>Forcing users to prove their not bots is totally the wrong approach. They should be forcing bots to prove they're human so that real humans don't see this nonsense.

How do you tell who's the user? A bot can look like a user and a user can look like a bot.

You do understand that what you're asking for is literally impossible, not just "easier said than done"? Blocking bots until proven human is exactly the same as allowing humans until proven bot.

They already are forcing "bots" to prove they're human, to the best of their abilities. At some point their measures dictate that traffic from VPN = bot, until that "bot" can prove otherwise. If you're blocking whatever mechanisms they use to identify "human" then it shouldn't be a surprise that they can't differentiate you. Their only interface is whatever traffic happens between you and them, not any intention or motivation behind your actions.

They have a negative interest in blocking people from accessing anything, since pageviews = ad views = dollars. The only time they have an incentive to block anyone is for click fraud, or for any similar reputational damage from a person / bot / IP.

I agree with you, but, to be clear, the issue isn't VPNs, it's that the VPNs you are using are also used by spammers/bots/etc. or a large amount of other people. If you set up your own VPN somewhere that is just used by you and your family (for example), you will never run into this issue.

As a case in point, the same issue crops up with lots of users going through the same corporate proxy.

And it's the same reason that you can run Netflix (for example) through a personal VPN with no issue but will run into problems if you use a popular, retail VPN service.

What's the point of a VPN if you're easily identifiable? Surely you want to blend into a crowd?

I mean, unless you're going through additional effort, you're still identifiable through a VPN. Any web tracking, whether through cookies or through fingerprinting, still works just fine. At best you're merely making it more difficult.

Also, there is also no reason, though it would be a PITA, that you can't add your own measures to a private VPN, whether that's rotating IPs or some other measure. Is it going to keep your illegal activities truly anonymous? No, but neither is a retail VPN. It is a matter of degree and what tradeoffs you're willing to make.

As far as uses for a private VPN, the most obvious is to ensure intermediate parties, particularly on the same subnets, can't snoop on your actual traffic _content_. This isn't going to keep you anonymous from the NSA, but it sure will help against corporations (ISPs and their numerous corporate parents/cousins/siblings). Another benefit is that by protecting against packet level inspection, you are protecting yourself from many current forms of traffic shaping and bandwidth metering/throttling, as well as from limits on services you are running or the content of files you are downloading, as well as from intermediaries (e.g. ISPs) from inserting ads or additional tracking or whatever else into your (mainly web) traffic. This also comes into play not just with your normal ISP but any you are using while traveling (coffee shops, airports, hotels, and other untrusted networks).

I run a VPN from home for using at coffee shops and the like. While the proliferation of HTTPS has made sketchy networks less of a problem, DNS is still leaky.

You can run the DNS through your VPN and have it use secure DNS outside of your home ISP, and then cache the DNS results on a DNS server at home.

It's not perfect but leaks will end up being pretty minimal, even in accidental situations.

I route all traffic, including DNS, through my VPN when I'm not at home. I was just commenting on the leakiness of DNS to preempt people saying "HTTPS means you're safe!"

I used to run my own DNS server when I was on Comcast. Now that I have a real ISP run by people I trust who have the same opinions on privacy that I do, it's no longer worth the hassle.

You could just pay double ($10 or so) for a VPN that logs, has less users, more IPs, and should be able to avoid these issues.

Possibly, sure. Depends on what IP blocks it has and how well known they are. Ultimately there is great incentive to track any retail VPN service, even the less well known ones.

> Easier said than done, but that's not my problem.

Well, but it is. Spammers and abusers have directly made it so. "This is why we can't have nice things." It's not your fault that thieves exist, but you've decided it's your problem enough to put a lock on your door.

And if a website has deficient measures against spam/abuse, it becomes your problem again when you have to see it or deal with it. Turns out that Recaptcha works pretty well in a world where it's only becoming easier and easier to abuse web platforms. And that's become a problem for all of us who want to participate online.

It's easy to be dismissive here, especially because you can just put Google in your iron sights and fire away instead of acknowledging why people use Recaptcha. Or you can just say "I'm sure there's a better solution" and leave it as an exercise for the reader. But I think you're barking up the wrong tree.