Hacker News new | past | comments | ask | show | jobs | submit login
Let’s Destroy Robocalls (nytimes.com)
240 points by howard941 50 days ago | hide | past | web | favorite | 267 comments

So robocalls are the result of:

- Cost of phone calls decreasing to basically zero

- Cost of automation going to basically zero

- Phone calls that can come from the Internet so there are no national boundaries anymore

- Caller ID operating on essentially the honor system

- Bad actors (telephone companies) benefitting from this traffic by charging for it

- Larger players having no incentive to punish bad actors

There's a reason why most messages are now sent on whitelist instead of blacklist systems.

For whitelist systems to work you need to be able to enforce identity or have a significant cost to sending messages.

Frankly I don't even want to receive phone calls on my "phone". If I did I'd be more than happy with a contacts only whitelist. Why I can't get this is beyond me.

EDIT: for those mentioning the doctor's office and other non-whitelist cases, just send non-whitelisted callers to voicemail. If you need to answer the phone then OK, I guess this won't work for you. But for the majority of people for the majority of their time, whitelisted contacts only with the rest going to voicemail will work.

Whitelisting is problematic because there are so many cases where it's impractical or impossible to add a contact first: Doctor's office calling to confirm your appointment; restaurant confirming a seat reservation; delivery guy is outside and can't find your doorbell; Lyft/Uber/whatever is nearby and is looking for you; pharmacy calling to inform about a prescription being ready; some store calling to inform that your order is ready to be picked up; insurance company calling about some claim; etc.

These examples are from my own life, and they happen several times a month. I hardly ever make calls myself, but I do have to be able to receive important calls.

Obviously some use cases can be fixed with text messaging and app, and increaasingly they are, but there are always going to be exceptions. Directing to voicemail is also a solution to some of these, but voicemail acts as a filter: The caller may decide to not bother leaving a message.

> Doctor's office calling to confirm your appointment; restaurant confirming a seat reservation; delivery guy is outside and can't find your doorbell; Lyft/Uber/whatever is nearby and is looking for you; pharmacy calling to inform about a prescription being ready; some store calling to inform that your order is ready to be picked up; insurance company calling about some claim; etc.

The problem is phone number that is short and easy to guess. Imagine replacing them with a longer token that would be generated each time you want to give someone else a way to contact you (e.g. displaying a QR barcode on your phone and letting the other party scan it). Then you'd share a unique identifier with all that parties. Delivery guy can get a token that expires after a while. If someone abuses their ability of contacting someone, the token would get revoked.

I leave the details and implementation as an exercise for the reader ;)

That sounds like a huge hassle, which would probably make it a no-go.

QR codes are widely used in China for example for quick transactions: https://a16z.com/2017/08/11/qr-codes-in-china/

It's actually a longstanding part of phone culture - "extension xxx". It doesn't need to be terribly long to keep out spam - having to enter a single digit would fix the immediate problem, and even when the spammers adapted 3 or 4 still seem sufficient.

Yes, it sounds like how PGP failed.

The solution available on my land line is very simple, and works very well.

Any call from an unfamiliar number get an automated prompt to enter a specific digit. The digit changes, and of course relies on the caller being able to follow this simple instruction. All of this happens before my phone rings.

Once a call does get through (or even if it hasn't), you can review it on the telco web site, and either whitelist or block each calling number. Those that are whitelisted now get through directly, without the prompt, and then continue on as normal.

No cost to the consumer either for this feature, but it isn't on by default.

I'd expect to be able to whitelist my doctor's office number. Likewise services I use like Uber/Lyft/delivery service XYZ.

And if whitelisting becomes a thing you know the UI is going to say "your order is complete! Please click here to whitelist our number in case we need to reach you."

Not a big deal, and it basically solves phone spam.

> And if whitelisting becomes a thing [...] Not a big deal

But that's the whole (big) deal. The solution is usually the trivial and easy part - getting people to change is the hard part.

Humanity is littered with millions of problems that could be solved if it wasn't for inertia. A solution cannot simply be better or more convenient - it has to be so overwhelmingly better, so much more convenient for people to even consider switching.

And while this solution is better, I don't see your average person caring enough to take the time to make sure they've whitelisted all services they use.

The mental overhead of having to keep track of what to whitelist means it's not something 99% of people are going to do. So while it might work for you, it's not a solution. I'm certainly not going to do it.

If caller doesn't leave voice mail, then it's not important. All entities that value your business perfectly understand this. Worst case - complain to their management and this will get sorted out very quickly.

That's nonsense. Whether the call is important to them has nothing to do with whether it's important to me. The delivery guy may give up and not deliver my food; the doctor's office may just assume I will show up (but maybe I forgot to add it to my calendar); and so on.

Need intelligent chat agents to receive calls on your behalf and act appropriate, just as you would -- arranging legit appointments, coordinating pick up times with the spouse and trolling offshore scammers by dangling red herring personal info to keep their resources tied as long as possible.

AI assistants are all well and good but I find you continually run into seemingly simple situation that completely flummox them. I experienced this myself recently when I discovered that, despite nearly a decade of development, Google Assistant can't handle the command "navigate to the McDonald's closest to the Best Buy"

"Once again, sir, we're terribly sorry that Alexa misunderstood your daycare provider due to their accent. Due to your loss, please accept this $20 Audible credit to your account."

Give unimportant strangers a Google voice number or an equivalent. Being able to mark a phone call as spam for a centrally managed service is useful.

It never made much sense to me that the providers would not offer some kind of robocall-free plan. I would instantly switch to avoid getting any more of these spoofed calls, which would block the vast majority of robocalls. It turns out that it is government regulation somehow preventing this:

>"The FCC last year authorized voice service providers to block more types of calls in which the Caller ID has been spoofed or in which the number on the Caller ID is invalid." https://arstechnica.com/tech-policy/2018/10/robocallers-evol...

I pay t-mobile $4/month for their advanced spam-call blocking feature, and it works very well. I now get maybe 1 spam call every 2 weeks, compared against my worthless work number that has no such blocking which gets maybe 6 spam calls a day.

FYI: T-Mobile's app that they charge $4/month for is a reskin of the Hiya app (https://hiya.com/) that's only $1.25/month when paid yearly.

I just installed it. It identifies many of my recent robocalls as spam. Thanks!

It also allows me to block numbers from my sim area code. This is where most spam calls spoof to be coming from. When I recently called T-mobile to ask for them to do this, they said they couldn't help me.

I'm not entirely sure that is correct, because the behaviour of hiya and t-mobile's offering is different. Hiya will hang up on a spam call, but t-mobile's app seems to make it so they don't even connect to me.

I was using t-mobiles free tier scam call blocker, which worked pretty well except it also blocked calls from Twilio, including our downtime alerts. So I unfortunately had to disable it.

How does it identify spoofed numbers?

The company I work for has a similar feature. We have a tap on the actual phone network (for some carriers) and can track in real time. If we notice that (407)-555-1212 has placed 100 outbound calls in the past 10 seconds, that's probably a robo call. If it's from a phone number that isn't provisioned (or not in use---there are databases for such information) then it's spoofed. Or it could be a valid phone number whose home switch [1] is in Kentucky making dozens of outbound calls per second from the Barbados, it's probably spoofed as well.

[1] At least in North America, each phone number is assigned a "home switch," which will always be notified where (as in "which phone switch it servicing it" not "at 40°58′35″N 80°8′9″W") it is so calls can be forwarded to the proper switch (think roaming).

Thanks. It seems technically possible to stop a great deal of these robocalls with that info.

FYI, in France, the ISP called "Free" provides an option to block marketing calls in their box but many still go through


The nightmare case for whitelisting is an emergency call from or on behalf of your spouse or child using a stranger's phone. This is why I don't want a whitelist.

What I want is for spammers specifically to be identifiable and blockable, or for their business to be made prohibitively expensive. I didn't get spam calls on my cell phone 15 years ago, and as you say, what has changed is largely economics. Why can't we work to adjust the economics back?

I treat my phone as if it’s on a whitelist anyway. I can’t imagine how people do otherwise. If it’s an unknown number, I reject it. If they leave a voicemail, I’ll get notified and I’ll check it pretty soon after the call. Every day I get no less than two unwanted calls from scams and robocallers. I don’t have time for that.

I do that, too. But I didn't always have to, and I shouldn't have to, that's my point.

I only answer calls from contacts, i ran into this scenario a few weeks ago, my wife lost her phone and wanted to contact me to locate it with "find my iphone" she just text me from her coworker's phone, no problem at all.

Sounds like some next century level “how to track anyone”. Just send an SMS from a random (non-spoofed) phone number, ask to do a “find my iPhone.”

Yeah, that would sound suspicious but she just let me know that she was calling from a diferent number.

That sounds plausible, but then why are robocalls not a problem in Europe?

I have two EU numbers and have never gotten a robocall on either of them. I have never heard of anyone getting a robocall in Europe, and while that might just be anecdata I think I would have heard something after two decades, especially in privacy-minded Germany.

When I get off the plane in San Francisco and activate my American SIM card, I usually have my first robocall before I get my first beer. And my mother gets so many on her land line, she always screens her calls.

What is Europe doing right here that America is doing wrong?

Denmark: almost all (cold) sales calls are forbidden by law.

Exceptions are sales of books, newspapers, insurance, and research (e.g. Gallup). There is also a "do not call" list that blocks all such calls.

In Danish: https://www.forbrugerombudsmanden.dk/hvad-gaelder/markedsfoe...

The exclusions sound... arbitrary?

I get the research exemption, and i’m Happy about a politics exemption, but why books, newspapers and insurance?

Why not bicycles or theatre or education?

Probably just grandfathered in. I'm guessing at the time of legislation, these things were commonly sold via cold sales calls.

I get tons of these in the UK to the extent that as others have posted I treat my phone as being whitelisted.

I don't even know what most of them are. From times when I've been expecting important calls and checked, the most common is probably accident claims. Some of them aren't even automated.

France gets them a lot. Often it’s “DHL” calling and you have to pay some fee to release a package.

Likely because cheap francophone labour is available in similar time zones.

Language barrier.

A smart phone app which behaves as a firewall requiring callers to enter, say, a three character PIN code before phone rings may be useful. Incorporate two message files, one for leaving messages from those who know the PIN code and one those who don't, would allow for any contingencies. A front end answering machine box for the home with the same functionalities may be useful as well.

So shift the burden of calling to literally everyone who is acting well? Why would I want to remember a unique PIN for everyone I know?

Also, isn't that just taking the 9 digit phone number and turning it into a 12 digit?

Bad actors exist and they're cleaver. Plus these days you don't have to remember anything. Adding an updatable PIN field to a personal call file in such an app coupled with a software protocol with a pop-up button labeled say 'PIN entry' which appears once a contact device answers (say, with a message enter PIN) that can transmit the PIN number would be sufficiently user-friendly for such an app. Better than receiving junk calls while waiting indefinitely for regulations with teeth from dysfunctional legislatures.

Plus how would we share this "pin"? Maybe we could append it to the phone number, like "+1 (616) 281 - 2123#32343" - Oh wait, it's already a number, what's the point of adding more onto it? It would literally turn into the same system that we have, as you have to share the pin with everyone anyway.

It's different because then not every "number" will result in a call being placed. Determining whether a number is valid requires making a call, which ties up robocallers.

You could have a Captcha to force that the person on the calling ewnd is a person and not a computer. That would increase the costs for telemarketeers.

Or the system could ask for information that someone who knows the recipient might know but a telemarketeer might not know, e.g. "What is the 2nd letter of my first name?"

That still shifts the burden onto everyone else.

What if the caller was required to know the first character of the recipients last name and enter that on the keypad?

From my experience with robocallers: they already know your name

I bought a Tel-Lynx (this thing http://tel-lynx.com/ ) and it worked great for the paired cellphones and the landline, sort of an automated mini PBX. First time callers had to introduce themselves to the system, spammers never bothered. I'd still be using it if it wasn't incompatible with "flashing" through call waiting calls -- like the phone company it wanted to do out of band signalling with the "flash"

Is there a way to access the call before it hits your phone? I looked briefly, because I'm very passionate about this problem, and couldn't find anything. I don't want to answer the call and wait for someone to enter a pin. I want them to have entered a sufficiently long randomly generated number (spoken to them by some voice generation service) before it even makes my phone send a notification to me.

You might be able to host an instance of Asterisk [0] and set up call forwarding based on the extension [1].

I haven't played with Asterisk before, so I'm not 100% certain.

[0] https://en.wikipedia.org/wiki/Asterisk_(PBX)

[1] https://www.voip-info.org/asterisk-call-forwarding/

Learn the lessons of SMTP-based electronic mail. Non-solutions like this just lead to an arms race. And indeed the other side already has a huge in lead this particular arms race. Voice recognition, speech-to-text, and DTMF generation are widely available telephony technologies.

Recent Panasonic cordless phones, which can handle cell calls if configured, have this feature. It lets the user define the 4-digit code that a non-whitelisted caller must enter before their call is allowed through.

I don't pay for apps on my phone. I would $20 for that.

> Why I can't get this is beyond me.

The first setting in my default Android phone app is to block unknown callers. What specifically do you want?

Phone numbers are being spoofed so while you might block the majority of those calls you won't be able to block all of them. The problem has to be solved upstream.

Is that just blocking calls with unknown caller ID or calls that are not in your contacts list?

In my phone with LineageOS, the option was to block anyone who was not in the contacts list.

That's a blacklist, "Don't accept calls from X". A white list would be "only accept calls from Y". That's what GP seems to be asking for.

Block unknown callers is a whitelist though. It's literally "block everyone not in my contact list".

You might want to verify that. Last time I checked, android's block unknown caller option just blocked calls where caller ID was blocked (aka "private").

...until and unless the phone number is spoofed. Then the blacklist is getting onto the whitelist.

Technically you're right, but what are the chances that a bad actor is going to spoof one of the phone numbers in your contact list.

I mean, the odds of them hitting that are so close to zero I don't even want to think about it.

Years ago, spam emails were sent to random email addresses found on the internet.

Now spam emails are sent to live email addresses harvested from peoples' activities

Today caller ID is spoofed not even with random phone numbers but specifically phone numbers with area codes relevant to you. For me, it's phone numbers of my area code which I have zero contacts in. Or it's phone numbers from my phone's registered address in Houston.

What makes you think it won't be long before fraudsters are able to connect the phone number they're calling with people likely in your contact list by ... looking up leaked contact lists?

It depends on the phone, but I'm pretty sure there are still devices where "Unknown number" /= "Number not in my contact list".

I was getting 10+ spam calls a day a couple of months back. They all originated from overseas numbers and I was pissed off that there isn’t a way with iOS at least to block certain countries. Like no one from Malta is ever going to call me so why can’t I just block Malta.

I resorted to using Do not Disturb mode allowing my contact list to ring. It’s worked out great, I have missed a couple of blocked caller numbers that I would have liked to have taken but they always leave messages. And the spam calls have more or less dried up now.

It would be nice if someone would create a device to exchange contact info with businesses to close the loop on managing the whitelist for new, infrequent associations. I should be able to go to a receptionist, mechanic, or contractor and accept identifying info from a Bluetooth device or a standardized non-URL QR code payload to let them contact me in the future. Then we could more conveniently manage authentication ourselves and cut the bad actors out of the process.

You can embed a vCard in a QR code right now. Your phone should handle it correctly.

That's a neat feature that I didn't even know existed. Sure enough, fives seconds on a random qr code site (https://www.qrcode-monkey.com/#vcard) and my iPhone's camera offered to add it as a contact. I wonder why this isn't first-class (in terms of exporting); something I can expose directly as "this is me" or to pass off an existing contact via a quick visual swap.

I guess I'll generate one for me and store it in the notes app, which is sort of a catchall for this sort of thing.

That only works until the receptionist, mechanic, contractor, business can no longer be trusted.

I took my cat in for an oil change over the weekend. That resulted in three spam texts and two spam e-mails from VCA. Time to change vets.

How often do you need to change the oil on a cat? Every 10K Meow-les?

And to be on topic, you'd need a trusted 3rd party to manage those. But lately we've seen you can't trust them to secure / not resell your data anyway.

Since caller id was implemented so poorly:


Maybe it would be nice if we had something kind of like a CAPTCHA, where an app on your phone would say "please dial <random-number> and say your name to complete your call" and the person would have to dial it and say who they are to talk to you.

Totally knee-jerk idea I realize, but I literally get 10 SCAM LIKELY calls for every real call now, rendering my phone almost unusable. Huh, I just did a quick search and it looks like it might already be possible to install an app to do something like this. Anyone know if this works?


It's insanely easy for a program to recognize individual digits and then type them out. Saying a name would also be trivial (recorded, generated, etc). Audio captchas have existed for a while, they have been an alternative for a long time, and they are even more annoying than images.

What we need is an abuse prevention system involving authentication. You can get reported for robo calls, and if enough different accounts you called have reported you, you get reviewed/banned/throttled. Let's not reinvent the wheel, it's been the standard way to deal with spam all over the web. But it requires rethinking the way we use phones, and a whole new infrastructure. It also brings some anonymity concerns but half-measures are just an arms race.

I think you are right about this. The previous response said they received 10 spam calls for every 1 real one. I'm probably about the same. My email spam isn't even close to that. 50 to 1, inbox, maybe?

This situation is far more dire for the telco's and their debt holders than they are catching on to. The telephone number, portable or not, is what anchors their customers. When it is gone, you've got a commodity.

say your name to complete your call" and the person would have to dial it and say who they are to talk to you.

I'm not sure why you're being downvoted for this. My in-laws have this feature on their landline from their local telco. Completely annoying, but I don't want to talk to them anyway.

My mother has this feature (in UK). The first time you call, it will send you to the voicemail and ask you to state who you are. Then she gets a notification and can listen to the message. If she phones you back, the number you are calling from is whitelisted. I think she can press something else to blacklist you, otherwise you stay in the grey zone and will always go to the voicemail. I think she has had a couple of people not leave a message several times and eventually blocked them where she would have been completely happy to speak to them if she only knew who they were..

Be careful calling back. I had a friend who called back what turned out to be a Wangiri Scam http://www.three.co.uk/hub/earth-wangiri-scam/

The call-back cost him ~$4 in long distance charges.

Contacts-only whitelist with some work:

Default ring: silence, no vibration. Custom ringtone for everyone you actually want to pick up the phone and talk to. Yeah you gotta spend some time setting it up for your existing contacts, then spend 5s selecting a ring when you add a new contact.

This seems like an iOS specific work-around.

On other platforms they simply give you the choice to block non-contact calls. I can do so on my Pixel by leaving Do-Not-Disturb on with Contacts Only.

I've done this on my Pixel 2 for some time, however it no longer appears to work. Have you experienced issues with this on recent android updates?

> Cost of phone calls decreasing to basically zero

I think this is the crux of the issue, and I don't think it's a situation that any non-spammer end-user wants. There's a definite non-zero cost to receiving a phone call.

I think we'd fix the robocall problem in a heartbeat if a small artificial charge was billed by the receiving phone company each time they connected a call (or rang a customer's phone, not sure about the precise terminology).

You mention 'no national boundaries anymore'. But robocalls are extremely rare in Europe. Presumably both for legislative and commercial reasons. None the less this is an existence proof that they aren't some kind of inevitability of mobile technology.

> - Cost of phone calls decreasing to basically zero

> - Bad actors (telephone companies) benefitting from this traffic by charging for it

I don't think these are compatible.

iPhone at least has the option for a contacts only whitelist, I only get notifications from contacts and everything else gets ignored. No point in even considering answering a call from someone I don’t know, if it’s truly important they can leave a message and I respond asap.

That's only true with Do Not Disturb, which also silences all other notifications as well, a major drawback (for me, at least).

If your other contacts have "VIP" status in the contact list, they will automatically go through.

I'm not sure if it works for non-Apple apps, though.

The only reason that matters here is bad actors.

What kind of lack of compassion do you have to have to participate in an organisation that generates something universally hated.

There's some kind of mental disconnect involved.

I once knew a guy who ran a spam operation from Chicago. I was in his office once and he showed me something on his computer. In doing so I could see that his mail in-box had over 29,000 unread messages.

I asked him how he deals with all those spam messages. He didn't think it was a big deal at all. Spam simply didn't bother him, and he believed in his heart that spam doesn't really bother anyone else, either.

This idea is summarized in a famous quote:

>"It is difficult to get a man to understand something, when his salary depends on his not understanding it."

I'm pretty sure there are already apps for Android that can do what you are asking. I use google voice, which tends to block most of the crap.

> For whitelist systems to work you need to be able to enforce identity or have a significant cost to sending messages.

s/whitelist/blacklist ?

I probably make two or three phone calls a year. And that’s just to companies behind the times not offering chat support. I think it’s high time we just deprecate phones altogether. It’s pretty crazy I use a 10 digit number to identify myself. ICQ did that and it was considered archaic.

Our company actually has a really good view into where robocalls are coming from and what they are doing because we own a tremendous amount of phone numbers in the US (100s of thousands - millions at peak). We can basically see when this is happening and a robo-caller is targeting an area code, zip code, state, etc...

When we get called from a number we don't know we used to simply reject the call. Now, as of this week, we are publishing the metadata to a kafka topic so that we might be able to do some post-processing on these events which might help identify these robot callers earlier. We've already learned that the volume of robo-calls decreases dramatically on the weekends.

The hope is that we'd at the very least learn something about how they operate but at the very best possibly provide an api that allowed people to check if a number was currently considered a robo-caller or if their city, state, zip was currently under attack. That way, for example, the makers of robo-killer, etc... could provide better protection. Perhaps we could even create a live map of the attacks.

I'll follow up when we do and post something to HN.

From your company's website:

> Our simple web and mobile apps allow your team to text 1000+ people an hour. Your contacts see a normal SMS from a local number.

Does that mean you would appear on your own live map of attacks?

You're going to quickly find that the robocallers (that don't spoof their number) only use numbers for a very short period of time before moving onto another number. Then you'll have legitimate numbers that you've never seen before all of a sudden start blasting out calls such as school delay/cancellation calls and community crime/amber alerts.

Which company?

(This turned into a bit of a rant...)

So, AFAICT, Hustle provides a service that's nearly as bad as robocalls. From their front page: "Hustle works because people read and respond to texts—and to communication that feels more human." So it's a bait and switch, just like a robocall: you contact me in a way that makes you feel personal, approachable and reasonable to me so that you can gain my attention.

Look, try to see this from my perspective. Without saying anything about the honor and motives of those behind Hustle, it's like I'm being attacked from all sides - Facebook, Robocalls, and now Hustle - to gain my attention. This has always been the case, perhaps, but our modern technology – coupled with a knowledge of human psychology – is a powerful tool (weapon?) for gaining access.

Here's an idea: I don't want to be assaulted all the time via the always-on electronic device I have in my pocket!

I still want to have access whenever I want it. Maybe I can't have it both ways?

I am currently being hammered by robocalls, in relative terms at least.

I can't remember the last time I got an unsolicited text.

An anecdote to be sure, but I don't hear anyone complaining right now about unsolicited texts, so it doesn't seem like Hustle is the problem.

"I still want to have access whenever I want it. Maybe I can't have it both ways?"

You can, actually, and it isn't that hard. I have a strict "one strike and you're out" policy with my apps; if I see a notification I don't want, I either fix the notification preferences in the app right away, or if the app doesn't permit what I need, nuke the app's ability to notify. My phone is pretty quiet.

I don't hear anyone complaining right now about unsolicited texts

Really? You must not be listening. Do a quick Google News search and you'll find dozens of articles about it.

My T-Mobile hotspot has 133 unsolicited (and unread) text messages in it right now because spammers think it's a cell phone.

During the last election I received 50 or 60 unsolicited political text messages from both parties on my work phone.

Unsolicited text is a problem.

> I can't remember the last time I got an unsolicited text.

There's some bullshit law that allows political parties to harvest voter telephone numbers in my state, so I get pummeled by unsolicited text messages from political campaigns.

For the ones that actually have a human on the other end monitoring it, replying with 'I cannot vote, I'm a felon' (regardless of what the actual law is for voting and felons in my state) is a good way to get them to leave you alone.

I've never got any in Europe. Maybe the cheap spam bots are not localized?

Only robot calls I get is after contacting customer support they autocall you and ask the enter a rating of the call.

It hasn't always been the case, mostly because for most of human history attention wasn't the limiting scarce resource to things.

your homepages is 404'ing from the ycombo-hug. you may want to put cloudflare or cloudfront ahead of it.

Not my company, just know where he works.

Make a firehose and sell it to {Google|Apple} so that they can use it to increase value of their phones to consumers.

The phone numbers are spoofed so this would probably do more harm than good.

If you can sell it it doesn't matter. Isn't that how all this works?

One solution, not practical for most folks but works well for me: live in a different area code than phone number. (My cell number is in the area code I grew up in.)

It seems most spam calls either fake a source number that's in my phone's area code, or use a completely random source. Almost any inbound call I actually expect without an address-book entry would come from my (new) local area code, so I can pick up a call if (in current area code) OR (in address book). So in essence, my current area code is a 3-digit passcode.

Perhaps a nice trick if one is allocating a new VoIP number -- at the cost of looking like a non-local when giving it out, you can effectively screen for actual local calls...

I get a lot of robocalls from spoofed numbers that have my area code and even the first 3 digits of my phone number in common. I guess the thought is that people are more likely to pick up if the number looks familiar? For me, it's just an indication of a robo call that I won't pick up.

>I guess the though is that people are more likely to pick up if the number looks familiar? For me, it's just an indication of a robo call that I won't pick up.

That's probably good for the robo-callers. Just like with horrible spelling/grammar errors in spam emails, they don't mind if the smart folks can figure out their pattern. They are after the suckers born every minute.

I think they get an exit virtual POP in that AC to avoid extra charges, start at XXX-0001, XXX-0002, etc. It lowers cost and looks more relevant.

* It's not really a POP.

* The fact that many geographic numbers are in fact non-geographic means that the idea of being "in" an area has long since gone out of the window.

* It's not done to avoid extra charges. Call cost is determined by routing and tarrif, not caller ID. It's done pretty much for the reason that bonobo_34 supposed.

It's called "neighborhood" spamming. You're supposed to think it's a neighbor calling.

Or worse, someone from your own organization (because you own the number block) and you’re on-call for a critical system...

No. In telecommunications jargon it is called "local presence".

Yea, any time I see an 808, I know it's almost certainly spam as only one real person I know has that area code.

BUT.... I've had the opposite effect where they spoof to where I physically was regardless of my phone number.

I recently contacted a phishing prevention company for a quote. They knew where I was physically located, and called me using a spam number of my local-actual code. I told them flat out that was a bad idea and to not do that. Nothing made me lose initial trust more than a legit company using spoofing tactics.

It was the company that bought Wombat Anti-Phishing. They even told me they didn't do it to "prove a point" but rather just they get people to "pick up the phone more often".

There’s a recent Reply All podcast on that topic.

The “feature” started innocuously enough.

Haven't heard that podcast. Is it good?

$350m from Spotify good (well, for the whole podcast company, not just that one show).

This approach works so well that I installed a CallBlocker app which just pre-rejects any calls from my native area code out of hand. I check its logs every now and then, so far not a single false positive.

Ditto, same technique I use. My business phone uses (512) and my personal uses (469). I don't live or work in either one. I also use Google Voice on the personal one, with spam calls blocked (another good layer to have...these go directly to voicemail), and another randomly selected area code for the physical SIM (Straight Talk, 10GB $50/month).

When a call comes in from those ACs (the one corresponding to the phone), I reject it. Very easy!

I have the same issue. I'm in the PNW, but have a 210 number. I'm pretty sure most of the time they are just war dialing the prefixes to figure out who answers. The robocallers are also spoofing all numbers, as i get people calling me saying "why did you call me?!"

A fellow San Antonian?

I don't hear anyone complaining right now about unsolicited texts

Something that works for me is to have a phone number in a low-value area code. My Seattle and New York numbers get robocalls. My phone numbers in certain other parts of the country are left alone.

Lots of feel good ideas in the post, but no actual good ideas. Back when Congress created the Do Not Call Registry, and then forced law abiding companies to pay $10,000 for it, they pretty much just compiled an amazing list of active phone numbers that non-law abiding companies could acquire for a pretty good price and then sell them in batches to smaller companies that couldn't afford the full thing.

Once virtual phone services were invented, companies didn't even have to worry about dodging the Feds, they just moved all their operations overseas. Feel good laws will not solve this problem, it's going to take actual technological solutions.

That's bullshit. Telcos can stop it on a dime but they don't because they profit from it. We just need regulation with teeth. Your attitude that only "innovation" can save us and we should get rid of regulators is what led us to where we are now.

Verizon has my cell phone in some kind of trial for a new service that's supposed to filter out robocalls.

They'll want to charge me for it soon, I'm sure. I'm betting that as soon as the trial is up (one that I never asked for, btw) that the number of bogus calls will skyrocket, and I'll be forced to whitelist.

My response will be letters to the FCC [nothing will happen] and the FTC [nothing will happen]. Companies and powerfully-placed individuals make a lot of money from these calls. I don't know how difficult the ESS-level work is for call filtering, but fixing the landscape of corrupt practices is a LOT harder.

Sounds like you've been opted-in to a trial of SHAKEN/STIR[0], which is a new government mandated technology that phone companies have to install to block robocalls this year. I believe it will be free to all because it will be required by the gov.


"I believe it will be free to all because it will be required by the gov."

This is an industry that already sticks in "regulatory compliance" fees. Why would you think they'd make it free when they can charge you for it with no way to opt out of the fee?

Thats right. Innovation lead to this. With more innovation from telcos, we'll get a "Now! from $9.99 a month we'll block all robocalls."

I have a really tough time comprehending why it is such a difficult problem to solve. The FCC could have solved it by now, independently of congressional legislation, considering the fact that they regulate the issuance of phone numbers. Those overseas companies still have to get their US phone numbers from an FCC regulated body.

What am I missing?

My guess is that it's a motivation problem. With email there was a huge motivation for email providers to fix spam. Email providers don't make money based on the quantity of emails sent and it's a well functioning market. The cost of moving your inbox to another provider is pretty low and there are many competitors. Contrast to this problem: telcos make more money if more calls get placed; there aren't many alternatives; barrier of entry to the market is very high; switching provider is painful; you cannot just try a different telco like you could for email.

The massive global installed base of ss7 phone system/pstn equipment nobody wants to pay to replace or upgrade. Most solutions to securing ss7 or authentication of call origin require new custom software extensions built on top of something that is mid 1980s technology.

SS7 is from an era when big phone companies all trusted each other and interconnected without any of the modern crypto or authentication built into a modern network.

Why would the Verizon/AT&T lawyers running the FCC want do things that cost the telcos money?

It's not like these are long-term government employees, they are taking big paycuts in anticipation of getting private sector gigs later.

Two things:

1) Most of the spam calls are spoofing numbers, so it doesn't really matter who issued the numbers.

2) Spam calls could come from overseas numbers instead, I've certainly gotten a few. I'd rather they come from US numbers, so at least when people call back, they're not paying an arm and a leg for the call if they don't realize the number is non-US.

#1 is a key point here, and understanding it is essential to solving this problem once and for all. It's not just caller ID that they're spoofing. PSTN works a bit like the internet: there are "good faith" peering agreements between telephone companies, and they rely on each other to report truthfully where a call is coming from.

However, there are many companies, especially overseas, that either deliberately shirk these duties or simply lack the funds, technology, and infrastructure to authenticate the sources of telephone calls. The result is something akin to IP address spoofing.

Without imposing major infrastructure overhauls on foreign nations, there's little the US government can do to eliminate these problems.

Here in the UK, nowadays almost all robocalls and scam calls are coming from outside the UK. Mostly India as far as I can tell (they've sworn at me in Hindi).

What you are missing is, the people abusing the phone number are typically not the owners. For example you can get a phone number from Twilio for $1/mo, and spam people from it. Just like you can upload a copyrighted song to YouTube, or download an MP3 from your ISP-provided internet. Owning the "platform" puts some responsibility on you, but it's not expected that you can stop ALL bad activity in its tracks.

What can be done though, is monitoring for massive calling patterns at the PSTN level, but big telcos are not interested/incentivized in stopping Robocalls because it generates a lot of $$ when the calls travel over the legacy phone network.

You punish the accountable parties appropriately.

When Twilio gets a $100k fine for abuse of the $1/mo number, they'll govern the behavior of their customer better and probably eliminate 80% of the bad actors in hours. You could also modify the regulation of interstate carriers to make it expensive to spam entire exchanges with junk calls, or even require licensing to utilize the PSTN. (Which allows you to punish licensees for bad behavior.)

These are all solvable problems, big companies respond quickly to sticks and over time to carrots.

I'm currently working on a tool that would force callers to answer a small math problem (similar to a CAPTCHA) before the service would forward the call to you. Effectively robot call screening. https://callshield.io/

Between this and email, I wonder if we need to start over with an opt-in system for contacts. I know that brings in a whole mountain of other problems. But maybe if we slowly adapted to that rather of the mountain of problems with our current blacklist (if that) approach, the outcome will be preferable.

There is a progression:

  - opt-in (just you)
  - referrals (some of your friends)
  - delegation (a business you trust to do screening)
  - reputation (some segment of society you care about)
  - free for all
I doubt you will want either extremes.

This is a perfect example of why government doesn't come up with good solutions and often just makes it worse.

What confuses me about this is that Apple could solve this in two seconds by allowing contact whitelists where only incoming calls in your contacts are accepted and everything else is sent to voicemail or dropped.

Is there a law against this or something?

Nomorobo, Robokiller, Hiya all do an okay job as blacklisting applications but that seems like the wrong way to go about it.

Some suggest using do not disturb to do this, but that blocks all notifications (including from texts) so it is not a viable solution.

You'd still miss out, like with the surgeon's example of a patient calling.

It doesn't need a technological solution at all. In the UK and Germany, there were some calls, but it was rare, not even once a month. Do-not-call lists are enforced, and e.g. the ICO can fine directors of companies, not just the companies. Reporting nuisance calls can be done on a website, immediately.

Then again, in the US, everything requires a phone number, which is problem number 1, even having mail sent to my house. Why exactly? Second, I would pay for a wildcard phone number service that forwards to my mobile, and lets me track leaked info like I do with wildcard email domains.

Patient calls surgeon's professional number, and their office switchboard forwards it to the surgeon from the "Incoming Patient Call" number, which is whitelisted in the surgeon's phone.

Why would a patient be dialing their doctor directly, anyway? Any reason I can think of would still allow for the physician to whitelist that person in their contact list. Most of the time, the doc would probably want the call recorded and transcribed for the medical records, and also billed to the patient's insurance as a patient consultation. A direct call couldn't do that without an app to help out.

All of the "business" contacts in my phone are for the main dial-in number for a company. I don't need to dial direct to Joe the mechanic or Trudy in accounts receivable or Jean-Pierre on the help desk. The business's automated switchboard can enforce business hours and vacations, and still connect me to whomever I need to speak to for that call. And if an employee needs to contact me, they don't even need to know my phone number. They can speed dial the company employee outbound number and punch in my work ticket number, and be connected automatically, from the company number. The identity authority is delegated to the individual business, instead of the proven-untrustworthy phone company.

It isn't that difficult for a business to set up their own call-management server these days.

The UK system is good, but there are still robocalls and scam calls occasionally.

If you can make your scam calls from a foreign telephone network with spoofed caller ID, or your scam is good enough you can profitably do it from prepaid anonymous SIMs, regulators claim they're powerless.

Agree, there's still room for blocking tech. Blocking calls from outside the country is simpler though.

I still think privacy laws are more effective. The only time I've had really bad robocalls was when I transferred a domain. Now, ICANN are muppets and wilfully ignore GDPR et al. Okay, so WHOIS "protection", right? But insultingly, transferring domains doesn't work with WHOIS protection, and you need to supply a real number.

(Oh well, at least in the UK I can still buy pre-paid SIM cards with only cash in every major supermarket chain.)

> You'd still miss out, like with the surgeon's example of a patient calling.

No you wouldn't. It would go to voicemail where they could leave a voicemail. Then you return the call if you want.

> Then again, in the US, everything requires a phone number, which is problem number 1, even having mail sent to my house. Why exactly?

So they have the option to SMS-spam you and resell your info (thus creating robocalls), of course. Even the coffee shop near my office wants me to register with them for a "rewards card" now. It's disgusting.

I'm in the UK, and while it's true that almost all calls from within the UK have ceased, I still periodically get a lot from outside of the UK. Usually they seem to be from India, and are pulling a tech support scam, claiming to be from Microsoft, my ISP, BT etc

Here's how to actually "solve" this problem on an iPhone:

- Pay $1.99 to buy a silent ringtone from the ringtone store.

- Make that your default ringtone.

- Give everyone who you want to be able to call you an audible ringtone.

>- Pay $1.99 to buy a silent ringtone from the ringtone store.

I would refuse to do that on principle.

You can make your own Ringtones on the iPhone, you don't need to pay for them on the Ringtone Store.

Well then make your own. If your time it takes to do so is worth less than $1.99, then your principles will have saved you money.

This doesn't really do what I want.

- Phone calls still come in and take over the phone

- I can't use vibrate anymore? Now I have to use audible rings?

You can put your phone on do not disturb and allow calls from <group>

Unfortunately, I don't _think_ this propagates to other Apple devices that are set to alert you to incoming calls. (Someone please correct me if I'm wrong on this).

iPhones still take up the whole screen when a call comes in however.

still would vibrate, right? but this is a really clever idea...

You can totally disable vibrate on ring.

Voicemails are still annoying, I have a red alert badge on the home screen and have to go in, check that it's not real, and delete it.

Would love to be able to junk filter incoming voicemail based on the transcript. Anything with "card services calling about your credit card account" or "qualify for a medical grade back or knee brace" goes straight to trash.

Of course that only works for a few months until scammers adapt and somehow make their calls less understandable to the speech to text or vary up their script more often, but we fought the same battle with email and seem to have done pretty well. Couldn't say when the last time I got a spam email in my inbox was.

I downloaded an app that automates the process of disabling voicemail entirely. I don't need it. Anyone whose call I miss can just send me a text or email.


I get some useful ones like appointment confirmations that I doubt are set up to text me if I don't pick up

I’ve set up a DID that is just a voicemail box on VoIP.ms.

All unanswered calls get forwarded to it.

I get an email mp3 of voicemails.

They don’t get deleted. And I can still access my voicemail easily if i’m Overseas or need to reference them in the future.

Costs about $1/month.

And for people I really don’t like... I just hand out that straight to voicemail number.

I find that the scam calls I get don't leave a lot of voicemails

Don't forget about calls about "your Visa Mastercard".

I've been saying for a while that Phone UX on our handheld computers is an amazing mistake. There's no other application on any computing device that we allow to be an uneasily dismissable, focus stealing modal with sound alarms in 2019. Sure, phone calls have historical weight behind them, but it is past time to rethink the UX for current usage.

If you want to see how good UX can be on a mobile device, download Microsoft Remote Desktop for android and remote into a Microsoft Windows Server instance. I just want that experience, though preferably with a Linux system, that happens to have a "phone" application.

Did anyone ever make a "desktop" phone?

Microsoft Lumia 950 got incredibly close to being a "desktop" phone. Continuum was ahead of the curve. It was really cool being able to Miracast to any capable screen and expand the phone out onto a larger screen, even if you still only had access to "mobile" apps on that larger screen, most just worked fine. Add a Bluetooth keyboard and mouse for even more of a "desktop phone" experience.

The interesting part too is right now people are playing with Windows 10 on ARM on the Lumia 950 hardware (which is supposed to be a generation too old in ARM processor, but seems in practice to work just fine). The latest Windows 10 on ARM builds have x86 emulation and Win32 support and suddenly you also have access to 32-bit Windows apps going back forever on the device. (One video has someone load up even Steam and Fallout 1 on that hardware.) So they truly are "desktop" phones today, just maybe too late for that to be useful to phone market.

Yes. It was the ICL One Per Desk. (-:

> What confuses me about this is that Apple could solve this in two seconds by allowing contact whitelists where only incoming calls in your contacts are accepted and everything else is sent to voicemail or dropped.

Now you missed the reminder from your dentist, a call from that relative whose new number you forgot to save, and you have 600 recruiters and other stale business contacts in your address book because you wanted to hear from them but you're still getting spam calls because the spammers were smart enough to start spoofing numbers like the local utility companies for your area code.

There are many technical fixes which sound good until you think about what an adversary with a profit margin would do to work around them. What will work is fixing the underlying telephone system so Caller ID / ANI are reliable enough to use for filtering and law enforcement. The major telephone companies didn't want to spend the money last time, and they profit from all of these calls now, but if it became a regulatory requirement that would change.

I don't care about any of those automated reminders (most come via text and email anyway). In my solution they'd also go straight to voicemail which is fine.

It'd give me the power to cull down my contacts to what I want and solve the problem.

Neighborhood spoofing is an issue, but if you have a pretty clean contacts list they're unlikely to get an exact match.

Now you missed the reminder from your dentist, a call from that relative whose new number you forgot to save

These are the types of people who leave voicemails. Robocallers are not...

In my experience, the robocallers are more likely to leave voicemail. You just get the first 10 seconds of their recording chopped off and the rest in your mailbox. So now you've just moved your issue from live calls to having to check your mailbox periodically to see if there's anything important mixed with the spam. Plus the added possibility that a legit caller doesn't leave a message, and something important gets delayed due to an inability to contact you.

… and? The point is that trying to maintain a 100% accurate list of numbers from which you want to receive calls from is a non-trivial amount of work AND it's useless as long as the spammer can just forge the number of someone legitimate.

We found out that a business we asked to call us shows up with no caller id, it was because of Google services. Plus in many cellular networks its not common for the caller id information to be passed.

While I would like more tools on phones by various providers this problem as a whole needs to be solved by those routing the calls. How that works I don't know, I always thought ANI was the end all solution but IP calling circumvents that?

A major Canadian wireless provider used to have a screwed up ANI system where it just reported the area code and exchange code followed by 9999.

Enough information for them to bill my provider, but not enough to let me know who’s calling.

You can already do that in Android (which is the majority of people). Not solved.

People have phones that are not smart phones.

Caller ID is frequency faked.

Is there a law against this or something?

Common sense? In what universe is that a solution?

Shoutout to Google and their "Screen Call" feature in android. I screen every call from an unrecognized number. If I see it's my Doctors office I pick up. If not, mark as spam. I can do this in the middle of a meeting without interrupting anything.

Oh yes it's beautiful. Though I wish I could view and listen to the audio after the call. The screening makes a hash of the speech to text sometimes.

It's really, really, great. I think they reserve it for Pixel, though? In any case, it's very convenient.

As someone who used to work for a telco, please be aware that they could solve this at any time. They choose not to. I wonder if they have a secret list, though, of numbers that should never get robocalls. Aka congressmen.

Make it mandatory $10000/call fine + prison sentence and teach users how to get a money trail.

Then the hunt will get efficiently crowdsourced.

After few well publicized cases the problem will greatly diminish.

Good luck getting a money trail with out of country scammers.

This assumes the offenders are in the same country as you.

Hunters in that other country can also help for a cut.


The same way the US is getting Canada to extradite that Huawei executive.

Google voice seems to do a great job filtering out the spam. I can't remember the last time I got one with my voice number.

Agreed. Ever since I moved my number to Google Voice, I was able to create an "Accept Calls" white list. It was even easier since my contacts were already in Google.

interesting. my robocall numbers dropped significantly when I stopped forwarding my google voice number to my phone. I still get the voicemails, missed call list, and texts when I log in to the voice portal, and get to see what I missed - they just aren't going to my phone anymore.

Been experiencing robocalls too. I use Hiya, but it's not a complete solution. Now I just let every call I don't recognize go to voicemail unless they call twice. It really sucks for the elderly, the sick, and the otherwise vulnerable because they're more desperate to hear from a doctor or caretaker or somebody without saved contact information / less technically savvy or on a landline / otherwise more likely to fall to these scams.

I'm wondering, is VoIP easier to call block than general call service? If it is, the inability or unwillingness by the telecoms to address this issue might prove to be a systemic disadvantage (though I'm pretty sure they make most of their margin nowadays from selling cellular data).

I used to do what you do and let the call through if they call back. Sometime in the past year I've gotten on some autodialer list that will hit me up 6 times within a 30 second period if I reject the first call, so now I pretty much have to send anyone not in my address book straight to voicemail. It's not convenient, but at least I don't have to conduct a lot of business over the phone anymore.

What Apple & Google really should do is build the functionality of Hiya or Youmail into their mobile OSes.

My Pixel phone already does that fairly well. I think it might be a recent Android feature?

It is a feature google only offers to their own phones...ever since leaving my Nexus, my spam calls have been a plague

I imagine the people doing robo calls spend an insane amount of money with Google?

The outfits doing this don't tend to be the wealthiest and won't be spending insane amount of money with Google anyways since they're relying on phone advertising.

And anyways, Google isn't some new organization struggling to keep the lights on. They're pretty far in the black and they can afford to forgo a little bit of revenue if it means they can improve their product moat.

I recently turned on "do not disturb" mode on my pixel phone once I started getting about 400% more robocalls than real calls per day. It's actually nice because now my phone only rings for people in my contacts list. So I'm in whitelist mode.

However, it's insane that I have to do this. At this point, having a phone with actual phone service seems basically pointless. It's one of those things that I pay for because I'm so used to paying for it.

We need attribution on caller ID info as a first step. Caller ID should read

"212-555-1212 per T-Mobile, CenturyLink, Adino". Like mail headers. T-Mobile says the call came in from CenturyLink. CenturyLink says it came in from Adino. The telco knows most of this now, they just don't pass it forward. Someone upstream may be lying, but you can usually tell. If the number is US local but the path goes through Mumbai, something is wrong.

Actually, the telephone companies are often in the same boat as you, not knowing anything more than the immediate inbound carrier. Not all signalling protocols could even relay the information that you are talking about.

I loathe Ajit Pai as much as anyone but the FCC and Telcos have been fairly swift (by the glacial standards of telecom standards) in coming up with a fix for forged CallerID known as SHAKEN/STIR.

It's still about a year from being deployed, and it's unclear how legacy landlines will be covered, given Nortel's been bankrupt for a decade and Lucent (know Nokia) has been out of the switch business for at least as long (an aunt of mine used to work on the 5ESS software until she was laid off about 15 years ago. She's now a realtor and makes far better money, so I guess nothing lost).

They're doing this out of not-so-enlightened self-interest. Voice is still a huge part of telco revenue and they can see people abandoning voice outright if the last year's trend of 75+% of all calls being spam continues. Millennials have already adopted social standards of phone calls being considered intrusive and rude.

Just an observation, unless Congress includes political calls in this legislation then I am not truly impressed. They are no more welcome to call me than the knee brace lady is.

Just because I voted in an election; and why do they know which party/who I vote for; does not give them the right to call me. I don't care if they are in office or not.

Yeah, I noticed that the bill was called "Stopping Bad Robocalls", implying that there are "good" robocalls too, and I knew immediately that it wouldn't help with the political ones.

It feels like phone companies have basically destroyed their business model by turning a blind eye to robocalls and telemarketers. The other day I was filling out a form and it had like 3 different phone number fields, and I was thinking "we're shockingly close to those getting filled with N/A" as I was putting the same number in them. And I'm not even particularly young.

This service is quite fun: https://jollyrogertelephone.com/

One time I got phone-DDoS'd by a robocaller who was using my number to call everyone else in my area code. Then for several hours, people were calling me back nonstop and saying "Calling you back...".

Incredibly annoying. When I complained to my phone provider they basically said there is no way to stop it since the callback numbers are spoofed and they apparently have no logs at all. Its _unreal_.

This actually happened a few months ago with my work phone number, which I had forwarded to my cell. Within tens of minutes, my cell voicemail box was completely full. Luckily I just had to stop forwarding calls to my cell and disconnect my work phone (which I never really used anymore).

Before I figured out it was my work number that had been 'stolen', I was talking to my cell carrier (tmobile) who basically said the only 'solution' was to get a different phone number. This would be an excellent way to DoS a competitor, for example..

Is it even possible to stop robocalls when they are spoofing the numbers? I have had instances where the robocall comes from my own phone number.

Is this generating a lot of revenue for the service providers? I think it must be or they wouldn't allow it to go on. Surely if one provider marketed themselves as blocking robocalls, they would get a large influx of business.

IIRC one of the main selling points of gmail when it started was that it had a much better spam filter than other services at the time.

Phone companies are required to connect all phone calls in the US. So they can't really do anything about it. Spam callers can go to any disreputable carrier and all other carriers have to connect their calls.

There was actually a really weird phone scam going back a while that was just making calls that tried to keep people on the line as long as possible to make money off of the interconnect fees companies can charge each other.



I use Callcentric VoIP and whitelist known numbers. For all others, they are told to press a random digit before it connects.

Here is my simple strategy. It doesn't work perfectly, but it increases the probability that I will answer an important call and let an unimportant call go to voice mail.

I change the ringtone for everyone on my contact list to be different from the default ringtone. I do it when I create the contact. That's it. Two ringtones: they're a contact or they aren't.

When I hear my phone ringing in the other room, in my pocket with friends, on the bus, I know whether I may be interested in either taking the call immediately or listening to the voice mail fairly soon.

For one added level of differentiation, I use a very few other special ringtones: -- one that sounds like knocking on the door when I receive a call or text from Amazon or UPS and other delivery services -- a strident one when my doorbell rings (in my apartment complex, the exterior doorbell calls a phone) -- immediate family has a different one

I just realized since moving to Vietnam and getting a Vietnam number, no more robocalls. Zero. Nilch. Maybe everyone in the U.S. should buy a sim card from a poor international country for a few months time. If enough people did this, I bet the feds would magically find a solution that starts to work.

What I don't quite understand is, how can the NSA and/or other three letter agencies reliably collect meta data on calls and how can the telcos reliably charge for calls and services, yet we are unable to stop robocalling...

Legally carriers are required to connect all calls in the US. That provision is pretty important but leaves the system open to abuse. I hope we can find a way to block out robocalls without allowing the phone system to balkanize.


Federal law also says you can't sell marijuana. However the government has pretty much decided to not prosecute that for some time. In general it's hard to believe that any law such as that would not defacto allow an exception for what can be shown as an abusive behavior. Under the theory that the law says 'you are required to connect all calls' you could say that carriers could not legally block someone who keeps calling a phone number in an abusive manner (with or w/o the permission or at the request of the customer).

The big companies aren't going to move until they get some guidance on where the line between blocking some numbers and systematically blocking numbers deemed to be 'abusive' based on the companies own criteria. Of course today you can request specific number be blocked from calling you of course but no one is currently trying that because the dangers of crossing the blurry line can be severe.

Your comparison isn't much more useful than 'prosecutorial discretion exists therefore do any crime you want.' Multibillion dollar companies aren't going to just go out and blaze a trail like that. We even see this in the (spurious) comparison to marijuana, the first companies to step out and test the state vs federal divide were small and local and only after those companies figured out some of the issues did we get large and larger companies coming in. (Though they're still all independent arms because of the difficulties accessing banking because of the federal laws still in place!)

I'm about as confident something will come of this bill as I am that my house will one day get up and fly away into the sunset.

Any bill passed is going to be under the purview of the FCC to enforce if signed into law. Yes, the same FCC that allows telecoms to continually run roughshod over consumers contrary to anti-trust laws that have been on the books for ages. Unless this becomes a problem for the companies that provide phone service, which it apparently isn't due to the fact that it is still rampant, nothing will be done other than public finger wagging.

This has made me so frustrated with my phone. I see it as only an entertainment device at this point and only use the phone with a small select group of people, rejecting all other calls as its gone insane.

Got some felling these robocalls mostly are a USA thing. From France where I happen to currently live, unsolicited cold-calls unrelated to my whereabouts are really rare. I've no idea if there's some law leading to such differences.

I've only once in my life been harassed by some polling company that really wanted me to answer lots of questions. Eventually felt strong enough to go through the process, last question was "would you be open to participate in future polls we may have?" → HELL NO! and never heard from them again :)

Tech solution is Whitelist + Pay To Connect.

Anyone on my list rings through. Everyone else can pay to connect, whatever amount I set, and if I like your call I'll whitelist you and refund the money.

Email, same.

Haha. 10 years ago the carriers were flogging the voip ISPs over putative origination fraud and _robocalls_. Lots of us in the industry proposed solutions(mine)[1]. We also built some interesting and very effective ML systems to detect the originators in real time.

Here we are 10 years later no further down the road. Sad.

[1] https://patents.google.com/patent/US20080240082A1/en

No, the solution is technological and close at hand:

An obnoxious voice synthesizer that takes the agent on a long and fruitless journey.

The people who do robocalls are only using the robot to get you into a conversation. At that stage -at least when I've been called- a human takes over and tries to talk you into whatever it is they're selling.

If you eat up the person's time with GPT-2 generated BS that's voice synthesized, the operator wastes his time.

My non-scalable solution:

I occasionally answer the robocalls, get through to a human, establish common ground, and then let the caller know how they are helping to commit fraud.

My goal is to in some way provide a feedback system. I don’t think that this is the responsibility of the consumer, but like most of us, I’m desperately interested in solving this problem.

Thank you for your service.

Actually what you're doing isn't really non-scalable-- the spam calls are just not viable if even a small percentage of non-victims waste their time.

(Though I've noticed now that they're automating more of the calls, it takes some effort to get through to a human... and the automation is starting to sound surprisingly realistic)

Hiya handles this for me so it's not a problem https://hiya.com/. It will block spam calls and whitelist contacts. It's kind of annoying that the caller can still leave a voicemail but at least you don't get bothered by your phone ringing.

Maybe it's just as well that the phone system is being destroyed by robocalls - it's a great excuse to ignore all incoming calls, or not to have a voice number at all.

If the FCC and phone companies continue to do nothing, the problem may eventually correct itself as the phone system becomes unusable by humans.

Robokiller is an amazing app that has dropped by robocalls to almost zero. It's paid but well worth it imo

I'm a long time user of "Should I Answer" Android app which is a godsend. It works by allowing people to categorize numbers that called them, so next time number X tries to cold call you or scam you, you get overlay with sign that's probably a nefarious or at least spammy number.

We should destroy phone numbers instead, not only for spam, but for privacy and security. You might as well wear an RFID on your collar.

Replace phone numbers with DNS and spam blocking. Change it when you want instead of asking your provider. Tell people to contact you through your website.

Sounds good. Would you mind getting in touch with my mom to explain that system to her? THANKS!


It was a vapid response but a sincere criticism: your proposed system is too complex for a layperson.

This being HN, everyone has a technological solution or workaround to the calls themselves. Why can't we simply go after the companies that are being advertised during the robocall? They all have a link or number back to the actual company being advertised.

What makes you think the link or number is legitimate?

Or, better said: what makes you think the link or number is enforceable in the U.S.?

If I cannot hide from the police, robocallers should not be able to hide from me.

- I want all non-contact-list calls to auto-go to voicemail.

Apple? Why is it so hard to implement?

I've always been impressed with how professional they sound. I want to know where is this seedy marketplace of robocall scam companies and desperate voice actors.

What are robocalls? Do they just call random numbers and have a computer voice read an ad? Is it like unsolicited faxing from back in the day?

"It has been brought to our attention that your Google Plus Profile..... " is this for real???

I’d rather destroy the people who utilize them.

Ultimately, the problem isn’t tech, it’s people who misuse it.

Good luck ever fixing SS7. Just abandon it, seriously... If you can. Your life will be easier.

Why are so many NYtimes posted on this site?

Likely because it's among the most prominent news outlets in the world, and it covers many of the topics that are of interest to HN readers.


It's a flamebait tagline, to be sure, but we're responsible for our own discussion here on Hacker News and there's just nothing good down this road.


> We all, left and right, agree that Trump is worse than robocalls.

I'm having trouble imagining Republicans have have >89% support for robocalls, so I have doubts of your proposed left-right consensus on Trump vs. robocalls.


Don't feed the troll.

Are you referring to me? The article's author is clearly the troll here! The only thing above the fold is a statement baked in hateful ideology, clearly meant to anger and upset the readers. I'm not the troll here, I'm standing to defend basic human decency.

The author is the troll.

> I'm having trouble imagining Republicans have have >89% support for robocalls

Really? Why though? I would assume they do. Robocalls are the maximum free-market ideal communication / ad mechanism. Aren't Republicans constantly trying to get less regulation in the US? Constantly removing laws around protecting consumers from this stuff?

I would assume most Republicans are in favor of Robocalls.

You must not talk to many Republicans.

I sure don't. I'd like to, but most Republicans seem to want me to die. They vote out the very existence of people like me, denying our right to safety and to live as freely and openly as they do. So it's quite scary, talking in person with people who encourage me to commit suicide based on my beliefs or identity, and even pass laws that seem to serve no purpose but to cause pain to others.

I'll be here to talk to Republicans, or anywhere really. But they'd have to meet halfway and stop the intentional causing of pain on minorities before that can happen.

The last time I sat in a restaurant with Republicans they both encouraged me to stop breathing and kill myself, because "that would be the best thing for the environment right?" as I wouldn't be exhaling CO2 any more. No thanks. I've tried hard but it's too dangerous.

Quite the chip on your shoulder. I feel sorry for you.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact