Not at all, they are your ISP! I absolutely expect VPNs to be the first to go; it's hard to do application-level throttling if everyone has access to a VPN.

This is a goldmine for ISPs. Over the last five-ish years they decided to think of themselves as "advertising" companies. FCC repealed the internet privacy rule last April, and what are they doing now? They're functioning as data brokers. We should expect this trend to continue and assume that ISPs will take advantage of Pai's NN repeal as soon as possible.

This is the next shoe to drop.

Comcast currently extracts almost $100 a month from me, in addition to the ~$10 I pay for a VPN exit node to hide traffic from their surveillance machine. Why wouldn't they want another $10 or so to "allow" VPNs, given regulators who are loudly, publicly giddy about screwing consumers?

Why would you think that? It's pretty trivial to do. You could try to obfuscate your traffic but that's just playing cat and mouse (and the ISP could just decide to start dropping anything that it doesn't recognize and seems to consume a significant amount of bandwidth).

I think the most efficient way to hide your service would be to tunnel it over HTTPS given that it's not really realistic to drop that when you're an ISP. Still, a relatively simple traffic analysis tool won't have too much difficulty differentiating between proper web browsing and something fishy over HTTPS even it it just looks at the shape of the traffic.

No, it is not very near impossible to implement.

Sorry, but you are wrong.

It's a 15 minutes task for good admin to start dropping VPN connections (not to block, but to interrupt every 5 minutes, but blocking is even easier).

One important info: - ISP can't see your VPN traffic. But they can see that you are connecting to specific IP (VPN service's IP) at specific port. Once you're connected to VPN you probably pass ALL the connection through it. So ISP can see only single connection to single point. That is more than enough.

So how can they block VPNs: 1) Most VPNs uses standard VPN ports. Just dropping connections to that port is a good start. 2) Dropping connections to a servers when this is your (almost) only, long standing connection. This is a good moment to store that IP as VPN service IP. 3) Reverse DNS on IPs you're connecting to. A lot of services will reveal that they belongs to VPN services. 4) Public list of VPN IPs. Some provides them. Some are already noted somewhere on the internet.

ISPs can even share their databases with each other to be better at VPN dropping.

This is very easy thing to do.

It would be REALLY hard to hide your connection to a VPN service. One thing that came to my mind, to hide your VPN servers you would have to: - use VPN services at random ports - change VPN IP every few minutes at random factor, so dropped connections will occur anyway - in the background you should keep direct (un-VPNed) connections to random servers at random ports, passing random data around (it will look encrypted just like VPN connection)

This would require huge infrastructure though. Really huge.

But still - if ISP notice behavior like that - it means you're probably trying to do something shady, like walk around their VPN dropping rules - so they could just throttle your connections even more, just in case :)

So in general - you're fu^Hat very bad situation. I'm from Europe. I'm "safe" now, but we are also going to have bad law for net neutrality soon.

I think you misread my post and argued the same point. So, uh, thanks?

No. Businesses and Governments do it all the time.