how? You don't have a shared storage nor a private network nor "availability zones". Sure, you can tinker something if you have free time but you'll move off and regret it. Like Wooga and others.
If you run some cluster FS on your single, external network interface, it's quite easy to DoS your cluster.
There is no option to place a service inside a DC, you can ask them but this will result in a manual provision taking days —or be ignored. Also you don't know how the different DCs are connected in terms of internal bandwidth and external reliability. Hetzner itself says their inter-dc connections "are not optimized", whatever that means.
If you run multiple customers on your system and one get's DoSed, Hetzner will disconnect your system. Sure, this was good enough 2-3 years ago, but they didn't change their DoS, provisioning and networking setup.
You don't need anything that you mention to scale. My company using hetzner for many years to build profitable business (not extremely big, but not "private blog") and we are happy with our choice. It probably took a slightly more time to build scalable solution with hetzner, but our monthly bill is 9 times smaller with hetzner (than comparable hardware with AWS). This savings allow us to hire 2-3 people more that easily covers additional work.
How do you define scaling if a manual process controlled by another party is involved? Besides that, what do you think that Hetzner does not provide a 2 factor authentication? As Hetzner doesn't use HSTS on their client/api interface, it's quite easy to run ssl downgrade attacks, sniff your credentials and format all your servers, delete all your backups.
I think you're confusing elasticity with scalability. Just because you can't spin up instances within seconds doesn't mean you can't run at scale on traditional hosting providers.
Still, I do believe that's the direction the industry will move towards. OVH, for example, is already pushing pretty hard in that market, and their business model was pretty similar to the providers you mentioned not so long ago. It's probably just a matter of time.
We don't have sudden huge traffic spikes and so we don't need automatic scaling. We maintain a few extra serves for redundancy and small traffic spikes. When business grows and we notice that current servers isn't enough we simply order a new ones.
> what do you think that Hetzner does not provide a 2 factor authentication
It's ok for me. Easy solution is to run VPN on hetzner server and access Robot (their control panel) only inside their own network.
While they should implement HSTS, it's not really a problem for informed users; one can get the same protection by installing HTTPS Everywhere, which includes a rule for Hetzner.
Shared storage? Use Riak CS, MogileFS, ceph, LeoFS, Openstack Swift etc. as a S3 replacement.
Availability zones: Hetzner has multiple independent DCs and they are happy to place your servers in different DCs if you ask them. What Amazon calls "Elastic IP" they call "Failover IP".
Yes if you only need to host your blog yet you don't want it to go down when the HW inevitably fails, don't go to Hetzner because setting up Postgres failover and Chef and all that is complicated.
And if you're big / have enough money Hetzner's off-the-shelf HW and their unwillingness to offer an SLA will make you move away.
But there's a sweet spot for Hetzner, it's where you want good performance for a great price, have enough money/knowledge to setup proper bare metal deployments with failover yet don't yet need the guarantees of a "premium" DC or the features of AWS.
I know quite a few companies which fit that description.
I talked to some colleagues about scaling with Hetzner and their answer was to just overprovision like crazy since Hetzner's so cheap anyhow.