Tethering: How your phone connects and facts and myths about it debate...

[Skull One]

Lets me start by saying ignorance is acceptable as long as you have never been taught the facts. But after you have learned the facts and continue with ignorance then it becomes stupidity.

Tethering 101 - The Facts and Myths.

The statement: Verizon can tell your are tethering and they also can tell what type of device is getting the data.

Lets break this down into two parts.

1) Verizon can see your are tethering.
2) Verizon can tell what type of device is getting the data.

Item number one is only 10% subjectively correct at best.
Item number two is only 50% subjectively correct.

Lets explore why I gave those numbers.

Verizon can't directly tell, using only one packet captured, if you are tethering. The simple answer for that is NAT.

NAT = Network Address Translation. It is the process of taking an IPV4 address and translating it between one or more internal IP (Internet Protocol) addresses. That translation is done by the tethering software. It uses stateful translation to make sure all packets are routed to the proper device. Since the software has the translation of internal IP + Port + Packet Type to Droid IP + Port + Packet Type, the only thing the outside world sees is the Droid talking, IE Droid IP + Port + Packet Type.

Read the following if you want the really long answer beyond my Reader Digest version: Network address translation - Wikipedia, the free encyclopedia

Now how did I figure that 10% of the time they can catch you? Easy. If you make the mistake of hard coding a DNS address for your tethered device. The second you do a UDP with port 53 to a DNS address not controlled by Verizon, they know you are tethering. And they got you dead to rights.

Now the second answer is all about data modeling. If they inspect certain packets, lets say TCP on port 80 or 443 and manage to catch the Web Browser identifier, odds are it isn't going to be the built in one from the Droid. And hence they have you SORT OF dead to rights. The reason for the sort of? How many browsers are already on the Droid legally? Have your browser mimic any one of those and you start to reduce the exposure.

Next in line then is where you go and what type of content is being requested. That takes TONS of computer horse power to sift thru. They would probably spend more money than they were making. But one of the tests they could watch for is Windows looking to see if your install needs an update. That would sort of be a dead give away.

The last thing they could try is actually looking at how much bandwidth you use. And because the sales people all say that the Droid data plan is UNLIMITED, and so does our billing statements (both online and paper with no asterisks), they technically can't even use that against you unless they want a class action lawsuit on their hands.

So there you are.


And btw I tested all of this with a quick packet capture on one of my web servers to make sure that NAT tethering was being done properly.


OH before I forget, for all of you that are yelling "But it still breaks the ToS/Contract". You are 100% correct. But they would need a warrant to legally inspect your phone. I can be back at 2.0.1 unrooted in less than four minutes. Good luck with that. And do you really think a judge is going to grant a warrant in the first place with Verizon saying "We think he hacked his phone and he is using too much data"?

 

[Scblacksunshine]

Lets me start by saying ignorance is acceptable as long as you have never been taught the facts. But after you have learned the facts and continue with ignorance then it becomes stupidity.

Tethering 101 - The Facts and Myths.

The statement: Verizon can tell your are tethering and they also can tell what type of device is getting the data.

Lets break this down into two parts.

1) Verizon can see your are tethering.
2) Verizon can tell what type of device is getting the data.

Item number one is only 10% subjectively correct at best.
Item number two is only 50% subjectively correct.

Lets explore why I gave those numbers.

Verizon can't directly tell, using only one packet captured, if you are tethering. The simple answer for that is NAT.

NAT = Network Address Translation. It is the process of taking an IPV4 address and translating it between one or more internal IP (Internet Protocol) addresses. That translation is done by the tethering software. It uses stateful translation to make sure all packets are routed to the proper device. Since the software has the translation of internal IP + Port + Packet Type to Droid IP + Port + Packet Type, the only thing the outside world sees is the Droid talking, IE Droid IP + Port + Packet Type.

Read the following if you want the really long answer beyond my Reader Digest version: Network address translation - Wikipedia, the free encyclopedia

Now how did I figure that 10% of the time they can catch you? Easy. If you make the mistake of hard coding a DNS address for your tethered device. The second you do a UDP with port 53 to a DNS address not controlled by Verizon, they know you are tethering. And they got you dead to rights.

Now the second answer is all about data modeling. If they inspect certain packets, lets say TCP on port 80 or 443 and manage to catch the Web Browser identifier, odds are it isn't going to be the built in one from the Droid. And hence they have you SORT OF dead to rights. The reason for the sort of? How many browsers are already on the Droid legally? Have your browser mimic any one of those and you start to reduce the exposure.

Next in line then is where you go and what type of content is being requested. That takes TONS of computer horse power to sift thru. They would probably spend more money than they were making. But one of the tests they could watch for is Windows looking to see if your install needs an update. That would sort of be a dead give away.

The last thing they could try is actually looking at how much bandwidth you use. And because the sales people all say that the Droid data plan is UNLIMITED, and so does our billing statements (both online and paper with no asterisks), they technically can't even use that against you unless they want a class action lawsuit on their hands.

So there you are.


And btw I tested all of this with a quick packet capture on one of my web servers to make sure that NAT tethering was being done properly.


OH before I forget, for all of you that are yelling "But it still breaks the ToS/Contract". You are 100% correct. But they would need a warrant to legally inspect your phone. I can be back at 2.0.1 unrooted in less than four minutes. Good luck with that. And do you really think a judge is going to grant a warrant in the first place with Verizon saying "We think he hacked his phone and he is using too much data"?

Very informative, what about the DUN "hacking" method by changing the provision on the phone and not using any Tethering software? Will this still result in accessing the data behind NAT?

 

[aminaked]

He's misguided and misleading.

The percentages are 100% on both counts unless you encrypt and proxy. NAT has nothing to do with this.

VZ doesn't have to sift thru everyone's data. They'd start with the highest bandwidth users. Is any of their traffic coming from java applets, netflix streams, etc? Ok, send a bill per MB of usage. This can be automated and wouldn't require a lot of computing power.

If there's a lot of money in it for them, they'll find a way. Unless you hide your data 100% they can find out what you're up to and the ToS and privacy statement say they can.

What makes people think that a corporation will let you use their resources without compensation? Are you going to plead ignorance or just plain stupidity?

 

[Skull One]

He's misguided and misleading.

The percentages are 100% on both counts unless you encrypt and proxy. NAT has nothing to do with this.

VZ doesn't have to sift thru everyone's data. They'd start with the highest bandwidth users. Is any of their traffic coming from java applets, netflix streams, etc? Ok, send a bill per MB of usage. This can be automated and wouldn't require a lot of computing power.

If there's a lot of money in it for them, they'll find a way. Unless you hide your data 100% they can find out what you're up to and the ToS and privacy say they can.

What makes people think that a corporation will let you use their resources without compensation? Are you going to plead ignorance or just plain stupidity?

I guess you know more than me.

So please feel free to tell us how to hide the data 100%. Because a proxy won't kick in soon enough since the cell tower gets your data first. And encryption only works if all the IPs you are going support it but that doesn't block IP + Port + Packet type.

Talk about me being misleading...

One last note, I gave the technical answers that are technically correct. But I guess you missed my subtle point the "Data Modeling" is how they will catch you.

 

[Scblacksunshine]

He's misguided and misleading.

The percentages are 100% on both counts unless you encrypt and proxy. NAT has nothing to do with this.

VZ doesn't have to sift thru everyone's data. They'd start with the highest bandwidth users. Is any of their traffic coming from java applets, netflix streams, etc? Ok, send a bill per MB of usage. This can be automated and wouldn't require a lot of computing power.

If there's a lot of money in it for them, they'll find a way. Unless you hide your data 100% they can find out what you're up to and the ToS and privacy say they can.

What makes people think that a corporation will let you use their resources without compensation? Are you going to plead ignorance or just plain stupidity?

I guess you know more than me.

So please feel free to tell us how to hide the data 100%. Because a proxy won't kick in soon enough since the cell tower gets your data first. And encryption only works if all the IPs you are going support it but that doesn't block IP + Port + Packet type.

Talk about me being misleading...

One last note, I gave the technical answers that are technically correct. But I guess you missed my subtle point the "Data Modeling" is how they will catch you.

to my original question, what about the DUN "hack" method? Does it work the same as the Tethering app? Better or worse?

 

[Skull One]

to my original question, what about the DUN "hack" method? Does it work the same as the Tethering app? Better or worse?

Sorry missed it the first time.

No clue. Never used it and hence haven't done any data capturing to test it.

 

[aminaked]

So please feel free to tell us how to hide the data 100%.

You can hide the data 100% if your phone encrypts it and proxies it.

Because a proxy won't kick in soon enough since the cell tower gets your data first.

There's no "kicking in" period. You want, say, a Netflix stream so you encrypt your request and send it to a proxy server. That server sends back an encrypted response.

And encryption only works if all the IPs you are going support it but that doesn't block IP + Port + Packet type.

Hence the proxy.

Talk about me being misleading...

What?

One last note, I gave the technical answers that are technically correct. But I guess you missed my subtle point the "Data Modeling" is how they will catch you.

I didn't miss it and I don't think it's subtle. Here is what you wrote:

Now the second answer is all about data modeling. If they inspect certain packets, lets say TCP on port 80 or 443 and manage to catch the Web Browser identifier, odds are it isn't going to be the built in one from the Droid. And hence they have you SORT OF dead to rights. The reason for the sort of? How many browsers are already on the Droid legally? Have your browser mimic any one of those and you start to reduce the exposure.

The user-agent string (what you call the web browser identifier) isn't the only way to see if someone's tethering. A better indicator is if the data is something that the browser doesn't support...java applets, etc.

So, ignorance or stupidity?

 

[Skull One]

So please feel free to tell us how to hide the data 100%.

You can hide the data 100% if your phone encrypts it and proxies it.

Because a proxy won't kick in soon enough since the cell tower gets your data first.

There's no "kicking in" period. You want, say, a Netflix stream so you encrypt your request and send it to a proxy server. That server sends back an encrypted response.



Hence the proxy.



What?

One last note, I gave the technical answers that are technically correct. But I guess you missed my subtle point the "Data Modeling" is how they will catch you.

I didn't miss it and I don't think it's subtle. Here is what you wrote:

Now the second answer is all about data modeling. If they inspect certain packets, lets say TCP on port 80 or 443 and manage to catch the Web Browser identifier, odds are it isn't going to be the built in one from the Droid. And hence they have you SORT OF dead to rights. The reason for the sort of? How many browsers are already on the Droid legally? Have your browser mimic any one of those and you start to reduce the exposure.

The user-agent string (what you call the web browser identifier) isn't the only way to see if someone's tethering. A better indicator is if the data is something that the browser doesn't support...java applets, etc.

So, ignorance or stupidity?

You have already made up your mind. Why did you bother to ask?

And my response was more tongue in check because I honestly thought yours was. But alas I guess I was wrong since you now seem to be on a war path of proving me wrong.

Personally I could give a flying *bleep*. I just figured I point out some technical details that people might enjoy reading.

So if you need to be right to validate your existence on this planet, please feel free to continue. Your being right doesn't change a thing in my world.

 

[aminaked]

You have already made up your mind. Why did you bother to ask?

And my response was more tongue in check because I honestly thought yours was. But alas I guess I was wrong since you now seem to be on a war path of proving me wrong.

Personally I could give a flying *bleep*. I just figured I point out some technical details that people might enjoy reading.

So if you need to be right to validate your existence on this planet, please feel free to continue. Your being right doesn't change a thing in my world.

You're the one who started out by saying that people were being either ignorant or stupid so now I want to hear your decision...but I think I've got that one figured out too.

 

[mcatdtDroid]

About to watch V on ABC.com ..... while tethering .....

 

[Skull One]

You have already made up your mind. Why did you bother to ask?

And my response was more tongue in check because I honestly thought yours was. But alas I guess I was wrong since you now seem to be on a war path of proving me wrong.

Personally I could give a flying *bleep*. I just figured I point out some technical details that people might enjoy reading.

So if you need to be right to validate your existence on this planet, please feel free to continue. Your being right doesn't change a thing in my world.

You're the one who started out by saying that people were being either ignorant or stupid so now I want to hear your decision...but I think I've got that one figured out too.

*sigh* So much for being fun.

1) I thought the first sentence was funny. And I even ran it by two people on IRC and they agreed. So I was hoping that would set a relaxed tone.

2) I left out some details in my post to help generate dialog that was educational since I felt the post covered the first level or 101 of the topic.

3) I was hoping someone would go "Hey S1 what about using a encrypted proxy service?" or "Why can't they simply target specific people?" and then someone like you coming along and saying "That is exactly how you get around the data modeling issue S1 alluded to and here are a few examples of how to do it".

4) It was really my hope when I threw the ball back in your court the very first time that you would get the hint and give technical examples to continue the conversation with.


Could I have covered every point you made in my first post? Yes. Did I believe it would be beneficial to the community to come off as a complete know it all? No. Which is why I used the ole college nomenclature of 101 in the article after my opening funny. Sorry my sense of humor didn't go over real well with you. Hopefully others get it.


Hopefully people will pick up on the very salient points you made and we can get this conversation back on the track I originally thought it should converge too. Because while you and I have a very good understand of TCP/IP and the protocols available to get certain things done, 85% of the people reading this don't have that full knowledge base and they come here to fill in those gaps by reading useful dialogs like the one I was try to generate.

 

[BoxcuttaStyle]

correct me if I'm wrong but isn't as easy as looking at the header information. wouldn't one be able to tell the difference in each web page request and what type of device it originated from based on the header information, regardless of NAT?

at the end of the day they can see what they choose to see. 'choose to see' is the key phrase here. if you think verizon is spending any time/resources currently monitoring this you have no idea how big business operates.

that being said, they could 'choose to see' whenever they'd like to. at that point you'll be subject to everything you agreed to in the tos. there's a reason lawyers write these!

at the end of the day, if you're tethering hope they don't 'choose to see'. if they do, you may be caught.

 

[aminaked]

Sorry my sense of humor didn't go over real well with you. Hopefully others get it.

OK, fair enough. Perhaps I overreacted.

Moving on, I notice that people like to brag that they're tethering and using tons of bandwidth. Are we supposed to be impressed? Anyone can tether all day and night. It doesn't prove anything except that you like to brag about taking risks. Grow up.

I'd much rather hear from:
-anyone who's ever been caught tethering
-anyone who knows someone who's been caught
-anyone who works for VZ and has new info
-anyone who's talked to VZ and has new info
-anyone with informative technical knowledge

I don't want to stifle free speech. I'm just saying this type of info would be helpful.

 

[Skull One]

correct me if I'm wrong but isn't as easy as looking at the header information. wouldn't one be able to tell the difference in each web page request and what type of device it originated from based on the header information, regardless of NAT?

at the end of the day they can see what they choose to see. 'choose to see' is the key phrase here. if you think verizon is spending any time/resources currently monitoring this you have no idea how big business operates.

that being said, they could 'choose to see' whenever they'd like to. at that point you'll be subject to everything you agreed to in the tos. there's a reason lawyers write these!

at the end of the day, if you're tethering hope they don't 'choose to see'. if they do, you may be caught.

The only thing they can see is what aminaked and I pointed out; "user agent string" which can be faked. So NAT still protects the type of device being used.

Yes, they can data profile anything, which is why encryption thru other services become a viable solution to mask the data you are sending and receiving.

 

[apeshitninja]

I've received a letter from VZW stating that I need to contact them immediately due to unusual usage on my account. This was right after I was at a customer's location for a couple weeks that had severely limited internet access and I tethered up my Droid in order to surf the net.

I didn't ever go over the magic 5GB limit for a month...not even close, but the daily usage was definitely higher than normal during that period.

I ignored the letter since by the time I got it I was no longer tethering daily, haven't heard anything else from them. The main ways they can see your traffic is by type, amount of data, and broswer user-agent strings.