I am asking the questions because of the latest news: https://www.bbc.com/news/world-middle-east-50095448
I wonder how the ISP can detect the use of call and video calls, without detecting or blocking the rest of the app?
I am asking the questions because of the latest news: https://www.bbc.com/news/world-middle-east-50095448
I wonder how the ISP can detect the use of call and video calls, without detecting or blocking the rest of the app?
ISPs in general can detect VoIP connections because these network flows in general have specific network metrics such as , constant rate, a relationship between up stream and downstream and some more. However, some applications such Skype the embed all encrypted traffic on one network flow, make impossible to know how many messages has been sent. In the case of whatsappp you can take some samples and analyze but I suspect that works in a similar way as skype.
Whatsapp asynchronous messaging and calling use different protocols for communication. For messaging it uses XMPP and for VoIP it uses SRTP for multimedia communication.
Both can be distinguished by their different traffic fingerprints. SRTP uses UDP as transport protocol and media elements are end-to-end encrypted. While directly analysing the UDP header does not reveal the presence of SRTP but analysing the behaviour of UDP traffic can determine if it's VoIP. VoIP uses more bandwidth and rate of incoming and outgoing traffic is nearly equal. It also has more network congestion due to synchronous flow of traffic. Combining these deterministic behaviour with average packet size of compressed voice, VoIP can be detected. Deep packet inspection uses more factors to fingerprint network protocols than mentioned.
An ISP cannot block VoIP from initialising because the signalling mechanism that establishes peer-to-peer channel is done via signalling server which is in this case is WhatsApp server. Blocking the server will block network activity for entire app. VoIP use ephemeral port so you can't associate specific open port with VoIP. Being peer-to-peer there is no server to block. ISP requires atleast some amount of data metrics from an active connection to determine VoIP communication.
Like WhatsApp, Facebook Messenger, Instagram and Signal are other apps which make use of WebRTC for NAT traversal and VoIP communication so same detection techniques apply to these apps also.