They don't really need to prove it though. You've got a contract with them, and they have reasonable evidence that you're doing something disallowed which would be a defense against claims that they're breaking the contract.
Agreed with the comment below, the ball is firmly in your mobile provider's court. The contract will almost certainly state that service can be withdrawn at any time on their sole discretion for any suspected breaches; if you're tethering on a contract that doesn't allow it, they're well within their rights (which you've agreed to by accepting the contract) to block your service until you comply or close your account completely. You have no recourse in this situation according to their T&Cs.
They don't need to prove it and they have no obligation to give you your money back, either. Be careful.
All the traffic would be tunneled, so unless they're using heuristics or ML to determine "phoney" and "desktop/laptopy" timing in the packets, they can't really tell what's going on.
Just about entirely. They could block the VPN or try to say that it's got to be teathered but it's much more difficult for them to say that or back without causing serious issues for customers.
Who knows? It’s still obvious if you look at the traffic patterns, a VPN can’t hide that. But as long as you stay under the radar they might never know. Or you might be booted and blacklisted from the network.
