
How can phone companies detect tethering? - antouank
https://android.stackexchange.com/questions/47819/how-can-phone-companies-detect-tethering-incl-wifi-hotspot
======
londons_explore
Android connects to the phone network using a different type of connection
(DUN) to send tethered data.

The code to do that is in android here:

[https://github.com/aosp-
mirror/platform_frameworks_base/blob...](https://github.com/aosp-
mirror/platform_frameworks_base/blob/355dbae680994002c48d7a66cb276a65393ecbbb/services/core/java/com/android/server/connectivity/Tethering.java#L1090)

There is a setting you can set to disable it and make the provider treat all
traffic as if it is non-tethered.

    
    
        adb shell settings put global tether_dun_required 0
    
    

Considering how knowledgeable the HN crowd is on all things networking, it
surprises me to see so much uncertainty on something so easy to check in the
code!

~~~
lone_haxx0r
And why does Android have that enabled by default when in 90% cases it's
better for the user to have it disabled?

~~~
tbrock
Not sure if you realize this but google doesn’t build android for you, it
builds it for the carriers so what is in your best interest is not really
considered. You aren’t the client.

~~~
inlined
I don’t think it’s quite that simple. Google builds Androids for users, but
the primary retail space is owned by the carriers. There are occasionally a
few lines the carrier could tell manufactures (including anyone selling
android) not to cross or they won’t sell that phone.

~~~
wut444
Google builds in interest of Google profits.

Phone manufacturers alter from there per carrier demands. Phone manufacturers
us Android because it's free.

It's brilliant on Google's end.

Perfect example, is WiFi calling. That was available on Android forever, but
only T-Mobile didn't restrict it. ATT and Verizon had it disabled because of
how profits are calculated on cell sites. There's a whole per minute, text,
and data calculation that shows money flow. T-Mobile allowed WiFi calling way
back when because the network was a dwarf to the big carriers. And then apple
caught up like normal and acted like they invented it, but don't even get me
started on apple.

------
nkozyra
Last year I called T-Mobile for some relatively minor reason and then got into
a conversation about this "upgrade" I could get that would knock my bill down
$20 a month, provide option X, Y and Z.

It sounded too good to be true so I just kept asking if I'd lose anything. I
was assured, no, it's all benefit.

In the past if I had an internet outage at home I'd switch to to tethered
phone and have no drop in speed. In fact, it was faster than work or home.

I recently moved and while waiting for internet installation suddenly found my
tethered rate went down to .25/mpbs, whereas in the past it was up around
40mbps up and down. My phone itself reached these speeds via LTE. It became
immediately apparent what I'd signed up for in my "upgrade" the year prior. I
had been on some grandfathered plan that had no such restriction, and by
"upgrading" sacrificed my ability to tether without moving to a One Plus plan.

Of course in the heat of all of this I asked myself that same question: "how
does T-Mobile know?" Some of the suggestions here seem unlikely since I'm
still able to get good speeds via the phone _simultaneously_ while limited via
computer. The MAC address thing seems compelling but I'm obviously not going
to go around spoofing anything just because I got duped by my provider.

I've been a T-Mobile customer forever, but that kind of deception was really,
really insulting.

~~~
komali2
That's super weird, T-Mobile is supposed to have simplified their plans to
just the one like 65$ one with no restrictions. It's a big part of their pitch
- "we're the no bullshit, no contract company," so I'm pretty disappointed to
hear they're moving away from that.

~~~
deathanatos
They were when I joined as a customer around ~2012. But in more recent years
they make weird distinctions between tethered and non-tethered. My SO's phone
has T-Mo's version of Android, and enabling tethering causes a visible phone-
home interstitial. My phone is unlocked/has vanilla Android, so it doesn't.

Our billing, IMO, is very _not_ up-front about what our limits on tethered/not
are. Generally, it hasn't mattered. Whatever our limits are, we're not hitting
them.

And it's annoying AF; there is no reason for a carrier to give a crap about
tethered/not. Limit my bandwidth, cap the amount I can send, sure — I
completely understand not wanting a customer dragging down the network —, but
what does it matter what device generated the bits?

~~~
tgsovlerkhgsel
> what does it matter what device generated the bits?

Most of the packages they sell are based not on the cost of your specific
consumption (which is way more complex than peak bandwidth or total transfer),
but the cost of typical consumption given some restrictions (e.g. the
aforementioned bandwidth or total volume cap).

If you bunch tethered and non-tethered traffic together, the average non-
tethered user will have to pay more, and the average tethered user will have
to pay less, than with the two usages split (assuming the same total profit).

Thus, you would lose the "cheap" non-tethering customers to competitors who do
differentiate, while the expensive tethering customers would come to you.

~~~
nitrogen
Or, if they limited bandwidth to the actual expected behavior, like the
previous comment suggested, everyone would get the service they pay for
regardless of device. The only ones who don't want that are the providers who
want plans to be as confusing as possible.

------
gruez
>MAC address inspection

AFAIK this wouldn't work because MAC addresses don't get forwarded to the next
network segment. On android, the phone acts as a router (with its own DHCP
server assigning devices a local IP address), so I doubt that information is
getting passed on.

>Inspecting the network packets for their TTL (time to live)

>TCP/IP Stack Fingerprinting

>Looking at the Destination IP/URL

Probably works, but I'd imagine it's pretty easy to bypass by proxying your
connection through the phone.

~~~
kiallmacinnes
> AFAIK this wouldn't work because MAC addresses don't get forwarded to the
> next network segment

Finally! I was scrolling down the comments, starting to think nobody on HN
knew networking enough to notice this.

MAC addresses never "leave" the local network segment, so can't be used for
tracking tethering unless the phone has code to forward this info on. But, at
that point, the MAC address isn't really needed anymore ;)

~~~
no_carrier
Does 4G even use the concept of a MAC address? I'm not familiar enough with
the protocol to comment, but MAC addresses are usually an Ethernet conecpt.

~~~
kiallmacinnes
I believe it does use MAC addresses, just obviously the link layer is
different. I'm not 100% certain though as I haven't gone deep into 4G!

------
brink
Isn't paying for tethering the digital version of buying apples, but I have to
pay a premium if I want to use them in a recipe?

~~~
vjust
Not sure if this works as an analogy.

Its like if you subscribe to netflix .. but if you want to share it with 4
family members, then get a family plan. You can simultaneously consume
multiple streams of content.

Tethering allows you to share the internet connection with other people, as
well as your other devices - which is essentially you consuming multiple
streams of internet data simultaneously.

~~~
southerntofu
That's creating artificial scarcity.

Paying for usage sort of makes sense, but paying for a license to share with
other people? That's outrageous.

Imagine if you had to pay an extra license on your water bills for sharing
water with your guests..

The cultural industry from your first example has been unjustly profiting from
artists and the public alike for decades.

Now ISPs need to apply this model to survive because we don't pay for
bandwidth usage or for guaranteed bandwidth. We pay for a mirage of advertised
28Mbit/s, 100Mbit/s, or even 1Gbit/s nowadays.. the cost of which bandwidth is
actually shared among many clients.

So it's specifically because of their own marketing lies that ISPs now need to
find ways to restrict users from sharing their access. Good luck with that!

In the meantime, we'll keep on building our own self-organized non-profit ISPs
(such as NYCMesh or guifi.net) to overthrow their rule.

~~~
salamander014
Paying for ACCESS makes sense. It costs the ISP to have the availability to
connect you up.

Paying for USAGE is disgusting. The way a network works, is that besides
upkeep which is a small percentage of TCO, upfront cost scales with total
bandwidth, not total number of packets one needs to move across a set of
links.

Meaning if the ISP buys enough network equipment for 100 users to each have
10mbps of available bandwidth, they no longer have costs besides upkeep
(maintenance, support, and replacing broken hardware). This is a SMALL
percentage of upfront buildout costs. This large lump sum in the beginning has
the potential to deliver the same amount of bandwidth ad infinitum.

Charging users for USAGE is DISGUSTING and is literally not fair.

Price gouging.

Plain and simple.

~~~
southerntofu
> Paying for ACCESS makes sense.

In the context of a typical end-user paying a non-profit ISP, yes. We share
infrastructure costs and that's about it.

The problem is commercial ISPs only follow the money so you have the recurring
cost of greedy shareholders to take into account in your equation. And that
usually leads to not respecting net neutrality (as was the original subject of
this thread).

So if you are in control of your own infra, price for access should be in the
range of 1-20€/month. If you do xDSL, it has to be (a lot) more expensive
(+15-25€/line/month).. as long as you're small. When you're big enough you can
do local-loop unbundling and be back on the first price-range.

> Charging users for USAGE is DISGUSTING and is literally not fair.

Depends. For typical end-users, it's not a good model (you want a fixed
price). But for associations, hosting coops, companies.. That's the usual
approach for guaranteed bandwidth billing:
[https://en.wikipedia.org/wiki/Percentile#Applications](https://en.wikipedia.org/wiki/Percentile#Applications)

That's a mechanism to make sure your friends and your small neighborhood
association don't have bleed themselves to pay for the seedbox i want to setup
in my garage :)

~~~
salamander014
You are saying it's okay for ISPs to charge per packet rather than per pipe
size. It is possible for ISPs to set up their network for guaranteed bandwidth
(at least as far as the NOC you are connected to). But not doing so means they
can continually squeeze more money out of their customers without added
infrastructure costs.

Without firsthand experience, it's difficult to explain to someone that once I
configure an access layer switch with 48 1gbps ports on it, and 4 10gbps SPF+
uplinks, it only costs me the price of electricity and physical storage to
move 1 packet over it, or an infinite number of packets over it.

My problem with that is that once the pipe is installed and working, it only
costs maintenance. I'm not sure what you are trying to say with your seedbox
example.

~~~
southerntofu
> You are saying it's okay for ISPs to charge per packet rather than per pipe
> size.

Not my intention, sorry. Per-packet pricing would be ridiculous indeed.

> not sure what you are trying to say with your seedbox example.

"Per pipe size" pricing doesn't mean you only have maintenance costs. Because
it's technically unfeasible to guarantee "pipe size" bandwidth to all routes
on the internet to all your clients. So if i keep "my" pipe filled, you may
have to add new cables/switches or maybe upgrade some transit plan.

So i can understand that with a 10Gbit/s uplink you may never reach these
limits because your network is already oversized for your needs. But many
people (even actual ISPs) don't have 10Gbit/s uplinks. Or at least not
10Gbit/s of transit (although they may have 1-10Gbit/s peering links with
other local entities).

~~~
salamander014
>technically unfeasible to guarantee "pipe size" bandwidth to all routes on
the internet to all your clients

Yes I agree. But if I pay an ISP for a 10mbps link, I should be able to get
10mbps to their NOC at all times, and then each ISP would be able to vary
prices based on peer connectivity. This is where competition would strengthen
the internet backbone.

------
joecool1029
Oh hell yeah, this is my topic. I really really really hate Comcast's poor
reliability and cost in my area (seriously you can see me bitch on usenet
today: [https://groups.google.com/forum/#!topic/alt.online-
service.c...](https://groups.google.com/forum/#!topic/alt.online-
service.comcast/nS0m4rEJDLo) ) so I rely on a stack of various LTE providers
that are comparable in speed.

I'm tethered right now to Sprint which really doesn't appear to give a shit.
Their network is encapsulated to all hell since it's ipv6-only so I recommend
decreasing MTU's when connecting to it (something like 1320 seems to work or
sites like duckduckgo get blackholed). Sprint sucks unless you're line of
sight to a band 41 tower and/or have a HPUA device.

T-Mobile detects tethering a matter of ways. I use a Moto E LTE 2015 (surnia)
as a dedicated modem phone for them. I modified lineageOS 14.1 for my specific
use case (namely just to add TTL as a target in the kernel for iptables). I
also use Network Signal Guru to lock it to the meatiest band in my area (band
4 broadcasts at 20mhz)

The magical iptables option to pass is: iptables -t mangle -A POSTROUTING -j
TTL --ttl-set 65

They detect certain services like playstation network, so you have to VPN that
so it isn't counted. I disable ipv6 on the t-mobile APN too as an added layer
of protection. Average use is around 250-300gb/mo, this is rural so it's
unlikely it causes any quality of service issues (and I don't end up subject
to deprioritization issues after 50GB)

EDIT: Should also mention at least T-Mobile used to do DPI on the User Agent
sent by browser years ago. They don't appear to do that anymore (widespread
HTTPS made that pretty useless). Back then I used to just get around port
blocking by ramming my traffic through SSH dynamic port forwarding on port
143, normally used for IMAP. This was for T-Zones service level in the early
2000's.

Oh and for AT&T in the later 2000's I used to buy import phones that weren't
in their system and use them on the non-smartphone unlimited plan until they
got wise to that.

EDIT2: If you find ethics of this questionable, can't be hassled to figure
this stuff out, and/or still want to use LTE unlimited where money is not a
concern there's plans for that:
[https://unlimitedville.com/](https://unlimitedville.com/)

~~~
lozaning
Unlimited, unthrottled, potentially ananymous 4G service is also available
through
[https://www.calyxinstitute.org/civicrm/contribute/transact?r...](https://www.calyxinstitute.org/civicrm/contribute/transact?reset=1&id=19)

~~~
joecool1029
While the project seems to have neat goals the:

"unlimited 4G / LTE wifi data and a mobile hotspot from Sprint", is meh for
$500.

Consider this: Buy a unlocked Fi moto X4 from best buy for like $200, do the
Sprint BYOD deal with a Google Voice number ($3 to unlock number for porting),
this will give you $4/mo 'unlimited' service for a year. Slickdeals has a long
in-depth thread on the full details of this arrangement.

------
whizzkid
There is only one justified reason for phone companies to check if you are
using your phone as a router, and that is when they provide unlimited data to
your contract. Unlimited data is provided given that you are going to use it
on your personal devices and not to act as an ISP to everyone around you.
Other than that you generally pay for X GB of data and it is none of their
business how you spend it.

~~~
voodootrucker
I would argue from a "well regulated market" perspective that is not justified
either. A byte's a byte.

~~~
i_am_proteus
A byte for your use is not the same as a byte for someone else's use. Setting
up a hot spot for other people could be viewed as reselling the service (even
if you don't charge for it).

~~~
TeMPOraL
It's still creating restrictions that go against the "natural" behavior of the
medium. That's why they need sophisticated tech solutions to enforce it - it's
not natural to label bytes, it's not natural to even talk about using the
connection yourself vs. reselling the service.

~~~
bitwize
Copyright laws are restrictions that go against the "natural" behavior of any
digital medium. Yet we still imple,ent and enforce them. That's what
restrictions _are_ , a way to turn ugly reality into a situation that's more
felicitous for everyone.

~~~
TeMPOraL
Yup. That's why copyright laws ended up being a total dumpster fire. They're a
desperate attempt at making digital data behave as if it were Gutenberg-era
books. Not only they fight uphill against the medium, but by refusing to be
grounded in reality, they opened themselves to abuse - and thus became
captured by the rent-seekers from various industries.

------
mlurp
Very interesting! I'm on a budget mobile service provider (Cricket), and only
recently discovered that they disable using my phone as a hotspot on my plan.

I called them up, because I wouldn't mind paying a small amount extra every
month to have that ability. However, they told me that they actually _couldn
't_ provide it with my _phone_ even if I paid, because they didn't support my
phone (Pixel). Then they tried to upsell me on "compatible phones"...

I used this phone as a hotspot with my previous provider, so I know it _can_
be a hotspot. But I don't know much about the technical side of this. Does
anyone know if what they're saying is plausible? (Ie, they can't offer it for
my specific phone)

I briefly tried a few apps for this purpose, but none of them worked.

~~~
ghostly_s
Can't comment on Cricket, but I'm researching low-cost carriers at the moment
and discovered a similarly curious situation regarding Republic Wireless. I
found some strange restrictions in the plan regarding tethering, looked into
it and found they _don 't support iPhones at all_. Why? They won't admit to
this on their website, but apparently their "cell service" actually uses some
proprietary hybrid cell/wifi network, where they piggyback off public hotspots
and route your traffic through them when available, so the "cell data" you are
paying for is actually priced on the premise that the bulk of it will be
utilized as wifi data, instead. They of course can only enforce this in
Android devices by futzing with the network stack at a level Apple doesn't
allow.

~~~
hundchenkatze
Interesting, I used Republic a few years ago during their beta period. Back
then they were very upfront about routing calls/data over wifi whenever
possible, even marketing it as a feature on their home page. Now I can't find
any mention of routing over wifi on their main pages.

edit: Here's their page from 2012, they were marketing it as "Hybrid Calling"
[https://web.archive.org/web/20120103104716/http://republicwi...](https://web.archive.org/web/20120103104716/http://republicwireless.com/how)

~~~
jjwhitaker
It makes a lot of sense and I have several friends who use similar services.
But if Tethering disables wifi (at least connecting to wifi as your phone is
now acting as a router) then their hybrid component breaks and only uses cell
which may be throttled, limited, or not available. It sounds like more a CYA
against higher bills from whoever they are renting service from while keeping
their Hybrid setup functional for better service. I'd be frustrated if my
budget plan had terrible service when tethering because 80% of my traffic is
normally over wifi and works fine but now is being funneled 100% into
cellular.

------
kevin_b_er
TTL is a nice cheap trick. I figure you can bypass it by adjusting your TTL to
be +1 on the computer, or by running a VPN client that acts as a proxy on the
phone.

This is another excellent question from the earlier days of stackexchange that
are all now "offtopic". Its sad to see it consistently lose informative
questions. Stackexchange's policy shift toward marking any slightly general
question as offtopic is a sad state of affairs.

~~~
dugite-code
On windows adjusting the TTL is simple. From my reading Android uses a TTL of
30

netsh int ipv4 set glob defaultcurhoplimit=29

netsh int ipv6 set glob defaultcurhoplimit=29

Alternative to a VPN as a proxy you can install Termux on Android to install
and run a sockS5 proxy.

------
sneak
I am still annoyed (at Apple, to be clear) at the fact that my iPhone asks for
carrier permission before functioning as a WWAN-to-WiFi NAT.

I have to carry two devices because of this. :(

Also in this list: Apple allowing video players to disable seeking in ads.
It’s my hardware, fuckers.

~~~
vbezhenar
If it's your hardware, you're free to install your own software which does not
honor those checks. But apparently you can't do that, so it's not entirely
your hardware, as you can't run any code on it.

~~~
gumby
Even with an android device (or any certified device) the radio portion is not
your device: you can't modify its firmware.

~~~
nqzero
the radio portion is quite different as there are externalities tied to it.
the phone portion doesn't

~~~
ghostly_s
Is it not the very exact externality (interfacing with the carrier's network)
that is being discussed here?

~~~
TeMPOraL
Not exactly. Radio chip firmware is responsible for controlling the physical
layer, and restricting access to it is a practical compromise that ensures
people don't generally cause RF interference for one another.

The problem discussed upthread is on the application layer - you not being
able to run arbitrary code on your own device because companies prefer to
please one another rather than their customers.

------
Causality1
Another note: just because you have a VPN running on your phone and have
enabled Android's "always on VPN" and "block non-VPN traffic" options doesn't
mean that devices connected to the phone hotspot will send their data over the
VPN. You need to have it configured on the guest device as well.

------
bluedino
>> This question exists because it has historical significance, but it is not
considered a good, on-topic question for this site so please do not use it as
evidence that you can ask similar questions here.

What reasoning would they have for that? It's an Android stackexchange after
all.

~~~
mattigames
It's my main caveat against the stackexchange network, many questions like
this one are extremely useful and on-topic but the moderation has some weird
standards of whats on-topic and what is not; one of the worst examples is when
one particular question is the first result on Google about a common problem
but due over-moderation is now closed and nobody can enter updated answers,
such is the case for "Is there a tool to convert JavaScript to Typescript?"
[https://stackoverflow.com/questions/14412164/is-there-a-
tool...](https://stackoverflow.com/questions/14412164/is-there-a-tool-to-
convert-javascript-files-to-typescript#comment95235624_14412164)

------
aembleton
Many years ago, on a UK network (I think it was o2, but might have been
GiffGaff) I couldn't and didn't tether.

However, one app would make calls out with a User Agent that looked like IE6
which caused the network to disconnect my data and require me to phone up to
get it unblocked.

------
_bxg1
I put Cyanogenmod on a device and tethered for years without any carrier
warnings. Then I accidentally got a device with a locked bootloader and
tethered by rooting it to switch a flag; I got a warning from that one. Then I
got another open device, put LineageOS on it and tethered uneventfully for
another couple years.

I'm sure my custom ROMs played some games to disguise the traffic, but at
least on AT&T it seemed to work without a hitch.

------
jmpman
I used to have the old AT&T unlimited plan. A few years ago, they cancelled it
due to tethering. I called in to complain, as I know how to tether
“illegally”, but hadn’t been doing it. Eventually realized that I’d connected
my phone to my mother in-laws new Jeep Grand Cherokee, and the Jeep must have
been making IP connections through my phone. Just to spite AT&T, I switched to
Verizon.

------
tombert
I don't think it works anymore, but it used to be that you could get around
tether-blocking in MetroPCS by simply setting your user-agent string to Chrome
Android; they moved to something more clever because I guess enough dorks like
me figured it out.

------
tomohawk
After several years of good service, I was accused by my telco (Cricket) of
tethering without paying the special fee and my phone was disabled. Found this
out in the middle of a trip.

The thing is, my plan did not require the extra fee when I signed up, and so
that had been grandfathered in.

When the telco does this, you can switch to another one, but you cannot port
your number. This would be like the postal service owning your street address.
If they took a dislike to you, they could prevent you from using the address!

------
sofaofthedamned
One thing others haven't mentioned is DNS. If your phone is trying to lookup
Windows Update it's a surefire way of knowing this didn't originate in the
phone.

~~~
Marsymars
Windows 10 Mobile is still receiving Windows updates for another five months!

------
elkos
I never had this issue in EU. Is there a common EU mandate that prohibits
carriers to discriminate tethered or untethered traffic?

------
lbriner
One of my previous providers was literally looking at the browser user-agent
header. If I just connected as normal via my phone, I was blocked very
quickly. If I used developer tools in Chrome to pretend to be an iPhone or
Android, it worked without complaint.

I'm not sure there is much else with which the network can tell is there?

------
turtlebits
I don't necessarily understand it, but for my Samsung note 8, I used a
settings/flag editor and added 'DUN' to my LTE settings and was able to turn
on Tethering, whereas normally, it would turn itself off after enabling
"mobile hotspot".

------
swsieber
My carrier started blocking requests from my tethered computer if they are
made through a VPN ... that doesn't seem like it obviously fits into any
category? Any guesses as to how they can do that?

~~~
Nextgrid
Time to start blocking their requests to your bank account.

As to why they’re doing that I have no idea, I guess they want to see your
traffic in the clear and so block most VPN protocols (though you should be
able to get a TLS-based VPN working over port 443 as it’ll look like standard
HTTPS).

~~~
swsieber
My VPN is definitely going over 443, so I'm not sure what's happening. It
looks like the VPN handshake stuff completes successfully though.

------
swsieber
At the turn of this year, my provider started blocking requests made through a
VPN. Boo

------
deniska
Yeah, I recently had to change TTL on my laptop to 65 to avoid tethering fees.

------
collsni
Set your ttl lower than your phones or 1 higher

------
shmerl
If mobile ISP is snooping on your traffic and violates net neutrality by
forbidding tethering and the like, just use a VPN.

~~~
dboreham
Despite the downvotes this is not an unreasonable suggestion. However this
would only work if the tether/hotspot traffic were tunneled opaquely down the
VPN. But I suspect that isn't the case (the phone vendor owns the VPN client
and associated kernel networking, and arranges to not tunnel the proxied
traffic).

~~~
shmerl
Use a phone where you can install an open OS that you control. It's
ridiculous, if the phone is actively preventing you from setting up networking
the way you need it.

You can also use some simple ssh forwarding from the phone (like SOCKS5) even
if VPN is not available. ISP won't be able to differentiate that from other
traffic.

------
hkai
A VPN solves it.

------
collsni
Ttl

------
gcbw2
The actual answer nobody is giving:

Q: How can phone companies detect tethering?

A: by working with Google and Apple to inject code in android and IOS to serve
that purpose.

