Mobile Hotspot Data Limits and How To "Avoid" Them

on Chris Martin's Blog

(If you don't wish to learn then just skip to the Recipe section below.)

Hopscotch

With the pandemic and its shelter-in-place orders upon us, many people are suddenly reliant on internet access at home to meet their basic needs like earning income, staying in school, and interacting with other humans. Unfortunately, terrestrial internet service is unavailable for tens of millions of rural or low-income people in the USA. Depending on how you define "broadband internet", only about 69% of households had it in 2019. A greater number of people (~81% in 2019) use a smartphone with mobile data service from their wireless carrier. This mobile data plan can serve as a primary internet connection for those who live in a rural area or who cannot afford multiple services, especially when used with a phone's "mobile hotspot" (or "tethering") capability1. A mobile (Wi-Fi) hotspot2 is how a phone shares its network connection to nearby computers, thereby supporting internet-based activities which are unergonomic or impossible to do on a phone, e.g. most forms of remote work and learning. I am close to several people who rely on a mobile hotspot to work or learn from home during the pandemic. Let's call these folks Involuntary Hotspot Users or IHUs. You know who you are; this post is for everyone out there like you. :)

Most IHUs Work Under a Severe, Arbitrary Limitation

In 2020, many wireless carriers offer service plans where data use is "unlimited", but not unlimited. In some way, nearly all US carriers attempt to price, meter, and/or limit mobile hotspot use differently than all other kinds of data use. Go look at the chart, your head will hurt. You get to consume "unlimited" data, but only 10 GB, 5 GB, or sometimes no data each month via your mobile hotspot. This can mean only a few hours of video calls or web browsing on your computer.

It's Possibly Illegal for Carriers to Impose This Limitation, But You'll Never See it Enforced Under Trump's FCC

In 2012 the FCC enforced a rule requiring Verizon to "not deny, limit, or restrict the ability of their customers to use the devices and applications of their choice on the licensee's C Block network". The FCC had licensed some radio spectrum to Verizon (and AT&T, and ultimately also T-Mobile) with the stipulation that consumers can consume their data however they want. Verizon tried to prevent their customers from using mobile hotspots, which got them a $1.25m fine and some employee training. 8 years later, what is the FCC doing to protect consumer choice and autonomy under these rules? Now that all these carriers appear to be restricting mobile hotspot use on whatever bits of radio spectrum they are licensing?

It's because Trump appointed this Pai Hole, who previously worked as Associate General Counsel for Verizon, to lead the FCC. In his first goddamn week, he ended the FCC's investigation into multiple carriers breaking these rules.

Ajit Pai

Ajit Pai

There is No Fundamental Difference Between Hotspot and Non-Hotspot Data Use

To the author (who is, among other things, a computer network engineer), this segregation seems odd. It's as though the phone company offered "unlimited" phone calls, except for when you let other people use your phone. Talk on the phone all you want, but if you hand the phone to your dad, well, you only get to do that 5 times per month, or not at all, or you have to pay more for the privilege.

Allow me to stress the point: the internet data packets which are sent/received by an application on a smartphone are not fundamentally different from the packets sent/received by another device that is connected to the phone's mobile hotspot. A data packet generated from hotspot use is not intrinsically more difficult or costly to deliver. The carrier network can handle them identically. My web server which you loaded this article from definitely handles them identically. Again: there is no fundamental difference.

So, why do carriers offer "unlimited" data while treating hotspot data differently?

It's kind of like "all-you-can-eat buffet", but the natural limit is not human stomach capacity; it's the small screen of a smartphone.

1. Hotspot Users Use More Data on Thinly Provisioned Infrastructure

Forgive the myriad analogies: if people can connect a garden hose to the drinking fountain and also water their plants with it, the increased demand will reduce water pressure for all the other fountains, and now the city needs bigger pipes to distribute more water. In cellular network terms, this means denser cells to re-use limited radio spectrum, which means more equipment on more physical towers that need to occupy more leased land, more backhaul connections, and more work to manage all of it. Carriers are disincentivized to spend this money if they can get away without. (They will complain that their customers are using the "unlimited" service they are paying for!)

2. "Unlimited" Competition

When 4G networks were first deployed in the early 2010s, data plans were generally limited to a few GB per month. Carriers did not offer "unlimited" 4G data. But then T-Mobile did in 2013, possibly because their network coverage kinda sucked and they needed a new sales angle. "Unlimited" makes people feel like they don't need to stress over how much they use. Other carriers followed suit, and now you can get "unlimited" service on any of the 4 physical networks from a plethora of MNVOs.

3. Value-Based Pricing, or Price Discrimination

Most people aren't computer network engineers, so they can be led to believe that mobile hotspot use is intrinsically different or special, so of course it would cost extra.

OK. But if mobile hotspot data packets are basically the same as packets from the phone itself, how can carriers notice the difference in how you use your data?

There are small differences, plus strategic coups with device manufacturers at the expense of our hotspot users.

Small Differences in Hotspot Data Packets

This list is illustrative rather than exhaustive.

Time to Live

All internet data packets have a Time to live (TTL) value in the header, which starts at some number at the originating device, and is decremented each time it passes through a router on the internet. An Android phone generally sends packets with a TTL of 64, but other devices which you connect to your mobile hotspot will use different TTLs, and all of these are decremented by the phone when it forwards the packets to the carrier. If a carrier sees packets with a TTL of 63 or 127, those likely did not originate from the phone itself.

Packet Destination

A smartphone on its own is unlikely to send packets to the PlayStation Network or windowsupdate.microsoft.com. If a carrier sees packets destined for those places, it's pretty clear what's going on.

The Phone Colludes With the Carrier

If you buy a phone from your carrier, all of the carrier's hotspot use restrictions can be baked into the phone's operating system before you buy it. They control the behavior of your phone and they can prevent you from using it as you wish; this is the worst place to be.

"But cmart, I bought my own phone straight from the manufacturer. If it's never been touched by the carrier then they don't control what the phone does, right?"

One would hope, but unfortunately not quite. This is a big coup. Part of it is right here, right in the source code of Android OS! Peek at the comments in that file (the red bits). You don't need to be a progamer or a derplover to suss out what's going on. When Google build this stuff, they are not working just for you as the customer; they are working for carriers at your expense.

"Fetch current tethering configuration. This will be called to ensure whether entitlement check is needed."

"Check if cellular upstream is permitted."

"Tell EntitlementManager that a given type of tethering has been disabled"

I haven't looked much into the story with iOS, but it sounds very similar. Using a different APN for hotspot traffic will proclaim your activity to the carrier.

So, what's an IHU to do?

Break the device-carrier collusion and disguise your hotspot traffic so your carrier only sees that you're using a VPN on your phone. Imma show you how. Encapsulation and encryption are wonderful things in computing. You can encrypt any data to make it appear indistinguishable from randomness (or any other encrypted traffic), and send it over an untrusted network to some other trusted place where it gets decrypted and dealt with further.

There are many ways to do this, and I welcome folks to find and share more of them. I have found one that I believe will work reliably for a lot of people on cheap phone hardware and probably any carrier. But first,

A Disclaimer

Imagine if minimally-invasive surgery could implant a large styrofoam take-away container inside your body, and it was plumbed to your esophagus so that you could "eat" more food in one sitting (and save most of it for later, perhaps regurgitating it into your loved ones' beaks like a mother bird). The all-you-can-eat buffet may never notice your appetite! Or, they may catch wind of your game, kick you out for violating their "no take-away" policy, and forbid you from coming back. Before you proceed, you should probably ensure you have a good selection of buffets to choose from. If you're in the USA or anywhere else with MVNOs, then I am certain you have plenty of such choices.

If you're extremely attached to your phone number and you want to push a LOT of data through this (many dozens or hundreds of GBs) then consider using a different line/SIM card on a different service plan, lest a grumpy carrier try to prevent you from porting your number elsewhere.

There's a seemingly miniscule chance that a carrier would send an army of lawyers after you for eating too many potatoes at their buffet, as a civil case or even a criminal case under one of the US' absurdly broad 'don't do tricksy things with a computer' laws. You should beat them because it's at worst a terms-of-service violation, and again, because it may be illegal for the carrier to restrict hotspot data in the first place. Or you might end up like Aaron Swartz, may he rest in peace. An army of lawyers is really expensive to operate and it should result in a lot of negative PR for the carrier in a highly competitive market (you're just trying to get online during the pandemic, man), so this one feels about as likely as dying of COVID-19 did three months ago. It feels very likely that suspension or cancellation of service is the worst you would ever suffer for it.

Also, I believe this recipe is safe to follow, but if you mistype a root command in a way that breaks your phone, well, sorry pardner.

Recipe

Ingredients

If you don't have one already, get a cheap, unlocked, easily-rooted Android phone. In a pinch you can find a used Moto E4 for under $100. If you're in the market for a nice daily driver, I recommend an unlocked Moto G7, which is regularly on sale for ~$200 and has full support from LineageOS, a version of Android OS that is capable of respecting your privacy and autonomy.

This trick requires you to get full control of your phone's operating system, commonly known as getting "root" access. Rooting is an exercise left to the reader but the web is easily searched for helpful tutorials, and I hear Australians are good at it.

"No Collusion!"

Once you've rooted your phone, install the terminal application of your choice (e.g. ConnectBot) from your favorite app store. Create a local (not remote) terminal.

ConnectBot edit host

Then enter the following incantations, one line at a time:

su
# (The phone should now ask for root access, provide when prompted)
mount -o rw,remount /
cd /system
echo net.tethering.noprovisioning=true >> build.prop
settings put global tether_dun_required 0

(I did this on Android 9; the location of build.prop may be slightly different depending on your Android OS version. If this tutorial doesn't quite work, we can look for a different one.)

Now reboot the phone. Congratulations, you have likely prevented your phone from conspiring with carrier against you (at least in this way).

Get a VPN Service

The afore-described "encrypt + encapsulate" strategy underpins Virtual Private Network or VPN technology. A VPN tunnel lets us hide the shape, contents, and destination of our network traffic from everyone on the network between our phone and the VPN server (where the traffic is decrypted and sent further along to its destination). A lot of people use VPNs to access their corporate network remotely or avoid censorship in oppressive countries, so from the carrier's perspective, our traffic will look just like a lot of other people's traffic. This is a good thing.

Wireguard

If you are feeling ambitious you can create your own VPN server (I used Algo to deploy WireGuard on DigitalOcean), but it's easier to just sign up for any of a zillion commercial VPN providers like Private Internet Access. Most of them cost under $50/year and have a free trial period for experimentation purposes. The only real requirement is compatibility with Android devices. Anything based on OpenVPN, WireGuard, or IPsec will probably work.

Ultimately, you follow the instructions of your VPN provider to set up the VPN connection on your phone, and when you're connected it will look something like this.

VPN connnected

VPN Hotspot

Here is our coup. We take all the mobile hotspot network traffic and stick it through the VPN tunnel that's created on the phone! The carrier will just see VPN traffic coming directly from the phone. They will have no indication that mobile hotspot traffic is carried inside the encrypted VPN traffic, and frankly, it's none of their business. (The traffic will have long since left the carrier network by the time it gets to the VPN server to be decrypted and sent to its destination.)

We can do exactly this with an open-source Android app called VPN Hotspot, developed Mygod, who was Time Magazine's 2006 Person of the Year. Install it from your favorite app store, launch it, grant root access when prompted, and flip the switches (after making sure your VPN is connected).

VPN Hotspot

Now try connecting your computer (or whatever) to your phone's hotspot. (Here I'm assuming you already configured the Wi-Fi SSID and password in your phone's hotspot settings). If you can load a website on the computer, that's promising. Browse to speedtest.net and it will show your ISP (run a test just for grins).

speed test with ISP check

You want it to show the ISP of your VPN provider. If it does then you are good! If it displays your wireless carrier then you are not good, something went wrong with the plumbing above. Maybe I'll write a troubleshooting guide. I don't have a great sense of what's likely to break yet.


In researching and writing this guide, I hope to help the pandemic suck less for some people. Maybe the carriers will start trying to identify/restrict VPN traffic. We'll figure out another way, there are a bunch of other ways. In the meantime I'll be sheltered-in-place and waiting for the goon squad to show up. :)

Footnotes

Opening photo credit to y2bd on Flickr!


  1. For most of this article I will use "hotspot" as a general term to also include "tethering" (which often refers to the same thing).

  2. There also exists dedicated (non-smartphone) hardware which creates a Wi-Fi hotspot, goofily branded by carriers as "Jetpack", "MiFi", "Nighthawk", etc. For the purposes of this article, I generally include them too when I say "phone" or "smartphone".


Comments

No comments yet, maybe you should post one!