Even private VPNs? I'm not that smart about networking but it seems like it would be difficult to distinguish an SSL/TLS connection to your DigitalOcean server because you're doing normal stuff and one where you're tunneling HTTPS through it.

It's not hard to distinguish a VPN connection by behaviour pattern really. Some simple features to detect:

Both small packets and maxing out the window size in one stream. Lack of DNS queries from the host. Single connection dominating the bandwidth.

There's a reason for all of those of course, but put them together on a residential connection: almost certainly a VPN user.

And these are all really simple heuristics. In practice, we know you can identify which Netflix video are you watching just by the packet sizes/timing.

There was a post recently about how someone was able to set up his own vpn which bypassed it. Something about the server padding out its response with garbage data?

You are still piping all of your traffic through one server. This would not look like a regular usage pattern by any means.

Their deep packet inspection tech is very very good.