The other thing to remember is that Tor traffic is generally rare and few places have a business case for it so it's more likely to be monitored, just as in the past many places used to watch for IRC connections since it was infinitely more likely to be a botnet control channel than Fred in accounting seeing whether #quickbooks existed.
DNS, HTTPS to some random AWS/Azure/etc. endpoint, etc. are common as dirt and enough harder to monitor that many places either don't try or struggle to do do effectively.
DNS, HTTPS to some random AWS/Azure/etc. endpoint, etc. are common as dirt and enough harder to monitor that many places either don't try or struggle to do do effectively.