VPN's are generally encrypted tunnels that can traverse over WANs. There are quite a few different ways to use VPN's.
Take for instance the OpenVPN tunnel I have to my home network, I use OpenVPN software to treat my workstation as a "Road Warrior" that is able to connect securely to my LAN from about anywhere in the world where the traffic isn't blocked. Comes in very handy when I'm on the road and I need something from my servers or need to fix something for the wife.
Then there's Site-to-Site VPN's, which many businesses and establishments use to connect different locations and LAN's together. Traffic can be set to traverse one way, both ways, etc.
There's different levels of encryption (or lack there-of as well) with VPN's...but what's the point of a tunnel if it isn't encrypted? You might as well just use standard connection methods at that point.
I see and build VPN tunnels as a professional service using higher levels of encryption to keep my client's data secure between their sites and workstations. The way your friend is using it is to mask his location, by using the VPN service as a Road Warrior (running software on a workstation to connect to the tunnel) or as a site-to-site (running from the router/gateway), the server's location is broadcasted instead of their home IP address. Though many of those services are defeatable and can use lower levels of encryption, many also offer different servers to connect to so if you're having slowness issues, try a different server. Also if the other end is slow, there's nothing you can do about that, VPN or not.
He won't be hidden from his ISP, his traffic will be encrypted and they might not be able to "see" what's in the packets if he uses a level of encryption and a secure enough key to keep decrypting that data from being easy or possible...but if the key is pre-generated and offered up to ISP's and security agencies to break the encryption then you're unknowingly wide open anyways. Use these services carefully. I have used PIA, and it seems to be pretty decent in my years of experience with it and it's been a reliable service, but it and others have been compromised before...in fact there are more that have been than haven't been. I rarely use PIA anymore, but when I need it I use it.
Now if he has a good VPN service that keeps their keys secured, destroys connection records and accepts anonymous payments he could theoretically be more "hidden". Using the VPN provides a different public facing IP (of the server you connect to), and encrypts the data to keep prying eyes from seeing what traffic you're involved with. But again, doesn't always work that way and some instances can be easily broken.
Your friend also might not gain speeds downloading over an encrypted connection, but he might...depends on the sources, depends on the connection, depends on all the hops in between him and the data he's downloading, depends on the processing overhead, ISP rules and mitigation for specific traffic (they might block OVPN and IPSEC ports and traffic), so could help, might not.
Use no less than OpenVPN or IPSEC, AES256, SHA256, RSA2048 or higher (4096 preferred), the higher levels of encryption will mean higher packet processing overhead and slow down the connection, that's the cost of keeping data secure. Just depends on how worth it is to you or your friend or anyone else. If I'm going to setup a VPN service or use one, I will use the encryption settings I listed and no less. Nothing is bullet proof but it can sure be a pain in the ass and possibly not worth dealing with unless there is enough probable cause that the feds get involved.
As-far-as torrenting, please be careful with how much you divulge because there is a big legal/illegal grey zone with torrenting and this thread will get shut down very quickly if it crosses over to inappropriate and unethical aspects of using VPN's for torrenting illegal material. You have been warned.
