Begins?!? Docker Inc was waist deep in enshittification the moment they started rate limiting docker hub, which was nearly 3 or 4 years ago.
This is just another step towards the deep end. Companies that could easily move away from docker hub, did so years ago. The companies that remain struggle to leave and will continue to pay.
Sure, they could block based on your VPN provider, but they’re probably also using Deep Packet Inspection .
The ELI5 verson: It’s possible to just “watch” your traffic and notice that it’s not the “normal” https traffic (which is the most common traffic) . This can be done by finger printing the request itself or just watching the amount of traffic. For example if you “visit” a website, but upload and download 3 megabytes of data and it takes 15 minutes to send/receive that data… well, that looks suspicious… and depending on the country, you may have some people knocking on your door.