They never went away, just from your mind. Look at cheap xfinity wifi hotspots everywhere that still steal your credentials in the form of phone number and email address. The bar I went to last night has a free wifi hotspot like every establishment ever.

Misinformation smells like your own farts, disgusting to everyone but you.

But unfortunately, a VPN won't protect you from captive portals. So not entirely sure what your comment adds to the discussion other than being unnecessarily rude.

For other readers who may be too young to remember, improper privacy controls (unenforced HTTPS, poor encryption in the form of WEP, easy MitM attacks, etc) meant that public/untrusted WiFi was a legitimate security risk as things like passwords, bank details, etc were very easy to steal as they were sent unencrypted over the air. This is fortunately much less true these days with the advent of better protections across the entire stack (HTTPS everywhere, WPA*, etc) but unscrupulous VPN merchants still use this outdated argument to try to sell their products to less technically-savvy customers.

What these technologies (and VPNs) _do not_ prevent is the legitimate (and consensual) capture of user data by captive portal software (email, phone, etc), which is typically submitted by a user wishing to connect to a public network. This is what the parent comment is mentioning. Different risk profiles, obviously.