Are telecom companies not realizing how much they are hurting themselves with this in the long term? People will stop using phone numbers altogether. Using the phone has become such a pain, at least in the US, that whenever I can, I used different ways of communicating. WhatsApp, iMesage, Skype, etc. The incessant robocalls have definitely motivated me to move away from traditional phone calls faster than I would otherwise.
Lastly, maybe this is what these companies want, i.e., that I just use their data plan, but then that makes me way less likely to stay loyal.
Section 202 of Telecommunications Act details that telecoms cannot discriminate connections so they have been unwilling to block spam if it can lead to breaking the law. The FCC has been trying to change that by rolling out new guidance on what can definitely be blocked. One of the new rules defines a new legal safe harbor for carriers that block calls that are unauthenticated using a new protocol that is expected to be rolled out by year end, 2019.
Services like twilio avoid this easily by simply requiring me to purchase the callback number or at least validate that I have control of the callback number I want to use.
After seeing cable companies fail to get into the internet, I'm convinced companies try to stop progress instead of embracing it. They don't see progress as an opportunity, but rather as a threat. They don't realize how much they are hurting themselves.
I read an interesting article on here about the rise of the cell phone camera, the amount of R&D into it compared to traditional cameras, and how slowly traditional camera manufacturers have progressed. Sure, cell phones have to overcome a smaller sensor... but traditional camera sales have been obliterated.
Steven Sasson invented the first digital camera (and a device to display it on) in 1975 while working at R&D at Kodak. He had a fully functional DSLR by 1989, complete with memory cards. Kodak never released his work, never manufactured that camera. They kept the patent of the work and sat on it, and when others tried to innovate and create a digital camera, Kodak sued them with that patent and kept suing people right up until the patent ran out in 2007. By 2012, the company was bankrupt.
Innovation, true innovation that really pushes technology forward, is anathema to the average business.
While I appreciate how hard it would be to implement properly, I don't think that should be an impediment to getting the process started.
Isn't that part of what it means to acquire a patent? Trying to get a patent on something that I don't yet know how to actually implement should be denied, right?
Of course the risk is that if someone else challenges you on it, and you can't provide the implementation, you can have your patent invalidated.
At least that's my understanding of the tactics of patent warfare.
other than selling $20 million worth of 1991 Kodak DCS 100, and following it with many more advanced models ....
If that's not dragging your feet I don't know what is. They could have defined the marked for professional digital cameras. Instead they just proved that a digital nikon would work nicely.
I bought a Kodak digital camera in the 90s, and other brands too, so I doubt that version of events.
> when others tried to innovate and create a digital camera, Kodak sued them
I haven't had a "land line" in multiple-decades. My short list of "the next thing" requires:
- Ability to install on a mobile device without any connection to a "phone number." Phone numbers in my mind are dead.
- Skip the synchronous social convention of calling. Everything should be async by default. You don't ever cause someone's device to interrupt them. This is already culturally "accepted" with SMS. Unopened messages are deleted after some number of days.
- With permission, these asynchronous messages should be forwardable. You give permission in advance of course, and then you can avoid having to repeat yourself again and again.
- TMDA style whitelisting for unknown public keys wishing for contact. Addresses need some kind of seniority (older than 30-days) and some reasonable integration into the network at large (vouching connections between other people with "skin in the game", akin to a shared reputation--If I could remember the name of that early social network that tried to do this, avogato.org? Something like that.)
- Mesh networking forever. Decentralize it all.
This is not something that I think can be a "startup," because this needs to be a protocol, not tied to any firm. If anyone's software works with the protocol, then let the "best installable" win. The closest thing to this right now is Scuttlebutt protocol and if someone could re-introduce contact sharing via "bumping" (using the accelerometer and GPS location and time together) devices together to exchange public keys, that particular bit of UX could go a long way to making it easier to adopt. However, the worst part of Scuttlebutt's capabilities has been the storage consumption for very popular identities that often consumes all the available memory on smaller devices. It needs data-storage hygenics--some way for the end-user to state what kind of data they want to keep and what they wish to ignore.
I'd love to have a land line but it completely stopped working decades ago. After deregulation, no one was responsible.
Countless attempts to get anyone to fix it were in vain.
This year I saw a thick line completely knocked down by a fallen tree. I called the power company. They said it was a telephone line not a power line. And that there wasn't anyone left for them to contact to get it fixed. Asking around I found it actually didn't matter. No one was actually using it. No one has land lines any more. The technology is obsolete, irrelevant, and should be removed.
I remember many times where everything else was out of service except the good old POTS line...
SS7 its the primarily utilized protocol stack nowadays. The PTSN (Public Telephone Switching Network) and the Internet have been combined for a while now.
The problematic part of SS7 is it allows for setting arbitrary unauthenticated origination info in the rough equivalent of a "From" field in the initiation process.
There are attempts ongoing to attempt to implement a "Web of Trust" layer a la TLS on in front of the preexisting telephony infrastructure in the form of STIR/SHAKEN, but it'll have some of the same warts that current "Web of Trust" implementations now currently suffer.
Is that incorrect?
It feels super reasonable to ask for telecoms to blacklist stuff after complaints
> fine the telecoms for allowing the illegal calls
You can certainly fine companies for making illegal calls. But you can't easily fine telcos for allowing them. That requires you to know the call is going to be illegal.
Users are even ready to give up open protocol for proprietary one (imessage, etc).
Closed platforms can also be spammed. Twitch, HN comments, etc.
I currently have 'do not disturb' on and whitelist my contacts but it's not ideal.
What kind of phone do you have? There are definitely Android apps that do this. This is the one I happen to use, there are many others: https://play.google.com/store/apps/details?id=com.grus.callb...
Just go to: Settings > Phone > Silence Unknown Callers
(Calls from unknown numbers will be silenced, sent to voicemail, and displayed in the Recents list.
Incoming calls will continue to ring from people in your contacts, recent outgoing calls, and Siri Suggestions)
Defining a silent ringtone by default, and a non-silent one for your contacts, is another.
Better management tools on phones themselves would be a bonus.
I've identified a few possibly concerns:
- Avoiding distraction.
Have people been able to get around these limitations? and how is it done? I hate having a phone as much as anyone else.
Just put in random crap. 555-555-5555 works almost everywhere. They don't want to call you anyway, that costs way more than an email.
What I meant to say is that, right now, my provider is the one who has substantial control over my main id of communication, i.e. phone number. This adds additional friction to move to a different provider, but also move across borders and so on. As my way of communicating moves onto other services, the telcos do not control my id anymore. Everything becomes easier and less friction.
For example, if I could, I would probably buy a data plan from one telco and a phone number from another, and I would experiment with my data much more, shop around etc.
I've been paying for number portability for I guess at least 30 years.
I was just told by my cell provider this week that as of next month the 3G networks are being shut down and I have to buy a new phone from them.
I said sure, I already have an unactivated no-contract phone I got on clearance, let's transfer my number to that one.
They said, sorry, no can do, you can only transfer the number to a phone you bought from us.
I said wait I've been paying for number transferability, something I didn't even want, for literally decades, and you're saying I can't do it?
In the end I bought a $15 flip phone, switched carriers, and now have a stupid new number.
Number portability is a fiction and a scam. I paid that fee for 30 years and it did nothing. Fuck everyone involved in making me pay for that scam. Almost but not quite as bad as insurance, another total scam that never pays and is designed for suckers.
If someone used spoofing to break the law, there's strict liability for some kind of statutory damages, say $100, applicable to everyone across the chain. I.e. I can sue Verizon for sending the call to my phone, Verizon can sue whoever connected to their network, they can sue whoever spoofed on their network, etc.
This will quickly lead to networks requiring proof of authorization or at least posting some kind of bond to be allowed to spoof numbers.
And there's no real downside. Nobody has a pressing need to spoof but not enough to post a bond convincing the phone networks that they won't break the law.
Actually, I think the solution is even simpler, and is already in place here in Europe: Make all calls cost a minimum of $0.25 to the caller.
The issue right now is that having a robot call a million phone lines costs basically peanuts. If a million phone calls cost $250,000 instead, then this sort of spam calling wouldn't be effective anymore.
And you don't have to wonder what it looks like. In Europe and the UK, the caller has always paid for the entire connection, including the airtime of mobile phones. It doesn't cost you a dime to receive calls on your mobile phone in the UK; but it costs the caller around 20p per minute. As a result, robocalling mobile phones is not cost effective.
No need for complicated regulatory intervention in this case.
But whence comes the $1000 my friends are now owed, for the calls made before their complaints were filed?
That would eliminate spoofing, which would make it much easier to identify where the bad calls are actually coming from.
Spoofing is a huge security issue, robocalling is annoying.
The SIM is you. People already buy burner SIM's, and many countries have started to implement tighter controls on SIM purchasing in order to aid law enforcement's ability to track down telephony enabled crime.
I can think of no more blatant way to ruin net neutrality.
These crooks make millions, of calls every year. My first employer was apparently making robocalls, though none of us were aware of it(there was a call center with actual human beings), and they were cracked down on by the FTC a few years ago.
The way I see it, there's no good technological reason why a system couldn't detect millions of calls coming from one place, compare that with the number of complaints and number-spoofs, and trigger an investigation. The dinosaur phone system needs to either go extinct or be reformed, and the telecom companies don't give a fuck. Every time I've asked either T-mobile or AT&T to block the relentless robocalls, they tell me to install some 3rd party Android app that fails to effectively block calls.
Tie the problem of robocalls to the telcos losing money, and this problem will solve itself in months.
Land line numbers are also registered with Do Not Call, but doesn't make any difference.
Answer the call and there will be either:
1) a few second pause and then a person will drop in with the call centre voice noise in the background.
2) a few second pause and if there is no sound (you saying "hello") it will hang up.
Those are usually from international call centres. In terms of locally based ones, got a couple during the election with a recorded voice saying "this is an important message from XYZ politician".
#robocall complaints (Germany, 2018): 13375
I'd also doubt assumptions such as people are equally likely to report, it's equally easy to report, counting is done the same way, etc., so I don't think your response is sufficient to characterize the average.
If the rule is that telcos must eat the cost of a scam, they will drag it out in court and the consumer must still prove it.
If the rule is that each robocall that makes it through must be paid by the telcos (take the consumer out of this), then telcos will battle each other to try and insist that the other party is responsible.
At some point they may even come to a consensus and protocol that protects the customer.
I prefer this option.
There may be other options. Just don’t put the burden on the individual customer.
Edit: Even better, allow bounties so that lawyers can start hunting for robocalls that went through.
> If the rule is that each robocall that makes it through must be paid by the telcos (take the consumer out of this), then telcos will battle each other to try and insist that the other party is responsible.
I don't necessarily see these as guaranteed outcomes. You don't see this kind of behavior for banks, which are generally the ones liable for credit card fraud.
One of the primary users of robocalls are politicians. I'm sure they'll get right on legislating against it. /sarc
No, you are absolutely wrong. CAN-SPAM law for email is under the FTC's regulation and does nothing to restrict the ability of marketers to send initial unsolicited mailings. This isn't a first amendment question of exemption, the FTC is not authorized by statute to regulate noncommercial activity like a political campaign.
TCPA regulations for cellphone marketing are under the auspices of the FCC. You cannot send unsolicited commercial SMS and calls legally (there are some exemptions for pollsters and nonprofits). TCPA law also applies to political campaigns: https://www.fcc.gov/political-campaign-robocalls-robotexts
The problem here is that the origin can be spoofed.
You are imagining a system where a telco like T-Mobile connects the caller directly to you. That's not how it works. The connection chain could look like this.
bad caller 111-1111 -> A -> B -> C -> T-Mobile -> you 999-9999
All T-Mobile knows is that 111-1111 is calling 999-9999 and that the call was routed from C, it does not know about A, B, or the true identity of the bad caller.
That's also why spoofed attacks are also a problem on the Internet. These systems were not made with spoofing in mind, and it will cost a lot of money to get these companies to switch over to a new system seamlessly that can detect spoofing.
6 hour later, C's NOC calls B's NOC, saying to knock it off, and they have 18 hours or they're getting booted.
6 hours later, B's NOC calls A's NOC, saying to knock it off, and they have 12 hours to figure it out or they're getting booted.
In under 12 more hours, A cuts off 111-1111.
If peeringDB is to be believed, big providers all require their peers to have a 24/7 NOC number to call.
That approach is obviously not very effective in a DDoS scenario, but as I understand it these robocalls typically originate from a handful of different VoIP termination services -- as opposed to tens of thousands of hosts in a DDoS scenario.
Yet this has been going on for years, so I suspect shenanigans by providers too happy to continue charging their Tier7 peers for access.
Anyone in a region with sensible legislation.
I worked in this business briefly, the economics are fascinating. Your average mom and pop restaurant is very likely buying its VoIP transit from an entity like "B" in this story.
Or make it easier for consumers to report spam calls. For example, dial *666 after hanging up on the spammer and it reports the last call as spam. Enough abuse reports originating from a particular carrier and T-Mobile knows there's a problem. That's basically how it works for email spam and other forms of Internet abuse.
It's very hard to reform the whole system, but you have to start somewhere and this could be how.
Call verification is already here and rolling out progressively. System is called STIR/SHAKEN. iOS supports it as of 13.something. The UX is terrible though, all you see is a checkmark after the caller in the call log. Android might have a better situation on some phones, this system is carrier dependent. More about it here: https://www.fcc.gov/call-authentication
There are scenarios where it doesn't work. Calls routed through Google Voice to my T-Mobile line will never show this checkmark. Also, not showing it onscreen for unknown incoming calls defeats the purpose, really not sure what Apple was thinking.
Best of both worlds.
Edit: At a minimum, an out of system call should display what system / exchange it originates from. That at least helps solve neighbor spoofing.
How could this work in the current environment, given that:
- termination rates (the rates paid to the recipient's phone company for delivering the call) are regulated, and can't be set arbitrarily high
- phone companies have no way to check whether the outbound caller ID I present is also a valid inbound number for me
- even if they did, it's cheap to get a number in every area code (maybe $1/month/number) and cheap (1 cent per minute) to have calls to that number to delivered to me via VoIP (so I can rightly claim that the outbound caller ID matches my 'actual number')
Sure, spammers could still get tons of numbers, but straight up spoofing would vanish, and that’s a big enough win.
It was made clear that any call that was made to one of my numbers would be delivered irrespective of any faulty components visible to me in the SIP header.
e.g. the CRTC has policy 2018-484, Implementation of universal network-level blocking of calls with blatantly illegitimate caller identification: https://crtc.gc.ca/eng/archive/2018/2018-484.htm
CRTC gave telcos twelve months to implement, and it seems to have largely been implemented within that time frame.
The companies issuing the ability to robo-callers to do their work are enabling robo-callers to do their work (scams).
Last time I tried to trace down a call, I stopped at a company called OnVoy and got distracted with other issues...
Not a good idea. I get where you’re coming from, but we don’t hold ISPs accountable for people using the internet badly. That would be a change for the worse.
Imagine if Comcast had to terminate your service due to something someone posted while using your wifi.
"AT&T Threatens Persistent Pirates With Account Termination"
The question isn't "can this be done?" It is: can this be done, fairly, effectively, reasonably, and with appropriate safeguards?
The fundamental principle of regulation is that it applies methods and actions which can be harmful if misused. The key is to ensure they're not misused. Not to ban the concept of regulation entirely.
Edit: if you're downvoting, look it up, there are convicted child sex offenders doing this.
Are you aware that the "slippery slope argument" is a logical fallacy? https://en.wikipedia.org/wiki/Slippery_slope
What a nonsense
If you don't feel safe installing software on your phone, that's a problem with your phone OS.
It would kind of solve the problem if a norm emerged that these types of companies first send a confirmation email with the phone number they'll be calling from so you can add it to your caller id. But it's a lot of extra work for people and I think it's probably asking too much of the average non technical user.
Even better, why couldn't we have something like SSL certificates or DKIM for phone calls? People for the most part understand the lock icon and a verified flag in a user interface. Then a call could be signed to know that it's coming from a particular entity.
It seems like some other countries have solved this problem by moving away from regular sms and phone calls and instead letting a private company own all communication, like WeChat in China. Which obviously is quite problematic in other ways, but honestly at this point that would be an improvement in my opinion, if businesses started only contacting me through Facebook Messenger or Whatsapp so I could see who every message is associated with.
It was a user configurable white list solution in which an entity can specify all the ways they may contact you (numbers, addresses, and optionally signing or encryption public keys), and you can white list the organization as a whole.
Messages purporting to come from one of these organizations that fails the self specified check can be safely ignored.
At the time, blockchains didn't exist, and the missing piece of the puzzle was a distributed database not controlled by any central organization.
Needn't be a walled garden.
Though migrations from PSTN to various alternatives is also fairly likely. Much of the present "social media" / apps space is actually probably a jostling for supremacy / positioning in this regard.
Can it intercept calls to a cell phone with a carrier issued number?
What you'd do is port your cell number to the provider, get a new cell number, and then set up a call flow that answers the number, eventually forwarding to your real phone after the caller has a chance to record their name and hit a key.
I think calling folks back from a number different than what they dialed to reach me.. might defeat the purpose. Thanks for sharing your setup.
That is the one downside of this is now having two numbers to deal with. I was getting so many garbage calls though, the trade off has been worth it.
This introduces two ways of working with the service - either you set the service to show "your" phone number as the calling party, and then listen to the name when picking up, or you ignore this and use the softphone app for all calls.
I really appreciate the info!
I just wish that apps or services that might call you (Uber, your cell carrier etc) could/would use the iOS call identification API to allow known calls through.
The only calls I worry about not getting are legitimate callers from callers who aren’t allowed to leave VMs.
If the scammers are offshore, an arrest or two in the customs hall at an airport will get peoples' attention.
Prison time, big fines, and restitution will be a more effective deterrent than what we have today. The American Graffiti (1974) writers correctly described the current system of uncollected fines. https://getyarn.io/yarn-clip/6cac9bde-4762-41c2-8b76-264eba9...
Even if hard time doesn't deter these people, a few big cases will at least let the federal government project the illusion they're doing something about it.
If/when they visit a country with... any... positive relations with US/Canada, pounce.
And cutoff their bankers from the US financial system.
India won’t be happy if it starts to lose its call-centre industry as a whole because of some bad actors.
India and the US have extradition treaties.
There’s a lot of ways to put on the pressure.
I was so frustrated I just decided to pay out of pocket for all my medical expenses those three months.
That raises another question: are other Anglosphere countries flooded by scam calls like the USA?
Interestingly, there's been an uptick lately but the recorded messages are all in Chinese.
I don't know if easily spoofable phone numbers are unique to the US. But even if they are not, international scam-calling operations are going to predominantly target English speakers since English offers lower language-understanding barriers and a lot of high income potential victims.
A huge amount of international phone traffic comes to the US every day
I assume that some sort of software has hit the market automating the process, but I don't know.
I looked at Wikipedia, and we have "CLIP" (Calling Line Identification Presentation) and "CLIP no screening" (essentially spoofed numbers). Spoofing a number that you don’t own the rights for is a crime.
So it looks like we have spoofing but only in a sane way, is the other kind of spoofing legal in the US? Or is there some other underlying problem?
For me, at least, the calls also seem to be highly clustered, whether spoofed or not, for whatever reason.
As far as I know, spoofing is left to phone company policy, which says it needs to be an associated number, like the same company or same address. I think part of the problem is they don't have a way to actually verify this for out of system calls. And technology has made setting up spam lines on small remote systems feasable.
This is speculation, but I suspect it would be considered criminal fraud if it's done as part of a bigger crime. I don't think it's a crime in-and-of itself, but other than that, idk.
Also, this is a mostly exclusively a U.S. problem. In Europe, we basically just don’t ever get “robocalls”, and have ever only heard about them in stories from the U.S. Anyone proposing a complicated technological change should explain why this is necessary when Europe seems to have found a solution already.
There's a phone spoofing problem because carriers are allowing spoofing, when they don't have to.
(I assume that you are referring to DKIM, and not OpenPGP or S/MIME, since the latter two are obviously not frequently used.)
DKIM signatures (not to mention DMARC to actually require a signature) are not actually that common either. Spoofing is mostly still rejected by a combination of plain old SPF and spam filtering of the mail contents. All in my experience, of course.
> There's a phone spoofing problem because carriers are allowing spoofing, when they don't have to.
Is this what Europe is doing which the U.S. isn’t? If it is, then you’re probably right. I don’t actually know. I’m just saying that whatever Europe is doing is evidently working, and any other proposed solution would have some significant benefit and proof of efficacy to be considered over a proven concept.
At least for the fraudulent calls, they seem to exclusively come from India, so I presume they mainly target English speaking countries. Typically they claim to be from BT, Microsoft or "your ISP", and try to convince you to install dodgy software on the basis that "your computer has been sending out viruses". This software then messes up your PC or at least makes it look like it, so you shell out some cash for the fraudsters to "fix it". My understanding is that if you fall for this kind of thing, your number also gets passed on or sold to more serious fraudsters.
Robocalls here for the past 5 years or so seem to mainly be from scummy ambulance-chasing solicitors ("we've been notified you were in an accident, contact us now about your claim", that kind of thing).
This could work for email spam, as well.
Bonus if people get to set their own postage rates.
But I do like the idea of giving out a 1-900 number to people. It would certainly get some interesting reactions, depending on context.
I've had numerous recent mobile and/or office numbers beseiged by dunning and marketing calls, apparently aimed at earlier holders (if even targeted at all).
There might also be something of value in only refunding the fee to the CNAM entity, which would at least offer some incentive to not lie about being associated.