I have seen that most carriers, by default, have a "stream saver" turned on, which, I am assuming detects when you're on YouTube or Netflix and automatically throttles your bandwidth to these sites. Assuming these connections are happening over SSL, how are the carriers able to modify the sites to disable users from selecting HD or 4k resolutions?
It is somewhat rare but not entirely unheard of for carriers to have agreements with the major streaming providers, and so in some cases the streaming provider will actually aid in the process. Most of the time, however, this isn't needed because what's actually happening is limiting bandwidth, not resolution, but there is a very strong correlation between the two, so by limiting bandwidth you end up with the desired effect of limiting resolution.<p>These days most streaming providers use some form of adaptive streaming in which client-side logic decides to get bigger or smaller "chunks" of video based on how quickly prior chunks downloaded. A rudimentary solution for a carrier would be to simply implement logic like, "if throughput to device X > someLimit, add a delay in delivering packets to device X". From the client's perspective, getting the bigger (and higher quality) video chunks will take too long, so it will naturally shift to the smaller (and lower quality) chunks.
How do mobile carriers know video resolution over HTTPS connections?<p><a href="https://security.stackexchange.com/questions/172212/how-do-mobile-carriers-know-video-resolution-over-https-connections" rel="nofollow">https://security.stackexchange.com/questions/172212/how-do-m...</a>
The urls that are used for the streams are pretty well known, and can limit all traffic on those URLS to specific speeds. Here are a few for example:<p>Twitch: *.ttvnw.net<p>Netflix: *.nflxvideo.net<p>Hulu: *.hulustream.com<p>YouTube: *.googlevideo.com<p>Amazon Prime: *.aiv-cdn.net<p>Edit: This is by no means the only way to do it, just a potential way to do it.
I know from experience that T-Mobile uses TLS-SNI (and possibly DNS) to determine the hostname of the HTTPS site being visited. If it is a known streaming service, the connection is throttled.<p>In T-Mobile's case, this throttling can be avoided by using a tool such as GreenTunnel which can run in Termux (on Android) and works by spliting the SNI portion of the ClientHello into two TCP segments. Their DPI appliances are too dumb to reassemble the fragments and correctly categorize them as going to a streaming service.<p>The best part about GreenTunnel on Android is that it runs a local HTTP proxy, which you can adb forward to a PC so that you can watch 4k Netflix on your computer using your unlimited T-Mobile plan (this doesn't count as tethering, as the IP packets originate on the phone).
Most large ISPs are running CDN nodes for the streaming providers out of their own NOCs. Those nodes are provided by the streamers and work with the ISP’s QoS policies.
Sometimes my Amazon firestick/prime video goes to crap as if my network connection was really bad. I hop on my google wifi gizmo and run a speed test and get 100-200mbps down. Then sometimes the movie starts playing just fine. It's like they want to throttle my connection unless I'm looking.
MNOs really don't need to know the traffic source address to apply throttling.<p>As per the throttling algorithm, most of the times it's a Leaky Bucket variant (<a href="https://en.wikipedia.org/wiki/Leaky_bucket" rel="nofollow">https://en.wikipedia.org/wiki/Leaky_bucket</a>). The variant usually allows short bursts of packets, then throttles down the downstream traffic for long connections to match the configured rate.<p>A trick to know if the operator is using DPI to extract the SNI in HTTPS/encrypted traffic: play a YouTube video, then do a speed test (e.g. iperf) while it is playing. Two things could happen: either both apps are throttled (no DPI) or only Youtube is (there's some level of DPI).
I'd try two things:<p>1. try and see if accessing youtube through a vpn improves the bandwidth (in that case, your ISP is probably looking at both dns requests and connection endpoint ownership)<p>2. preload and buffer whole videos (es: <a href="https://www.technorms.com/35122/preload-buffer-entire-youtube-videos-disabling-dash-playback" rel="nofollow">https://www.technorms.com/35122/preload-buffer-entire-youtub...</a>) this aims to get your traffic usage pattern not having the "usual" shape of a typical youtube session (that is: brief burst of full-speed downloads)
I think the most honest reply is that the open Internet does not exist in the western world. Read that again. All major traffic from MS, Netflix and so on is already very segregated. There are several locations were any provider can do QoS in layer 7.<p>And do not underestimate the power of carriers. They are the reason why you can not use mobiles on a plane.
Contention happens in many places in the pipe, it can happen because of the path or because of a fault. It can happen inside the streaming providers infrastructure or in the egress. The delivery system adapts to the bandwidth that is available and chooses all sorts of ways to deal with this.
I thought at least some of the services offered a DNS-based approach (similar to Google's "forcedsafesearch" cname - <a href="https://support.google.com/websearch/answer/186669?hl=en" rel="nofollow">https://support.google.com/websearch/answer/186669?hl=en</a>), but I couldn't find any documentation.<p>Possible otheroptions:<p>- agreements with the service providers to throttle users from certain netblocks (the carriers partner with the service providers to some extent e.g. to deploy CDN nodes, so such agreements would be plausible)<p>- throttling bandwidth (potentially selectively to/from streaming providers) and letting the service figure it out<p>- separate host names for high res content that can be DNS-blocked
A good way to check this is with fast.com - which uses Netflix's infrastructure to perform a speed test.<p>My provider limits me to ~1.5Mbps, but the second I connect to a VPN (WireGuard - hosted on my homes 1Gbps/1Gbps connection), it goes up to ~50Mbps.
Two clarifying questions:<p>1) What does the feature look like, screenshot-wise?<p>2) Can you confirm the HD/4K option actually disappears or is disabled, or if the site(s) in question just trend toward autoselecting 480p/720p over time?<p>Like most other comments here I suspect IP-based bandwidth limiting. Given the unbounded complexity scale of keeping the internet actually working :) I can totally see infrastructure being able to single out the activity of a single connection and track what it's doing over time. The chances are the implementation is eyebrow-raisingly impressive but still compact and approachable at the end of the day.
I assume its domain based. When I use a VPN for video on T-mobile there is no resolution or speed decrease. I've tested this several times with 4g and 5g areas and browser vs. apps like YouTube.
I can't really comment on how they do it. I can speculate, but there's already endless comments of speculation.<p>What I can add is that it's to do with IP or DNS monitoring from the carrier or server. My SO who uses Verizon noticed it, and so I setup a home VPN for him, and when connected to it, all throttling disappears and everything is accessible at full 5G speeds. We have gigabit internet, so it's trivial for our network to handle the VPN traffic of streaming.
The standard way is to restrict bandwidth using traffic shaping at the EPC, the software that the telco operator uses to connect devices on the cellular network to upstream networks like cloud and internet. The magic phrases to google are video optimization and GiLan services.
I hope this doesn't happen to videos in which people teach to code or teach to use particular apps - 480p can be insufficient to read display text reliably if recorded at full HD.