Usually a mobile connection's speed will go up and down based on the number of users at any given time, but that of course is not the issue here
One thing that is very likely the reason is if the VPN is using different DNS servers from the one the provider uses - that would definitely explain a difference in the connecting speeds to websites.
I know my provider's app has options for using their DNS, or a custom one if desired.

I noticed the exact same thing when I was living off of a mobile connection while I was in regional (aka rural) Australia for three months. It was noticeable, but not as dramatic as what you seem to see.

Yes, my first thought was DNS. Even though... oh, whatever. Today's interconnections are difficult to fathom, so, yes.
Thing is, with KDE's network manager, I (tried and tried but) can't seem to be able to bypass the provider's servers. I can add servers, but not remove any.

Any suggestions on that?

Connecting to your phone's hotspot, it *should* use the DNS from that (VPN), if you have things set to automatic

Else, you can change to "Automatic (addresses only)" and enter your own address(es). There are websites to check which DNS is being used, but if you are not too worried about DNS leakage, then just use CLoudflare's, or some other super fast DNS.

OK, the correct image this time

Here, V60 is my phone, via hotspot.

Oh, so it was Automatic (Only addresses) :-/
Boy, I spent like half an hour groogling around only to find complicated methods that didn't work. As usual, this is the best place :-)

Still, changing servers (I tested them) has no (perceptible) effect. Direct connection is "slow". VPN is "fast".
Oh well. I know my provider is rather crappy, but it's the only one with minimal coverage here.
How does VPN speed things up, however - especially since DNS does not seem to be the problem - still escapes me.

Also, VPN is not quite the panacea. Some sites just block it, Netflix positively hates it, it makes Amazon throw fits...
Oh well. I just disconnect it in those cases.
It's CLI. There's no "GUI" as such... not really needed, but... I just made a simple bash script, it lets you choose a few "favourite" locations from a menu, or disconnect. It uses Kargos to show the location in the tray.
It's actually... not too bad :-) Looks like this:



This is the Pastebin for it, if anyone is interested.

i have a symmetrical fiber optic internet from Allophone. 500MB/s up and 500MB/s down. However, my wifi chip, AR9462 driven by the ath9k driver, has a maximum speed of 300MB/s (/n), but I got the 500MB as a free upgrade from 100MB so I am not complaining. My peak speed is around 270MB/s

HOWEVER, even so, there are times when my connection speed drops to 25MB or less, especially if I am downloading. Mostly it is throttling at the server so they can maximize their connection count. Kubuntu, for example, gives me an average download speed of 18MB/s when I am updating. YouTube appears to do that, giving me the spinning arrow and offering an "explanation" as to why a video is lagging. But, most of the time, YT viewing speed is sufficient for seamless viewing.

I am also running an IPv6 tunnel through Hurricane Electric. It gives me a 20/20 connection analysis at ipv6-test.com A speed test on that website, connected to a server in Paris, Fr., gives me 132MB/s on IPv4 and 136 MB/s on IPv6. Many times my IPv6 tunnel is faster than my IPv4. My FireFox browser defaults to IPv6 due to my settings, with a fallback to IPv4 in 1 second if the IPv6 site doesn't handshake properly. I made those settings that tell my browsers which protocol to prefer in /etc/gia.conf.

My next computer, if this 2012 Acer dies before I do, will gave IPv6 hardware.

I guess we're talking megabits - with a lowercase b ;-) per second (/s).
On fibre, I did download like 500MB(ytes) of updates in just a few seconds.
On black-hole mobile hotspot, that definitely takes longer.

But apart from that (and it isn't a problem, is it, you just wait and do something else), 2-3 MB (20-30Mb/s) that I get, are fine for anything.
Even without VPN, YouTube, Netflix and such are flawless. There's never any delay.

But, without VPN, there's just about always a delay in connecting. After which, it's smooth.
With VPN, no delays. Internet access "feels" fast. It's pretty much the same as fibre.
Now, the connection delay. DNS seemed an obvious culprit. Apparently, even without VPN, I'm using Cloudflare's servers, and it takes seconds to connect
I may add, especially to KFN. it's a lot more noticeable :-)

I think this may depend on the phone or the where the VPN is run. My current phone, even with the VPN it seems difficult to impossible to use the hotspot feature and also us the VPN's DNS ---when running the VPN on the phone. It is using the correct DNS when I run the client software on the PC.

On the phone I used for the hotspot in Oz, running the VPN client on the phone, the hotspot seemed to be using the VPN's DNS if I recall correctly. I could be remembering it wrong, as I tried a number of different solutions until I went with an OpenVPN-Connect server on a VPS here in the US. I was using a VPN for work purposes, not for region spoofing (much ) In any case, two different phones from the same brand but acting differently in terms of the hotspot.


tl;dr you might check to see which dns you are actually connecting to, it may still the be ISP for some reason

I have the VPN on the PC, not the phone.

All online DNS checkers I tried report Cloudflare when disconnected, M247 when on VPN.
systemd-resolve --status reports 1.1.1.1 and 1.0.0.1 in both cases (but then I guess it just reports my configuration).
The more advanced DNS checkers (including Cloudflare's own) specify Cloudflare... Madrid. All in the 188.114.106.x range.

So, I'm still wondering, if the culprit is not DNS, how is response noticeably faster on VPN?

First block on the googlez

From NordVPN
Makes sense.

A provider could be an MVNO, using a larger major network. Said major company gives the MVNO cheaper, less efficient routing, or priority and the like, maybe?

Spot on. It is a MVNO. Which means that I get unlimited everything (since I use the mobile phone for internet access) for €22/month, including a dual SIM, which means I keep one in the actual phone, which I carry around, and the other in the Ubuntu phone, always set as a hotspot, sitting on top of the repeater antenna.

I still have a phone on a limited contract with the parent company (for a while). Let me run a couple of tests... ... well, whaddayaknow... The "major" company behaves exactly in the same crappy way, so I guess it gives the cheaper routing to itself as well , hey.

Still, that must be it. Phone company has crappy routing, VPN bypasses it. Should have asked Google myself... I usually do, actually, this time it.. just fell off the wall :-)

Mucking around with VPNs.
It's not as if I need them - I really don't care about privacy, real or imagined - but hey, with this provider, it turns out that I do (need it). It's a lot faster.

So I tried:
Windscribe. Easy setup, works just fine. Gives problems with a few sites. Fast. Has no GUI, I just made a little script for it.
They also gave me an actual free trial (no money needed).

Nord VPN. Impossible setup, works so-so. Connection definitely slower than windscribe. Uses M247 network, same as windscribe, but Amazon for some reason doesn't seem to reject it. I say "seem" because even on windscribe it's not every time, I haven't tested it thoroughly at all. Has no GUI.
When I say "impossible setup"... it took me a few hours to get it to work. Whatever I tried - including purging and reinstalling as suggested - it gave me: "It's not you, it's us. We're having trouble reaching our servers. If the issue persists, please contact our customer support." In red :-/
As the problem definitely persisted, I contacted support. Not an easy task, but then it usually isn't. I've attached the transcript of the support chat, if you're up for a laugh :-) 210 lines :-/
I finally managed to install it (support didn't). By disabling IPv6 and then purging. With the rather dismal results detailed above.
I'll definitely apply for my money back.

Private Internet Access. On another level, usage wise, than the other two.
It uses Datacamp Limited as network. Does not seem to bother Amazon. Just as fast as windscribe.
It has a GUI applet. Very well made. A systray icon with on-hover and click set just right.
Setup was pretty straightforward. I just had to make the installer executable, and run it from terminal (it gave errors if run from Dolphin).
If it keeps working like this, I'll definitely use it.

[EDIT] I applied for the refund - on Nord. It took less than five minutes, actually. I expected worse. They said 3-5 business days - fair enough.

I have never tried a VPN but from what I've read and seen, including your experience, they look like nothing more than a commercial TOR connection.

TOR creates a "tunnel" out of your machine, through your ISP servers, and out to the WWW. It goes through at least 3 servers and gives a unique IP address each time it is loaded or if a new IP address or end point is requested. How is TOR different from a VPN?

And, using TOR if a log into Kubuntu, for example, using my login name and password, it defeats the purpose of TOR or a VPN because I've identified myself at the exit point. This is also the case logging into NetFlix, Amazon Prime, or what ever. While a service may block access based on the location of the user, using TOR to access from a country that isn't blocked still requires a name and password. Identity revealed.

So, unless one is going to browse anonymously without ever using a name and password, what is the value of a VPN over TOR? (Aside from the fact that the CIA helped fund TOR so its agents could contact "home" using .onion addresses that regular browsers can't access.)

EDIT:
For grins and giggles I ran TOR and logged in. After logging in I get this messge before I attempt anything.
Ignoring it and opening the Forum link I see that I am indeed logged in. But, my identity has been revealed.
I'll click the "New Identity" button without logging out and see what happens.

EDIT2:
As I suspected, generating a new identity (IP or country) disconnected me. Subsequent logging attempts with the new identity met with the "STOP" sign in red letters.

Simple, for most end users, the VPN is used for situations like when I wanted to watch a movie on Amazon Prime video, but I was in Australia. Login makes zero difference, it won't work there. I have to fake the US IP/location in order to use it. - don't forget you can share many streaming service logins with a certain number of people, so friends and family overseas and the like.

Or, I am in the US and want to watch a TV show streaming from the ABC (Australia Broadcasting). It is free to those in-country, but not accessible without spoofing.

But a VPN is not TOR at all, or intended to do the same things.

"A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network."
In many cases, this is an encrypted connection to a company network, that sort of thing. The spoofing, security/protection/whatever for using bittorrent or streaming unauthorized content is a very specific usage of this type of system, but it was not created specifically for this sort of thing at all.

Tor is designed specifically for distributed anonymous connections.