
T-Mobile: Are you blocking specific words and suspending accounts? - QUFB
https://reddit.com/r/tmobile/comments/i1fk1z/tmobile_are_you_blocking_specific_words_and/
======
Someone1234
There's two different but both problematic things here:

\- Really poorly written spam detection.

\- Failure to notify customers/no remediation procedure.

No doubt people will bring up "but then the spammers will know!!" Or similar,
but honestly spammers are already limited by the cost of buying SIM cards
($5/ea), and I feel like customers being negatively impacted outweighs the
_minor_ benefit to spam-fighting (particularly when spammers could buy a
single second number and detect this 100% of the time anyway).

Plus I'd be pretty upset if I was a customer paying for service, and I lost
access to a part of that service for 10 days because I sent the word "butt" in
a conversation. I'd feel particularly irritated if I wasn't told that my
messages weren't delivered, and vital ones were just going into a void.

~~~
makethetick
Bulk SMS spam would most likely come from someone with direct signalling
access and not from individual SIM cards which would be trivial to detect and
block by the operator.

~~~
jasonjayr
It is _trivial_ , even for someone not that technically oriented to send a
mass SMS from Android, with the appropriate app. Since it's easier to sideload
on Android, it would be even easier for a malicious spammer to pay people to
install sketchy APK's that spam from the user's phone relentlessly.

~~~
makethetick
This would be simple for the user to execute but it would very quickly be
spotted by the operator as it's all from a single originating MSISDN.
Spreading the load over many users like your latter example would be a lot
harder to spot, as would spamming through multiple SMS providers as you're
diluting it (but it might also get picked up by the provider e.g. Twilio,
MessageBird etc).

My point was that most spam originates from people with SS7 access and not SIM
cards. It can also come through low cost SMS providers but is short lived as
it's blocked the moment it's discovered or there's a complaint.

~~~
jasonjayr
How does one even obtain SS7 access w/o a AUP forbidding this kind of abuse?
Or are the Telco owners making more money not caring @ that connection level?

------
tyingq
PayPal has a similar problem. They do really loose string matching on the OFAC
list[1], for any data, in any payment field...even a comment. Match a magic
string in a comment, and your PayPal account gets locked down in a way that's
very hard to undo.

[1] [https://www.treasury.gov/resource-center/sanctions/sdn-
list/...](https://www.treasury.gov/resource-center/sanctions/sdn-
list/pages/default.aspx)

~~~
andybak
How loose is the string matching? That list looks full of incredibly common
names from around the world.

~~~
WrtCdEvrydy
that's what the SDN list really is, just some common names of people,
organizations and countries.

it's up to you to figure out how to turn that into not selling to the wrong
people and going to prison.

~~~
tyingq
True, but that doesn't seem like a good excuse for a dumb grep-ish solution on
all fields.

Some smart terrorist is going to legally to change their name to "Thank You"
and screw PayPal :)

------
Hippocrates
This is a great reminder to switch from SMS to something that is e2e
encrypted.

~~~
gallego2007
I was thinking the exact same thing. I need to convince a few family members
to ditch SMS... unfortunately some businesses (like apartment buildings) still
use SMS to communicate, so it’ll probably be a while before we fully move away
from this medium.

------
simonebrunozzi
T-mobile is a joke. I lost my @simon Twitter account [0] because of T-mobile's
and Twitter's utter incompetence, and it took me more than 3 months to regain
control of it.

The way the attacker gained control of my phone number should have never been
possible. I'm still a customer, why? Because there's no better alternative in
the US, although I'm pondering Google Fi at the moment. Thoughts?

[0]: [https://medium.com/@simon/mobile-twitter-hacked-please-
help-...](https://medium.com/@simon/mobile-twitter-hacked-please-
help-2f65c691edf8)

~~~
woofie11
If you don't mind losing your phone number forever, Google Fi is a great
option!

If Google Pay suspects fraud, it locks your account. Google Fi isn't paid for.
Google locks your phone number from being ported out forever. Empowered human
support wouldn't be Googley, so it's usually locked out forever.

T-Mobile isn't very competent, but at least, they provide humans who can fix
things, eventually, once they figure out what they're doing.

------
timeinput
I ran into this a few months ago when texting the phrase "work from home" it
was really strange. We rationalized it with the spam / phishing thought
process, but it still seems wrong for the carriers to block messages so
poorly.

It makes me wonder if I really want them filtering 'spam' calls.

 _tinfoil hat_ maybe that's their end game!

~~~
dzhiurgis
“Learn to code” is harassment on twitter

------
jasode
From the scant details about the word _" BELLY"_ triggering the blocks, it
looks like some hypothesize it's a "Scunthorpe" type of programming bug:

[https://en.wikipedia.org/wiki/Scunthorpe_problem](https://en.wikipedia.org/wiki/Scunthorpe_problem)

~~~
jessaustin
I don't see "cunt" or any similar string anywhere in the string "belly". As
mentioned at TFA, this is more likely some sort of naive Bayes filtering since
"belly" is often seen in "lose belly fat fast!" etc.

~~~
LanceH
I would guess it is aimed as "reduce belly fat" spam.

------
chevman
T-Mobile has also not been approving new short codes on their network since
earlier this year. Frustrating for folks trying to execute legit SMS comms.

~~~
toomuchtodo
Use case(s)? I’ve have success working with financial services firms moving
their comms from short code to push notifications in app. Always curious who
is still using bulk SMS and for what.

~~~
ryukafalz
As someone who dabbles in alternative mobile OSes (and would like to switch to
one full-time again soon), it's frustrating when there isn't a fallback option
to standard protocols. Thankfully email/SMS are still fairly ubiquitous, but I
don't like the idea of that going away for something important like banking
and being locked into one of the big two platforms.

~~~
toomuchtodo
Godspeed. SMS is unlikely to ever improve, consider more durable alternatives.

~~~
ryukafalz
Email is fine too! Or maybe RCS in the future, though I’m not sure if there’s
a free RCS stack anywhere yet. But honestly, though I rarely use SMS for
personal communication these days, it makes a pretty good fallback, and it’s
damn near ubiquitous.

------
zachrose
I’ve been developing SMS chatbots and using my T-Mobile phone for testing.
They will also drop messages that contain URLs, although the rules for which
TLDs are allowed are hard to reverse engineer, much less rationalize. Last I
remember, .club URLs are blocked, .com is allowed, and bit.ly is allowed.

~~~
foob
I recently ran into this sort of filtering when trying to share an AI Dungeon
_.link_ URL with a friend. It's kind of crazy that entire TLDs are blocked
without any indication or warning.

~~~
vincentmarle
Hmm I suspect this could be related to Branch links, because their default
deep link domain is _app.link_

------
dogma1138
Are US carriers even allowed to do this?

------
Scoundreller
Bell and Telus in Canada we’re doing this. But only if your SMS contained the
term « secure message ». Strange to say the least.

~~~
lgats
do you mean 'we are doing this' or 'were previously doing this' ?

------
dredmorbius
[https://old.reddit.com/r/tmobile/comments/i1fk1z/tmobile_are...](https://old.reddit.com/r/tmobile/comments/i1fk1z/tmobile_are_you_blocking_specific_words_and/)

------
speedgoose
Facebook Messenger does the same with some porn links.

------
wdr1
TL;DR: spam detection is hard

~~~
njarboe
Charge people not in your contact list 10 cents to message you. 5 cents goes
to you and 5 cents to the carrier. Problem solved. I would love this for
messages and phone calls (and emails while we are at it).

