In response to a Matrix comment:
vpn traffic is impossible to hide, whereas you can reasonably try to hide tor traffic using snowflake
bridgesproxies
The unfortunate reality is that Tor traffic is not actually easy to hide with pluggable transports. Snowflake is perhaps the easiest to detect out of all of them actually, but every pluggable transport for Tor which is currently in use can be detected by network monitors.
The main point is that when a network monitor detects you’re using a VPN you have much better plausible deniability than when a network monitor detects you’re using Tor via Snowflake, obfs4, or meek.
Therefore (also as described in the reply directly above this), the goal is not to hide VPN and Tor usage from your ISP. It’s simply a statement of fact that in nearly all circumstances if we accept that they can see one or the other then it is better for your ISP to see VPN traffic instead of Tor traffic, and you should act accordingly.
The simple fact of the matter is that Tor was not really designed for use in situations where Tor itself is blocked at all. I could maybe write more about this subject in the PR. Ultimately we can really only make it as difficult and costly as possible for adversaries to undermine user privacy, we can’t completely defend privacy from dedicated attackers.