If an "important" ISP starts blocking outbound port 53, then people will just do their DNS lookups over HTTPS or whatever. This is irrelevant today because nobody is censoring DNS yet. Combine documented DNS censorship with documented blocking-of-port-53, and the problem will be fixed in hours.
(Funny story; my work laptop has some software installed that only allows ssh connections to be made when connected to the VPN. But when connected to the VPN, there are no routes to the Internet, so I can't check my email while traveling with my work laptop. Change my sshd to bind port 443 in addition to 22, though, and ... the restriction is gone.
Censoring the Internet is hard, even when you control the network or client machine!)
True, but each restriction just makes it that much harder to get around. For the majority of people, the first block will stop them, but once you get into cat-and-mouse land, you'll lose a bunch more.
