Hacker News new | past | comments | ask | show | jobs | submit login
Phone Companies Ink Deal With All 50 States And D.C. To Combat Robocalls (npr.org)
123 points by pseudolus 52 days ago | hide | past | web | favorite | 112 comments

As much as SHAKEN/STIR is a fun tech, I think the article misses the part which will actually hurt the callers:

> Require Traceback Cooperation in Contracts. For all new and renegotiated contracts governing the transport of voice calls, use best efforts to require cooperation in traceback investigations by identifying the upstream provider from which the suspected illegal robocall entered its network or by identifying its own customer if the call originated in its network.

This is the amazing low-tech solution: It basically means companies will stop ignoring what they knew is happening for ages. As long as LE takes on the uncovered sources, I feel like this is the most important principle.

I'd have more faith in it if it didn't include the phrase "use best efforts."

I'm pretty sure that's basically lawyer-speak for "you can't sue us if a robocall gets through; we never committed to anything". Don't worry about it, if they follow through and it works it won't have meant much if they said that.

> Don't worry about it, if they follow through and it works it won't have meant much if they said that.

That's a pretty big if though, and if it doesn't work that statement precludes recourse.

They were never going to give you recourse anyhow. They'd be idiots to do so. I certainly would not be willing to personally guarantee that hostile, intelligent human beings will not find some way past the security I implement. I'd love to be able to, but when the opposition is as smart as you and generally endowed with more time and motivation, giving out lots of recourse if they do manage to score some points is a fast route to bankruptcy.

If you think about it, most of our normal concepts of "recourse" involve things entirely under the other party's control, and in serious contracts, still often have a call out of "acts of God". It'd be like a football team offering legal recourse if the other team wins; not the brightest move.

In other words, don’t transport calls coming from “bad neighbourhoods”.

Just like blocking .ru IPs or non-ARIN IPs on your local theatre blog.

No, I'd really disagree with that comparison. You don't block countries in telco. You can penalise telcos with too high ratio of spam calls with higher rates for example, but that's completely different from blocking whole country which will send you legitimate traffic and you'll be losing customers over it.

Slightly OT, but android's "screen call" feature has been my number 1 tool is fighting the robocall battle. It's more responsive than the "let all calls go to voicemail" approach, and 80% of robocalls disconnect by themselves when the bot starts talking. It still requires my live "attention" when the call is going through but I'm not that upset about a few wasted seconds, especially if it lets me grab a legitimate call when it's happening.


I love this feature a lot. I wish it could kind of combine with voicemail with a recording of the call but then its treading on the 'visual voicemail' territory.

I agree it's great, I really like it. Seems like the smarter bots don't disconnect and now they talk in order to get the pitch transcribed with the hopes you'll pick up.

Glad you like it. We're hiring :-)

Has GOOG ever not been hiring?

Another "free" google service, that's subsidized by your data.

I started getting the "Apple Support" scam robocall a couple weeks ago, and I decided to have some fun with the operator who tries to get you to install malware on your system. Slow playing, playing dumb, acting like they are talking about fruit not computers, and so on. It was fun for a little bit.

So they must have put me on a different list. Now I get the same call with the same intro, but when you press "1" - it connects you not to the scam operator, but to another hapless individual who's been robo-dialed. I get this call about 10x a day now.

I hope they throw the book at these clowns.

Did this once, after 40 minutes or so of pretending to run a dozen different diagnostic tests on my computer the guy asked me to read him an error from the log. I told him it said something like "Fatal System Exception 0x0051: Someone is trying to play a scam on you."

He just screamed "fuck you!" and hung up.

Product Idea: Scam caller time waster.

When you get a call, press a button to redirect them to your time waster. Hire them from the same area that the scammers hire people for these things.

Already done.

See https://jollyrogertelephone.com/ and enjoy.

Oooh, and if you like that stuff.. my wife and I love a good Saturday night watching things like this: https://www.youtube.com/results?search_query=%23ScammerRevol...

I like ScammerRevolts a bit more than the others simply because he fucks up the scammers' computers... :)

well done - kitboga would have been proud!

Context: kitboga[1] is a streamer on Twitch.tv who makes a living of wasting scammers' time. He uses voice modulation and a variety of tools (such as a fake banking website) to increase credibility in the eyes of the scammers he gets on the phone.

[1] https://www.twitch.tv/kitboga

Yep, I did this once with "Credit card services" and after about 20 minutes, I had gotten all the way to level 3. Level 2 was a hapless individual, but level 3 was a smooth talking ahole that was amazingly adept at manipulation. When I hung up he immediately called back and I told him I had been called dozens of times by this scam and this was my way of getting back at him. Click. 20 seconds later my phone rings and a person is screaming at me, telling me he wants off the list, etc, etc.

I unhooked my phone and called AT&T and tried to report it. They tried to get me to go through some absurd process and I dropped it.

I had someone going for a while trying to figure out when they could clean my ducks.

I’m waiting for the hair duct cleaners to call back. The ducts aren’t putting out as much hair as they used to :(

I accidentally discovered a way to battle this. I had a phone number from a different state, far away from the state I'm living right now. I often get calls from the old state which I have no business with, and occasionally get calls from other states (not the one I'm living in) to test to see if I pick up. Robo caller has 1/50 chance of hitting the right state, even lower for hitting the right region.

I let all strange and not-in-my-contact numbers go to voice mail which I left in default. If it's important enough, hit my voice mail, I will call back. I got vastly reduced number of robocalls in the past year or so this way.

This can backfire. I have a similar set up, area code and number from state I used to live in, half way across the US. One of the businesses local to where I now live uses some sort of "least cost" attempt at routing calls out of call centers in or close to the area code of the number they're calling. The result? A call from an agent at a business which is 5 miles away from me sounds worse than the transatlantic calls I used get from my dad in the 80s.

It also helps to have that phone number in a low-value NPA. Robocallers have advanced beyond just random numbers now. They're targeting specific area codes and prefixes based on conversion rates.

Oh, I just got rid of voicemail all together. Just let it ring, then drop, if I don't know it.

My friend used the Off-Hook tone [0] as th initial sound on their voicemail, then followed by them actually leaving an invation to leave a message. It seemed for a while there that the robocall would just interpert the off-hook tone as a dead number and not wait the 3 seconds. But then they started waiting until the line dropped and that trick stopped working.

[0] https://en.wikipedia.org/wiki/Off-hook_tone

I'd like voicemail only for people in my address book.

It feels like there are so many easy ways to make the phone app better yet nothing ever seems to change with it. My phone is in my pocket now instead of on my desk, but it's basically the same thing I had in 1982. Why is there so little innovation around the telephone and voice calls?

Well, one reason might be that people who are not in your address book--who you can otherwise easily "Do Not Disturb"--may be emergency calls related to people you know but the originators, e.g. police/hospital are not in your contacts list. Those are more or less exactly the sort of calls I want to be able to leave a voicemail even if I don't otherwise process their call.

Unfortunately, it means I get various voicemails threatening to delete my SSN or that police are coming to arrest me. But, other than making it harder for scammers, I'm not sure what the fix is other than basically switching your phone to a pure whitelist system.

You're agreeing with me, I think. There's a ton of innovation possible with the phone app that isn't happening. There's no reason there couldn't be curated white lists that you subscribe to for stuff like that.

Why is there so little innovation around the telephone and voice calls?

I imagine patent trolls are to thank for this state of affairs, along with the system that enables them.

I don't have any evidence of that, though.

I've been using that trick for a few years... The problem I have with it, even with hiya installed, is that it still causes me to lose concentration and all of my blood to boil. If I had my hands on the people doing this...

I’ve been doing the same for years and years and get more calls than ever. A fair chunk of them now leave voicemails, and at least half of those aren’t in a language I speak.

I've extended my voicemail 'greeting' to around 20 seconds and I stopped getting voicemails.

I have dual SIMs, the oldest having a number from another state. The old number was publicly disclosed on resumes and gets hammered with robocalls from the same area code. The new one is only used for businesses I have accounts with and remains mostly silent.

""I salute today's bipartisan, nationwide effort to encourage best practices for combating robocalls and spoofing and am pleased that several voice service providers have agreed to abide by them," said FCC Chairman Ajit Pai in a statement."

This guy is THE absolute worst. 51 attorneys general were able to rally to a cause that the chairman of the FCC could only pay marginal attention to (and under duress at that; he didn't pay this issue any attention until political blowback started).

I try to be charitable in my assumptions about the motives of civil servants. I think their jobs are more difficult than most imagine, and the press coverage isn't always fair.

But I'm really struggling to find a charitable explanation for how Ajit Pai is conducting himself as FCC commissioner.

Can anyone think of a plausible theory that doesn't involve malice [EDIT: I should have said "self-serving" instead of "malice"] or extreme incompetence on his part?

> for how Ajit Pai is conducting himself as FCC commissioner.

What things are bothering you? Unlike the insinuation of the person your replied to, in reality he worked on this Caller ID issue almost immediately upon becoming chairman. (He put out an action paper July 2017, and became Chairman in January.)

Net Neutrality seems to have had zero actual (as opposed to theoretical) problems, so that wasn't a problem either.

So what things are you seeing that you want explanations for?

My problems with Pai's leadership are the same gripes you'll find from Googling those various issues. Apologies but I don't have time to dig up references at the moment.

ars 52 days ago [flagged]

So basically you have no gripes?

> "But I'm really struggling to find a charitable explanation"

An explanation for what?? Ajit Pai was the one who got this Called ID situation taken care of. What in the world do you have to complain about?

I don't need references - what are you complaining about?

His quality is a feature, not a bug. He is doing an absolutely perfect A+ job from the perspective of those who put him there.

Wasn't he hired by Obama?

By Obama, but he was required to pick a Republican for the slot, so McConnell made the recommendation (and would've likely filibustered anyone he didn't approve of). Trump made him Chairman.

> but he was required to pick a Republican for the slot

How was he required to?


> The commission is made up of six members, who are appointed by the president of the United States and confirmed by the United States Senate. Each member serves a six-year term, and two seats are subject to appointment every two years. By law, no more than three commissioners can be members of the same political party, and at least four votes are required for any official commission action.

(Legally, I suppose he could've nominated someone from a third party for the slot, but practically that would've died with McConnell in the Senate.)

The independent-commission rules mandating partisan equality have always struck me as constitutionally dubious, at best. But after a lazy search, I can't find really any discussion of the topic.

The FCC put out this in July 2017: https://www.fcc.gov/call-authentication

Ajit Pai became chairman January 2017. So it took him a whole 6 months to work on the issue.

I really don't understand your criticism.

That would be related to the 2 following years when the problem absolutely blew up, to the point that 51 AGs had to take further action. He paid lip service but we should demand more.

Careful how you respond to spoofed ID calls.

There is no one, either individual or business, that has the same area code and prefix as my cell phone and would have any reason to call me, so when I see my area code and prefix in the caller ID, I know it is a spam call.

For quite a while, I'd respond by immediately declining the call, but I wasn't careful how I did it. It turned out I was not just hanging up or sending them to voice mail--I was hanging up and sending back a text message that said something like "I'm not available right now".

Of course the text message does not go to the spammer. It goes to the person whose number is being spoofed, who would then sometimes text me or call me trying to find out who I was and why I suddenly text them out of the blue.

Take a moment to make sure you know what the various call decline options on your phone actually do.

I got an annoyed series of text messages from someone once asking why I'd called them... I don't remember the details but it became clear pretty quickly that they were responding to one of those "same area code and exchange" spoofed calls.

It took a little bit of convincing for them to believe I wasn't the nefarious caller just pretending to be ignorant. Or they just got tired of sending me messages. Either is good, really.

Why would anyone want their "decline call" button to let the person calling that they're being intentionally ignored? That just seems terrible for both real and fake calls.

Because iPhones lock up unless you decline the call.

What I don't understand is why it is such a prevalent issue in the US but not in Europe.

I've had a couple of French phone numbers over the past 15 years and I can't recall a single time I got spam call (though I did get an occasional spam text message with a shady link). I know my parents occasionally get some call but it's a small handful of offenders that keep repeating the same call again and again.

I don't think it's a technical difference as you can make call using IPBX/VOIP without too much trouble here.

Isn't it because local calls are free in America, but they've never really been free here. Also I do get spam calls in the UK occasionally. Maybe once every couple of months.

Also they're more obvious because they're always from a landline number, and barely anyone uses landlines anymore. In America landline and mobile numbers are mixed so you can't tell (as far as I know).

Oh, I’m sure American telcos get paid to terminate calls, it’s just a tiny amount (less than 1 cent/minute). It’s still worth it for the scammers, and the telcos like the extra revenue, especially as POTS declines.

My VOIP provider charges a lot more for EU call termination, which probably makes scattershot robocalls unprofitable.

The way I handle this is to create a contact called SPAM RISK and add all the spam calls I get to that contact. My siblings do the same. Once a month, when we go to our parent's house, we sync this contact (we block this "caller"). Our parents are getting old and are starting to fall prey to these robo callers. I haven't figured out another way to help them...

I am using Google's dialer on android, and it's been very effective with identifying spam callers...

disclaimer: google employee.

Suggestion... Don't block Google dialer app from a majority of non-Google phones.

Google employees do not agree with all of the things Google does.

Disclaimer: also google employee.

in fact, i disagree with a healthy portion of it.

Edit: I don't think he's being negative - he's saying "don't do it" and i agree.

...or maybe even offer those features to Google Voice's dialer, as well.

I'm using robokiller (https://www.robokiller.com) which does a decent job of "getting ahead" of fraud numbers, especially of the local number spoofing variety.

The escalation is that spammers will spoof well known local numbers (e.g. the doctor office)

Lately, I've been getting them spoofed as the local WalMart

I was doing that for a while and stopped when I never got a duplicate.

Thats a good start. What about telling them to never answer a call from an unknown number. Any legit call will leave a voicemail and that will weed out a large number of scammers.

Next, if the voicemail is clearly a robot voice, make sure they don’t respond until checking with you first. That should weed out another big chunk.

> What about telling them to never answer a call from an unknown number.

Just yesterday, I got a call with caller ID for Chase bank, audio in Chinese. Trusting caller ID is a bad choice (at least currently)

Exactly! Telling people to "only pick up from numbers you know" is not good advice. The whole point of this article is that caller IDs can be spoofed. That's what these new protocols are all about.

2 or 3 weeks ago I got my first call from "Comcast", which I do not have a contact for. I was surprised because I didn't even know the system as a whole was capable of that. I've never seen a non-contact name come up in my phone UI before, only phone numbers, or phone numbers mapped to my contacts.

On the plus side, when I get a call from a textual non-contact number it's a heck of a strong signal I don't need to pick up.

Many telemarketers have switched to "soundboards" which use responses pre-recorded from native speakers. It's increasingly difficult to recognize that a robot is talking to you. You can ask them if they're a robot, and they have a pre-recorded answer ready for you.

They have a finite set of responses, though. Ask them what the difference is between a burrito and an enchilada.

Waste their time. If I'm not too busy. I answer their phone calls and I waste as much time as possible. If everyone answered the calls, kept them on phone for a minute. They would find something else to do. I kept one on for almost 10 minutes today. Insurance call, I told them I don't have the VIN and have to go downstairs to get it. Told them I live on the 8th floor and we don't have a working elevator. Told them I'm on a crutch and walking slow. The idiot was willing to wait until I told them I got downstairs and needed to go back up to get my car key.

I use the "my wallet is upstairs" and "wait, having trouble finding my wallet" when a CC is needed. I routinely keep them on the line for 10m while I work, then tell them why I did it. Sometimes they debate me, mostly they hang up angry.

I usually start with, "hey, quick question before I give you the CC#: why did you spoof your number?" I had one guy try and tell me I didn't understand "VoIP, that's just how it works." Weirdly, I ended up hanging up on him, because he wanted to continue to argue after I told him he was wrong.

I just got a call yesterday with the caller ID "CHASE ATM" and when I let Google screen the call it was one of those Chinese language scam calls. I get ~2-3 of these scam calls in Chinese a day, even though I'm Irish. It's fucking irritating, but the fact that they can be so brazen as to have "CHASE ATM" as the caller ID is dumbfounding. It's a goddamn shame our government can't function and scams like this are allowed to flourish.

I'm waiting for the "gotchas" to come to light that will allow the status quo to continue. Seems par for the course so far.

Most of the daily spam calls I get connect from my area code (which is a secondary area code that I haven’t lived in for 15 years). Just yesterday I installed an app that lets me block the whole area code, minus my contacts!

Do you live in Ireland? If so, it's a bit sad for me to learn that this robocall garbage is present in other developed countries, not just the US...

No, Chicago.

Is robocalling mainly a US issue? I don't think I ever faced robocalls in Western Europe.

Is robocalling mainly a US issue? I don't think I ever faced robocalls in Western Europe.

I've seen Europeans on HN complaining about robocalls. I'm pretty sure Germany is one of the countries that gets them.

We also get robocalls, had a few cases where neighbours got contacted by "Microsoft support". But one can report to the Bundesnetzagentur. Don't know how effective they are.

They exist and I have got them. But the frequency is about one per year. Wheres here in the US I now get about one per day.

I've been in Germany for a while and I did not receive any yet.

It’s more expensive to terminate calls to EU numbers, so profitability needs to be higher for random dialing.

Also depends on whether your EU country has a developing nation source for < 1 EUR/hr labour.

France and UK, sure. Germany and Italy, not so much.

iOS 13 fixes this by finally adding a white list option that sends all non contact numbers to voicemail.

I haven’t gotten a robocall since the beta started and it’s been great.

Yep. Such a simple solution that covers 90% of spam/scam problem and yet I still have to install 3rd party dialer apps on Android to get that functionality. :(

I have a simple low tech solution that is practical for m̶o̶s̶t̶ some.

Change your number to an area code that is outside of where you live - ideally a different state altogether.

If you get a call from an area code outside of where you live it’s probably Robo. If you get a call from area code of where you actually live, it’s probably legit. Ex: kids school, daycare, healthcare provider etc.

I'd say changing one's phone number to be of a state they don't reside is not practical for most.

Agree, "most" was a bad word choice, "some" is probably better.

Why not? Do US area codes actually do something in 2019?

I would suggest changing some to few.

People move around. My legitimate calls can be from all over, even when it is just the coworker in the cubicle over who lived somewhere else 15 years ago.

The old practice of "my area code is where i lived 10 years ago" has an unexpected pleasant side effect.

Wouldn't iOS and Android builds that have a switch to only allow inbound calls from numbers in contacts effectively end robocalls to most cellphones?

This idea doesn't work for landlines, of course.

For legitimate new callers, they'd be shunted just once.

And... what if you don't have a smart phone? Did you forget that there are other kinds of cellphones too?

The issue is that the telephone system basically has no security/privacy/abuse defense mechanisms, and phone companies have done nearly nothing to fix that in the last 100 years. Well, unless your scam is stealing from the phone company (ala phreakers). Then maybe they'd try to fix it.

Yes - iOS 13 finally adds this and I can confirm it works great.

Some additional features I'd like to see:

- Allow repeated calls through the second time

- Allow apps to pass the filter somehow (uber, door dash etc.) or make it easily to temporarily disable for 10min.

Even without these features it's by far the best solution.

The blacklists never worked well and were just hacks.

And if they spoof a number that’s on your contacts list? A false sense of security is not the same thing as security. The solution is action by the network providers.

The latest strategy the robocallers are deploying is NOT to copy your prefix. They caught on to the blockers that do prefix filters.

I must be getting some real low-end robocallers on my work phone then, because I got six of these neighbor prefix calls just yesterday.

My wife is bombarded with fake lawsuit and IRS calls.

I get at least 3 calls a day although the volume will drop and climb here or there.

Anyone else getting a 404 clicking the "anti-robocall principles" link within the article?

I’m starting to think that maybe we should give robocallers the death penalty. Maybe there’s some sort of humanist counterargument, but I can’t think of any right now. Annoying millions and defrauding hundreds of people daily has got to cause at least as much cumulative social disruption as murder, right?

Punishment should be commensurate with crime. If the penalty for robocalling is death, then there's no disincentive from performing worse crimes to avoid punishment for robocalling.

If I'm already at risk of death penalty, I'll have fewer compunctions about assaulting or killing someone who threatens to out me.

Murder is irreversible, whereas economic damage is able to be remedied through restitution (not that it is 100% of the time, but 100% of the time you cannot restitute murder).

Capital, irreversible punishment should be for capital, irreversible acts.

Why do people perform transactions or give ANY trust over phone calls they didn't initiate directly or indirectly? It's not rocket science and I'm sorry old people are so trusting but at this point everyone should know better. At some point people have to pay for their stupidity unless you want to assign everyone a personal babysitter.

1. Treat Robocall offenders like pedophiles. Both outside and inside of prison. Problem #1 solved.

2. Auto-transfer any incoming calls not in my contact list to voicemail. Apple?

So if we have a "National Robocall Registry" for individuals like a national sex offender registry, what will that accomplish, especially given that most of these operations are not in the country they target.

If you mean getting punishment that wasn't meted out to them by a judge in prison by other inmates, this is not really how law is supposed to work; you are entitled to the punishment given to you by a judge and no more.

If you think penalties should be increased (maybe they should) then you should work logically and level-headedly within the law and lobby your representatives to increase it.

It would be better if society, especially one with so much money and resources, would find a way help the really mentally ill before they commit horrific acts or all types, instead of using primitive, childish, and retrogressive ideas of evil and good to justify revenge-based emotional acts that aren't grounded in logic. This honestly doesn't make you much better than most criminals.

Your way is really little better/civilized than vigilante justice.

And if they spoof to be someone on your contact list? The solution needs to come in the form of a crackdown by providers, which is what we’re seeing after a long wait.

I personally think email and phone spam should carry a much bigger criminal penalty and straight out block countries that don't cooperate.

I personally think we should send in the Marines to disconnect scam operations

I agree with this, but unironically.

i wasn't kidding either.

Better yet: Use the Air Force to nuke them from afar.

Blow up their planet.

Nah, send them the Space Force. That will teach them...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact