on a regular basis, and not waste time to download it in a certain way. It's having no privacy vs. having at the very least some privacy without much effort.
IMHO it's much more important to check the GPG signature before running anything. But if someone doesn't know how to use GPG, he should use tor now, and learn GPG later.