Add a bit of personal experience here. Google gave its employees unlocked Android phones (not once but twice :-) and some of us (like me), put our AT&T sim card into them and used them instead of our plan phone. There was a 'feature phone' data plan that was $15 unlimited and there was the $10/month 'tax' if you had an iPhone.
Using the cheaper unlimited plan worked for a long time, and then AT&T started 'automatically' switching people to the smartphone tax if their IMEI indicated they had an android phone. I did what any reasonable person would do, cancelled my AT&T contract and signed up with t-mobile :-)
Lots of discussion of this elsewhere. It looks like some people who don't tether (but use a lot of bandwidth) are also getting the message, leading people to believe to that AT&T is looking solely at bandwidth usage.
I certainly wouldn't be surprised if that was the case that they're just going after high bandwidth users and not doing packet inspection (yet). I occasionally swap my iPhone 4 SIM to a Nexus One and use the built-in wifi tethering feature, and haven't heard from AT&T about it. On the other hand I only have used maybe 2GB of tethered data over the last year and in general run up no more than 800MB-1GB of mobile data a month.
There are people on that thread showing they used 10+GB/month, connecting their Xbox 360s to Live via their phones, etc. That certainly seems like a way to get "noticed" by AT&T.
edit: one guy on there pasted his usage from AT&T's account manager - 165 GB!
Those are the people who are ruining it for everyone.
I use the Tethering on my Nexus One (Tmobile) from time to time, but I don't abuse it. I use it as an emergency backup internet access for cases like if the wifi at the hotel isn't working, etc. IMHO, that's reasonable and my usage when tethered probably isn't much more than when I run things like Pandora or Youtube on my phone.
If I were using 10+G/month, then I'd expect to have to pay for a higher priced "tethering included" plan.
Some put it the other way around: you owe the ever-improving network to the heavyweight users [1]. Well, at least Cisco says that -- and you know what they sell.
In any case, it's not the other user that oversold the bandwidth; it's the ISP. They made an unhedged bet, it fell short of working out(predictably), so it's their turn to foot the costs of upgrading the network.
Recently I was traveling a lot, and therefore making regular use of TMobile tethering (I also have an N1). At one hotel in particular where I had a long term stay the wifi was very slow and intermittent, and so I eventually hit the point - 5GB I think - where TMobile starts throttling bandwidth (supposedly to EDGE speeds, but it felt slower than that).
I recognize that's an unusual amount of usage for one month and I would have gladly paid extra money to TMobile to continue getting full speed data, but they don't even offer the option to do so - I assume because that would require them to admit that the service advertised as 'unlimited 3G' isn't really.
These e-mails from AT&T are almost always smoke and mirrors. I'm on the same data plan I had in the Cingular days and have received dozens of e-mails and texts warning me that I "may be violating my contract" and that they're going to switch me to the $60/mo plan.
I've yet to be switched away from my $10/mo data plan.
I was using an HTC TyTn2 that I didn't purchase at a Cingular Store and I was on the $15 data plan.
Never got caught with this phone, probably because they didn't know what phone to map my IMEI to.
I got a Nexus One for AT&T last year, and received an auto upgrade SMS shortly after, saying that my Nexus One required another plan...
It's unlikely AT&T is doing anything fancy at this point, but there's potentially much more to detection than TTL. NAT devices make an attempt to be transparent at layer 4 and try not to interfere with it. Host OS fingerprinting can rely on a combination of options at that layer as well including but not limited to windowing scaling MSS. If AT&T cared to go the distance, it would be very difficult to get around detection without interfering with the TCP/IP stack.
There is a greater underlying issue here which seems to be missed.
I have paid £x to use O2's (or in this case AT&T's) network, not only that but I also had to partially pay for the handset.
O2 should not really give a damn about what device I use to access their network - sure, they may have sold me a handset with an Internet plan, but it is MY DECISION to use whatever device I see fit to use that network.
If I am allowed to use whatever device I want but it was capped to say 4GB, I would have no issue, but as it stands, I am not only paying to use the phone, but an additional bullshit cost to tether the phone which technically should be none of their concern.
That's a bit like saying "I bought a plane ticket, and if I want to cram multiple people, cargo, or whatever into the seat that's MY decision and the airline should not give a damn".
There's no underlying issue. You accepted their offer of a subsidized handset in exchange for entering into a contract to buy voice & data for that handset, or an equivalent, for a period of time. Your agreement pertains to that type of device only, clearly stated in the T&C's.
Now, if you want to argue that tethering charges to use your bandwidth is a dick move, or that mobile operators should NOT be able to discriminate, or charge more just because you own a certain device, then I completely agree. But neither of those are what you agreed to.
You're absolutely right about the T&Cs. Presumably AT&T are aware that some people are prepared to pay more for tethering and therefore write the T&Cs such that can price-discriminate in order to get more money out of those people for potentially the same service. The sad thing is that people probably signed up in the expectation that the T&Cs would not be enforced and are getting a rude shock.
To slightly modify your airline analogy, this is like going on a business trip and flying economy. The airline scans your baggage, notices that you have packed your suit and other work-related items and demands that you pay the business class fare. "Hold on a minute," you complain, "I am entitled to 20kg of hold baggage and 7kg of hand baggage, so long as it fits with certain dimensions and isn't dangerous!" The airline retort: "Read the small print. Business travellers with certain items in their baggage will be charge the business class fare, which will be charged to your credit card. Now, enjoy the flight and don't forget to pay attention to the safety announcement."
I'm curious to find out what you guys / gals think about this. Is this just a fear tactic? Or, does ATT have a legit way to check if you're doing unauthorized tethering. Any of you get hit with this text on accident (false positive)?
EDIT
Removed the '(Ars)' from the title. N00b mistake :)
Supposedly all packets from the iPhone have a TTL of 64; packets from your laptop routed through the iPhone would not necessarily have the same TTL and are thus detectable.
"AT&T may, but is not required to, monitor your compliance, or the compliance of other subscribers, with AT&T's terms, conditions, or policies"
And, of course, it's now well-known that the government WAS using deep packet inspection on AT&T internet traffic.
I would assume they're just looking at how much you download in a month, though. I don't think AT&T is worried about offending outliers using large amounts of mobile data by inaccurately accusing them of tethering.
They probably just see that you are using more bandwidth than a normal user and infer that way. If they were packet sniffing your non phone traffic they might be able to infer from a plethora of non phone headers that the system will invariably send out. (system update check in the background. Etc. )
It is possible for them to detect this if they are doing Layer 7 inspection. All it would take is parsing the user agent to see that you're not on Mobile Safari. On the iPhone side, it just does a NAT and theoretically passes all information as the public IP of the phone itself.
Honestly, any respectable nerd is going to have either a) a box to SSH to or b) a VPN endpoint... if you encrypt/encapsulate all traffic originating from your tethered machine there's very little chance they'd be able to catch you.
Assuming the IPv4 TTL issue can be worked around (see elsewhere in thread), a phone that does GBs/month of encrypted traffic over SSH would still be a signal that something suspicious is going on.
Unless they're performing a deep packet inspection, there's no good way to tell if you're tethering. Usually tethering option uses user name that differs from non-tethered option during authentication. If your unathorized tethering application sits on the device, it simply shares non-tethered connection, hence the user name doesn't change. The only plausible explanation w/o going deep into packets - bandwidth or some unusual ports usage.
Using the cheaper unlimited plan worked for a long time, and then AT&T started 'automatically' switching people to the smartphone tax if their IMEI indicated they had an android phone. I did what any reasonable person would do, cancelled my AT&T contract and signed up with t-mobile :-)