That's a bit of an over exaggeration of what I said. I didn't say stop using VPN altogether but consider using it more selectively when you really need to do so. I think everyone who has reported the issue has noted that turning off their VPN has resolved the issue.

FT is essentially a 'free' to use site, although I guess that the advertising revenue that IB can get pays the bills necessary to keep it prospering. Regular users will be aware that the site does get targetted by denial of service attacks from time to time, and IB have chosen to use cloudflare to help accelerate the site performance as well as defend against such attacks to help maintain uptime. IB have probably turned on some additional IP filtering to provide some additional front door security to probably minimise the costs of Cloudflare sinking DDOS traffic. CDN providers like Cloudflare typically strike commercial deals on the basis of what's expected as an 'in contract value' and then a PAYG rate for what is unexpected. So by turning on the additional IP filtering my guess is that IB are trying to defend against additional PAYG bandwidth costs from Cloudflare to sink malicious traffic. The reason that the IPs that the public VPNs are on this list is because they are frequently associated with traffic that is suspicious or malicious.

IB are not a charity. This site is commercially run. It's probably getting a lower number of hits and less advertising revenue than it used to due to the downturn in global air traffic, but has been the subject of more DDOS attacks which are expensive to mitigate. We can ask the techs to twiddle the knobs and permit certain IPs but it will be a case of whack-a-mole. Those same tech resources could be otherwise trying to fix other genuine software bugs like the ARG likes, or a dark mode.

I am not anti-VPN, they have a place and purpose. But I would not use them all the time as they obfuscate genuinely useful information from genuine sites that you probably use from time to time and can actually raise your own risk level for logins and financial transactions on the web.