[smokeypanda]

I don't have an expert understanding of how cookies or VPNs function, but these are the two categories of causes that I came up with. Both seem more likely than Google having timing data from a third-party service.

Within the first category, possibilities include that the phone logged into your Google account while using the VPN, that there was a Google tracking cookie on your phone and that phone wasn't always connected to the VPN so it related 2 ip addresses, and that your other device on same network shared a VPN session with your phone.

The 2nd category I'm including for posterity even if it's unlikely based off your stated usage of FOSS on your phone. That your phone isn't a degoogled OS or other device with Google integration. Smart devices with microphones aren't supposed to collect voice data when not explicitly activated, but it is a potentiality.

[woojoo666]

At this point I feel like I should have used a throwaway with how many details I'm giving away here haha, but I have never attached a google account to my phone (I access any google services via browser), and while I don't run a degoogled OS but I have disabled play services and all google features + apps. I'm aware that there's still a chance that Google has trackers, but those trackers would (1) have to detect which reddit account I was using inside my FOSS reddit client (2) detect which video I watched on my FOSS youtube client. It's possible but I decided that this level of surveillance was both more nefarious and less likely than them using timing analysis.