Last week at a conference, I spoke briefly to an engineer from one of the large two US telcos on this issue. He indicated they utilized a variety of methods, including utilized fingerprinting of the IP/TCP headers, and protocol analysis to help identify traffic. Specifically, I heard TTL mentioned, as well. He might be a user here.
There are more knowledgeable people than you working on the issue. That said, I haven't gotten an evil text from using PDAnet, yet. Then again, I don't tether that much and when I do it's not a lot of data.
Note: TetherMe (native tethering on jailbroken iPhones) sends all tethered data through the same APN as mobile data by default so users won't fall foul of the APN detection method mentioned here.
Of course that wouldn't stop AT&T & Co sniffing browser strings of high data users, but that's a more complicated system to implement.
I'd like to see a proper source of this (other than Android Police / iPhone Download Blog). I have used MyWi without having any special settings for tethering (my provider doesn't supply those), and it worked just fine; it would be a bit silly to go through the trouble of setting up a hotspot and making sure you're actively routing the data to the 'wrong' APN.
(Note that iPhone Download Blog is the one calling MyWi by name)
Also, if this is the case, wouldn't it be easier for AT&T to just disable the tethering APN for you if you don't have the tethering option? That would seem to be much more effective.
Every good dealer knows that you don't cut off your customers' supply. You "work with" them, you send someone to break their legs for not paying, but you never cut them off.
Seriously, wouldn't it always have been easier just to cut customers off to prevent things like astronomical texting overages? That would interfere with that beautiful revenue stream.
Just to add another data point - during a recent move, I was temporarily using iPhone + MyWi as my primary internet connection. Nothing particularly egregious - just basic web browsing and SFTP. This lasted for about a week.
That was at least 1 billing cycle ago, and I've yet to hear a peep from AT&T. My suspicion is AT&T is (currently) just looking for users with excessive data usage.
A couple of years back, federal regulators (thanks to the efforts of EFF) declared that jailbreaking an IPhone is not illegal. Since then, Apple has stopped threatening users with jailbroken IPhones, and also, finding and patching new vulnerabilities that allow jailbreaking has become a moot point.
In the same vein, has there ever been a verdict on the legality of unofficial (MyWi-like) tethering?
There's a huge difference between jailbreaking an iPhone, which the EFF established doesn't (necessarily) violate the DMCA, and breaking your contract by using services from AT&T that you're not paying for. The first means using something you bought and paid for in a way the manufacturer doesn't want you to. The second means using a service that the provider charges for, but you're not paying for. The law is never going to protect the second one.
To start with, tethering without paying for it is definitely a contract violation, and AT&T could cut off your service, retroactively charge you for it, or do whatever else (within reason) the contract provides for. There is little or no legal ambiguity about this. You are getting a service for free from AT&T that other people are charged for, so you're breaking your deal with them and owe them damages.
The (slightly) more interesting legal question might be whether AT&T could ask a prosecutor to bring criminal charges. My uninformed guess is they could, based on something like "theft of services." If I charged $20 a month for you to come fill up a one-gallon bucket any time you wanted from my well, and instead of a bucket you filled up a tanker truck, it would be theft plain and simple, because you'd knowingly be taking something from me without my permission.
(Actually I hate physical metaphors for computer stuff, because they usually distract more than help if you're talking with reasonably technical people. So let's not get sidetracked with questions like, "what if I filled up the tanker truck _with the bucket?_" [Unless you happen to enjoy pointless arguments as much as I do, in which case go for it.] The point is that the contract permits you to access AT&T's network in certain ways for a certain price, and you're accessing it in different ways without paying the different price, and the law's not too likely to be on your side for that one.)
This is all probably hypothetical, though. AT&T wouldn't bother to bring an expensive lawsuit or risk negative publicity from criminal charges, when they can (perfectly legitimately) charge you extra under the terms of your contract and dare you to fight it.
IAAL, in case that changes your assessment of a random person's opinions on the internet.
Tethering isn't a service though. The service is the data transfer. Tethering is a feature of the phone (which you own, especially if out of contract).
Here's a metaphor: Imagine if the water company charged you per gallon for water you used, but then added an additional charge for having a shower. Since you own plumbing fixtures to which the shower connects, and pay for every gallon, we would consider it unfair for the water company to charge extra for an "authorized" shower.
As far as theft of service, what on earth have you stolen? You pay for the data you transfer. Tethering is simply an "unauthorized" (by the vendor) use of that data.
However, the water company will most definitely come looking for you if you start selling water to the neighboring town that has higher water prices, since then you are profiting from your subsidized water.
The real problem is that somehow the wireless companies, unlike residential ISPs, have gotten away with not being labeled as pure data transfer companies. It should be none of their business what data you send, but unfortunately that's not (legally) the case.
The dumb pipe argument has been around for a couple years now. These companies (cable, satellite, telecom) absolutely do not want to become utilities. It limits their control over their product, and cuts off several high-yield revenue streams.
If they were regulated like a utility (water or electricity, for instance), you would see any and all arbitrary surcharges disappear, and these happen to be the biggest cash cows for these companies.
In the UK, most providers charge per-kilobyte. For example, I'm on a contract that gives me 1GB per month. Anything beyond that and I pay extra. It annoys me greatly that tethering isn't included in that (and costs a lot more), whether or not I use the 1GB that I've already paid for.
> The (slightly) more interesting legal question might be whether AT&T could ask a prosecutor to bring criminal charges. My uninformed guess is they could, based on something like "theft of services." If I charged $20 a month for you to come fill up a one-gallon bucket any time you wanted from my well, and instead of a bucket you filled up a tanker truck, it would be theft plain and simple, because you'd knowingly be taking something from me without my permission.
What I don't understand is how they decide how much to charge for tethering, especially for the capped data plans. Presumably, whether you download 2GB of data straight to your phone vs. 2GB of data through your phone to your laptop doesn't affect their ability to provide network service, so why should they care? In that case, they're simply charging more because some people will pay it. I understand that, but it still rubs me the wrong way.
Their theory is that you'll never use 2 GB on your phone alone, so if you want to tether, you'll actually use close to 2GB, and well, that's an extra charge, citizen.
The problem is that they sold you "all the water you could carry" and then reneged when you pulled in with your truck (with the bucket they gave you duct-taped to the inlet with a hole in punched in the bottom).
Its a case of "wait! I didn't really mean all". Its the classic fat man at the buffet problem.
>The problem is that they sold you "all the water you could carry" and then reneged when you pulled in with your truck (with the bucket they gave you duct-taped to the inlet with a hole in punched in the bottom).
What they sold you is in the contract, which specifies non-tethered data access. To continue your water analogy, they sold you all the water you could carry in that bucket, and you signed a contract saying you wouldn't try to connect the bucket to anything else.
This is really straightforward contract law. If you want to do something, don't sign a contract promising you won't do it.
Jailbreaking was given a temporary exemption from the DMCA. That doesn't mean it's necessarily legal, nor does it mean that it doesn't violate the terms of the contract with your carrier.
No, it just means that it doesn't violate one part of one law: the anticircumvention provision of the DMCA.
And the exemption only applies if "circumvention is accomplished for the sole purpose of enabling interoperability of such [software] applications, when they have been lawfully obtained..." One could argue that skirting carrier rules on tethering is different from enabling interoperability.
Further, it has no bearing on any contract you may have with your carrier.
It was actually (according to the EFF) 1) just last year, 2) the Copyright Office, 3) jailbreaking specifically for the purpose of interoperability with lawfully obtained software or for connecting to different providers with the authorization of said providers, 4) specifically w.r.t. the DMCA rulemaking process. https://www.eff.org/press/archives/2010/07/26
> patching new vulnerabilities that allow jailbreaking has become a moot point.
I'm not sure how moot. A few iPhone jailbreaks have exploited vulnerabilities that would allow an attacker to execute arbitrary code on a user's device. So, while pretty handy for delivering a jailbreak payload, equally devastating were someone to decide they wanted to pilfer some address book content or damage system files.
I'd say patching such vulnerabilities is important, though the short-term jailbreak opportunities are nice. Apple also verifies a checksum of your OS installation to prevent you rolling back to old, vulnerable OS versions. So, legal or not, Apple isn't taking a nap on jailbreaking.
I wrote a non-root tethering app, so I might have a bit of tunnel vision.
First, any good tethering app should be immune to a simple TTL check. The most likely culprits are instead application traffic patterns. The following immediately come to mind:
- Browser user agents
- Automatic status checks under both OS X and Windows
- Application behavior:
* Netflix and Hulu on Android isn't supposed to happen.
* Browsers like Chrome are very aggressive and can open dozens of simultaneous TCP connections. DNS prefetching can also generate dozens of requests over UDP in a very short time window.
Yep. Any non-root tethering app should just show the encrypted tunnel as a connection originating from the device itself. Just make sure that DNS requests don't leak when using an SSH tunnel. In fact, a simple port-forwarding app is all that's really necessary for most tunnel cases.
All of this makes a $6-$8/mo SSH/VPN privacy service (e.g., cotse.net) rather intriguing.
Most properly configured VPN service providers will reroute any DNS request traffic to their private NS servers (e.g., privateinternetaccess.com).
Another thing I'd like to mention is MPPE is not functioning in most Android builds, so don't rely on PPTP based VPNs on your phone - encryption won't work! Make sure your VPN service provider has IPSec/L2TP tunneling available.
Obviously root users should opt for OpenVPN. (e.g., cyanogenmod 7+)
The goal is not to forward packets blindly like a NAT. You emulate the NAT's behavior by running a TCP state machine in user space and converting packets to regular Android SDK calls. This is what all of the non-root tethering apps likely do, because raw socket access is not allowed.
I have a theory that Verizon, at least, has started installing watchdogs that prevent covert tethering.
My Droid X has an odd property such that connecting it via USB (in USB mass storage mode) causes BSoD, so I've been looking for a way to transfer data without a connection.
The most promising was to run an FTP server on the phone (through a high port, since the lower ones like 21 are protected). This works for me intermittently, and is super-fast when it does, but more often than not, I'm told that it can't connect. The exact same behavior occurs with several different FTP server apps, as well as an HTTP server. It's not due to DHCP shuffling my IP address, and it may even work briefly for a minute before the connection breaks and can't be re-established.
On the other hand, going in the other direction works OK, either through FTP or through an SMB share to my desktop. Unfortunately, this method is painfully slow (I don't know why).
My solution, then, is to do any transfer via my notebook computer, to which the phone can connect via USB with no trouble.
Anyway, the only explanation I can think of for the mostly-not-working FTP server is that there is a watchdog that's looking for the phone to act as a server, and when it detects a port sitting there, it closes it. That's just my theory, but I can't think of anything else to explain the behavior.
I would first suspect some sort of powersaving feature. Try continuously using the phones interface locally (reloading webpages or something of the sort), and I bet you'll notice that your FTP server is always available from other computers.
I say this because I've noticed what seems to be similar behaviour with servers running on my hacked kindle3 (wifi only). They stop responding until you generate traffic from the kindle, which kicks the wifi card up from some sort of lower power level, or something.
Not really. You could always write a browser app for iOS or Android that uses Firefox or Chrome's user agent to have servers return the full desktop version.
If I was AT&T looking for unauthorized tethering folk, I'd focus on the people that are using > 2 GB a month + other various heuristics. Something deff smells funny if someone is using substantial bandwidth and much of the traffic is with a UserAgent like Firefox or Chrome
Ah yes because it's impossible to spoof your user agent string be it with a 3rd party web browser on the iPhone or your desktop browser to match the iOS one.
TTLs should not affect PdaNet if it is written like any of the other non-root tethering apps. Mac and Windows update pings are probably a good indicator, however.
There are more knowledgeable people than you working on the issue. That said, I haven't gotten an evil text from using PDAnet, yet. Then again, I don't tether that much and when I do it's not a lot of data.