Captchas upon endless Captchas designed to create friction, geoblocking, inability to log onto financial services because of very basic conditional access rules that don't take into account 2FA whitelisting.
Of course the customer service is non-existent, automated, or simply does not comprehend what I'm talking about and defaults to my "computer" is broken.
Running an VPN on an Azure/AWS/Digital Ocean instance is not viable because the whole ip range is blocked by automated services like cloudflare, even if it's static.
This also applies to public VPN vendors like PrivateInternetAccess. You also run the risk of being commingled w/ other "malicious" users and general account bans by IP address from basic meta data analysis (Time/Date + IP address + Account accessed = disable access basically.) and then have to beg to be enabled, further confirm your identity and minimize plausible deniability for "risk management."
Besides running a VPN from a residential node, is there something I'm missing?
CAPTCHAs and reCAPTCHAs may seem nefarious and hostile...until you realize that there are bots on AWS/Azure/${insert_cloud_here} that do nothing but try and brute-force logging into stuff or pay for things on peoples' behalf because they use passwords that were leaked ages ago and so many people use their FB login credentials for their bank and government stuff.
You could add backoffs, retry limits, user agent verification and all sorts of server-side tricks to slow hostile actors down, but services like Lambda make these extremely trivial to bypass now. You could invest in machine learning to detect hostile patterns and defend against them, but that's a really expensive game of whack-a-mole at best and useless at worst, and blocking out IP ranges is really, really easy in comparison.
You could do something like what India does where every service that involves PII must be authenticated with SMS two-factor against a phone number registered in India, but at US scale that would be hard to manage.
Your idea of running through a residential node is probably the best solution, I would suggest getting a couple of cheap routers that are compatible with DD-WRT then leave one at home or with a friend and travel with the other. That way you can connect your devices through wifi with no extra setup. I have a router that I setup with HMA VPN about 5 years ago and it seems to get past most geoblocking schemes but I think that may be because the IP pool they put me in has not gotten burned yet or Im in a pool specifically assigned to legacy rather than new customers.
> Running an VPN on an Azure/AWS/Digital Ocean instance is not viable because the whole ip range is blocked by automated services like cloudflare, even if it's static.
I am not sure about that. Since I host my tunneling server on an VPS instance for 5 years. My IP packages have never been blocked by any website or CDN even once. However I don't use internet banking, so no idea about that.
This is not my experience, on AWS and also lightsail. But it may be because I've been using the IP for so long it's become associated with my accounts. Of course for some services (netflix) it's a non-starter; but I don't have a problem with recaptcha.
These are instant and adjustable filters down to the level of rewriting paths