There are multiple issues.
There are two places where a site admin can "spy" on you. One is by looking at his server log, and the other is using google analytics (or one of the other plug-ins).
Neither tells him
who you are. You would have to reveal your identity some other way
on his site (or another site he runs) e.g. by registering with an email address of winston-churchill@gmail.com and posting in convincing detail about your exploits in ww2 (you get the idea). And GA doesn't even reveal your IP; the nearest you get is a rough location e.g. Birmingham, so the only way you would find out that the traffic was Winston is if you somehow knew, or could be very sure, that he was the only person accessing your site from Birmingham.
What these tools give you is a lot of info about Person X but you won't know who it actually is. So there is no breach of privacy.
It's like you set up a portfolio on some share portfolio site, as E Windsor. The portfolio, worth £100M, could be real. But they have no idea who you are. In some cases, if you are stupid, using your full name, and using a fixed IP which is known to belong to Buckingham Palace (because the dickhead in charge of royal IT set up a public DNS for the router
) the admin might guess you are the Queen
However, if you are running a shop flogging microwave ovens, and a W Churchill of 123 High Street Birmingham buys one, then suddenly you know who X is, and who it was all along. It is mainly for this reason that tracking has been made available. It enables commercial sites to track who is watching what and who is then buying what. So if X browsed some special promotion on microwaves in January and came back in June, you get a bit of a metric on how useful that promotion was.
Lots of other good reasons for tracking. It tells you the % of mobile devices, the OS, the browser, versions thereof, hitting your site, so you can make sure it works for them. This is very important. With the right plugins or log analysis tools you can get a heat map of the site (where people are clicking) so you can put a big button on the link where 95% of traffic goes, etc. You can even tell how many had to scroll the page, so you can change the design so scrolling is not needed for the most popular features, on the most popular client devices.
Cambridge Analytica is different. They bought personal data from Facebook, which sells everything. And FB knows who everybody is, because they bought Whatsapp so they got everybody's full name and mobile number, and until recently they could read all messages (now they can read only group messages). Facebook is a really shitty and ruthless company. I use FB but only to keep in touch with old friends and to exchange non PC jokes
The vast majority of non shopping sites will never find out who you actually are, and even if they did they won't care. Of course, never use your full name on any forum. Always change your surname, and make sure any personal/hobby websites of yours don't have your photo on them. And make sure the domain holder has either got a fake name for you or (like say .co.uk) does not publish the owner details, otherwise a google search for your name will find the domain. This is basic stuff.
So I don't see how VPNs help on forums, for any human user. Unless you use the same pwd on many sites (a very bad idea) and are accessing a
non-HTTPS forum on a public wifi network.