Generally browsing via VPN is not equal to more privacy. It just tells the websites you're where the server is instead of where you are, while the server might log your full browsing habits even though they promise not to. While legitimate interests, like, ripping you off because you live in a rich country or making sure you're not in a criminal country, makes browsing with VPN a bad experience.

Instead, you could fake your location at least in Firefox' about:config.

// fake geo location (HB Zürich here)
user_pref("geo.prompt.testing", true);
user_pref("geo.prompt.testing.allow", true);
user_pref("geo.provider.testing", true);
user_pref("geo.provider.network.url", "data:application/json,{"location": {"lat": 47.377, "lng": 8.540}, "accuracy": 2700.0}"");

These are small potatoes to the real problems.

I worked at Dollar Tree a year ago and got a letter saying my SSN and birthday was breached by Lockton. This is the second time this has happened and it’s ridiculous they’re still holding on to my data even though I never consented.

If simply functioning in society is going to require me to buy lifetime identity threat protection then I don’t know how privacy isn’t a luxury. Simple: don’t live.

I don't do shit online. Don't shop. Set appointments. Don't Google. Don't do email. I am nearly a hermit though

Everything starts as a luxury until the working class bands together and demands it. 40 hour workweeks, overtime, sick days. These are workplace examples, but the concept holds true everywhere. In a capitalist society things like privacy aren't considered until someone starts exploiting them for profit, at which point people start to get serious about protecting it. And this rule applies 5x in any tech realm, as governments are notoriously slow to build legal protections in new and fast moving sectors.

All that was to address your title, which is only tangentially connected to the rest of your post. Regarding the body, companies have absolutely started to equate VPN with bad actors. Still worth having. I just whitelist the services I have to.

From the infosec practitioner perspective the number of bad actors coming from public VPN pops is exceptionally high compared to any other random IP, so they get put on a naughty list. We often cut out entire countries just because they have such a high ratio of bad 2 good traffic, particularly if it's a country that we have no real expectation of user traffic originating from.

It's not so much a VPN bad, but just that you're hanging out with others that act bad. Kind of the Nazi bar thing but for hackers. If you set up a private VPN somehow on a random cloud host you likely wouldn't see the same issues, how to keep the ownership anonymous though is another problem.

Probably for the same reasons that healthy food is a luxury. Make it easier and far less tedious to get the shitty end of the stick. Most of the proles will just give up and accept it, especially in a world that seems to put instant gratification at the top of the TODO list over self-reliance and self-respect. In other words, fashion over function.

If they can surveil our conversations and control what we see and hear, then they can advertise shittier foods, which then puts us in the pockets of insurance and pharma once we develop conditions and diseases from said shitty food. Once you're in that loophole, it's already been said by the pharma execs themselves, "healing your customers is a bad business model."

I use ProtonVPN and have to turn it off to log into my bank, credit card, and other financial institutions. Also I seem to have to do a lot more Captcha puzzles than I used to, and have had online orders flagged as suspicious. in some cases, it seems like they're just trying to protect your accounts. In others, it seems like they're throwing a hissy fit because they feel they have a God-given right to your private data.

Yah, they will keep demonizing privacy until we give it up. Because those who care about personal freedom are all terrorists, pdfiles and drugs dealers. Just give up /s.

It's not profitable.

How can we have private group computing, online shopping, when people here fail to control their individual computing (Google Chrome, iOS, etc)?

Because your information is what a number of services use to make money. Even before VPNs come into the equation, you're undercutting the service's ability to sell you by anonymizing yourself.

That said, as noted elsewhere here, VPNs can be used by bad actors which can get you just put on a massive block list; and in addition, VPNs can be used to circumvent regional protections such as provisions on what countries can watch what content on video streaming services, which those services also want to prevent and so can block known VPN addresses to avoid.

It feels like the general consensus is VPN=malicious rather than "VPN=“this guy is just trying to protect his privacy”.

VPNs are used for malicious purposes. After all if a VPN keeps no logs, doesn't track usage, and lets one pay with alternate currency, why wouldn't someone use one if they were wanting to commit a crime?

For any service it's a battle between avoiding blocking actual users, and keeping out the bots and malicious users.

A VPN with a paid dedicated IP may help, or a DIY VPN hosted on a VPS somewhere, but I'd argue it's not really any better than just using your ISP at that point since all your traffic comes from your own unique VPN IP.

I use a credit union, and they obviously don't care that my login location changes from week to week. If the login comes from outside the US, then I get a flag from the fraud department.

Yeah you need a different device or browser profile for KYC services only and remember to split tunnel vpn traffic to it