I don’t think it’s just streaming services. FTC quotes gym memberships as an example as well, and they’re notorious for bad cancellation policies.
Good question. A lot of banks in Europe use this type of setup, where it will ask you for 3-4 characters of your pin/password, both to login and to confirm transactions. I always thought it was weird but never thought about the security implications.
It depends on what type of VPN you have as well, because if you have one that gives you a dedicated IP, chances are it wouldn’t be detected. But most of your regular cheap VPN packages will have you sharing the same IP as hundreds (thousands?) of others.