You're saying that a whitelist-based port-blocking ISP could somehow let users do file-sharing and such? Nothing would get past the first hop.
Sure it would.
Someone just sets up a HTTP server that does proxy port forwarding. Done all the time.
Point your browser at the HTTP server that does the port forwarding, config your Internet Connection settings to use the proxy/port and you’re off to the races with most other applications. Many of the fire sharing apps now have their own settings for where you enter proxy server addresses/ports.
Or you could use socks2http on your machine.
There’s tons of ways around this. This is what is called “tunneling” in the generic sense. A long time ago, we used to tunnel AppleTalk inside IP packets to create huge AppleTalk networks for multi-national corporations, when there way no viable WAN routing for AppleTalk (ie, there’s nothing like BGP for AppleTalk).
There’s been IP tunneled inside ISO packets, (and vice-versa, as we were winding down support for DECnet v4 and v5), IPv6 inside IPv4, you name it. In these examples, there is no AppleTalk or IPv6 network beyond the first hop, just as you’re hoping to stop some port or protocol at the first hop.
You just take the payload, wrap it in an IP packet, shove it down the IPv4 network to the other end, and the only way you’d know that someone is using AppleTalk or IPv6 inside your company would be to... examine the packet contents.
Same deal with file sharing, porn, music, you name it.