CAPTCHAS exist precisely because those were inadequate 15 years ago.

You may not have been around for it, but it's not like everyone was super duper excited to put these things on their web sites. It was something people were dragged into kicking and screaming, and even today there's a lot of those technologies deployed even so.

You are probably underestimating the willingness of bad actors to make efforts to avoid these things. Is your model of a "bad actor" on the web some malicious guy writing a program and running it on his personal laptop from his home connection? Because in 2023, your threat model should be something more like a guy who rents a botnet out with millions of computers of all sorts on it (the difficulty of this rental being somewhat higher than AWS, but only somewhat so, it's not that hard at all really), collaborates with other bad actors to work out how to best bypass filtering, creates websites to do things like CAPTCHA proxying so that humans fill out the CAPTCHAs in return for free porn or something, trades rootkits and other exploits around both for home computers and for compromising web servers for their campaigns (for the URL cred), and so on. You're not up against some guy, you're up against a honed and tuned machine with years of experience, internal division of labor and skillsets, basically an entire parallel predator economy.

Tarpitting and RBLs are not dead, but they became just one layer a long time ago.

In my experience Captchas are used a lot by inexperienced developers. As you stated, they are not particularly hard to circumvent, but they are incredibly easy to implement.

So developers just install a Captcha and outsource the problem to Google.

I think the primary way to deal with the problem should be to design services in a way to make them unsuitable for spammers.