Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Escape from TCR? Family shared SMS
24 points by tcrhelpforsms 15 days ago | hide | past | favorite | 48 comments
My wife is a bit particular and when we moved in together want there to be a household phone. So we signed up with a VoIP service and things worked. When we bought a home together, life got more complicated. There were utilities, contractors, service people, deliveries, etc. One day we realized that some of these folks would frequently send texts to our house number instead of calling, which we would never receive. So we upgraded our VoIP service/plan with a SMS option, and it was great. We could both just keep up to date on all the various things and either of us could respond as our schedules allowed, on any of our devices. We could even send images as MMS would allow to make communication clearer ("See this is exactly where things are going wrong", etc.)

And as with many things in life, human nature has pretty much ruined it. To combat SMS spam, as far as we can tell, all business SMS usage needs to be approved through https://www.campaignregistry.com/ now. And recent years, it has been brought to our attention that the service we are paying for is really intended for businesses. We are increasingly hitting weird blocks on messaging due to being grandfathered in before TCR. It has gotten to the point where we are on the verge of registering a business just to keep our functionality. Except even just having a registered business may not be enough because TCR requires all kinds of detailed information about your business and its practices.

So we are at a bit of a loss what else to do here. We could concede and one of us gets the responsibility of the "designated" cell phone number to handle everything household related. It is further complicated by my being an Apple fanboi and her a Windows/Android zealot. If we both used Apple devices we could maybe finagle something out by buying a dedicated iPhone for the house number and then take advantage of the cross-device Messages interoperability. There is Google Voice, and even ignoring my dislike for them, I don't feel they can necessarily be trusted not to drop the product or ban us for arbitrary reasons. Additionally, when it comes to actual phone calls, while Google Voice can forward calls to a number, I am not aware of any option to use it directly with regular handsets like many VoIP providers offer.

Are there really no companies in this space serving personal users? If not, that would be an excellent business niche for the entrepreneural folks in the audience.




TCR is as much a problem as it is a solution. As a pay-for play registry, it silently sabotages legit SMS messages from VoIP (MNVO, etc) - while allowing plenty of SMS traffic that end users don't want.

My phone # is a VoIP that forwards to my T-Mobile cell. SMS stopped reaching my phone because T-Mobile silently dropped them. I now forward them to my AT&T # (as long as I can) and to my email.

TCR explainer: The Campaign Registry is an industry-led effort to reduce spam, mostly spearheaded by T-Mobile. It isn't fully baked and is far too simplistically implemented.

It is supposed to (only) apply to SMS originating from biz. However, it is a wide and leaky net that captures both more and less than it should.

SMS from biz that pay/register with the TCR are unfettered; they can mass message. SMS sent from consumers via wireless carriers (like T-Mobile) are similarly unmolested.

But SMS sent from VoIP services (that compete with wireless carriers) get interpreted as biz-originated and get dropped silently.

Past that, another major issue with TCR is that it doesn't meaningfully discriminate between major SMS campaigns and the most minimal+routine SMS usage.

My biz clients provide product support to their customers and a handful of SMS messages may be involved. Even so, they are required to jump thru the same hoops as huge entities that send millions of SMS.

Within that context, I found that registering and working with TCR was so onerous/expensive that we're 1) ignoring it as long as we can and 2) considering workarounds.


Yes, I should have perhaps more clearly stated that while the ostensible goal of TCR is reduce spam, it is at least as much about control and rent seeking.


Is there a client-side way to tell if an SMS is sent via TCR?

If so, I’m guessing a good chunk of the US would pay for an app that silences the notifications and auto-responds STOP.


> Is there a client-side way to tell if an SMS is sent via TCR?

The TCR is a list that wireless carriers use to decide if they'll let a SMS message proceed or not.

I doubt the message itself indicates that it was weighed against the TCR list (it would require modifying the message).


Yeah, this isn't like e-mail headers where different hops in routing will insert additional information.


https://jmp.chat/ has worked well for me. SMS is delivered over XMPP, and phone calls use either XMPP or SIP (I use SIP). They use person-to-person routes for SMS so none of the TCR BS applies.


This actually looks quite promising! Thanks!


Google Voice will also be unworkable for your needs. More and more businesses prohibit customers from using anything except a cell phone number from a major carrier or MVNO reseller, perhaps assuming anything else is criminal activity. Customer service agents are never trained about this, so they'll say a number is "invalid" or "voip" (regardless of the actual service used) and cannot be used.


I still use GV and have only run into a few services that won't take my number. None are critical, I just don't use those services.


Occasionally, I have GV refused for 2FA - but mostly it's fine. For Voice and text, GV has been more reliable than T-Mobile or AT&T.

Caveat: T-Mobile blocks outgoing GV calls from my handset 100% of the time. I have to turn on a VPN to make a GV call.


Mostly the same for me. But man it is fun discovering that an anti-VOIP check was added to a service after I had already associated my GV number years earlier. And now every single text 2FA prompt is sent directly into the aether.

Luckily that's only happened twice in 4+ years and both times they had an email recovery flow.


I have about 30 numbers I use personally through voip.ms. They are all SMS/MMS enabled without TCR issues, signups, or requirements. Heck, I just checked and couldn't even find a way to register for TCR. Read into that how you'd like. I've had no issues with messages not being delivered to any mobile providers, but I honestly haven't tested this thoroughly. I just haven't had any messages I've sent not go through.

They have SIP support as well as an online SMS/MMS portal you can access from desktop or mobile. The only issue is they are still working on support to receive MMS by SIP protocol which might eliminate them from your consideration. You can send MMS by SIP currently though.

Phone number is only $0.85/month and then pay-per-usage of $0.0075/SMS and $0.02/MMS. Probably cheap enough to purchase a number to test it out to see if it will meet your needs. I've used them for years, have had no issues, and am happy with their service.

The only knock on using voip.ms is the initial setup is a little tedious and you need to understand the basics of how they are working with each part of the VOIP protocol. Their FAQs and guides are pretty well written to help you get set up.

I start with voip.ms and see if they meet my needs due to great customer service as well as low price and high stability. Then I look elsewhere if I need something voip.ms doesn't support.

edit: spacing for readability


I'd like to also add that you have the option to have SMS/MMS automatically forwarded to an email or phone number. You could potentially have all SMS/MMS forwarded to a shared email you have with your spouse. This will ensure you can receive and view the MMS's while still responding to/receiving texts or sending MMS via SIP. I don't know how tech savvy you are, but they also have the ability to set up webhooks or callbacks. They also support SMPP


> We are increasingly hitting weird blocks on messaging due to being grandfathered in before TCR.

AFAIK, being grandfathered in before TCR isn't a thing. The blocking is inconsistent because the enforcement is inconsistent.

TCR enforcement (filtering SMS) is done by carriers who choose to use it on their services.

Primarily, TCR lists are used by wireless carriers, to filter SMS messages before they reach handsets. Primarily, that carrier is T-Mobile.

TCR is mostly a T-Mobile effort and they are it's largest enforcer. I have a T-Mobile number and a VoIP number.

I used to have SMS to my VoIP be forwarded to my T-Mobile - until T-Mobile began dropping 100% of those messages.

I have a dual SIM phone and SMS are now forwarded to my AT&T number. For now, they're arriving. If that stops, I'll have them forwarded to my Google Voice number.

I don't know if AT&T or Verizon currently utilize TCR filtering. They may, somewhat. If not, I'd guess they will but won't fully adopt T-Mobile's model.

It should be noted that VoIP providers are a primary competitor to T-Mobile; I am not at all surprised T-Mobile would single them out. It fits with T-Mobile's other anti-competitive practices - like blocking Google voice calls from handsets (ex:mine).


To clarify on "grandfathering": our use of the service predated our provider's involvement with TCR. Any new accounts created with the provider now requires you provide complete information on your business and its purpose to qualify for the product. As our account existed before that time, and they still wanted to take our money, they didn't cancel our account. Yet.


Can you use a software solution like Pushbullet? https://www.pushbullet.com/

You install it on a real Android phone and then it's supposed to let you send and receive SMS from another device, acting as a proxy of sorts.

Personally, I use messages.google.com to answer texts from my computer, but I think you can only pair it to one device at a time. Maybe host that alongside an Android phone at home, and then stream that window to other browsers...? Super janky, I know.

Or you might be able to reverse engineer their UI or API calls and use something like Playwright to control the web interface and write your own external-facing API for it... what a lot of work, though


simplelogin for sms is definitely a space lacking in the consumer product market.

family home management and communication routing in general is a blank space with almost nothing. it extends into every market. childrens medical bills only appearing in one of two parents accounts etc. communication from an entity to a family is ripe for disruption and standardization.

have you looked at business support tools such as https://missiveapp.com/blog/what-is-sms-shared-inbox


I believe I had come across Missive while investigating. I will admit I haven't tried signing up. But given that it is marketed towards businesses, I expect as soon as one does they'll require you to provide all the information you would need to be registered as part of TCR. If this is incorrect, let me know and I'll dig deeper.


I'm also on VoIP (in Canada though) and didn't even realize you could get SMS to VoIP. Annoyingly many 2FAs use SMS (which isn't really that secure) and don't offer any other options. Banks, credit cards, etc. Another problem is travel where you can get your credit card declined and can't get the SMS. Over-aggressive anti-fraud AIs.

<joke>curious where you and your wife stand on tabs vs. spaces</joke>


I think that may have actually been the exact original motivating use case. That the bank kept trying to send 2FA codes. Though I recall that may not have worked at first as our provider was probably still classified as not being a valid destination.

I'd need to check, but I'm on team spaces and I think she is on team tabs.


Get an old $50 android on ebay, signup for ultra mobile which is like $2 month for 100 texts and 100mb of data, and then via software have it relay the message both your self and your wifes Android phone.

You can leave the cheap phone plugged in at home all the time and both of you will get any texts that come to the phone. You could set it up to reply to your phone and have it forwarded also.


Okay, as this has come up more than once, really what is needed is not just forwarding, but proxying. Is there actually software for Android that will do that?


Why do you need proxying specifically?


I think you need to consider the user interface here.

Someone with the phone number A texts a message to number B. Say the message is forwarded to number C. In order for the user with device C to respond to A, it would first be necessary for B to rewrite the message text to say that the message came from A. They then the user of C needs to make sure to manually send the message to A. Now, depending on how savvy the user of A happens to be, they might not find it completely disorienting. If you were to attempt to send to both A and B via a group text that might help some. But then you'll also be getting extra copies of your messages fed back to you from B. Unless the forwarding on B is also smart enough to filter them. And then there is still the problem that in future conversations, the user of A might just send messages directly to C, bypassing the other forwarding recipients of B, defeating the point of having a shared point of contact.

So forwarding has considerable awkwardness and room for error.


I suppose I thought your use case was mainly getting alerts and 2FA stuff and wouldn't require replying back so often.

But in any case I think proxying is absolutely possible and would b easy to setup, especially on a rooted phone.

The first thing that comes to mind is setting up a web frontend, so messages would be forwarded to your s and your wifes phones, and then you would access a web frontend hosted on the phone with the $ simcard with a 'real' number which would send out the reply sent via the web form.

Would something like that not work?


Personally been using anveo.com with a small GCP cloud run [1] I made to forward SMS to my email. It is the only provider I found that is allowed for 2FA most of the time. I think it is because its numbers are not in the VoIP range.

[1] https://github.com/Sytten/AnveoSMS


Anveo: Forwarding SMS to email is solid. Forwarding SMS to non-T-Mobile numbers still works.

Anveo used to forward SMS to T-Mobile numbers but stopped last year (due to T-Mobile+TCR).


You could use a call/SMS forwarding app on an old android phone. I haven't used any myself, but I know they're popular with small businesses.

Basically just get an old android phone, put a prepaid SIM in it, and leave it charging at home somewhere. The app will forward calls/texts to any other number(s) you choose.


Forwarding is only half the requirements here though. Sending responses from a different number will generally lead to confusion, and further messages from the sender will not necessarily be shared. Though maybe if the sender is savvy enough with group texting it might work out okay.


This is likely phone provider dependent and might be a real pain in the butt, but what if you shared the “home” line between your two mobile devices?

iPhone has supported dual sim since 13 or sim + eSIM for a very long time. I have absolutely no idea about Android.

It doesn’t fix spam but I’m not convinced humans will ever win that war.


I suppose I should have been clearer, while I don't like spam, the issue is that TCR is about much more.

There was some discussion about dual SIM solutions with a cloned SIM in a different thread. But even ignoring the potential for incurring our carrier's wrath, with not all messages will be available to both parties, it doesn't meet the minimal functional requirements.


Why are writing the same thing to me twice? I understood it the first time bud.

I don’t see how you could incur a carrier’s wrath. You could spend a few minutes on google and find many carriers talking about it. They get paid.

As for your idea that they will block it, you’ll have to cite some sources for that. I used this for the first time over twenty years ago and had zero problems, and you can still do it now. You’re inventing problems now.

I’m not going to reply anymore because your requirements are extremely unclear and I’m not really here to provide free tech or developer support. This is just a fun place I occasionally contribute to.

If nothing else works, build it yourself. It wouldn’t be too difficult to get something basic built up and you’re good at inventing problems so you might be great at solving them. Have a nice rest of your day and best of luck with your project.


I hadn't caught that you had responded in multiple locations.

If you see this as inventing problems, then it is clear you don't understand the use case.

Even ignoring the issue of carriers cracking down on SIM cloning, as you've said not all messages will be visible to all participants. So that makes it DOA.

You also clearly do not understand that the issues here are not all technical. Sure I could definitely bang out something using Twilio to send and recieve SMS, etc. Except Twilio requires you to comply with TCR. So again, that is DOA.

Sure if I was really adventurous I could buy tens (hundreds?) of thousands of dollars of telecom equipment and work on then have to negotiate peering with other providers. But you know, I figured I might ask on Hacker News as start.



That also looks quite intriguing as well. Though perhaps a bit more industrial than I might need, there is definite potential. I would need to investigate which have more friendly user interfaces. While I might be hip to using "AT commands" to "Send/receive batch SMS up to 300 characters", my wife would perhaps not find that amusing.


What is TCR?


The Campaign Registry - here is one place they define it: https://www.campaignregistry.com/privacy-policy/


Dumbphone and number from standard cell provider seems like a simple fix. No iOS or Android necessary.


I suspect you are misunderstanding the use case here. If I am understanding you correctly, you are proposing solution using single phone. As such, only one person can have the phone with them at any given time.

Also, a dumb phone doesn't really help with the need for SMS and MMS.

Update: I had indeed misunderstood and the proposal was to use a cloned SIM and two phones with dual SIM support. However, as discussed deeper in the thread this still seems to have flaws.


Yes, I was suggesting just that. In that case, at least in EU there is an option when one number can be used on more than one SIM card. Then using second SIM slot on both phones you have access to that number. Incoming SMS goes to both number I think. Calls can be answered by any phone but faster to answer wins.


It works in many providers in Canada too.

Our mobile networks just recently upgraded from two tin cans and a really long string so I feel like if we support it, it must be pretty close to universal.


I have not heard of such a thing in the US, but I will investigate.

So while that would work for calls, does that also behave as expected for SMS and MMS?


What I remember from my case few years ago, incoming SMS were handled to both SIMs. Outgoing SMS from my number didn't appear on second one (so shared SMS history isn't complete in that sens). I didn't use MMS. I think all those behaviors can be different, depending on provider config.


Okay, that is a problem then. If both phones cannot see all messages, how would both parties have full context on the conversation? This would inevitably lead to both of us sending a response.


No, you can multiple sims in one phone, at least in the Apple world. iPhone has supported dual sim since 13 and eSIM forever. I don’t know about Android but I’m sure you can research that with a search like “{ your partner’s device mfg + model } and dual sim support”.


I'll investigate this, but I'm kind of surprised this use case would be even allowed? How does this wind up being different than a SIM cloning attack?


I don’t understand your question. One is an authorized user and one isn’t? That is the opposite of an attack.


Okay, let me explain it a different way. Much like TCR is in principle supposed to be about blocking phone spam, wouldn't it just be a matter of time before cell providers start cracking down on cloned SIMs with the intention of preventing criminal activity? Whether you cloned the SIM for legitimate use or not.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: