I've thought for years that if there were, say, a $20 fine for each robocall, with $10 going to the reporting consumer and $10 going to the phone company, robocalls would very soon be a thing of the past.
That seems like a bad idea. The phone company needs to lose money when they allow robocalls, to finally motivate them to actually start authenticating business callers and actually start respecting the national do not call registry. The carriers are the only group with the ability to prevent robocalls, and they’ve been allowing them precisely because they’re getting money from the whole arrangement by allowing them.
* Edit: the FCC order sounds like a good thing as a long overdue very first step, however this part sounds hilariously out of date to me: “Non-commercial, commercial and nonprofit organizations can now only make up to three calls per residential number within 30 days and are required to allow recipients to opt out.”
I could be wrong, but I’ve had a lot of spam calls in the last few years, and never have I gotten multiple calls from the same number in a month. They are spoofing and setting up new entities on the fly. Limiting the number of calls sounds like something a politician would do who doesn’t understand what’s already going on (or... maybe a sly move that makes the FCC appear pro-consumer while not actually threatening the business of carriers in any way...). Consumer-visible and actionable call authentication is what we need, not limits on the amount of spam. Limiting each individual company to three spams from my point of view means I experience millions of spams. In fact establishing a limit of an okay number of spams just might increase the amount of spam calls I get...
I think it should work where each robocall costs $5. But the carrier that delivers it is insuring against the person it's delivered to.
So for example.
I get a robo-call, I report it and my carrier pays me $5.
They then can collect that $5 from the carrier that delivered that call to them, who can collect it from the carrier that routed it to them who can collect it from the end user. And if at some point you can't collect you're stuck paying the $5.
That could work, though I’d suggest that requiring the recipient to have to report it doesn’t go far enough, especially when they registered on the do not call list a damn decade ago! How about if a robocall is delivered to someone on the do not call list, every carrier in the whole chain is automatically fined?
Combining with the chaining idea: The first carrier is fined $10 going to the end user, they can go after the second carrier who is fined $10, half going to the end user (now at +$15) and half going to the first carrier (now at -$5), they can go after a third carrier who is fined $10, half going to the end user (now at $20), half going to the second carrier (now at $-5) and so on.
> I could be wrong, but I’ve had a lot of spam calls in the last few years, and never have I gotten multiple calls from the same number in a month.
But it doesn't say "from the same number." It says the same entity, which should hold regardless of the number.
That said, whoever had my phone number before me (over 3 years ago) owed a lot of people money. I get 3-5 calls per day from debt collectors looking for her. I've never answered any of the calls, and they've rarely left any messages, but the caller ID often says, "such and such credit service", so it's pretty clear what's going on. The same company calls literally every day several times per day. It would be great if they could only call 3x per month. One actually does use the same number every time, so I eventually blocked their number. Another one uses a different number every time, but the callerID is always of the form "V12345678" where the number is just some incrementing integer, so it's obviously the same people.
The terminating carrier pays the call recipient $10, and charges the originating carrier $20.
As a recipient, I don't care if the caller paid, I got $10 from my carrier. As a terminating carrier, I don't care if the caller paid, I got paid from the originating carrier.
As the originating carrier, I should damn well have a billing relationship with the caller, and they're not getting services if I'm not paid. I'll probably charge a collection fee for each charge I bill the caller, so works for me too. Require a deposit to continue service when calling patterns look robotic.
(intermediate carriers can fill in between, they won't make money from the robofees, but will be incentivised to properly pass them through)
Who is paying this money? Seriously - the problem is that no one gets the originator, the originator is likely a shell company with "no assets".
Charge the phone company $5/robocall, require them to pay that $1 to the consumer in cash, not as a "credit" on their phone bill, and require a $1/incorrectly-blocked-call and suddenly I suspect the carriers will know where the robocalls are coming from.
My grandma just lost her best friend to scammers. Through lies, constant harassing phone calls, and intimidation, they got him to "invest" his life's savings. They even sent locksmith to change the locks on his house, and they called his new phone number the day after he changed to it. By the end he was so stressed out he couldn't sleep and was having all kinds of physical issues. Died just a few days ago.
We can't start catching/blocking scammers and robocallers soon enough. The telcos can get us in touch with people from other continents, but they can't spare the time to stop or trace the calls? Their "solution" for my grandma's friend was to tell him not to have a phone for a few weeks. LOL.
It's actually not a bad idea. I went without a "valid" phone number since first of June this year. Had to tighten the belt for a bit. Starting using a VoIP number. Recently got a new SIM for my phone, but have not provided the number to anyone. Still passing out the VoIP number. Funny thing is, nobody robo calls the VoIP number.
First, the technical know-how to use a VoIP number is not accessible to everyone. Maybe it's accessible to a good portion of people in the Bay Area because almost everyone knows someone who works in tech, but there's a lot more people out there.
And second, if enough senior citizens were on VoIP numbers, I bet that's exactly where scammers would target next.
The solution you're suggesting isn't so much to switch to a product that's inherently better, but to switch to a product that only people who don't fall victim to scams are using.
Actually, I wasn't meaning for it as a suggestion for seniors. I was just saying that it's not that far of a wild notion to wait to get a new number. Growing up, my family played the get a new unlisted number game, but it did not work until going without for an extended time. That was for a landline, so I skiped that story for one with a more modern version. There is something to the waiting for a period of time before just getting a new number.
The VoIP story was more of a seed planting for anyone else that might be reading and interested. Senior or milenial, doesn't really matter to me who it might be that might want to to give it a shot. Plus, seniors tend to have family members that could help them set something like this up. Don't write those seniors off so lightly
Seriously, these people have a body count. Even with folks who avoid being victimized, I wonder how many car accidents wouldn't have happened if someone had been able to get better sleep if it weren't for one of these calls. And then you've got the direct ruin as you've described.
I have no hope that they'll be held to account for the full extent of their crimes, but in a justice system that works for actual justice, they'd be counted as serial killers.
> Their "solution" for my grandma's friend was to tell him not to have a phone for a few weeks.
Isn't the better solution to just not answer any number that is not a contact? Then review the voicemail if necessary. Smartphones at least often have the feature built in to forward all non-contacts to voicemail.
The thing that puzzles me is why is the goal to stop the robocaller, and punish them, and not the punish the company that hires them? Okay, we can't find the scammer easily, but they're advertising a service, and we CAN find that service company!
If the car warranty company that keeps calling me is in the US, aren't they liable for contracting for an illegal service? If they're out of the US, can't we impose some block on all payments from the US to them?
It's often a round-about crap that causes it. It's not that the legit companies are hiring sleezy companies, but that they have promotional programs that other companies "sign up" and join to be a partner. The partners are really unknown entities and there's not much in the way of checking. But then these partners start contributing and getting people signed up. It's impossible for the legit companies (if you can really call any major conglomerate a legit company) to know whether those signups were obtained through spammers or what have you. So maybe it's these promotional networks that need to be banned.
Problem is, almost all of the advertising and lead generation in the world happens through networks like that. Some of it is legit, some is not.
So I do think it's correct to go after robocalling and make it stop.
Now one thing I don't agree on is the WAY in which we're doing it via tracing or whatever. Instead if I was the FCC I would simply require, starting today, that all calls made in the US must be signed to be completed. I would rather have no phone calls in the US for a month than let this shit go on indefinitely.
Something like that would force all carriers to immediately figure out a way to get every phone call signed. Then once we have calls signed, the spammers would lose their right to call pretty much after a few calls are made and reported.
I think the current strategy is pretty hand-wavy and doesn't have any end in sight.
> Problem is, almost all of the advertising and lead generation in the world happens through networks like that. Some of it is legit, some is not.
At the risk of being draconian, okay, fine, you don't know who "ultimately" signed Fred up for your service, but HEY, Fred was signed up illegally, so it's still your fault.
I'd like to think that suddenly, companies would get a LOT more careful about who they let sign up to be partners, if they're now at risk.
Don't we already do this kind of things with banks, in other words KYC ("Know Your Customer")? A long term business relationship is worth a bit of hassle.
This would work, but there are all sort of secondary problems with forcing service providers to take on the role of policing their networks. There are more than a few detractors of KYC laws, for example.
Besides the banks and financial services themselves?
I would expect them to lobby against KYC since it internalizes the costs. No business wants to take on costs that could otherwise be passed on to others. That is the core of why regulations are needed.
It's not just that Fred was signed up using illegal tactics. The culpability comes from the fact that these US companies are paying the scammers to do this. The number or complexity of intermediaries is morally immaterial. That's why industries where these kinds of scams happen get special regulations. Advertising for some reason has just escaped oversight for now.
If you meaningfully punish the company who paid for it, then robocallers can blackmail any customer-centric company that they want. They start robocalling on behalf of the company then tell the company that they will have to pay to stop. As long as the payment is enough below the legal penalty for continuing, the company will pay the blackmail and the robocaller moves on to their next target.
Except these are huge publicly traded companies. They money flow could easily be tracked from the advertiser to the scammer if efforts weren't being made to hide it. So this is a moot point.
OK, so you apparently believe that big companies perform magic.
Meanwhile back in reality, a big company may have tens of thousands of affiliates or more. The affiliates all maintain that they are on the up and up, but any of them could be scammers. The company gets leads and doesn't know how they were generated.
To see how easy it is, you can create a blog, register yourself as an affiliate for Amazon, and put a link on your blog. Boom. Now have your friend click on your link, and go buy something. Guess what? Amazon will pay you money!
Now suppose that you do that and I do that. You put up your blog, I put up a blog as well. But I also put out a browser extension that rewrites all amazon links to come to my site, record that, and then redirect. How is Amazon supposed to find out that your traffic is real and mine is from a scam? Our sites look the same. We're both sending real customers who will pay real money.
In this scenario if Amazon could catch me, they would. I'd be straight up cheating them, making them pay for traffic that I didn't generate.
> Now suppose that you do that and I do that. You put up your blog, I put up a blog as well. But I also put out a browser extension that rewrites all amazon links to come to my site, record that, and then redirect. How is Amazon supposed to find out that your traffic is real and mine is from a scam?
How about: affiliate links are constructed to incorporate the affiliate tag so that they can't be rewritten. Yes, each link on your blog is different than the links on my blog for the same items, not just slapping a tag in a URL field.
Of course, this would have engineering and hardware overhead on Amazon's side, but without something like this they're just retreading telco history in giving the world untraceable Caller ID, as you aptly illustrate.
You have downgraded my attack from "rewrite all Amazon links" to "rewrite all Amazon links that were not owned by another affiliate."
And I can rewrite all Amazon links that were not owned by another affiliate if I don't mind just sending them to the Amazon home page. Which will probably be the behavior if an affiliate messes up the link (which they will do fairly reliably).
The result is not a significant improvement over the current state, except that it becomes somewhat harder to be an affiliate.
My solution eliminates the entire theft problem, and I'm not going to entertain the nirvana fallacy of "oh but unaffiliated urls can still be rewritten!" which is also goalpost-moving.
Why would Amazon honor a broken affiliate link? They don't now.
If a company's marketing strategy allows it to pay spammers to place illegal phone calls, then that marketing strategy is clearly negligent and should be illegal. The US phone system has existed for over a century and this only became a problem about 10 years ago. Clearly it is possible to market products in such a way as to not encourage crime.
I have no idea what you are talking about with magic. If the advertiser has no idea which affiliate generates a sale, then how does it know how much to pay each one?
You don't punish the company for robocalls, you punish them for acting on the robocalls. (And the same for spam.) The act of placing the robocall is only the fault of the robocaller. When the true company follows up on the lead, though, they then become liable.
Yes, they will have to be careful where they get leads from. So what?
When the lead arrives, it looks just like any other organic lead from someone searching on Google. You literally have no idea whether your leads are coming from robocalls.
So how is a company supposed to be careful? Throw away ALL organic leads?
The robocaller opens a browser, fills out the details, then hits submit on behalf of the person they got to sign up. Exactly like a human would.
Except that you automate it. But still the request looks a lot like it comes from a real person. And if you've got access to a botnet, the request will likely be coming from a real home computer as well.
the car warranty companies are careful to ensure that they use enough third parties to cover their track. The warranty company isn't doing anything wrong, it is the resellers that are selling.
If you're not doing anything wrong why do you need to cover your tracks?
Let's not be disingenuous - they're not stupid enough to believe that Robocaller Company A, who is charging them a quarter of what other telemarketing companies are, is all above board. Hiding behind plausible deniability of shell companies and third parties to me isn't demonstrating "they aren't doing anything wrong and swear to god, we had no idea what the company we did business with intended".
Are they using telemarketers, or just underwriting for any independent insurance salesperson. When you buy a used car the dealer isn't doing the warranty himself, just selling for some warranty company.
Part of the problem is the conceptual designs around the SS7 signalling network. Trust is all or none. If you allow a switch in {x} country to connect to your switches, then they can spoof calls. All it takes is one shady company with an SS7 link and they can resell access for all manor of spoofing. The SS7 network really has no concept around levels of trust or banning specific connections from specific types of messages. It's a very ancient system, much older than the internet. It's only newer than the even more ancient "A" series mechanical phone switch networks. To overhaul such a system on such a large scale would require building out a new system in parallel in my opinion. I can not even fathom the level of bureaucratic battles, legal battles required for such an undertaking.
Back in the day, I wanted to nix a SS7 link to a shady vendor that was spamming cell phones. I got in trouble for that. "They are paying their bills, leave them alone and keep your nose out of it". That is another aspect of the problem. Even if a telco wanted to stop abuse on their own network, it would not be permitted unless they are legally obligated to do so. Even then, telco's have more lobbyists than all the silicon valley big tech combined, no exaggeration. That is just based on my very dated experience. I have long since left telco and very happy I did.
Ouch... if that's the case, how can the FCC do anything to find the scammers? It sounds like it's technically impossible (and maybe also politically, alas).
At best, they could require the U.S. to implement STIR/SHAKEN [1], maybe. There will be significant technical and legal challenges in this. Overhauling or upgrading the existing switches is non trivial. This is just my opinion, but I predict this will result in legal battles and legal stalling on the part of the telcos. Even if all the telcos agreed to do this, there would be a period of time that nothing is enforced and even then, this has no impact on anyone outside of U.S. jurisdiction unless laws with teeth require amended agreements between the U.S. and non-U.S. telcos. I am not a lawyer, but I don't need to be one to see some of the ways this will play out and how this can turn into political posturing, deflection of responsibility and saber rattling between the U.S. and other countries.
Surely spoofed calls can be detected and infringements penalised i.e. you can’t lock the front door so instead of prevention you identify who walks through the door and punish thieves.
Detection seems like it is doable - either technically (detect spoofing which implies something impossible like a home phone in Nigeria) or consumer feedback (e.g. a short number to call which marks previously received call as a robocall). And some detection can be done with existing equipment and fails gracefully (it doesn’t need to be 100% reliable) unlike changes to core protocols/equipment.
> It's a very ancient system, much older than the internet.
That seems an odd characterization.. they both were being developed at nearly the same time. SS7 developed faster and was put into use much more broadly than IP due to corporate need and support, but they're both about the same age.
> Part of the problem is the conceptual designs around the SS7 signalling network. Trust is all or none. If you allow a switch in {x} country to connect to your switches, then they can spoof calls.
Why does the problem have to be tackled from the direction of extending the wire protocol? It seems like it would be straightforward to tackle it from the business end first: a major phone company declares that it will block spoofing on calls originating in its network, and will only accept calls coming into its network from partners who make the same commitment to not allow spoofed calls onto their networks. This doesn't require any changes to the technology used to connect phone networks, just changes to the business arrangements (a threat of blacklisting).
(If you don't want to take quite such a hardline approach, then require that all calls either originate from a network that is trusted to have valid caller ID data, or the caller ID data is stripped from the call. And then give all end users the option of blocking calls with blank caller ID.)
I suspect it has to do with roaming. I have a phone in country X with company Y. If I travel to country A with company B and make a call, is it spoofed?
This is a good question. I think the problem lies in the fact you would have to include in your business decision to block roaming. Roaming is a money maker, so I think you would have a hard time convincing telcos to block that. There are laws around roaming as well that you would have to augment or remove internationally. If numbers were not portable and roaming did not exist; meaning, you have to acquire a local number through some form of authentication and your source country forwards the calls to that temporary number, then that might work. When you call people back, they won't see your number though. They would see the loaned local number. At this point we are reinventing the proposed shaken/stir but in a more cumbersome manor.
all calls either originate from a network that is trusted
That is also tricky. What does trusted mean? Does it mean that if someone on that network is abusing SS7, that they become untrusted? If so, every network would be untrusted within 10 minutes. Maybe a cost penalty to self regulate? You have to block your own reported abusers or lose peering? I like the idea, but I think that would put us back into that realm of legal and political quandaries. This would require a fairly significant addition in full time employees to police the abuse reports and entirely new reporting systems to log all the SS7 data, learn and report abuse patterns.
> I think the problem lies in the fact you would have to include in your business decision to block roaming.
Does roaming involve my cell phone having the same kind of unrestricted SS7 access on the telco's network that enables spoofed robocalls? If so, what the hell are SIM cards for?
> What does trusted mean? Does it mean that if someone on that network is abusing SS7, that they become untrusted?
Trusted here would mean the network enforces ingress filtering on caller ID data; that calls being placed by end users on that network have accurate caller ID attached by the carrier, and calls coming in from another network either have trusted caller ID data or blank caller ID data.
I don't know enough about how SS7 works to know how what degree of access to SS7 is used by various methods of placing calls, but it seems pretty likely that ordinary landline and cellular phones are not viable ingress vectors for spoofed robocalls, and filtering is only needed with more advanced services such as connecting your PBX to the carrier's network.
SIM cards are for binding IMSI/MSISDN/IMEI, to authenticate you to the mobile network and update the HLR with your location. This data also traverses the SS7 network but does contain some authentication data specific to the wireless provider. The landline telcos have no knowledge of what this data means beyond the ability to route it. The mobile switches will route your MSISDN to the other SS7 networks.
accurate caller ID attached by the carrier
This goes back to the suggested shaken/stir method of authentication. There is really no other way to determine what is valid and what is not. The carrier can attach nearly any number and that number can be entirely valid.
Again, what the hell are SIM cards for? Skip the alphabet soup, please.
On some level, a SIM card must authenticate you to the local tower operator as authorized to place calls, and identify what other carrier gets billed for that if you're roaming. They also identify (in an authenticated manner) what the phone number is for your cell phone, so that the local tower operator can start routing calls to that number to your handset. This seems sufficient for the local tower operator to ensure that you aren't using your smartphone to place tons of robocalls with spoofed numbers, using only infrastructure that is already universally implemented.
I don't see where a landline telco on the receiving end of calls originating from your smartphone needs to know anything about any of that process; the mobile network operator that's connecting the first hop of your call can be and should be the one responsible for preventing you from abusing the network. I want my phone company to hold the mobile network to that standard before letting calls from that network make my phone ring.
> This goes back to the suggested shaken/stir method of authentication. There is really no other way to determine what is valid and what is not. The carrier can attach nearly any number and that number can be entirely valid.
This sounds again like you're deciding ahead of time that the problem can only be addressed by a technical solution that turns out to be basically intractable. You're saying that solving the spoofed robocall problem requires every telco to be able to fully validate in realtime who owns what number and is roaming where. I'm pointing out a relatively non-technical solution where each network is only responsible for restricting the bullshit the let into their network, at the boundaries where it seems practical to enforce without overhauling the entire protocol stack for the whole industry. And lax enforcement would get a carrier blacklisted, or at least make all calls originating from their network readily identifiable as suspicious and trivially blockable.
What I am saying is that mobile networks don't share any of this data with telcos. To do so would require overhauling the landline networks to support this. No such technical capabilities exist today. The business decision you are suggesting could not be implemented even if they wanted to. Mobile networks are another implementation of SS7 and the only thing common between them and landline networks is the routing. I am not deciding anything and I am just basing my opinions on my long past experience.
> What I am saying is that mobile networks don't share any of this data with telcos.
I'm not asking for any new data to be shared from mobile networks to landline telcos. You haven't explained why you think that is required in order for mobile networks to perform sanity checking (or sanitization) on the data they're already sending to other telcos during call setup.
Roaming is a concept in the mobile networks, that isnt really part of the problem here, that is robocalls. As LinuxBender says, the decision is to block the ingress link containing the robocalls. These calls generally dont come from mobile devices roaming abroad, but from voip switches that have access to the landline network and configure their own a-party afaik.
I would not imagine silicon valley wanting into the landline business. Mobile perhaps, Google dipped its toes in that one I believe through acquisitions. Landline operators today are the opposite of agile, move-fast-break-things. Change control in telco is draconian compared to anything SV tech have seen. New ideas almost never see the light of day. And all of this is codified in regulations. It's comparable to the banking industry, though each have their own quirks.
That sounds wrong to me? Surely you could do something like ingress / egress filtering of the numbers, and not allow an American number from India, for instance? Am I missing something in the setup.
I guess what you're really saying is that most phone systems are nowhere near that sophisticated?
Not my expert domain but; Roaming. How do you let someone with a cell phone make a call while on vacation half way around the world, without giving them most of a second of latency?
What you are saying totally makes sense, but numbers are portable as mjevans pointed out and b-number analysis is a bit more primitive. This requires cooperation from all the telcos and would require business changes, process changes and code changes to systems so that you could approve-list what is a mobile network NPA/NSX and deny-list what is not. This just means spoofers would only be spoofing mobile numbers. Now you have a game of whack-a-mole. Some of these systems are so old that the people that wrote code for them are long gone. I am not saying that is universally true of course. Some switches had fairly modern hardware. But unlike the internet where everything peers with bgp and information / routing information is freely shared, there is a lot more manual work and manual changes and coordination required. Even if you could update all of them, now you have to maintain yet another real time deny-list and that does not really solve spoofing.
> It's a very ancient system, much older than the internet.
Actually, you could argue they're around the same age. ARPANET switched from NCP to TCP on 1 January 1983 [1] and the initial SS7 standard was released by the ITU in 1988.
The thing that gets me is that no matter what is on the line, spoofed Caller ID or no, telcos know exactly which account is paying for that outbound call to exist. The technology can't be quite as primitive as portrayed, since AFAIK there is absolutely no way you can spoof someone's number in CID and have something billed to them, such as a long-distance call from a landline (which still have LD plans). Telco is always going to know where the money is coming from for every volt and bit on their wires.
It's possible I'm clueless, but that's where I feel enforcement should be focused: on the money side.
The US based companies will make the argument that they aren't liable for the infringement made by the third-party "lead generation" companies that they employ. They will argue that they have no way to police their actions, and therefore should not be held liable for any illegal activity.
What's worse are the scammers who call from the "social security administration" trying to get you to wire them thousands and thousands of $$. They are quite insidious, sophisticated, and can sniff out even the slightest misstep you make when you try to string them along. I have heard stories, second-hand, of senior citizens who were scammed out of tens of thousands of dollars through schemes like this. It's abhorrent.
Source: I sued a home security company who made the above argument re: using a third-party lead generation company in person with me at the local courthouse during settlement talks. I did manage to get him to settle for several thousand $$ anyway, plus he had to travel several hundred miles to make an 8am Monday court appointment, so I figure that's a win.
The thing that puzzles me is why is the goal to stop the robocaller, and punish them, and not the punish the company that hires them?
I can't say that I know the technical or legal process, but from a layman's view it seems that going after the entity committing the crime is faster and cheaper than going after the company behind the shell company behind the lead generator behind another shell company behind another company behind another shell company, all of which may be in different countries.
In this case, the direct approach seems to be a good place to start.
> the company behind the shell company behind the lead generator behind another shell company behind another company behind another shell company
In the end, there’s a US business somewhere in that chain that exists to take the money of US customers, and to pay taxes on that revenue; and that company is the one you’re put in contact with when you phone the number specified in the robocall.
It doesn’t matter who owns a controlling interest in that company. The only thing that matters is the point at which it’s interfacing with the US phone network and banking system.
Just send the company some money (like they want you to do!), find out where it goes (in the US; it doesn’t matter what happens after that) and find out who owns that bank account. Then arrest that guy, and/or freeze those accounts. And maybe prosecute the bank or payment-processor that was willing to take their business, in order to disincentivize such service providers from offering them accounts in the future. Do that over and over.
Deplatforming the services used by robocallers would be a very effective way to decrease the financial incentive to robocall and increase the financial incentive to help authorities identify your customers.
Even figuring out the service provider is more difficult than it seems. These spam callers use made up and ever changing company names. If you ask them much of anything about the company they are working for when they call, they will usually immediately hang up.
Just get rid of spoofing phone numbers and this problem goes away. Make every caller reveal their phone number of origin and give consumers the ability to easily block anonymous calls and overseas calls and the ability of scammers to contact people via phone goes away.
Phone companies don't want to do this because implementing the no-spoofing infrastructure requires money and they also make a lot of money off scammers business lines.
The telephone infrastructure is critical to a nation and anyone abusing it should not be tolerated, especially scammers.
The infrastructure is there[1]. The theory is that they don't want to kick off their biggest customers that get billed for the oversized use of the phone system.
Getting rid of spoofing is kind of tricky, because you then need a way to know which numbers are authorized to be used by which accounts, especially when there can be several intermediate carriers in the connection process.
A standardized reporting code (like *69 for call back, but instead to report abuse) combined with detailed enough call records to enable that would be helpful.
Maybe a carrier can charge other carriers more it at least x% of calls are flagged as abuse. And a carrier may charge a customer more if at least y% percent of calls are flagged as abuse. And a customer is referred to FCC for enforcement action after N calls are flagged in 30 days or if z% of calls are flagged.
Perhaps a requirement for record keeping of flagged calls, such that the recipient can sue for statuatory damages, and the carriers involved would be liable if they can't provide records. If they provide the records, liability moves to the origin, but the end customer may seek to quash the suboena without revealing their identity in narrow circumstances where anonymous calls serve the public interest and the abuse process is being used to deanonymize rather than stop abuse.
"is an upcharge fee subscription service offered by telephone company providers which, when dialed immediately after a malicious call, records meta-data for police follow-up. A police report must be filed after each use, as law enforcement will only act on the trace once a formal police report is filed in regard to the call. "
So, I will get charged for reporting a scammer? And nothing will happen unless I file a police report? That is certainly a solution, but not the one I would hope for.
They introduced these as a $5 add on in the early 90s, but it rapidly became just a regular part of service. I've never heard of any telco to charge for the reporting service.
There is no such thing as phone number of origin. A business voice circuit doesn’t have an identity like that. Each call it carries is whatever the signaling data says it is. There may be some inbound numbers routed to it, or not.
The problem is not “is this the true phone number of this circuit?” because there is no such thing. It is not even “do I route inbound calls for this number down this circuit?” because there are legitimate topologies where you don’t. It’s the fully general “is this customer authorized to use this number?” which you somehow have to establish with a bunch of mutually distrusting competitors. It’s possible, that’s what STIR/SHAKEN is, but it’s a formidable problem. Telephony is much more complicated than your one-circuit-one-number residential POTS line.
You’re right, as I’m not aware of any of those telcos have any problem knowing the right person to bill. Odd that the knowledge for that part is perfect ...
There are legitimate reasons for spoofing, but they all involve the permission of the number being spoofed.
We need something akin to DNS records for phone numbers. Each number would list the numbers allowed to spoof it. When a spoofed number comes through you check the list and see if it's allowed. Only the owner of the number can edit the list. (This is not a burden for the vast majority of people who have no need of spoofing, they don't need to ever look at the system.)
The Oligarchic Phone Companies already have a system like this in place, to lookup names based on phone numbers, and it's based on DNS. On the downside, each Oligarchic Phone company charges for each lookup (everything on the Oligarchic Phone Company costs money).
Uh they use robocalls to advertise this "service". It's annoying as hell. I guess the tropical sounding music they play with the voice over is kind of catchy? But they're ass hole robocallers just like the scammers they're allegedly blasting.
I just use the "Silence unknown callers" feature in iOS - It's a godsend. I also noticed after a few months that I actually have a lot fewer unknown calls now. (You can look to see missed calls)
It’s gone the other way too though, where I miss a call I’m expecting while literally holding the phone waiting for it because it doesn’t recognize the number.
For example I was dropping the dog off at the vet and I was in the parking lot waiting for our turn (lobby closed for social distancing). Their call to me was silenced even though I had called the same number minutes earlier to check in.
So now I’ve moved to aggressively adding numbers to my contacts for any business I interact with (auto dealership, vet, pet groomer, etc). Which isn’t terrible but it feels like this could get smarter at some point.
I have a voicemail greeting that says outright "due to increased telemarking and spam calls, this number goes to directly voicemail. Please leave a short message if you can and I will call you right back."
This is very annoying when I am trying to call someone back that requested me to call them. You specifically asked me to call and now I have to talk to a robot first.
It's less annoying that getting dozens of spam calls each day. If you will be calling the person frequently, just have them add you as a contact. No big deal.
Not answering unknown numbers not only saves you the trouble of getting them but also results in fewer robocalls over time since you do not answer.
Similarly, I called for appliance service and added the number of the vendor to my address book. Then the technician tries calling me from his unknown cell, which does not ring. He was able to text me though.
I just use the "Silence unknown callers" feature in iOS - It's a godsend. I also noticed after a few months that I actually have a lot fewer unknown calls now. (You can look to see missed calls)
It's a great feature. Or at least it was until recently. Local health departments say it's killing their ability to do contact tracing, as many people don't listen to unknown voice mails, either.
I’m not as concerned about Robocalls as I used to be, because I just don’t answer the phone anymore.
The new issue I have is spam and sexual text messages, particularly when they are sent to my kids.
Both my kids have phones to interface with their CGMs (glucose monitors) so that I can track their numbers remotely. Both my kids get adult text spam from random invalid numbers about once a day. They are 8 and 11.
I called AT&T and said I want to block all text messages, I just want data and voice (and iMessage). I spent over an hour on the phone, they weren’t able to do it.
If you go to Settings > Messages, you can filter out messages from unknown senders. However, this only prevents the notifications from showing up; they'll still be in the app under the "Unknown senders" tab.
FWIW, T-Mobile does allow you to block all SMS and MMS.
There is also a Screen Time feature called Communication Limits which can be used to restrict Messages and Phone to contacts only. Doesn't apply to third-party apps though.
Ting can do it. It's one checkbox in my device settings panel. Here's the whole list of things I can tweak:
> Can use call forwarding
> Can use call forwarding on busy/no answer
> Can use call forwarding at any time
> Can use call waiting
> Can use hold
> Can use three-way calling
> Can use visual voicemail
> Can make/receive calls
> Can use voicemail
> Can use Wi-Fi calling
> Allow international long distance calls
> Allow international roaming
> Allow international roaming data
> Can send/receive text messages
> Block picture, video, and group messages
> Can use data
> Can use tethering
This is 10 or 20 years too late and still too limited in scope. Allowing up to three calls per 30 days? Just set up 10 companies and hit everyone, everyday, forever.
I don't understand why digital protections are so limited.
The incentive for those in "untouchable jurisdictions" to commit cybercrimes skews entirely towards high reward, low/no risk.
I honestly just wish I could cut off all phone calls originating from out of country. If this could be technologically enforced, I think it would dramatically lower scam calls.
Most of the scam calls I used to answer were identifiable local numbers. Easy to get VOIP numbers in bulk or put up a literal farm of SIM cards in cheap phones.
The FCC shouldn’t even need to tell them to do this. The utter signal pollution this has caused has practically destroyed their business. People don’t even answer the phone in their own home.
Make it illegal for calls originating from international origins to lack caller identification. Also likely unenforceable, but again, it sets the basis.
Since I sense that caller ID is completely spoofable for calls from international networks, now add some technical salt: Require domestic phone companies at the edges to add some kind of "network of origin" prefix to caller IDs from international origins. This is prepended to what is provided by the outside network, even if they provided "no caller ID" or "unknown caller".
Make it that domestic calls don't have this prefix and it is illegal to insert anything that resembles one.
This way I can see incoming calls from network Xyzabc for the junk they are. And networks will each get a reputation from consumers.
How much do we actually need the phone network? I exchange occasional non-iMessage SMS or place a call to order a pizza. Rare inbound calls always go straight to voicemail, which I would strongly prefer to read over listen.
Why can't we get data-only phones with no phone number? Fastest way to solve problems with SS7 is to disconnect from the phone network except through a gateway.
Thankfully where I live robocalls only target landlines and rarely cell phones.
My telco moved to voip, and since then I have asterisk pbx software running that only makes the phone ring if the call is from a whitelist of numbers, otherwise it makes it look like the phone is ringing for a while and then goes straight to voice mail.
This works well as 99% of the robo dialers detect the voice mail and don't leave a message. If I was getting lots of voicemails I would probably setup IVR prompts to stifle them.
112 comments
[ 0.20 ms ] story [ 188 ms ] threadThat seems like a bad idea. The phone company needs to lose money when they allow robocalls, to finally motivate them to actually start authenticating business callers and actually start respecting the national do not call registry. The carriers are the only group with the ability to prevent robocalls, and they’ve been allowing them precisely because they’re getting money from the whole arrangement by allowing them.
* Edit: the FCC order sounds like a good thing as a long overdue very first step, however this part sounds hilariously out of date to me: “Non-commercial, commercial and nonprofit organizations can now only make up to three calls per residential number within 30 days and are required to allow recipients to opt out.”
I could be wrong, but I’ve had a lot of spam calls in the last few years, and never have I gotten multiple calls from the same number in a month. They are spoofing and setting up new entities on the fly. Limiting the number of calls sounds like something a politician would do who doesn’t understand what’s already going on (or... maybe a sly move that makes the FCC appear pro-consumer while not actually threatening the business of carriers in any way...). Consumer-visible and actionable call authentication is what we need, not limits on the amount of spam. Limiting each individual company to three spams from my point of view means I experience millions of spams. In fact establishing a limit of an okay number of spams just might increase the amount of spam calls I get...
So for example.
I get a robo-call, I report it and my carrier pays me $5.
They then can collect that $5 from the carrier that delivered that call to them, who can collect it from the carrier that routed it to them who can collect it from the end user. And if at some point you can't collect you're stuck paying the $5.
But it doesn't say "from the same number." It says the same entity, which should hold regardless of the number.
That said, whoever had my phone number before me (over 3 years ago) owed a lot of people money. I get 3-5 calls per day from debt collectors looking for her. I've never answered any of the calls, and they've rarely left any messages, but the caller ID often says, "such and such credit service", so it's pretty clear what's going on. The same company calls literally every day several times per day. It would be great if they could only call 3x per month. One actually does use the same number every time, so I eventually blocked their number. Another one uses a different number every time, but the callerID is always of the form "V12345678" where the number is just some incrementing integer, so it's obviously the same people.
As a recipient, I don't care if the caller paid, I got $10 from my carrier. As a terminating carrier, I don't care if the caller paid, I got paid from the originating carrier.
As the originating carrier, I should damn well have a billing relationship with the caller, and they're not getting services if I'm not paid. I'll probably charge a collection fee for each charge I bill the caller, so works for me too. Require a deposit to continue service when calling patterns look robotic.
(intermediate carriers can fill in between, they won't make money from the robofees, but will be incentivised to properly pass them through)
Charge the phone company $5/robocall, require them to pay that $1 to the consumer in cash, not as a "credit" on their phone bill, and require a $1/incorrectly-blocked-call and suddenly I suspect the carriers will know where the robocalls are coming from.
We can't start catching/blocking scammers and robocallers soon enough. The telcos can get us in touch with people from other continents, but they can't spare the time to stop or trace the calls? Their "solution" for my grandma's friend was to tell him not to have a phone for a few weeks. LOL.
And second, if enough senior citizens were on VoIP numbers, I bet that's exactly where scammers would target next.
The solution you're suggesting isn't so much to switch to a product that's inherently better, but to switch to a product that only people who don't fall victim to scams are using.
The VoIP story was more of a seed planting for anyone else that might be reading and interested. Senior or milenial, doesn't really matter to me who it might be that might want to to give it a shot. Plus, seniors tend to have family members that could help them set something like this up. Don't write those seniors off so lightly
I have no hope that they'll be held to account for the full extent of their crimes, but in a justice system that works for actual justice, they'd be counted as serial killers.
Isn't the better solution to just not answer any number that is not a contact? Then review the voicemail if necessary. Smartphones at least often have the feature built in to forward all non-contacts to voicemail.
If the car warranty company that keeps calling me is in the US, aren't they liable for contracting for an illegal service? If they're out of the US, can't we impose some block on all payments from the US to them?
Problem is, almost all of the advertising and lead generation in the world happens through networks like that. Some of it is legit, some is not.
So I do think it's correct to go after robocalling and make it stop.
Now one thing I don't agree on is the WAY in which we're doing it via tracing or whatever. Instead if I was the FCC I would simply require, starting today, that all calls made in the US must be signed to be completed. I would rather have no phone calls in the US for a month than let this shit go on indefinitely.
Something like that would force all carriers to immediately figure out a way to get every phone call signed. Then once we have calls signed, the spammers would lose their right to call pretty much after a few calls are made and reported.
I think the current strategy is pretty hand-wavy and doesn't have any end in sight.
At the risk of being draconian, okay, fine, you don't know who "ultimately" signed Fred up for your service, but HEY, Fred was signed up illegally, so it's still your fault.
I'd like to think that suddenly, companies would get a LOT more careful about who they let sign up to be partners, if they're now at risk.
Don't we already do this kind of things with banks, in other words KYC ("Know Your Customer")? A long term business relationship is worth a bit of hassle.
I would expect them to lobby against KYC since it internalizes the costs. No business wants to take on costs that could otherwise be passed on to others. That is the core of why regulations are needed.
If you meaningfully punish the company who paid for it, then robocallers can blackmail any customer-centric company that they want. They start robocalling on behalf of the company then tell the company that they will have to pay to stop. As long as the payment is enough below the legal penalty for continuing, the company will pay the blackmail and the robocaller moves on to their next target.
Meanwhile back in reality, a big company may have tens of thousands of affiliates or more. The affiliates all maintain that they are on the up and up, but any of them could be scammers. The company gets leads and doesn't know how they were generated.
To see how easy it is, you can create a blog, register yourself as an affiliate for Amazon, and put a link on your blog. Boom. Now have your friend click on your link, and go buy something. Guess what? Amazon will pay you money!
Now suppose that you do that and I do that. You put up your blog, I put up a blog as well. But I also put out a browser extension that rewrites all amazon links to come to my site, record that, and then redirect. How is Amazon supposed to find out that your traffic is real and mine is from a scam? Our sites look the same. We're both sending real customers who will pay real money.
In this scenario if Amazon could catch me, they would. I'd be straight up cheating them, making them pay for traffic that I didn't generate.
How about: affiliate links are constructed to incorporate the affiliate tag so that they can't be rewritten. Yes, each link on your blog is different than the links on my blog for the same items, not just slapping a tag in a URL field.
Of course, this would have engineering and hardware overhead on Amazon's side, but without something like this they're just retreading telco history in giving the world untraceable Caller ID, as you aptly illustrate.
And I can rewrite all Amazon links that were not owned by another affiliate if I don't mind just sending them to the Amazon home page. Which will probably be the behavior if an affiliate messes up the link (which they will do fairly reliably).
The result is not a significant improvement over the current state, except that it becomes somewhat harder to be an affiliate.
Why would Amazon honor a broken affiliate link? They don't now.
I have no idea what you are talking about with magic. If the advertiser has no idea which affiliate generates a sale, then how does it know how much to pay each one?
The advertiser has no idea what techniques the affiliate used to generate that sale. That's the whole problem.
Yes, they will have to be careful where they get leads from. So what?
So how is a company supposed to be careful? Throw away ALL organic leads?
Except that you automate it. But still the request looks a lot like it comes from a real person. And if you've got access to a botnet, the request will likely be coming from a real home computer as well.
Let's not be disingenuous - they're not stupid enough to believe that Robocaller Company A, who is charging them a quarter of what other telemarketing companies are, is all above board. Hiding behind plausible deniability of shell companies and third parties to me isn't demonstrating "they aren't doing anything wrong and swear to god, we had no idea what the company we did business with intended".
Back in the day, I wanted to nix a SS7 link to a shady vendor that was spamming cell phones. I got in trouble for that. "They are paying their bills, leave them alone and keep your nose out of it". That is another aspect of the problem. Even if a telco wanted to stop abuse on their own network, it would not be permitted unless they are legally obligated to do so. Even then, telco's have more lobbyists than all the silicon valley big tech combined, no exaggeration. That is just based on my very dated experience. I have long since left telco and very happy I did.
[1] - https://transnexus.com/whitepapers/stir-and-shaken-overview/
Detection seems like it is doable - either technically (detect spoofing which implies something impossible like a home phone in Nigeria) or consumer feedback (e.g. a short number to call which marks previously received call as a robocall). And some detection can be done with existing equipment and fails gracefully (it doesn’t need to be 100% reliable) unlike changes to core protocols/equipment.
That seems an odd characterization.. they both were being developed at nearly the same time. SS7 developed faster and was put into use much more broadly than IP due to corporate need and support, but they're both about the same age.
Why does the problem have to be tackled from the direction of extending the wire protocol? It seems like it would be straightforward to tackle it from the business end first: a major phone company declares that it will block spoofing on calls originating in its network, and will only accept calls coming into its network from partners who make the same commitment to not allow spoofed calls onto their networks. This doesn't require any changes to the technology used to connect phone networks, just changes to the business arrangements (a threat of blacklisting).
(If you don't want to take quite such a hardline approach, then require that all calls either originate from a network that is trusted to have valid caller ID data, or the caller ID data is stripped from the call. And then give all end users the option of blocking calls with blank caller ID.)
all calls either originate from a network that is trusted
That is also tricky. What does trusted mean? Does it mean that if someone on that network is abusing SS7, that they become untrusted? If so, every network would be untrusted within 10 minutes. Maybe a cost penalty to self regulate? You have to block your own reported abusers or lose peering? I like the idea, but I think that would put us back into that realm of legal and political quandaries. This would require a fairly significant addition in full time employees to police the abuse reports and entirely new reporting systems to log all the SS7 data, learn and report abuse patterns.
Does roaming involve my cell phone having the same kind of unrestricted SS7 access on the telco's network that enables spoofed robocalls? If so, what the hell are SIM cards for?
> What does trusted mean? Does it mean that if someone on that network is abusing SS7, that they become untrusted?
Trusted here would mean the network enforces ingress filtering on caller ID data; that calls being placed by end users on that network have accurate caller ID attached by the carrier, and calls coming in from another network either have trusted caller ID data or blank caller ID data.
I don't know enough about how SS7 works to know how what degree of access to SS7 is used by various methods of placing calls, but it seems pretty likely that ordinary landline and cellular phones are not viable ingress vectors for spoofed robocalls, and filtering is only needed with more advanced services such as connecting your PBX to the carrier's network.
SIM cards are for binding IMSI/MSISDN/IMEI, to authenticate you to the mobile network and update the HLR with your location. This data also traverses the SS7 network but does contain some authentication data specific to the wireless provider. The landline telcos have no knowledge of what this data means beyond the ability to route it. The mobile switches will route your MSISDN to the other SS7 networks.
accurate caller ID attached by the carrier
This goes back to the suggested shaken/stir method of authentication. There is really no other way to determine what is valid and what is not. The carrier can attach nearly any number and that number can be entirely valid.
On some level, a SIM card must authenticate you to the local tower operator as authorized to place calls, and identify what other carrier gets billed for that if you're roaming. They also identify (in an authenticated manner) what the phone number is for your cell phone, so that the local tower operator can start routing calls to that number to your handset. This seems sufficient for the local tower operator to ensure that you aren't using your smartphone to place tons of robocalls with spoofed numbers, using only infrastructure that is already universally implemented.
I don't see where a landline telco on the receiving end of calls originating from your smartphone needs to know anything about any of that process; the mobile network operator that's connecting the first hop of your call can be and should be the one responsible for preventing you from abusing the network. I want my phone company to hold the mobile network to that standard before letting calls from that network make my phone ring.
> This goes back to the suggested shaken/stir method of authentication. There is really no other way to determine what is valid and what is not. The carrier can attach nearly any number and that number can be entirely valid.
This sounds again like you're deciding ahead of time that the problem can only be addressed by a technical solution that turns out to be basically intractable. You're saying that solving the spoofed robocall problem requires every telco to be able to fully validate in realtime who owns what number and is roaming where. I'm pointing out a relatively non-technical solution where each network is only responsible for restricting the bullshit the let into their network, at the boundaries where it seems practical to enforce without overhauling the entire protocol stack for the whole industry. And lax enforcement would get a carrier blacklisted, or at least make all calls originating from their network readily identifiable as suspicious and trivially blockable.
I'm not asking for any new data to be shared from mobile networks to landline telcos. You haven't explained why you think that is required in order for mobile networks to perform sanity checking (or sanitization) on the data they're already sending to other telcos during call setup.
Very interesting, and certainly not the first time I've heard that. I wonder if and when Facebook is going to encroach on telco turf.
I guess what you're really saying is that most phone systems are nowhere near that sophisticated?
Actually, you could argue they're around the same age. ARPANET switched from NCP to TCP on 1 January 1983 [1] and the initial SS7 standard was released by the ITU in 1988.
[1] https://tools.ietf.org/html/rfc801
It's possible I'm clueless, but that's where I feel enforcement should be focused: on the money side.
What's worse are the scammers who call from the "social security administration" trying to get you to wire them thousands and thousands of $$. They are quite insidious, sophisticated, and can sniff out even the slightest misstep you make when you try to string them along. I have heard stories, second-hand, of senior citizens who were scammed out of tens of thousands of dollars through schemes like this. It's abhorrent.
Source: I sued a home security company who made the above argument re: using a third-party lead generation company in person with me at the local courthouse during settlement talks. I did manage to get him to settle for several thousand $$ anyway, plus he had to travel several hundred miles to make an 8am Monday court appointment, so I figure that's a win.
I can't say that I know the technical or legal process, but from a layman's view it seems that going after the entity committing the crime is faster and cheaper than going after the company behind the shell company behind the lead generator behind another shell company behind another company behind another shell company, all of which may be in different countries.
In this case, the direct approach seems to be a good place to start.
In the end, there’s a US business somewhere in that chain that exists to take the money of US customers, and to pay taxes on that revenue; and that company is the one you’re put in contact with when you phone the number specified in the robocall.
It doesn’t matter who owns a controlling interest in that company. The only thing that matters is the point at which it’s interfacing with the US phone network and banking system.
Just send the company some money (like they want you to do!), find out where it goes (in the US; it doesn’t matter what happens after that) and find out who owns that bank account. Then arrest that guy, and/or freeze those accounts. And maybe prosecute the bank or payment-processor that was willing to take their business, in order to disincentivize such service providers from offering them accounts in the future. Do that over and over.
Phone companies don't want to do this because implementing the no-spoofing infrastructure requires money and they also make a lot of money off scammers business lines.
The telephone infrastructure is critical to a nation and anyone abusing it should not be tolerated, especially scammers.
[1]: https://en.wikipedia.org/wiki/Automatic_number_identificatio...
A standardized reporting code (like *69 for call back, but instead to report abuse) combined with detailed enough call records to enable that would be helpful.
Maybe a carrier can charge other carriers more it at least x% of calls are flagged as abuse. And a carrier may charge a customer more if at least y% percent of calls are flagged as abuse. And a customer is referred to FCC for enforcement action after N calls are flagged in 30 days or if z% of calls are flagged.
Perhaps a requirement for record keeping of flagged calls, such that the recipient can sue for statuatory damages, and the carriers involved would be liable if they can't provide records. If they provide the records, liability moves to the origin, but the end customer may seek to quash the suboena without revealing their identity in narrow circumstances where anonymous calls serve the public interest and the abuse process is being used to deanonymize rather than stop abuse.
We have this. 57
https://en.wikipedia.org/wiki/Vertical_service_code
So, I will get charged for reporting a scammer? And nothing will happen unless I file a police report? That is certainly a solution, but not the one I would hope for.
The problem is not “is this the true phone number of this circuit?” because there is no such thing. It is not even “do I route inbound calls for this number down this circuit?” because there are legitimate topologies where you don’t. It’s the fully general “is this customer authorized to use this number?” which you somehow have to establish with a bunch of mutually distrusting competitors. It’s possible, that’s what STIR/SHAKEN is, but it’s a formidable problem. Telephony is much more complicated than your one-circuit-one-number residential POTS line.
This has been repeated many times and I still don't believe it.
Perhaps it's time to admit that eliminating those topologies is a cost worth incurring.
We need something akin to DNS records for phone numbers. Each number would list the numbers allowed to spoof it. When a spoofed number comes through you check the list and see if it's allowed. Only the owner of the number can edit the list. (This is not a burden for the vast majority of people who have no need of spoofing, they don't need to ever look at the system.)
Except they are. They’re using methods outside law enforcement to deal with problems. Isn’t that the definition of a vigilante?
Besides that, are what they are doing even legal with regards to CFAA? I can’t imagine a prosecutor going after them, but that doesn’t make it legal.
For example I was dropping the dog off at the vet and I was in the parking lot waiting for our turn (lobby closed for social distancing). Their call to me was silenced even though I had called the same number minutes earlier to check in.
So now I’ve moved to aggressively adding numbers to my contacts for any business I interact with (auto dealership, vet, pet groomer, etc). Which isn’t terrible but it feels like this could get smarter at some point.
Not answering unknown numbers not only saves you the trouble of getting them but also results in fewer robocalls over time since you do not answer.
It's a great feature. Or at least it was until recently. Local health departments say it's killing their ability to do contact tracing, as many people don't listen to unknown voice mails, either.
The new issue I have is spam and sexual text messages, particularly when they are sent to my kids.
Both my kids have phones to interface with their CGMs (glucose monitors) so that I can track their numbers remotely. Both my kids get adult text spam from random invalid numbers about once a day. They are 8 and 11.
I called AT&T and said I want to block all text messages, I just want data and voice (and iMessage). I spent over an hour on the phone, they weren’t able to do it.
I'm not suggesting that you switch, only that something similar might exist on iOS.
FWIW, T-Mobile does allow you to block all SMS and MMS.
They are. They just refuse to.
> Can use call forwarding > Can use call forwarding on busy/no answer > Can use call forwarding at any time > Can use call waiting > Can use hold > Can use three-way calling > Can use visual voicemail > Can make/receive calls > Can use voicemail > Can use Wi-Fi calling > Allow international long distance calls > Allow international roaming > Allow international roaming data > Can send/receive text messages > Block picture, video, and group messages > Can use data > Can use tethering
I don't understand why digital protections are so limited.
The incentive for those in "untouchable jurisdictions" to commit cybercrimes skews entirely towards high reward, low/no risk.
I honestly just wish I could cut off all phone calls originating from out of country. If this could be technologically enforced, I think it would dramatically lower scam calls.
As long as people keep paying the phone bills, this doesn't strike me as something that is destroying the business of phone companies.
Since I sense that caller ID is completely spoofable for calls from international networks, now add some technical salt: Require domestic phone companies at the edges to add some kind of "network of origin" prefix to caller IDs from international origins. This is prepended to what is provided by the outside network, even if they provided "no caller ID" or "unknown caller".
Make it that domestic calls don't have this prefix and it is illegal to insert anything that resembles one.
This way I can see incoming calls from network Xyzabc for the junk they are. And networks will each get a reputation from consumers.
I can dream.
Why can't we get data-only phones with no phone number? Fastest way to solve problems with SS7 is to disconnect from the phone network except through a gateway.
My telco moved to voip, and since then I have asterisk pbx software running that only makes the phone ring if the call is from a whitelist of numbers, otherwise it makes it look like the phone is ringing for a while and then goes straight to voice mail.
This works well as 99% of the robo dialers detect the voice mail and don't leave a message. If I was getting lots of voicemails I would probably setup IVR prompts to stifle them.