Yeah, there's lots of these floating around sometimes called "scraper service" or "residential proxy". Not sure if it's still around, but one of them enlisted machines by paying users to install a browser extension.

There was one famous free VPN service that worked like this. You install the addon, get a free VPN for a certain amount of traffic, and while your browser is open other people will be able to browse from your IP (and access your home network, of course!)

Making the browser deal with PoW challenges is only a small price to pay for what is practically a free VPN. It works great, until your entire home IP starts getting CAPTCHAs all the time, and because users don't know any better, they start blaming that darn Google/Cloudflare/Microsoft for claiming they're a bot.

I'd be a lot less concerned about more unnecessary captchas and more concerned about what kind of traffic VPN randos are piping in and out of my home ip address.

This could maybe work as a legit region blocking workaround service if the VPN only allowed connecting to popular streaming sites somehow. I don't think I'd trust it though.

That's the thing, most users didn't know they joined a botnet, they just thought they cheated the system by finding a free VPN.

I think there's some merit to the idea, especially for free VPNs, but you'd need a whitelist for things like streaming services and something to prevent abuse. Of course these companies were just interested in building out botnets, but it could be done somewhat okay if the right groups of pirates and streaming customers banded together.