AT&T trying to crackdown on unauth. tethering (opens in new tab)

(arstechnica.com)

58 pointspaylesworth15y ago34 comments

34 comments

Add a bit of personal experience here. Google gave its employees unlocked Android phones (not once but twice :-) and some of us (like me), put our AT&T sim card into them and used them instead of our plan phone. There was a 'feature phone' data plan that was $15 unlimited and there was the $10/month 'tax' if you had an iPhone.

Using the cheaper unlimited plan worked for a long time, and then AT&T started 'automatically' switching people to the smartphone tax if their IMEI indicated they had an android phone. I did what any reasonable person would do, cancelled my AT&T contract and signed up with t-mobile :-)

kalvin15y ago

Lots of discussion of this elsewhere. It looks like some people who don't tether (but use a lot of bandwidth) are also getting the message, leading people to believe to that AT&T is looking solely at bandwidth usage.

http://modmyi.com/forums/iphone-news/755094-t-cracking-down-...

I use TetherMe ($2 in the cydia store, instead of $10 for mywi, enables native tethering), and I haven't gotten this message.

ben104015y ago

I certainly wouldn't be surprised if that was the case that they're just going after high bandwidth users and not doing packet inspection (yet). I occasionally swap my iPhone 4 SIM to a Nexus One and use the built-in wifi tethering feature, and haven't heard from AT&T about it. On the other hand I only have used maybe 2GB of tethered data over the last year and in general run up no more than 800MB-1GB of mobile data a month.

There are people on that thread showing they used 10+GB/month, connecting their Xbox 360s to Live via their phones, etc. That certainly seems like a way to get "noticed" by AT&T.

edit: one guy on there pasted his usage from AT&T's account manager - 165 GB!

theBobMcCormick15y ago

Those are the people who are ruining it for everyone.

I use the Tethering on my Nexus One (Tmobile) from time to time, but I don't abuse it. I use it as an emergency backup internet access for cases like if the wifi at the hotel isn't working, etc. IMHO, that's reasonable and my usage when tethered probably isn't much more than when I run things like Pandora or Youtube on my phone.

If I were using 10+G/month, then I'd expect to have to pay for a higher priced "tethering included" plan.

2 more replies

yellowbkpk15y ago

These e-mails from AT&T are almost always smoke and mirrors. I'm on the same data plan I had in the Cingular days and have received dozens of e-mails and texts warning me that I "may be violating my contract" and that they're going to switch me to the $60/mo plan.

I've yet to be switched away from my $10/mo data plan.

kpao15y ago

Same for me, until I got a Nexus One.

I was using an HTC TyTn2 that I didn't purchase at a Cingular Store and I was on the $15 data plan. Never got caught with this phone, probably because they didn't know what phone to map my IMEI to.

I got a Nexus One for AT&T last year, and received an auto upgrade SMS shortly after, saying that my Nexus One required another plan...

thesis15y ago

I love when my ISP is actively monitoring/reading packets. Makes me feel all warm and fuzzy.

charlief15y ago

Was posted earlier today with a large set of comments: http://news.ycombinator.com/item?id=2340275

azim15y ago

It's unlikely AT&T is doing anything fancy at this point, but there's potentially much more to detection than TTL. NAT devices make an attempt to be transparent at layer 4 and try not to interfere with it. Host OS fingerprinting can rely on a combination of options at that layer as well including but not limited to windowing scaling MSS. If AT&T cared to go the distance, it would be very difficult to get around detection without interfering with the TCP/IP stack.

vetinari15y ago

Use SOCKS proxy for tethering - problem solved. (OK, it is not that transparent for client, but the detection would be much harder).

omarqureshi15y ago

There is a greater underlying issue here which seems to be missed.

I have paid £x to use O2's (or in this case AT&T's) network, not only that but I also had to partially pay for the handset.

O2 should not really give a damn about what device I use to access their network - sure, they may have sold me a handset with an Internet plan, but it is MY DECISION to use whatever device I see fit to use that network.

If I am allowed to use whatever device I want but it was capped to say 4GB, I would have no issue, but as it stands, I am not only paying to use the phone, but an additional bullshit cost to tether the phone which technically should be none of their concern.

ajg197715y ago

That's a bit like saying "I bought a plane ticket, and if I want to cram multiple people, cargo, or whatever into the seat that's MY decision and the airline should not give a damn".

There's no underlying issue. You accepted their offer of a subsidized handset in exchange for entering into a contract to buy voice & data for that handset, or an equivalent, for a period of time. Your agreement pertains to that type of device only, clearly stated in the T&C's.

Now, if you want to argue that tethering charges to use your bandwidth is a dick move, or that mobile operators should NOT be able to discriminate, or charge more just because you own a certain device, then I completely agree. But neither of those are what you agreed to.

chris_j15y ago

You're absolutely right about the T&Cs. Presumably AT&T are aware that some people are prepared to pay more for tethering and therefore write the T&Cs such that can price-discriminate in order to get more money out of those people for potentially the same service. The sad thing is that people probably signed up in the expectation that the T&Cs would not be enforced and are getting a rude shock.

To slightly modify your airline analogy, this is like going on a business trip and flying economy. The airline scans your baggage, notices that you have packed your suit and other work-related items and demands that you pay the business class fare. "Hold on a minute," you complain, "I am entitled to 20kg of hold baggage and 7kg of hand baggage, so long as it fits with certain dimensions and isn't dangerous!" The airline retort: "Read the small print. Business travellers with certain items in their baggage will be charge the business class fare, which will be charged to your credit card. Now, enjoy the flight and don't forget to pay attention to the safety announcement."

paylesworthOP15y ago

I'm curious to find out what you guys / gals think about this. Is this just a fear tactic? Or, does ATT have a legit way to check if you're doing unauthorized tethering. Any of you get hit with this text on accident (false positive)?

EDIT Removed the '(Ars)' from the title. N00b mistake :)

dpritchett15y ago

Supposedly all packets from the iPhone have a TTL of 64; packets from your laptop routed through the iPhone would not necessarily have the same TTL and are thus detectable.

[1] http://www.reddit.com/r/technology/comments/g62wv/i_woke_up_...

gte910h15y ago

There are dozens of legit ways to automatically detect this, and dozens more if humans are involved.

Requesting non-mobile versions of sites that do not have the option

User Agent strings such as "Internet Explorer" or "Safari" in HTTP requests

Sending screen sizes via relatively common web calls

The use of UA-Pixels at all, especially when specifying large screen sizes.

Use of protocols that are only seen in desktop OS programs (ventrilo, starcraft2, etc for instance is one that should be a good detector).

eekfuh15y ago

There are 3rd party web browsers on the appstore and though would trigger false-positives, so they probably would't use UA.

mattmanser15y ago

How are any of these legit, all of that's illegal wiretapping.

1 more reply

weaksauce15y ago

They probably just see that you are using more bandwidth than a normal user and infer that way. If they were packet sniffing your non phone traffic they might be able to infer from a plethora of non phone headers that the system will invariably send out. (system update check in the background. Etc. )

reemrevnivek15y ago

In spite of all the other, technical ways of doing this (see your sibling comments), I fear that this is what they're doing.

bcrawford15y ago

It is possible for them to detect this if they are doing Layer 7 inspection. All it would take is parsing the user agent to see that you're not on Mobile Safari. On the iPhone side, it just does a NAT and theoretically passes all information as the public IP of the phone itself.

Honestly, any respectable nerd is going to have either a) a box to SSH to or b) a VPN endpoint... if you encrypt/encapsulate all traffic originating from your tethered machine there's very little chance they'd be able to catch you.

neilc15y ago

Assuming the IPv4 TTL issue can be worked around (see elsewhere in thread), a phone that does GBs/month of encrypted traffic over SSH would still be a signal that something suspicious is going on.

2 more replies

jimbobimbo15y ago

Unless they're performing a deep packet inspection, there's no good way to tell if you're tethering. Usually tethering option uses user name that differs from non-tethered option during authentication. If your unathorized tethering application sits on the device, it simply shares non-tethered connection, hence the user name doesn't change. The only plausible explanation w/o going deep into packets - bandwidth or some unusual ports usage.

avolcano15y ago

Great, now I get to stop working away from home. I mean, I can barely pay the $20-25/mo for 2 gigs, let alone $45/mo for 4 + tethering.

hippich15y ago

They can detect this only by listening traffic. Isn't this require some court order for wiretapping? =)

Also, what's about if I setup permanent openvpn connection from the phone to some dedicated server?

teyc15y ago

They should have called the plan "all-your-iPhone-can-eat-plan Note: meals not to be shared with other devices"

j / k navigate · click thread line to collapse

34 comments

ChuckMcM15y ago

kalvin15y ago

http://modmyi.com/forums/iphone-news/755094-t-cracking-down-...

I use TetherMe ($2 in the cydia store, instead of $10 for mywi, enables native tethering), and I haven't gotten this message.

ben104015y ago

There are people on that thread showing they used 10+GB/month, connecting their Xbox 360s to Live via their phones, etc. That certainly seems like a way to get "noticed" by AT&T.

edit: one guy on there pasted his usage from AT&T's account manager - 165 GB!

theBobMcCormick15y ago

Those are the people who are ruining it for everyone.

If I were using 10+G/month, then I'd expect to have to pay for a higher priced "tethering included" plan.

2 more replies

yellowbkpk15y ago

I've yet to be switched away from my $10/mo data plan.

kpao15y ago

Same for me, until I got a Nexus One.

I was using an HTC TyTn2 that I didn't purchase at a Cingular Store and I was on the $15 data plan. Never got caught with this phone, probably because they didn't know what phone to map my IMEI to.

I got a Nexus One for AT&T last year, and received an auto upgrade SMS shortly after, saying that my Nexus One required another plan...

thesis15y ago

I love when my ISP is actively monitoring/reading packets. Makes me feel all warm and fuzzy.

charlief15y ago

Was posted earlier today with a large set of comments: http://news.ycombinator.com/item?id=2340275

azim15y ago

vetinari15y ago

Use SOCKS proxy for tethering - problem solved. (OK, it is not that transparent for client, but the detection would be much harder).

omarqureshi15y ago

There is a greater underlying issue here which seems to be missed.

I have paid £x to use O2's (or in this case AT&T's) network, not only that but I also had to partially pay for the handset.

ajg197715y ago

That's a bit like saying "I bought a plane ticket, and if I want to cram multiple people, cargo, or whatever into the seat that's MY decision and the airline should not give a damn".

chris_j15y ago

paylesworthOP15y ago

EDIT Removed the '(Ars)' from the title. N00b mistake :)

dpritchett15y ago

Supposedly all packets from the iPhone have a TTL of 64; packets from your laptop routed through the iPhone would not necessarily have the same TTL and are thus detectable.

[1] http://www.reddit.com/r/technology/comments/g62wv/i_woke_up_...

gte910h15y ago

There are dozens of legit ways to automatically detect this, and dozens more if humans are involved.

Requesting non-mobile versions of sites that do not have the option

User Agent strings such as "Internet Explorer" or "Safari" in HTTP requests

Sending screen sizes via relatively common web calls

The use of UA-Pixels at all, especially when specifying large screen sizes.

Use of protocols that are only seen in desktop OS programs (ventrilo, starcraft2, etc for instance is one that should be a good detector).

eekfuh15y ago

There are 3rd party web browsers on the appstore and though would trigger false-positives, so they probably would't use UA.

mattmanser15y ago

How are any of these legit, all of that's illegal wiretapping.

1 more reply

weaksauce15y ago

reemrevnivek15y ago

In spite of all the other, technical ways of doing this (see your sibling comments), I fear that this is what they're doing.

bcrawford15y ago

neilc15y ago

Assuming the IPv4 TTL issue can be worked around (see elsewhere in thread), a phone that does GBs/month of encrypted traffic over SSH would still be a signal that something suspicious is going on.

2 more replies

jimbobimbo15y ago

avolcano15y ago

Great, now I get to stop working away from home. I mean, I can barely pay the $20-25/mo for 2 gigs, let alone $45/mo for 4 + tethering.

hippich15y ago

They can detect this only by listening traffic. Isn't this require some court order for wiretapping? =)

Also, what's about if I setup permanent openvpn connection from the phone to some dedicated server?

teyc15y ago

They should have called the plan "all-your-iPhone-can-eat-plan Note: meals not to be shared with other devices"

j / k navigate · click thread line to collapse