How does my ISP know I am making a WhatsApp call?

Question

The MNO Econet Wireless in Zimbabwe has what are termed social media data bundles, these data bundles only work on say Twitter, WhatsApp, Instagram, etc. When you purchase say the WhatsApp bundle, you get assigned some MBs of data that only works on WhatsApp. You can text, view statuses (even video statuses), download/upload media, etc. However, you cannot make call (either voice or video calls).If you initiate a call, the call goes through, it will ring for the other person but as soon as they answer, your WhatsApp will be stuck on the "connecting" screen. The same is true for the reverse i.e. if someone else calls you, you get stuck with a "connecting" screen as soon as you answer.Aside from it being very annoying that my "240MB" of data is apparently unable to make a call on WhatsApp, I am generally curious how they might be doing this, the simplest explanation I have is they limit the bandwidth so much that a call cannot go through.Whatever method they are using to do it, I imagine it can also be used to "fingerprint" someone. It's not a lot of information, but it can be a useful/helpful data point if coupled with other data.

simon_acca · Accepted Answer

They do it via operator specific IP pools https://www.whatsapp.com/cidr.txt

toomuchtodo · Answer

https://en.wikipedia.org/wiki/Zero-ratinghttps://onlinelibrary.wiley.com/doi/10.1155/2020/7285786(you identify the traffic, and then you deny or degrade the connection based on heuristics)

Festro · Answer

They're just monitoring the types of traffic you send to through them as your ISP, and where it's headed to. If you're sending packets of voice data, encrypted or not, and connecting to Whatsapp's known public servers that handle voice data, then they can block that data.

20after4 · Answer

There are various ways to identify the type of connection that is being made. The most straightforward way for the service provider to block some traffic is to put in place a firewall rule that blocks specific protocol/port number combinations. This won't work if WhatsApp were to use HTTPS on port 443 because then the call would look identical to regular web traffic.Another possibility is related to the fact Meta is likely cooperating in the data bundle scheme. So it might be that WhatsApp is intentionally sending a specific signal of some kind that Econet can use to determine what each connection is for. There is a good overview of some of the possible methods on Wikipedia, for example: https://en.wikipedia.org/wiki/Deep_content_inspection

polon · Answer

Id imagine they're blocking access to the IP, or the endpoints used for certain functionality, like WhatsApp calls

uncomplexity_ · Answer

this is hilarious, what a bunch of grifting cunts.