How can I stop AT&T Wireless from knowing I’m tethering my Note 2?

Peter G January 21, 2014

I have an AT&T “unlimited” data plan on my Note 2. I sometimes use FoxFi to tether my laptop when a consistent wifi signal is unavailable. Invariably, AT&T sends me a nasty email telling me that I will be automatically enrolled in a tethering plan if I continue to use my phone the way I want to use my phone. FYI: I pay for this “unlimited” data on time every month. WTF?

Please tell me there is a way to obfuscate the apps that I have on my phone and the way I use them.

  1. Peter G
    February 1, 2014 at 12:27 am

    @Dalsan - What version of Android can you hide tethering?

  2. Alberto S
    January 30, 2014 at 6:10 am

    Is PdaNet still on the busissnes of tethering ?
    Last time I used them they have the option to "hide" tethering.

    • Dalsan M
      January 31, 2014 at 11:25 pm

      I have tried Fox-Fi/PDANet before, but newer phones cannot be hidden through these apps. I can use an older phone with an older version of Android and it would work. This leads me to believe that newer Android versions incorporate something that the hide option does not work with.

  3. Peter G
    January 21, 2014 at 11:32 pm

    Do you have a specific 'User Agent' app you can recommend? Thanks for your reply.

  4. Jan F
    January 21, 2014 at 11:28 pm

    There are various methods how tethering can be detected. They may be different from provider to provider and not all of them might be known or can be worked around.

    For example the phones built-in tethering usually asks the network if tethering is allowed or it does send an information packet that you are currently tethering. The same applies to third-party applications. Some applications out there actually use the built-in tethering and just give you a different interface to it.

    Another hint towards tethering is the Time To Live [in seconds] of the packets sent. Basically every packet has a TTL and every time a packet hits a "hop" (usually a router or routing point) the TTL is decreased by the time passed but at least by one.
    Your provider can obviously check the time it takes for a packet from your phone to their server (which is usually milliseconds). So when they are looking at the TTL of the packet they can see that it has decreased by 1 second they cannot account for. Therefor they can assume that there must be something going on at your end.

    The only way I can think of is setting up a VPN connection on your phone and then tethering your laptop "through" that VPN connection. But that implies that your tethering app has to be capable to tether through VPN and that you actually have VPN server somewhere out there to connect to.

    Paying for a VPN service would probably cost the same as a mobile plan that includes tethering.

    • Bruce E
      January 22, 2014 at 3:51 am

      TTL has nothing to do with time. It is simply a counter that is decremented by one at each hop (if the routers are doing their jobs properly). It amounts to an inverted count of the number of hops traffic takes to its destination. If a packet hasn't reached its destination by the time the TTL counter reaches zero, the packet is dropped assuming it is caught in a routing loop. The sender controls what the initial TTL will be for the packets it sends. Because of this, using TTL in order to determine if tethering is involved would be highly inaccurate at best as it would have to assume what the initial TTL really is for the particular device and application, especially if it has been jailbroken (since the TCP/IP stack can be modified and the TTL field altered in all outgoing packets).

    • Jan F
      January 22, 2014 at 7:24 am

      It doesn't matter if TTL is implemented as a counter or timestamp.
      Each OS has a default time to live in it's network stack (which can be altered, yes).
      Each hop reduces that counter or time by at least one.
      Each provider has full knowledge of the hops between your phone and the server checking for tethering as it's their network.

      For example the iPhone has a fixed TTL value of 64. If you tether your Windows computer to it which has a default TTL of 128 the provider will instantly see that the TTL is way to high. So you'd have to access Windows registry, change the DefaultTTL parameter to 65 (to account for the hop on the iPhone) to "spoof" your tethering.

      I'm not saying it's accurate. But it's a very easy method in certain cases to detect tethering.

  5. Dalsan M
    January 21, 2014 at 11:20 pm

    This is rather difficult to overcome, and gets even more difficult as time passes. Some people have said that AT&T customer service representatives mentioned that they can see if a Wi-Fi tethering app is installed on the phone (I know that T-mobile gathers information like installed apps, Unknown Sources is allowed, and if the phone is rooted and has a modified ROM installed). If they are questioning your data usage and find a tethering app installed, that may become an issue.

    Many have suggested downloading and using a User Agent plugin and change the user agent to iOS. This tricks the system checks into thinking that all data is going through mobile devices instead of regular desktops and laptops. Other than this, it is a hit or miss with custom ROM installation (which requires rooting the phone).

Ads by Google