The thing is, the way vpns are currently used is not what they were intended for. They were meant to give secure access to an internal LAN, via a secured protocol on a specific open port in the firewall, minimizing attack surface. This was before modern daemon/server applications were available to initiate the connection from the inside, remotely. It’s still more secure than relying on a cloud account to open the connection for you anyway.
The modern “road warrior” setup just happens to be an added feature of VPNs, which allow the logged in user to function as a local client on the LAN fully, including accessing the WAN. Most OpenVPN implementations are set up without access to peers or local subnets, basically rerouting all outbound traffic that passes through, out onto the WAN and thus the internet. This is of course via shared IPs, unless you pay a premium for your own dedicated IP.
Because VPNs seem to give the allusion of anonymity on the net, people use them for shady things. And like any VPS or web host provider who has an abundance of shady clients, IPs start getting tagged, and since it’s publicly available to determine who owns an IP block, the easiest way is to tag the whole block for these providers. Just like you would make your home PC more secure if you, say, have a little brother who is likely to try to get on your PC while you’re gone, than if you live alone.
The VPN boom hit big because “we secure yor CYBERZ AND HIDE YOU FROM GOVERNMENTZ.” The only real valid use for it though is establishing a secure connection when using untrusted internet connection. If youre not careful though, even that isn’t 100% with certificate pinning.
One thing about humans though is they love their anonymity. They talk their shit and do their unethical and secret tasks under the guise of anonymity. As long as they think they’re anonymous, many suddenly lose their morals and safeguards.
As more people sign up and fall for the marketing of VPNs, the more saturated these IP blocks become and the more shady things happen, and the more attention is drawn to them. Aside from the secure connection to cloud server, you’re no more anonymous than using your home ISP. In fact, it’s another layer of trust. I trust my ISP’s infrastructure over a high volume cloud server any day.
But it’s common knowledge that using a VPN has the added benefit of establishing the origination point from the server, for WAN connections. And if that server is located in a country or region other than the one you live in, you could gain access to region-specific features or offerings. But a combination of market protection (preventing, say, India from accessing the US market directly and paying less due to currency conversion) or region-locked content, these big companies are part self-protective, and government-pressured to mitigate any circumvention. If Netflix was well aware that people in India are able to access content that is restricted in their country (sometimes it’s money… Licensing fees per region differ, as do licensing conditions and regulations), they could be held liable for licensing violations under negligence. So, as with any “life hack” that becomes too popular, when it becomes the norm, it usually gets fixed or stopped.
So, yes, the use of VPNs for exploiting and circumventing protections is pretty much dead, or on its last leg. Those in the know, with the ability to obtain an IP under the radar and host their own VPN server that gets past DPI (deep packet inspection) firewalls undetected, can still take advantage of these things. For the general population though, their life hack days are gone or limited at best.