As someone who works in IT Security, the captchas are a necessary evil at this point. Without captchas, sites get slammed with millions invalid or malicious requests every hour. The sites I work with will see error traffic spike 3000% or more from credential stuffing attacks alone. These attacks are so highly distributed that simple IP tracking and banning all but ineffective anymore. And about 99.99% of the malicious traffic comes from VPNs and hosting providers. Unfortunately botnets and the people that run them are getting smarter and smarter about constructing the traffic to avoid bot detection.
tldr; the most effective tool to keep a site up and running and accounts secure is unfortunately captchas for VPN users.
A better option might be to require third party developers to use a Reddit based advertising API with the benefit of free API usage and revenue sharing. Everyone’s happy. Third party developers would get paid for ads, they can show more ads and use other ad providers along side Reddit if they want to, the API gets paid for by advertising revenue for all of the third party apps, Reddit gets to track it’s users by requiring API Ad calls to send a user id, etc., etc…