I work for a small, rural ISP. When we advertise X Mbps, a properly working (i.e. not virus laden or too old to get X Mbps on its own) computer will actually get X Mbps to our speed test. In other words, we overprovision the customer's service to account for not just access technology overhead (e.g. ATM for ADSL), but TCP/IP (+HTTP) overhead as well. Our speed test is from Ookla (a popular speed test vendor) and is not doctored in any way; we just can't guarantee speeds to random speed test servers on the Internet. Congestion within our network or on our upstream links would be considered a serious outage. However, if, for example in the case of DSL, your line is simply too long to get X Mbps, you won't; most customers in that position are grateful for whatever they can get. But if you felt we cheated you, canceled your service, and demanded a refund for that first month, you'd get it. (We only require contracts on one type of Internet service--terrestial, fixed location wireless--because of the cost of the equipment and the install, but we'd waive the contract term in such a case.)
Aside from enforcing the speed purchased, we don't shape, throttle, or do evil things to traffic on customer Internet connections, except by customer request. (We offer an *optional*, opt-in service that blocks porn sites using an HTTP proxy.) We don't prioritize or de-prioritize particular packets on customer Internet connections by source, destination, or anything else.
However, for security reasons, we block the Microsoft file and print sharing ports (which nobody should use directly over the Internet anyway) and outgoing port 25 (SMTP) traffic. The latter makes a huge difference in blocking spam from infected customer computers. If you ask for port 25 to be unblocked on your connection, we will unblock it.
Personally, I think this is exactly how ISPs should behave. Anything I should do differently? Is this an "Internet connection", or does the port blocking disqualify it?
Other random details: Our DNS servers verify DNSSEC, but accept expired signatures to avoid customer complaints every time an otherwise working domain forgets to rollover their keys. We unfortunately do not yet sign our own domains and don't yet support IPv6 everywhere, but are working on both. (We only finally got redundant IPv6 upstreams earlier this year after making significant changes to which networks we buy from because one upstream has ignored literally years of IPv6 requests from us.)