
AT&T trying to crackdown on unauth. tethering - paylesworth
http://arstechnica.com/apple/news/2011/03/att-shames-unauthorized-phone-tetherers-gives-ultimatum-deadline.ars
======
ChuckMcM
Add a bit of personal experience here. Google gave its employees unlocked
Android phones (not once but twice :-) and some of us (like me), put our AT&T
sim card into them and used them instead of our plan phone. There was a
'feature phone' data plan that was $15 unlimited and there was the $10/month
'tax' if you had an iPhone.

Using the cheaper unlimited plan worked for a long time, and then AT&T started
'automatically' switching people to the smartphone tax if their IMEI indicated
they had an android phone. I did what any reasonable person would do,
cancelled my AT&T contract and signed up with t-mobile :-)

------
kalvin
Lots of discussion of this elsewhere. It looks like some people who don't
tether (but use a lot of bandwidth) are also getting the message, leading
people to believe to that AT&T is looking solely at bandwidth usage.

[http://modmyi.com/forums/iphone-news/755094-t-cracking-
down-...](http://modmyi.com/forums/iphone-news/755094-t-cracking-down-mywi-
tethering.html)

I use TetherMe ($2 in the cydia store, instead of $10 for mywi, enables native
tethering), and I haven't gotten this message.

~~~
ben1040
I certainly wouldn't be surprised if that was the case that they're just going
after high bandwidth users and not doing packet inspection (yet). I
occasionally swap my iPhone 4 SIM to a Nexus One and use the built-in wifi
tethering feature, and haven't heard from AT&T about it. On the other hand I
only have used maybe 2GB of tethered data over the last _year_ and in general
run up no more than 800MB-1GB of mobile data a month.

There are people on that thread showing they used 10+GB/month, connecting
their Xbox 360s to Live via their phones, etc. That certainly seems like a way
to get "noticed" by AT&T.

edit: one guy on there pasted his usage from AT&T's account manager - 165 GB!

~~~
theBobMcCormick
Those are the people who are ruining it for everyone.

I use the Tethering on my Nexus One (Tmobile) from time to time, but I don't
abuse it. I use it as an emergency backup internet access for cases like if
the wifi at the hotel isn't working, etc. IMHO, that's reasonable and my usage
when tethered probably isn't much more than when I run things like Pandora or
Youtube on my phone.

If I were using 10+G/month, then I'd _expect_ to have to pay for a higher
priced "tethering included" plan.

~~~
dexen
Some put it the other way around: you owe the ever-improving network to the
heavyweight users [1]. Well, at least Cisco says that -- and you know what
they sell.

In any case, it's not the other user that oversold the bandwidth; it's the
ISP. They made an unhedged bet, it fell short of working out(predictably), so
it's their turn to foot the costs of upgrading the network.

\----

[1] [http://business.financialpost.com/2011/03/04/bootup-heavy-
we...](http://business.financialpost.com/2011/03/04/bootup-heavy-web-users-
are-just-early-adopters-research-shows/)

------
yellowbkpk
These e-mails from AT&T are almost always smoke and mirrors. I'm on the same
data plan I had in the Cingular days and have received dozens of e-mails and
texts warning me that I "may be violating my contract" and that they're going
to switch me to the $60/mo plan.

I've yet to be switched away from my $10/mo data plan.

~~~
kpao
Same for me, until I got a Nexus One.

I was using an HTC TyTn2 that I didn't purchase at a Cingular Store and I was
on the $15 data plan. Never got caught with this phone, probably because they
didn't know what phone to map my IMEI to.

I got a Nexus One for AT&T last year, and received an auto upgrade SMS shortly
after, saying that my Nexus One required another plan...

------
thesis
I love when my ISP is actively monitoring/reading packets. Makes me feel all
warm and fuzzy.

------
charlief
Was posted earlier today with a large set of comments:
<http://news.ycombinator.com/item?id=2340275>

------
azim
It's unlikely AT&T is doing anything fancy at this point, but there's
potentially much more to detection than TTL. NAT devices make an attempt to be
transparent at layer 4 and try not to interfere with it. Host OS
fingerprinting can rely on a combination of options at that layer as well
including but not limited to windowing scaling MSS. If AT&T cared to go the
distance, it would be very difficult to get around detection without
interfering with the TCP/IP stack.

~~~
vetinari
Use SOCKS proxy for tethering - problem solved. (OK, it is not that
transparent for client, but the detection would be much harder).

------
omarqureshi
There is a greater underlying issue here which seems to be missed.

I have paid £x to use O2's (or in this case AT&T's) network, not only that but
I also had to partially pay for the handset.

O2 should not really give a damn about what device I use to access their
network - sure, they may have sold me a handset with an Internet plan, but it
is MY DECISION to use whatever device I see fit to use that network.

If I am allowed to use whatever device I want but it was capped to say 4GB, I
would have no issue, but as it stands, I am not only paying to use the phone,
but an additional bullshit cost to tether the phone which technically should
be none of their concern.

~~~
ajg1977
That's a bit like saying "I bought a plane ticket, and if I want to cram
multiple people, cargo, or whatever into the seat that's MY decision and the
airline should not give a damn".

There's no underlying issue. You accepted their offer of a subsidized handset
in exchange for entering into a contract to buy voice & data for that handset,
or an equivalent, for a period of time. Your agreement pertains to that type
of device only, clearly stated in the T&C's.

Now, if you want to argue that tethering charges to use your bandwidth is a
dick move, or that mobile operators should NOT be able to discriminate, or
charge more just because you own a certain device, then I completely agree.
But neither of those are what you agreed to.

~~~
chris_j
You're absolutely right about the T&Cs. Presumably AT&T are aware that some
people are prepared to pay more for tethering and therefore write the T&Cs
such that can price-discriminate in order to get more money out of those
people for potentially the same service. The sad thing is that people probably
signed up in the expectation that the T&Cs would not be enforced and are
getting a rude shock.

To slightly modify your airline analogy, this is like going on a business trip
and flying economy. The airline scans your baggage, notices that you have
packed your suit and other work-related items and demands that you pay the
business class fare. "Hold on a minute," you complain, "I am entitled to 20kg
of hold baggage and 7kg of hand baggage, so long as it fits with certain
dimensions and isn't dangerous!" The airline retort: "Read the small print.
Business travellers with certain items in their baggage will be charge the
business class fare, which will be charged to your credit card. Now, enjoy the
flight and don't forget to pay attention to the safety announcement."

------
paylesworth
I'm curious to find out what you guys / gals think about this. Is this just a
fear tactic? Or, does ATT have a legit way to check if you're doing
unauthorized tethering. Any of you get hit with this text on accident (false
positive)?

EDIT Removed the '(Ars)' from the title. N00b mistake :)

~~~
gte910h
There are dozens of legit ways to automatically detect this, and dozens more
if humans are involved.

Requesting non-mobile versions of sites that do not have the option

User Agent strings such as "Internet Explorer" or "Safari" in HTTP requests

Sending screen sizes via relatively common web calls

The use of UA-Pixels at all, especially when specifying large screen sizes.

Use of protocols that are only seen in desktop OS programs (ventrilo,
starcraft2, etc for instance is one that should be a good detector).

~~~
mattmanser
How are any of these legit, all of that's illegal wiretapping.

~~~
ceejayoz
It'd be illegal wiretapping if it were the government, perhaps, but I'd
imagine the standard contract with AT&T permits this.

~~~
eli
_"AT &T may, but is not required to, monitor your compliance, or the
compliance of other subscribers, with AT&T's terms, conditions, or policies"_

And, of course, it's now well-known that the government WAS using deep packet
inspection on AT&T internet traffic.

I would assume they're just looking at how much you download in a month,
though. I don't think AT&T is worried about offending outliers using large
amounts of mobile data by inaccurately accusing them of tethering.

~~~
sukuriant
Could you provide a link to the government using deep packet inspection on ATT
internet traffic. I don't remember it/haven't heard about it.

Just curious.

~~~
nitrogen
Here's what a Google search for "at&t nsa splitter" turned up:

<http://arstechnica.com/old/content/2006/04/6585.ars>

------
jimbobimbo
Unless they're performing a deep packet inspection, there's no good way to
tell if you're tethering. Usually tethering option uses user name that differs
from non-tethered option during authentication. If your unathorized tethering
application sits on the device, it simply shares non-tethered connection,
hence the user name doesn't change. The only plausible explanation w/o going
deep into packets - bandwidth or some unusual ports usage.

------
avolcano
Great, now I get to stop working away from home. I mean, I can barely pay the
$20-25/mo for 2 gigs, let alone $45/mo for 4 + tethering.

------
hippich
They can detect this only by listening traffic. Isn't this require some court
order for wiretapping? =)

Also, what's about if I setup permanent openvpn connection from the phone to
some dedicated server?

------
teyc
They should have called the plan "all-your-iPhone-can-eat-plan Note: meals not
to be shared with other devices"

