It makes sense that VPN users see CAPTCHAs though... By design, it's hard to differentiate an attacker from a legitimate user, and there's a LOT of cyberattacks that go via VPNs.
That's also why banks and online stores don't like VPNs. It's hard to tell if it's you logging in vs if it's an attacker using the same VPN as you.
I mean properly you could say that about most any public network though. So far I haven't had to deal with such but I wonder what the experience for those who's ISP sticks them behind a CGN is on that front.
The difference with a public network at a coffee shop or whatever is that people usually aren't using that network for DoS attacks.
who’s ISP sticks them behind a CGN is on that front.
Good ISPs that use CGNAT also use IPv6, and modern OSes prefer IPv6 over IPv4. There are some bad ISPs that use CGNAT and don't support IPv6, in which case I imagine the experience for users isn't ideal. I've tried using a network like that and kept getting "unusual traffic from your computer network" CAPTCHAs on Google.
Captchas is one of the reason why I ditched Google as my default engine because I started having nightmares about blurry low res pictures of motorcycles and busses and pedestrian crossings broken up into squares.