17

Today I started using a VPN on my phone (nexus 5), and after I switched on mobile data and turned off my WiFi, I received a text message from my carrier offering me roaming packages for Europe (which is where my VPN server is located).

Now how would they even know that? I mean I wasn't physically in Europe and they know I'm connected to a local cell tower.

So my question is: What are they doing/monitoring that they would even see my external VPN IP address? I mean, I'm assuming this was a mistake on their part that is a side effect of some kind of system/mechanism.

My main concern is that they're actually monitoring my outgoing traffic.

I was using openvpn with a server located in France (OVH).

Marcel
  • 3,494
  • 1
  • 18
  • 35
Tomer E.
  • 171
  • 1
  • 4
  • It's entirely possible that this is coincidental, and that they sent _everyone_ (or a large group of people) the same text message. You might ask any friends who have the same carrier if they received such a message. – Michael Hampton Oct 29 '14 at 00:33
  • You haven't mentioned what country you're in and that could make a big difference to the answers here. – James Snell Oct 29 '14 at 10:16
  • I totally agree @JamesSnell. You turned on mobile data in a different country and then you get a SMS text offering you roaming (europe country?) ? That is something I would expect as common behaviour. (Turned on mobile data + haven't been physically in europe). Please be more precise here, so there can be more precise answers in my opinion – p2k Sep 10 '15 at 13:35

3 Answers3

18

Your carrier certainly sees the target IP address of the packets that you are asking them to transmit. The carrier's job is to, indeed, carry your packets from your phone to the base station, and, from that base station, to route it to the nearest infrastructure link so that it may reach its ultimate destination. In your case, all the packets that you send are tagged with your VPN server's IP address.

If the carrier did not know the destination IP address, networking would simply not work at all. Therefore, it is perfectly normal that the carrier knows that you are talking to some address in Europe. It is part of their duties. Of course, by the magic of VPN, your server's IP address is all that the carrier can see; the true destination address (beyond the VPN) is hidden from them.

Inspection of destination addresses is an integral part of how routers work -- and your carrier is, by definition, your first outgoing router. The carrier will also keep a tally of all the packet sizes, in order to charge you if you go beyond your allocated quota. For cleartext traffic (HTTP), many carriers will also try to operate transparent proxies so that they may make some savings on their own bandwidth; your VPN prevents such proxies from operating. And, of course, your phone tends to use the DNS server provided by the carrier, so any name resolution will go through their hands (again, in your case, they will see the name resolution for your VPN server name, but subsequent name resolutions should be forwarded to your VPN server and won't be seen by the carrier).

Whether the carrier infers from such traffic that you would be interested in options for Europe-based roaming is another question. It is perfectly possible that the text message is purely coincidental. After all, my carrier sends me text messages offering discount prices for hockey and football match tickets, and roaming packages for central America, which are of no interest to me.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • I understand that the carrier can obviously see my traffic's destinations and therefore the VPN IP address, what surprises me is that they didn't just see this as me communicating with a website located in Europe, but for some reason thought I was physically there. As for the other thing you said - I get my fair share of spam text messages but never from my carrier, the only time I get messages from them is when I'm abroad (I got the exact same text message when I travelled to Europe a few months back) or important updates like reminders about day light saving and etc. – Tomer E. Oct 28 '14 at 13:57
  • 12
    There's no reason to believe they though you were in Europe. It is reasonable for them to guess that a VPN user is likely an employee or contractor of the folks hosting the server, and may have a future need to travel to that location. – tjd Oct 28 '14 at 17:01
  • @TomerE. In the past when I've travelled to countries in Europe, the SMS I receive typically starts with "Welcome to France!" and goes on to list rates and roaming packages etc. Was this a "Welcome to France" text, or a "Here are some roaming packages you might be interested in" text? – Danny Beckett Oct 28 '14 at 19:39
  • 3
    @DannyBeckett Thats a text from the cell phone provider because you've just connected to a tower in that country. Its a requirement under european law. – user1937198 Oct 28 '14 at 21:22
5

Your carrier would not see your VPN address directly, because that is in the encrypted part of the VPN traffic -- all that is visible to them is the public IP address of the VPN endpoint you are connected to.

What is most likely happening here is that an app installed by your provider contacted them through the VPN, at which point they can see the address assigned to you by the VPN provider -- because it shows up as the originating address for that connection.

Simon Richter
  • 1,482
  • 11
  • 8
  • Not quite - your carrier will see the VPN address or it wouldn't be able to communicate with it. What they won't see are any other addresses you communicate with as they're encrypted in the tunnel. – James Snell Oct 29 '14 at 10:21
  • The problem appears to be that the provider *can* see the address inside the tunnel, which led to my speculation that a preinstalled app phoned home. – Simon Richter Oct 29 '14 at 10:24
  • If a clean phone had an app that 'phoned home' as many might do for email or picture messaging then all that the carrier would see is the traffic from the phone originating from the VPN IP it already knows. If you're suggesting a carrier provided 'rootkit' is installed (and there are a handful around, especially for 'landfill' android) then it would be useful to include some examples of them being seen 'in the wild'. – James Snell Oct 29 '14 at 10:55
  • The traffic would originate from the IP "inside" the tunnel, be sent to the VPN provider, and from there to the carrier's server -- hence they learn the other address as well, and can connect your VPN IP to your customer data. – Simon Richter Oct 29 '14 at 12:54
2

Your VPN has an end-point, where the pipe terminates. Your service provider sees this end point, and by using GEO-IP can quickly identify the country, City and even area where this end-point is located.

Not sure why you should be surprised about this - A VPN will only protect your communications from YOUR ISP.... Where the traffic appears it will be subject to usual network/protocol analysis tools/techniques.

Tim Seed
  • 333
  • 1
  • 3