undefined | Better HN

0 pointsezfe1mo ago0 comments

It does produce a local Wi-Fi network but there's no evidence that it supports internet communication. That would be considered a hotspot, which not all carriers even support.

0 comments

16 comments · 3 top-level

zakisaad1mo ago· 11 in thread

I've never understood how this can be limited in practice: surely as far as the carrier is concerned, all traffic from the mobile device is the same (unless there are identifiers on the traffic coming from hotspotted devices via the mobile device). Here in Australia we've never had any form of hotspot detection/segmentation - if you have a data plan, all data features work (across all carriers). I do recall lots of online chatter from the US though, especially years back when mobile data was more of a precious resource.

ezfeOP1mo ago

Your phone voluntarily tags the hotspot data with specific TTL values which carriers use to segment the data. Not all carriers work the same though.

singron1mo ago

Specifically it decrements the TTL of routed packets, so hotspot traffic will tend to have a TTL of 63 instead of 64. You could theoretically disable this at the risk of creating infinite routing loops, although android probably makes it inaccessible if the kernel has a setting for it at all, so you might have to rewrite packets in user space.

1 more reply

rkagerer1mo ago

Different applications on a single device can't apply different TTL's? I thought TTL was a pretty basic knob exposed to applications. e.g. A sensor that transmits fresh data every 20 seconds doesn't need stale packets bounding around clogging up the pipes, while a file transfer over an intermittently delayed link might benefit from a higher TTL.

eptcyka1mo ago

Voluntarily tags specific TTL values much like your home router does. Some providers assign a different IP to hotspot users.

taneq1mo ago

> voluntarily tags

Aah, you mean ‘snitches’. :P

jamiek881mo ago

Super easy to spoof too.

drtz1mo ago

> surely as far as the carrier is concerned, all traffic from the mobile device is the same

Going on a bit of a tangent, but deep packet inspection can identify packets routed using NAT, so if the phone is operating as a typical hotspot it would be identifiable by your carrier. Carriers in the USA used to block / denylist / charge extra for tethering using this exact approach.

HDBaseT1mo ago

Deep Packet Inspection presumably requires a certificate to be installed on my device to allow my connection to be MiTM'd.

3 more replies

HnUser121mo ago

I recently switched to a carrier (Fido/Rogers in Canada). My plan limits hotspot by disabling the hotspot settings on ios. However, I was able to enable it again by changing the access point name.

Centigonal1mo ago

On android, there is an OS-level feature that checks the cell tower to verify if you're allowed to create a hotspot. It runs whenever you try to enable the hotspot feature. On rooted systems, you can disable this check. There are also apps that let you run a hotspot without using the OS feature, bypassing the check.

taneq1mo ago

I believe there’s some stuff like that for commercial things. One project I worked on used an ‘IoT portal’ for cloud based telemetry (at the customer’s request) and we had to get a special SIM card for it (although I don’t know if this is still needed.)

dotancohen1mo ago· 2 in thread

How does the carrier know that the traffic is being proxied for another device, and not e.g. requested from the phone's web browser or another app?

Does the phone add a proxy header? Can it be configured to not add the header?

svens_1mo ago

There might be multiple methods and heuristics, but one way that I have encountered was based on packet TTL.

Android and Linux use 64 by default - the block could be circumvented by setting the laptop to use 65 TTL.

ywain1mo ago

Mostly by looking at packets TTL. It gets decreased by 1 by the hotspot’s NAT so if the value is something like 63 or 127 (instead of 64 or 128 which are the defaults for most platforms) then it’s almost certain the packet originated from a device behind the phone and not from the phone itself.

rconti1mo ago

Plus it seems unlikely that the telematics module is even really related to the display screen stuff, let alone being configured to use alternate network connections to transmit data.

j / k navigate · click thread line to collapse

0 comments

16 comments · 3 top-level

zakisaad1mo ago· 11 in thread

ezfeOP1mo ago

Your phone voluntarily tags the hotspot data with specific TTL values which carriers use to segment the data. Not all carriers work the same though.

singron1mo ago

1 more reply

rkagerer1mo ago

eptcyka1mo ago

Voluntarily tags specific TTL values much like your home router does. Some providers assign a different IP to hotspot users.

taneq1mo ago

> voluntarily tags

Aah, you mean ‘snitches’. :P

jamiek881mo ago

Super easy to spoof too.

drtz1mo ago

> surely as far as the carrier is concerned, all traffic from the mobile device is the same

HDBaseT1mo ago

Deep Packet Inspection presumably requires a certificate to be installed on my device to allow my connection to be MiTM'd.

3 more replies

HnUser121mo ago

I recently switched to a carrier (Fido/Rogers in Canada). My plan limits hotspot by disabling the hotspot settings on ios. However, I was able to enable it again by changing the access point name.

Centigonal1mo ago

taneq1mo ago

dotancohen1mo ago· 2 in thread

How does the carrier know that the traffic is being proxied for another device, and not e.g. requested from the phone's web browser or another app?

Does the phone add a proxy header? Can it be configured to not add the header?

svens_1mo ago

There might be multiple methods and heuristics, but one way that I have encountered was based on packet TTL.

Android and Linux use 64 by default - the block could be circumvented by setting the laptop to use 65 TTL.

ywain1mo ago

rconti1mo ago

Plus it seems unlikely that the telematics module is even really related to the display screen stuff, let alone being configured to use alternate network connections to transmit data.

j / k navigate · click thread line to collapse