What is the difference between cellular data being used on my phone and cellular data being used on my notebook? Data is data.
What is the difference between cellular data being used on my phone and cellular data being used on my notebook? Data is data.
How can they tell if you are tethering?
Not sure if it’s still the case today, but back then cellular ISPs could tell you are tethering by looking at the TTL (time to live) value of your packets.
Basically, a packet starts with a TTL of 64 usually. After each hop (e.g. from your phone to the ISP’s devices) the TTL is decremented, becoming 63, then 62, and so on. The main purpose of TTL is to prevent packets from lingering in the network forever, by dropping the packet if its TTL reaches zero. Most packets reach their destinations within 20 hops anyway, so a TTL of 64 is plenty enough.
Back to the topic. What happens when the ISP receives a packet with a TTL value less than expected, like 61 instead of 62? It realizes that your packet must have gone through an additional hop, for example when it hopped from your laptop onto your phone, hence the data must be tethered.
This also explains why VPN is a possible workaround to this issue.
Your VPN will encapsulate any packets that your phone will send out inside a new packet (its contents encrypted), and this new packet is the one actually being sent out to the internet. What TTL does this new packet have? You guessed it, 64. From the ISP’s perspective, this packet is no different than any other packets sent directly from your phone.
BUT, not all phones will pass tethered packets to the VPN client – they directly send those out to the internet. Mine does this! In this case, TTL-based tracking will still work. And some phones seem to have other methods to inform the ISP that the data is tethered, in which case the VPN workaround may possibly fail.
You can also just increase your laptop’s initial TTL by one and then they can’t tell.
How do you do this?
On MacOS this will do it:
printf 'net.inet.ip.ttl=65\nnet.inet6.ip6.hlim=65\n' | sudo tee /etc/sysctl.conf
Can’t personally speak for other OSes at present. Here’s a SO post about Ubuntu: https://askubuntu.com/a/670276
That was a good read, thank you
That was a good read, thanks
If you’re using the built-in unmodified hotspot on pretty much all phones these days, mobile data for the hotspot goes through a different apn. Your phone requests data on one channel, while hotspot data goes through another.
They must be sniffing traffic