Truly enforcing this kind of ban would require a level of control over the internet much greater than China's. They actually do ban VPN use, yet plenty of Chinese people still use them, and not due to lack of trying on the part of the enforcers. You can basically never plug all the holes without essentially shutting off the whole internet.
China spends roughly $6.6B censoring their internet every year [1]. Much of that probably goes to "guiding" public opinion as opposed to simply removing undesirable content, but factoring in purchasing power parity of labor and parts, let's assume the US would spend roughly the same amount just to enforce a VPN ban mostly effectively. That doesn't sound like a position that will win elections.
China knows about all VPNs, but doesn't ban them outside of political turmoil. When people start protesting, then they cut off all VPNs. They just don't do it during "peace time" because they don't want VPN users to find out which kinda of VPNs they can't block. They also apply different rules to foreigners and locals, because they want to give a better impression of their country.
They don't need perfect enforcement, or even good enforcement. The purpose is to make VPN use criminal. Then you have a large group of people getting away with criminal activity which you can go after on an individual case-by-case basis, depending on your level of compliance or troublemaking in other areas.
China doesn’t actually want to ban VPNs. They want a list of all possible dissidents so they can actively monitor them. “Banning” VPNs just lets them narrow down the list of people who might engage in wrong think.
"IP from a datacenter" doesn't work in practice to detect VPNs.
At work we set up a compliance-related service recently and used the AWS WAF rules to block known datacenter ranges with the goal of blocking bots and VPNs.
We had to disable that rule almost immediately because a large majority of VDI (Virtual Desktop Infrastructure) solutions are hosted in or at least egress from big cloud providers.
It wasn't possible to block AWS/GCP IP ranges without also blocking legit usage from real customers.
There are plenty of other ways to virtual data without a VPN, e.g. sockpuppets, ipfs, etc. Since data tends to drift towards being free, it is a game of wack-a-mole.
How many users are going to have the technical acumen & desire to keep playing the game?
At some point the number of people who are going to be able to succeed is so small they might know who you are just by virtue of you continuing to compete.
You'd also need to ban VPNs in other countries, which you cant, so short of stripping all access to the internet outside of America there's not a lot you could realistically do.
Ban them, demand GitHub et al take down the illegal repos, hit up Microsoft for records of everyone who ever downloaded them, hosting providers for customer records, and ISPs for lists of customers with VPN-shaped traffic between themselves and their hosting provider. Or if they’re lazy, just demand that the hosting providers sort it out.
This assumes US citizens using exclusively US based VPNs. You'd have to block all outside internet access as well, or you cannot stop someone in the US using a VPN based in another country (short of IP whackamole).
To an extent, but the US often compels foreign companies to either not deal with US customers or put up with US’s bullshit, so they could potentially get compliance from major overseas providers. More onerous domestic policy could also prevent it, like requiring that domestic network providers block unauthorized encrypted connections to foreign entities. And anyways, making something illegal doesn’t actually require making it physically impossible to do.
The question is not how will they ban it, they just pass a law.
The question is how and when will they enforce it. When they get access to your devices for some other reason, they will see it. It will give them another easy to prosecute law to use against you.
- know ip ranges of popular cloud providers and deny service. Not bulletproof but enough to make it a pain in the ass so people don’t bother
- make it illegal to offer this kind of service for the purpose of evading location detection. Put pressure on Apple and Google, force them to remove vpn apps
You guys need to start reading on Russia's war on internet and treat it as a cautionary tale
Host them on the cloud providers? You get banned.
Host them in your homelab and the ISP finds out? You get your Internet cut.
How will either of them find out? IP addresses and/or DPI.
All it'll take is an executive order or an act of Congress.