Hacker News new | past | comments | ask | show | jobs | submit login

I once got a call while I was lecturing some students. It was repeated three times in three minutes - I assumed it was an emergency and stepped out.

I was greeted by someone explaining that my father had caused a car accident, and they were calling on his behalf. That someone would need to send over some money for repairs or they’d call the police.


They added that their cousin, the driver, is a parolee now holding my father at gunpoint. That if I don’t send them money to make them whole, they’ll kill my father.

This was super fishy, you know? But still, with things like “life of a loved one” at stake, it’s hard to call a bluff.

I can only imagine what I’d have done if I’d heard my fathers voice pleading for help. They might have been able to get any amount of money out of me.

Well, if my father hadn’t passed away nine months prior. They were not delighted to hear that.

I live in Houston. I recently read a Houston Chronicle article describing very similar scenario. I don't have the exact link (it was from 2019), but here's one from 2013 [0].

Combined with the inability to verify the actual phone number displayed on caller ID has led me to tell all of my family to not ever accept a phone call from a number they don't recognize. There's literally zero trust in our phone system upon which we've built our modern economy.

Unfortunately that's not possible for everyone. Some people are legally required to answer the phone, always, even for numbers they don't recognize.

[0]: https://www.chron.com/news/houston-texas/houston/article/Hou...

Given caller ID spoofing, they really shouldn't even accept calls from numbers they do recognize... especially with tech like this. Let it go to voice mail then return the call afterwards.

I wholeheartedly agree. I don't answer the phone for unknown numbers unless I'm expecting a call from an unknown number; the expectation will have been set up via prior correspondence.

Unfortunately, not everyone can do that. Some people are legally required to answer the phone, even if they don't recognize the number. And unfortunately many businesses only communicate via the phone system.

So, unfortunately, our entire country is built upon a system in which we're told to implicitly trust but doesn't have any capability for us to verify.

Why are there people who are legally required to answer the phone? On what grounds? Why? (Assuming private persons here)

For example: people who are entangled in the court systems are required to answer their phone. Even if they're not convicted and are out on bail, they still must answer the phone -- it could be their bail bondsman. If someone's on parole, they must answer their parole officer. So as part of the bond contract and the parole contract, you must answer the phone.


to someone that will likewise not answer any calls!

Chances are whoever just called you will answer the phone when you call back rightaway.

It reminds me of port knocking.

So what's the end game there - using voicemail as a poor man's texting?

The end game is everyone gets the shits, and there is a noticeable drop in the usage of the old POTS (plain old telephone system) network. People use Apple Facetime, Google Duo or whatever instead. Then the telco's start to notice they are loosing customers.

At that point one of two things happen. One is that telco's fix their networks. The second thing is they decide it isn't worth the effort, and let the traditional phone system die. Given phone calls are effectively free so there is stuff all revenue in them, I bet it's the latter.

If that happens it will be painful. Like it is with messaging now, but even more so. Messaging now is either SMS with it's limitations (like you can't use it from a computer), or a choice of a zillion walled gardens - Apple, Hangouts, Slack, Signal, Viber, Telegram, WhatsApp, Facebook, ... most of which I don't have installed so I can't communicate with someone using them. The voice equivalents are Facetime, Duo, Viber, Signal - many of the same things in fact. The result will worse than messaging - the ability to communicate universally with anyone dies, but with no SMS fallback.

But that's not the end point. Universal communication is just too useful to be dispensed with - as the explosion of internet and the postal system before that have shown. So something will replace it, and once again we will all be able communicate with anyone we please.

However, the replacement has to solve the parasite problem. Once the cost of sending a message drops below a certain point every universal system we've had so far has been overrun with parasites, aka spammers. The postal system has junk mail, email has it's spam, now the phone system, and of course SMS.

A solution may be to allow the recipient to charge the sender any amount they like for successful delivery of a message. Most people would allow friends to send for free, messages from unknown recipients to cost something, messages from spammers cost more.

That could happen with the existing phone system of course, but I'd lay log odds the incumbents have too much in common with the dinosaurs for it to even cross their minds. Sadly that means we are in for a very painful transition period. In fact they are already losing customers as people stop using land lines in droves, so I'd say the writing is on the wall.

Loss of trust in PSTN, generally. I'd suggested this a few days ago in a similar discussion, bolstered by a recently-discovered quote from an industry engineer:


[S]ince mid-2015, a consortium of engineers from phone carriers and others in the telecom industry have worked on a way to [stop call-spoofing], worried that spam phone calls could eventually endanger the whole system. “We’re getting to the point where nobody trusts the phone network,” says Jim McEachern, principal technologist at the Alliance for Telecommunications Industry Solutions (ATIS.) “When they stop trusting the phone network, they stop using it.”


At the point at which individuals and businesses in sufficient numbers find the downsides of participating in the PSTN exceed the benefits, they'll start defecting to other systems. Likely small and closed networks initially.

It took decades for the telephone to become established as the principle means of business communication, and as it was, numerous other alternatives existed in parallel: postal mail, telegraph, telex (for what we'd now call b2b communications), fax, and early email systems.

Email seems to be dying along with telephony, and for much the same reasons.

It's occurred to me that much the value in social networks is in trying to corner a sufficiently large directory (that is, user base) to be able to credibly take on telephony. What seems to happen is that as these networks grow in size, they too fall prey to the hygiene factors already affecting telephone and email comms: spam and annoyance messages, with concommitant trust issues in the network as a whole.

Whether a technical solution to the trust and identity problem can emerge (and preserve privacy and protect against the surveillance state, surveillance capitalism, and surveillance by other actors (organised crime, racist or facist oppressors, stalkers, etc), remains to be seen. I'm starting to think that's a hard, possibly an impossible, problem. An essay of Herbert Simon's I've recently turned up is exceptionally discouraging owing to a critical error Simon made in it (claiming Nazi Germany committed it atrocities without the benefit of mechanical data processing -- it in fact had ample assistance willingly provided by IBM).

More generally, I'm suspecting that progress in information technology and communications capabilities reduce trust relationships, with some fairly strong historical evidence.

(Overall risks may be reduced, but the mechanisms by which this occurs replaces actual trust with validation, verification, and surveillance mechanisms).

I’ll bite.

Who is legally required to do that? Are they not allowed to sleep or be otherwise indisposed?

One I can think of-- people whose job requires it of them. Risk could still be to them personally if someone gets their number/extension/transferred to them. But risk could be on the business as well, which could just as easily be targeted by scams like this.

First off, Awesome story.

I have a friend who had something similar happen, he got a frantic call from his grandmother who learned via a scam call that he was in jail across the country and needed bail money. This was a few years ago, so they couldn't have used a duplicate of his voice, but possible they were relying on imperfect memory.

Sweeping generalization, but elderly are and would likely prime targets of this kind of scam in the future since they likely have funds and are less likely to be educated in the state of the art for this kind of tech, not to mention a protective instinct.

I received a call with a human on the other end. When I said hello, the person said in a friendly tone "Grandpa!" And tried to start talking to me.

That strategy probably works some percentage of the time.

How do you even prepare for something like that... Do we need to assign identifying keywords to each other when we leave home so we know we are really ourselves? Like a vocal pgp?

I told my wife that if I ever mention <redacted> while on a phone call, she should know that I am in trouble an unable to speak freely.

Sound like we'll all need more things like this eventually :(

It would make sense to have another word that indicates it is genuinely you and you are genuinely speaking freely.

If that's the default situation (a likely scenario for most people), you'd need something other than a single code word.

In practice, most people can conduct a reasonable verification through a series of challenge/response interactions based on shared knowledge, should they need to do so. Mentioning something done, said, or shared in private recently would suffice in many instances.

For more robust tradecraft, should you need it, a set of one-time codes (passwords or passphrases) might substitute.

When the former head of InterPol was arrested in China, he managed to alert his wife through the use of a duress signal, an image of a knife:


Not subtle, but effective.


In the film Capricorn One (1978), one of the astronauts alerted his wife by referring to a holiday they'd recently taken together, by mis-stating the destination as Disneyland, rather than Hollywood -- the land of make believe -- as it had actually been, which led to the revealing of the hoax mission.

That would solve the problem of having to find a word that you would never normally use but could slip in to a sentence normally.

If you can speak freely you don't need an extra codeword to explain that you are using the codeword in it's real meaning. Unless maybe you suspect that somebody is listening to you and might learn your codeword from that.

The codeword is to make it clear your words should be taken 100% seriously without considering the risk you are being coerced / spoofed with AI. If I agree on a word in advance with someone that no one could possibly guess and insert into an attempt to coerce / spoof my voice, then if there is truly an emergency in which I need this person to wire money to a random account, they will actually do it because they will know my request is genuine.

If I'm being coerced, I could have a codeword to indicate that. If I'm being spoofed with AI, I'm not in control of "my" words, so I can't. I need instead to prove when I'm not being spoofed with AI. That's the purpose of this second codeword.

I invented two code phrases for pretty much exactly the same reason, but in case I ever met myself from the future.

While it's a great idea, how do you test this? Is it worth the time?

All my loved ones are on my iCloud so I would just ping their phone/watch while confirming location and asking the assailant to let you hear the phone ping on the line.

Find My Friend is so unreliable for me it is nearly worthless. Apple isn’t really delivering what I need.

Really? How so? I use it probably almost daily and haven’t had an issue, at least I don’t think I have!

I've seen it fail to update the location pretty often.

how do you pronounce the < > symbols? i mean, 'redacted' is already a pretty strange thing to say by itself.

You just make static noises, like a radio signal being lost.

Also, you are lacking in the abstract thought department. Get that fixed, for your own benefit.

It's either a knowledge gap...or he is hopeless if he knew the symbol but didn't pick up on it. Nothing I know of can improve that.

I'd bet jiveturkey was joking.

They are pronounced "wakka" and "wakka" respectively.

less than redacted greater than, though it's clear he's keeping the real word a secret.

<...> is a common way of indicating a placeholder.

> How do you even prepare for something like that.

You don't because it statistically never happens. Just like you don't prepare for a plane crash or a lightning bolt striking you.

Yet, so many people have made plans for what they will do when they win the lottery.

I prepare for the astronomically improbable chance of a plane crash or lightning bolt striking me by having life insurance, so why such a reaction to someone asking this question?

Yes. My mom and I had phrases for duress. Since she has long since passed away, I can share ours. "I love you". Sad, right?

I'm broke so it makes things a lot easier.

It was a real rollercoaster reading this comment! Also now, you have to also be worried about talking back being a smartass, because now they will record YOUR voice and use it to contact another loved one...

In my opinion, all phones should be set to not ring unless the number is in the address book in a specific category. Mine won't make a noise. If it's important, they will leave a message.

> I can only imagine what I’d have done if I’d heard my fathers voice pleading for help.

Hm... that certainly gives me pause, and my first reaction was to be very afraid.

On the other hand-- it still doesn't hold a candle to pyramid scheme sales techniques. I mean in a lot of cases those involve your actual loved ones betraying your trust and love in order to sell merchandise for a third party. Yet somehow in the face of a rising tide of those we still have functioning communities in the U.S.

At least in a MLM sales pitch, nobody thinks that one of you is about to die. For that reason, I think the scam call is far worse than any MLM sales pitch.

Side note, it's not accurate to refer to MLMs as pyramid schemes... Even though they're legal, MLMs are worse than actual pyramid schemes (and I don't think most people know what an actual pyramid scheme is, which is unfortunate because they're fascinating).


It's harder for Eve to get your loved ones to betray you than to speak for 5 seconds.

I know someone that had a fling abroad and their fling began asking for money for treatment over facebook

The American assumed it was a scam and the person did die

I have often found that truth is stranger than fiction, and people are too conditioned for fiction that they can’t perceive truth

Wait, what? Did you miss a word or a sentence? What is "treatment" and how did this escalate to death? Was it a medical treatment and they were ill and surcumbed to the illness?

"They were not delighted to hear that." - I used to do that, be a smartass. Then I realized at worst they get more info, at best, you are training them and wasting your time.

Then there is that whole thing where they are getting your voice.

POTS just needs to die unless they allow for authenticated CID.

One could wonder if this was some sort of conspiracy to break one of the most successful protocols in the world (or at least not update it so it dies by neglect) to increase profits by other means.

I’m convinced that POTS is already a dead man walking. The younger generation has no interest in talking on the phone in the first place, and with the amount of spam calls my phone number is absolutely the worst part of my phone.

Texting and apps is a much more pleasant way to interact with someone, and bonus of no hold times and much can be automated.

I think business texting is an upcoming startup unicorn which will be another “trivial idea packaged properly into a billion dollar product”.

>business texting

You mean Slack?

B2C - not team internal chats.

It will have “jumped the shark” once there’s an SMS button on the business listing that Google Maps displays.

Instead of the wonky/creepy Google demo which did speech to text and then analysis and then text to speech relayed over to the business, every business will just communicate directly with customers over text.

It’s not that this isn’t already done (to some extent). And more so in some countries outside of the US.

But I have no doubt it will become the primary/preferred way to connect with any business, to the point where you will text with an 800- number long before it would occur to you to dial an 800- number to get service.

Like for example, the warranty claim I just made on my Dyson handheld vacuum for a battery replacement. Search for “Dyson warranty claim” and they tell you to dial their 800- number. Now their phone helpline is absolutely the best of the best, but even still most people would [will eventually] prefer to interact via text.

Another example, making a reservation directly with a restaurant (which I prefer to do versus using OpenTable which will take a cut for doing nothing), is a perfect usecase for texting. Also ordering take-out if you already have a favorite order saved, obviously all the notification type things which make sense over SMS instead of email, making an appointment when a dedicated app is too much overhead, etc. etc.

You're way off on this one. A lot of those use cases don't work because texting is an asynchronous communication channel unless it's got some sort of automated system behind it. The reason you can't order takeout or make a reservation through text is because you come to an impasse if the person on the other end gets distracted and doesn't respond. The value in something like UberEats or OpenTable isn't in message passing, it's in state management. With UberEats if a restaurant closes suddenly or doesn't take your order within a timeout period, both you and the restaurant are notified and the state of your communication is updated, so there is no confusion. If you text or slack or whatever your order to a restaurant, and the person on the phone doesn't respond, you're fucked. How do you know whether it's safe to place an order somewhere else or not?

Sure, every restaurant could build their own automated system that texts you back and manages the communication, but that's never going to happen when there's already a managed, standardized service available.

You might think that, but when I was in Brazil, ordering food by WhatsApp was commonplace. The restaurants would, generally speaking, answer very quickly. Some would send you the daily menu every morning.

That is so nice! And I thought I had it made a few years ago when I lived two buildings down and three floors up from the best Indian restaurant in town and would call them to place the order then go downstairs to pick it up twenty minutes later. Calling. On the phone. Pfft.

The daily menu thing is especially endearing.

What is stopping this text-only paradigm shift from happening? What developments are needed before this happens? Why hasn't it happened already?

Twilio has given the ability to programmatically text anyone for years. Why hasn't this hypothetical B2C text business developed yet?

The work involved in setting up a server/dashboard for twilio to work is too high for it to be popular for mass independent businesses.

This hints that a "shopify for twilio" would be popular

Mobile slack is a terrible UX for short term engagement.

Or BlackBerry?

POTS is pretty much dead almost everywhere in the USA, most are VOiP these days. They are not replacing the copper wire.

Isn't that a bit pedantic? Perhaps Im conflating PTSN and POTS. The fact that you have publicly addressable phone number is the important part.

How were you to send money?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact