that's not really true, T-Mobile blocks tethering by sniffing HTTP user agent strings too. So if you are tethering to a tablet, then it will work fine. It won't if you are tethering to a laptop (you can spoof the UA string but you will end up receiving all mobile websites on your laptop - which kind of sucks and kills productivity).
I had no problem for about two months of almost daily use (train commute), then I started getting my HTTP browser pages redirected to a tethering upsell page. HTTPS still worked, as did e.g. imap, dropbox, skype, etc, but I haven't personally played with it enough to find out if it seems to just be the user agent. The HTTPS-everywhere extension will probably help significantly with this, if you're looking to evade, if that's all they're doing.
makes me wonder, is there even anything else that they can do to block tethering apart from UA sniffing? given that the phone is unlocked and doesn't have any carrier's crapware in it.
Definitely. Since it's part of the contract that tethering isn't allowed, and (I assume, don't remember) that they can 'terminate service' for anyone at any time for any reason, they could: watch the pattern of traffic to identify well-known desktop apps, completely disconnect the worst 0.1% of offenders on the (very likely) assumption that they're guilty, and demand they pay up. Even a VPN won't hide you there, unless you have something that defeats traffic analysis (a definite possibility, but not a normal tool either, afaik).
I don't doubt you're wrong but I've been tethering my galaxy nexus with the exact same plan he mentions with no issues what so ever. I sometimes have 2-3 devices connected to my phone.
