Sure, they could block based on your VPN provider, but they’re probably also using Deep Packet Inspection .
The ELI5 verson: It’s possible to just “watch” your traffic and notice that it’s not the “normal” https traffic (which is the most common traffic) . This can be done by finger printing the request itself or just watching the amount of traffic. For example if you “visit” a website, but upload and download 3 megabytes of data and it takes 15 minutes to send/receive that data… well, that looks suspicious… and depending on the country, you may have some people knocking on your door.
Sure, they could block based on your VPN provider, but they’re probably also using Deep Packet Inspection .
The ELI5 verson: It’s possible to just “watch” your traffic and notice that it’s not the “normal” https traffic (which is the most common traffic) . This can be done by finger printing the request itself or just watching the amount of traffic. For example if you “visit” a website, but upload and download 3 megabytes of data and it takes 15 minutes to send/receive that data… well, that looks suspicious… and depending on the country, you may have some people knocking on your door.