Verizon Cracks Down On Jailbreak Tethering

tekgoblin writes "Verizon, like AT&T has now started blocking jailbroken phones from using un-sanctioned tethering apps. Verizon will now require users to be subscribed to a mobile tethering plan to be able to use tethering at all." So which mobile company's actually any good for 3G tethering, voice service aside? My Virgin Mobile MiFi (bought under a plan no longer available) is theoretically unlimited and "only" $40/month, but has had too much downtime for my taste, and atrocious customer service.

How do they tell?

[jsnipy]

How do they even tell tethered traffic from non?

Re:How do they tell?

Highly illegal deep packet inspection. :) It breaks a ton of privacy laws put in place by the Fed AND local governments.

Re:How do they tell?

[sunderland56]

Assuming they are doing it by packet inspection: Just run a strongly encrypted VPN to your home server, and use that internet connection. All Verizon will see is VPN traffic, which is legal.

Re:How do they tell?

Phone based traffic is sent via their WAP gateway where as tethered traffic isn't, at least that's what someone said in a previous article on the subject. If thats true then all they need to do is monitor all non WAP traffic and compare where it's coming from against the people paying for tethering.

This is not true. WAP was for phones before they had browsers that could read full HTML. The WAP server acted as a proxy and converted the HTML down to a subset that the phones could handle. This stopping being true with the advent of modern smartphones that can do standard HTML.

While I can't say for sure, as they could be doing something I'm not aware of, my guess is it's just simple DPI which means the previous posters suggestion of using your tether to make a VPN tunnel back to your home router/server should work. Might need to check for client sigs in VPN tunnel setup as a laptop client like Cisco AnyConnect might give itself away durning initial tunnel setup.

However if you run up the bytes I'm guessing you'll still hear from them.

Re:How do they tell?

[Calos]

Eh, I don't think so. I've set up a VPN for use from my phone and I don't tether. I just don't trust random open wifi networks, and feel semi-insecure doing things with sensitive info like banking without it.

Plus I have access to files at home, and all web traffic routed to my phone is filtered with Privoxy and compressed with Ziproxy.

Re:How do they tell?

[mlts]

I use VPNs all the time on my cell phone, and never for tethering. I don't really trust most wireless networks out there, so having my traffic going through an encrypted tunnel out is something I do as a matter of routine. A lot of "free" Wi-Fi places also have ad injectors (a la Phorm) so having an encrypted link gets rid of third party meddling in what I am doing.

Re:How do they tell?

[tlhIngan]

How do they even tell tethered traffic from non?

Easy.

First, a little background.

A cellphone data connection goes through a gateway. It's not a traditional TCP/IP link, but it sure looks like one from the mobile side. What happens is the TCP/IP packets are encapsulated by the modem, forwarded to the base station, and the base station determines which gateway to use.

In GSM, the gateway is chosen by the APN you enter (or your phone automatically uses). CDMA is different, but it effectively looks up the gateway for you.

The gateway does things depending on the plan you buy. Consider the entirety of data plans available - unlimited "social networking" for feature phones, unlimited data for blackberries, gigs and gigs for smartphones, 1-2GB for laptop, each of which is increasing in price. The reason for this is service differentiation. The lowest and cheapest plan probably uses well defined proxy servers that only forward to specific hosts. The blackberry plans go to specific blackberry networks. The smartphone plans often have stuff like transparent proxying (caching plus stuff like recompression), firewalling (HTTP/HTTPS/SMTP/POP/IMAP only is typical), NAT (multiple layers).

Laptop data plans (MiFi's and the like) often stick you behind a simple NAT, but are otherwise free from other firewalling. And if you pony up $$$, you can often get VPN plans that give you a real life IP address and no firewalling.

Guess what? These firewalls also note what traffic isn't making it thorugh. Various ping probes, odd port traffic, stuff like that gets logged. Use a Windows machine and it's easy from traffic that no smartphone will ever generate.

Those who use their phone as a modem (PC does TCP/IP) are the first to trigger the alerts, those who use SSH-SOCKS (phone does TCP/IP) are harder to tell (all packets originate from phone, traffic not using proxy isn't seen), in which case they have to see if connections are made to odd ports and the like (e.g., if you try to ssh to a host).

Other techniques are a bit of packet identification and link utilization - you can easily tell a smartphone from a PC just by the way the browsers create network traffic, for example (especially with smartphone plan transparent proxies)

You think carriers are stupid for selling 2GB laptop plans when you can get 5GB smartphone plans for half the price?

Re:How do they tell?

[Tuxedo+Jack]

It depends on the device you're using.

In Android and Windows Mobile 6.5/6.1/5, your NAI (network access identifier) changes based upon the type of traffic you're pushing. Tethered traffic and DUN changes your NAI to yournumber@dun.vzw3g.com. Traffic from the phone itself is simply yournumber@vzw3g.com.

Verizon has poisoned EVERY phone with Gingerbread - they have modified the OS so that activating any hotspot app, even if the phone is rooted, to trigger the NAI change and show the phrase "Tethering or Hotspot Active." The only SAFE way to tether on a Verizon phone is to run Froyo, then use free-wifi-tether's 3.x version. Alternatively, install CyanogenMod and then you can tether.

For iOS? Hell, you're screwed any way you turn.

Re:How do they tell?

[james_a_craig]

You mean some way, like, say, swapping SIM cards as is commonplace in europe, or on any of the GSM networks in the states, for that matter?

Re:How do they tell?

[wickedskaman]

Lemme guess... you are lots of fun a parties.

Re:How do they tell?

[stating_the_obvious]

I do this all the time. Easy-Peazy. Soekris box at home running M0n0wall with free DynDNS service to solve my dynamic IP address problem. Not only does this solve the tethering packet inspection problem, but the hardware also makes public wifi access inherently safer.

Re:How do they tell?

[petermgreen]

There are lots of clues

User agents would be a clue (IIRC some mobile browsers spoof those but it wouldn't surprise me if there are subtule differences between the commonly spoofed strings and the common ones on desktops). There is likely other information in the http request that differs too.
If the tethering software was making the phone act as a nat router TTLs and other TCP/IP options could be a clue
If the tethering software worked by loading a proxy on the phone then an x-forwarded for header could be a clue
Large downloads would be a clue, so would very high overall data use.
As you say traffic from application that don't exist on the phone would be an especially damning clue

Afaict most mobile phone contracts have a clause allowing termination for any or no reason whatsoever so they don't exactly need absolute proof that someone is teathering to send them a "cease or pay up" letter with a threat of disconnection.

Re:How do they tell?

[PortHaven]

Simple, you successfully load and play Flash on an iPhone. They know you're tethered. LOL

Sprint

[twilightzero]

My HTC Evo comes with a wi-fi hotspot app built in that allows I believe 4 clients. It may not be the fastest but it works.

Re:Sprint

[Yosho]

The app that Sprint bundles with their phones does require the $30/month extra. However, if you root your phone, you can install a third-party application (such as Wireless Tether) and use it without paying the fee. As far as I can tell, Sprint doesn't cap bandwidth and does not block devices; just last weekend I tethered a tablet to my Evo Shift 4G and was using it constantly.

Re:Sprint

[Calos]

...but you'll rarely see stock Android on your phone. To install a version that the tethering hasn't been cut out of by the carrier or manufacturer, you still need root.

Sprint

[timothyb89]

Their speeds aren't the best, but they don't restrict usage at all. I can tether my (rooted) 4G android phone for free with no data caps or throttling (as far as I can tell), and on occasion I've used nearly ten gigs over a WiMAX connection while on vacation without any issue. I've rarely needed customer service as downtime and issues in general are virtually nonexistent, but it's there when needed and is pretty good.

As for price, though, the smaller/contractless providers like Virgin Mobile may be your best bet. I've heard they're far cheaper than any of the "big three" and make good on their "unlimited" promises. Even so, I can't vouch for their quality, having never used one myself.

Maybe Not

[ducttapekz]

1. After clicking through a few links I found the original story:

http://www.mobiledia.com/news/101731.html

2. Mine still works. The only source I found is some guy who says he got the landing page you get when you use Verizon's app. Anyone actually get this warning using any of the non Verizon apps?

Sprint

[zogre]

I have Sprint, they've never given me a problem about tethering. As far as I can tell, there's no data cap on my unlimited plan (2 Epic 4G phones, $150 /mo unlimited everything family with the 4G premium, both phones are rooted and running Froyo 2.6.32.9).

My wife is a heavy media consumer with Pandora and Netflix. Occasionally my AT&T home internet goes out, and I stay online for work and play by using Wired Tether (http://android-wired-tether.googlecode.com/) because my desktop doesn't have 802.11. I frequently use the Wireless Tether (http://android-wifi-tether.googlecode.com/) when I'm out and about with my laptop, as my "4G" (San Francisco bay area) is generally faster than free WiFi and I don't have to deal with a gateway.

All told, it's rare for us to be under 4 gigs per month, and I haven't received any communication from Sprint other than the occasional text advertisement and our monthly statement, but YMMV.

Re:The big 3 in Canada

[green1]

Not only does TELUS allow tethering, they actively encourage it. When they updated my Motorola milestone to froyo they bundled a tethering app that was not previously there. Additionally they are selling wifi only tablets and bragging that you don't need a separate data plan, you can simply use tethering. (according to the website "Share one data plan between your smartphone and tablet at no extra cost. It's easy, affordable, worry-free and secure." (bold text in original))

Now as for the plans themselves... these need major work, the biggest plan you can buy from TELUS is 5gig. They simply don't sell a bigger plan than that. I find this rather abysmally low.

Re:jailbreak tether? pay for it? root?

[mjwx]

My WinMo6.1 phone does it out of the box. It's built into the OS

So do most Android phones. The tethering API has been included since 2.2 and HTC Sense has had it built in since 2.1.

If you're getting bent over by your phone company it's not your handsets fault (unless your handset was built for that purpose, which makes them an accessory).

Is this just an iPhone thing?

[AgentBurbank]

They use the term "jailbreak" and the Forbes article refers to an app named MyWi that is available via Cydia. This terminology leads me to believe they are specifically targeting jailbroken iPhone tethering. Android phones like the Droid X and X2 tether "out of the box" (unrooted) with apps from Google's marketplace. No jailbreaking/rooting/evil hax0ring required.

Re:Whats the difference how you use the data???

[Cutting_Crew]

They want to dissuade people from doing that.

thats none of their business. If we have 2 GB of data allowed then how we get that data shouldn't matter. As someone else said, if we watch netflix the faster we get to the limit and the chance of paying overage fees are feasible. Don't understand why they wouldnt want to go that route.

Re:So I took my iPhone 4 SIM out

[Vegeta99]

You didn't do that on a Verizon phone.

ATT and Nokia E71

[trailerparkcassanova]

Not the ATT-supplied E71x. I can tether using my Medianet account with this phone. Also a RAZR v3xx makes a very good tethering device. Both work very well and it was my only net access for a few months.

Re:Customer No-Service

[redherring728]

Not that I doubt that there must be plenty of extraordinarily frustrating people calling those lines (I know, there are a lot of idiots out there, I'm a math tutor), and I have no doubt that I would want to bang my head against the wall for that very reason if I had that job, but your criticism seems to be completely out of place and presumptive.

I'm not really even sure what you think "is a good thing." Is it the "atrocious" customer service? It's the only thing relevant to your post that you quoted. No matter how stupid the people calling in are or how many of them are calling in, that's not good. I can't even begin to wonder why you think that is. Atrocious customer service is atrocious for all customers, not just idiots.

Not to mention, it would also be idiotic to assume that there aren't idiots on both sides of the phone line.

And don't try to wave off criticism by saying "You don't know what you're talking about." That's called ad-hominem.

Finally, I have to point out that what you wrote is completely off-topic; taking a minor point (a grand total of three words out of the summary) and making it out to be a major point.

Re:Who wins in this race to the bottom?

[erroneus]

Agreed but the problem is lobbying. That crap needs to go away and nothing short of a revolution will change that. As things are, the chances of electing "reformists" and "anti-corruptionists" into office is pretty much nill. There would be smears and labelling campaigns... and if by some miracle that didn't work, there would be assassinations. There are some pretty nameless and faceless powerful people making things as they are and they would rather doom the country and the whole planet than to give up anything they have now. And if you think that goes a little far, look back at Ross Perot's presidential campaign and how well that went. First they tried to make fun of him, then they tried to smear him, then he dropped out citing threats to his family. (And I believe that happened -- nothing else could stop a man like Perot from getting what he wants)

Meanwhile, people look to strategies such as "voting against" someone else and only voting for people they consider to be "electable," This essentially turns elections into the same stupidity as the stock market -- trends follow worries, fears and emotions rather than reality. (Seriously, why would the US credit rating have so much affect on perceived US companies when they are all "multinational" now?)

Idiocracy... idiocracy.

Re:TANSTAAFL

[LateArthurDent]

Something has to give; you (or rather, every subscriber) can't have both.

I don't think he was implying he wanted more than 5gigs at no extra cost. He wants the option of buying into a more expensive smartphone data plan that allows for more than 5 gigs a month. Then he wants to tether at no extra cost. That's a perfectly reasonable position.