67 comments

[ 0.21 ms ] story [ 168 ms ] thread
Too little, too late. I hope whatever bribes the 10 Congress member and FCC people got to allow this to ruin texting was worth it.
Please do political ones too
I don’t think we’ll get rid of legitimate political spam (no matter how much most people want it). At least STOP works for those.

But hopefully these same rules will help block the political scam stuff. Fake announcements, wrong polling place/election time info, libelous stuff not sent by legitimate (registered) organizations, etc.

It’s something.

> At least STOP works for those.

Hahaha no it doesn't.

STOP seems to get my number added to additional lists, maybe by design.
...it's the same deal as replying to a spam email. All that automation picks up on the fact that the destination is more susceptible to an action than if you did nothing at all.
Hahaha no it doesn't.

Then change phone companies.

When I send a STOP message, I get a message from AT&T stating that the source number is now blocked from sending any more text messages to my phone.

I'm not sure that's the behavior I would want from STOP. I have certainly sent STOP requests to retailers who over inform me of every step along the fulfillment process and each overnight stop as the item ships to me. I don't want all that.

I DO however want to receive notice when my item is out of stock or ready for in-store pickup if I chose that option.

The problem is 99% of political SMS's I get are not for any politician I can vote for. They're almost all from random districts across the country.

I reply STOP and that always works for each individual campaign organization, but the problem is there are thousands of these orgs.

In the months before voting I'll sometimes get multiple a day. Ugh.

> The problem is 99% of political SMS's I get are not for any politician I can vote for. They're almost all from random districts across the country.

I get this but via email, and they typically say it'll take 2 weeks or more to stop sending me this unsolicited bulk email. This is despite unsubscription being instantaneous.

Just as an aside, since high political office is a fairly direct path to immense wealth, I think these unwanted mails should be explicitly considered unsolicited, bulk commercial email. This is the precise definition of spam and we should treat it as spam and not just think of it as such.

> legitimate political spam

There's no such thing.

[dead]
It's about time.

I wish they'd block the Hilton Hotel roboscam. I get calls from them 3 times a day, all from different phone numbers in the state.

> the Hilton Hotel roboscam

What is it?

Timeshare sales. A recorded voice starts the call with "Thank you for choosing (Marriot|Hilton Hotels|Hyatt)! We have an exciting offer..."

I've been getting these for over 5 years now. Sometimes they pretend to be Costco as well. Same voice and inflection, though.

Yeah, it's a recorded voice.

A phone feature I'd love to have is to push a button and an AI chatbot takes over, with a goal to keep the scammer on the line as long as possible. Their whole business model would collapse.

The system effectively handles those calls, managing to keep the scammer on the line for a few seconds at a time, ultimately wasting their time. However, this approach is becoming less entertaining, as scammers appear to be increasingly aware of the robotic responses, diminishing its effectiveness.
[flagged]
If you read what the article says about what exactly is to be blocked, you'll see that it has a lot more in common with your certificate-pased proposal than the first amendment violation you inferred from the headline.

Carriers are being instructed to not deliver SMS purporting to originate from a phone number that carriers know is not capable of sending SMS. They're not being told to discriminate based on the content of the message or even based on the sender, except when the metadata about who sent the message has obviously been faked. Cryptographic signing is an obvious next step, but also unnecessary before even the most basic filtering of invalid spoofed data has been implemented.

I'm not well versed in telephony, but I've always wondered why after a century we still don't have something as simple as a three way handshake for calls/messages?
Uh, a text message is (famously) limited to 160 bytes. How are your going to sign this.

Instead, this proposal requires that carriers verify that the sender block "invalid, unallocated, or unused numbers." which is very much like ISP egress filtering.

Or forbidding IP spoofing a 1st amendment issue too?

> Uh, a text message is (famously) limited to 160 bytes. How are your going to sign this.

Don't sign the message to the phone, sign the connection between carriers.

> I really don't need nor want the government telling me who I can and can't receive a text from.

They aren't. They're simply saying that the sender of an SMS or phone call cannot hide their identity fraudulently.

Your argument is a bit like saying you're opposed to the government preventing people from creating fake IDs, fake Passports, fake License Plates, or fake Social Security Numbers.

(comment deleted)
I don't know why this is necessary to say, but scamming people and doing crime isn't protected speech.
I don't know why they focus on texts so much more than calls.

I get like 60 scam calls for every scam text. Scam texts are mildly inconvenient. Scam calls on the other hand are far worse. I get so many scam calls I don't pick up any phone numbers not on my contact list, and which causes me to miss several important phone calls a year.

Second half of the article is in fact about closing down some of the gaps that enable scam calls.
Opposite for me. Few calls these days but constant sms. Also calls I just never answer whereas sms I need to go clear the app notification status so I can detect real sms.
Indeed barely no calls yet I have that iphone setting turned on that all unknown numbers go to voicemail (still am not seeing a lot of missed garbage calls though).

Lately all just getting those pointless Amazon scam b.s. texts that I hope the majority of the population know the drill.. .never open just delete.

The scammers I am afraid will start to really use AI ... hack/monitor legions of phones ...spoof your contact list and call you then actually spoof the voice of some of your contacts. For me then I would only use something like a Facebook messenger set up where I only add friends I know already and they pass a series of questions we only know between each other. It's going to get worse .. thinking ahead.

Perhaps because it's much easier to filter scam texts when you already know the contents before they're delivered to the recipient.

From my own anecdata, I've received about 50/50 texts/calls. I also do not pick up unknown numbers anymore.

Also, filtering on a waveform is much harder than text data.
I used to, but now I just have the iOS "silence unknown callers" unless I'm expecting urgent other random calls. It's been bliss.

My work doesn't use my personal phone# - I know this isn't possible for everyone but works for me.

I am thinking about making the leap. If it’s really an important message they have my email and can text.

Edit: I just did. Voicemail is an option too.

As I think your replies indicate, it's variable. I get pretty much only scam calls. But my SO gets lots of scam SMSs, even ones targeting my work, such as claiming to be from "my boss".

I get plenty of spam SMS, but they're not technically scams. (…unless I suppose if you jokingly consider the GOP a scam…) I wouldn't mind seeing those get cracked down on. (I'm not registered with them, and they continue to spam me about political issues in jurisdictions for which I've not been on the voter roles for over a decade.)

Also, spam SMSs trying to get me to sell my parent's home. (I don't think these are scams, per se, but from what I've read their offers aren't going to be good. Nonetheless, I'm not looking to evict my mother … out of a house I don't own?, of course.)

Finally, my hometown has apparently sold their soul … and somehow my cell phone information? … to a random private company. Instead of publishing WEAs like a normal jurisdiction, I get SMSes that have little to no context, like "take shelter from the storm" while it's completely sunny and the forcast is nothing but sun, and the radar is clear. (It took a while to figure out that they were warnings about a city a few thousand miles away, since, again … 0 context.)

The FCC’s statements address this:

> Recipients of a robocall have the ability to either pick up the phone or not. But on most devices, recipients of a robotext see at least some of an unwanted message immediately

> …unlike robocalls, scam text messages are hard to ignore or hang-up on and are nearly always read by the recipient – often immediately. In addition, robotexts can promote links to phishing websites or websites that can install malware on a consumer’s phone.

And per the article this particular regulation is already in effect for calls:

> The FCC already requires similar blocking of voice calls from these types of numbers.

> The FCC already requires similar blocking of voice calls from these types of numbers.

In other words, it won't change anything. I still get just as many scam voice calls as I ever have.

FWIW I seem to have reduced them to a few a week by picking up the call and just not talking. If it's a legit number not in my contacts the caller will ask for me. If it's a scam call they just hang up after a moment and I think they're starting to put me on their own do not call lists. Any chance that might work for you?
I do the same. Mostly they just hang up. Sometimes they start threatening to take possession of the real estate I don't own.
I can't help but think it's funny that scammers may have their own do-not-call list.
Yes, as someone who has done volunteer telemarketing, we mark the call status. For example if you’re angry/rude, non-English speaking, disconnected, etc. Campaign managers can then target call sheets accordingly (e.g. for a Spanish-speaking line, have the Spanish team do a follow up call).
So many replies but few actually addressed steps the FCC indeed is taking. Eg; the implementation of STIR/SHAKEN: https://en.wikipedia.org/wiki/STIR/SHAKEN to prevent caller ID spoofing.
They switched it on years ago and nothing changed, I still get loads of spam calls.
Massive changes to international protocols aren't just "switched on".
How does one get this many scam calls? Is this something that happens in the US but not in Europe? I've not been scam called once in the EU and only scam-texted once or twice.
Since your question gets asked almost verbatim every time this topic comes up on HN, I can help you with an answer. This happens both in the US and Europe. But some people, both in the US and Europe, get hardly any scam/spam calls. Other people, both in the US and Europe, get tons.
They don't. It's just that the solution to scam voice calls is a lot harder to implement--there's no point making rules to address voice calls because there is not yet the technical capability to follow any rules around that. The STIR/SHAKEN protocols which will address voice scam calls when they're fully deployed, but that's a fundamental change to the protocol, which takes time. Texts, on the other hand, can be text scanned independent of the number from which they originate, which allows for a lot of filtering.
It's a huge overstep. It's an infringement on free speech and could lead to a slippery slope of censorship. It's better to teach individuals to be vigilant and protect themselves from scams, rather than relying on phone companies or government regulations. And what about false positives?
My carrier is pretty good about blocking text and voice spam. I hardly ever get any of those anymore.

BUT...

My carrier still has an email-to-SMS gateway (like people used to use in the late 90's), and that's how spam gets through.

There’s a defect in Verizon’s MMS systems, that allows spammers to spoof MMS messages onto the network with “xyzvzw.com” as the domain name in the MMS packet, no phone number at all, and then Verizon’s matching system only checks for substring “VZW.COM”, so the invalid messages get delivered (without a source phone number, showing up on your phone as a text from an email address). Since it’s processed as a system message, it’s guaranteed delivery, and their anti-spam system can only block phone numbers so it’s helpless too.

I tried reporting this and they were incapable of responding to or following up on the problem report, though they did helpfully detail the MMS packet defects to me. Maybe one of their engineers will read this someday.

Nice... by reading all of your text messages even more than they already do
I had my Wordpress site SMS me a copy of each new contact form just as a convenience for myself via Twilio. Twilios compliance requirements for using SMS has become such a regulatory mess that I deleted my Twilio account today. I am a reasonably bright person and I am unbelievably confused regarding what I am required to do to be in compliance.

I'll just use push notifications from here on out.

I am in the same boat and we are transitioning to dump SMS all together. What a headache to ditch.
You're not wrong. It's horrible. Want to hear something even more funny?

Twilio is forcing Tollfree Number registation and their current timeline is 6 weeks to approve. Well a week or 2 ago they decided that they wanted more data than what was currently submitted. So everyone is currently being denied and having to resubmit their registrations.

10DLC / Local numbers is madness in and of itself too. Forcing businesses to pay quarterly fees so these poor ol' carriers can have more recurring rev.

Twilio is a dumpster fire. Trying to use it 100% legitimately, respecting "STOP"s, and bending over backwards to comply with every request they've made and they still randomly block us. So not only do they fail at keeping spammers off their service they are actively driving away paying legitimate customers.

I used to love them and they still might be good for a little personal projects (though your story says otherwise) but I would never pick them to use at scale. At one point they said they needed the /exact/ text of every message we were going to send ahead of time to approve before we sent it... Yeah that doesn't work when you send OTPs (yes, yes, I know, we have to have it as a fallback) or a user-specific/transaction-specific url. So pretty much they only thing you could send is generic marketing trash, cool...

Good luck with that. I hope it works, but I have come to have a grudging respect for the ingenuity of the scammers.

Lately, I have been getting a dozen or so "We've Locked Your Account" phishing texts per day. I will tend to get them in "bursts," where several come in, within a few minutes.

It would be ideal if phone calls and SMS were based solely on a whitelist system, where social norms dictate that legitimate communication occurs only after numbers have been exchanged. This would prevent unwanted contact from unknown numbers. Although many people already disregard such unsolicited calls or messages, having a systematic approach would make it much more effective and efficient.
Great until the hospital or police or your kids friends parents are trying to contact you.
Thanks, Ajit Pai. Just in time.
[dead]
Finally, law enforcement starts to enfoce the law and protect people. For some reason, the Internet (and adjacent services) is treated as a fraud free-for-all.

When there's a ransomware attack or data exfiltration, nobody says, 'where's the FBI?'. We just accept that the Internet is criminal and lawless. Maybe enforcement against crypto fraud was the first step.

How would that work exactly? How would the FBI protect infrastructure and which infrastructure?

Should it be at the ISP? Should the FBI give every business a black box and say "put this between the internet and your network, we'll monitor and defend against cyber criminals" but if the company did that they would be giving the FBI all of their inbound and outbound traffic.I guess you could use the _nothing to hide_ argument but that's ridiculous.

If we put the onus of security on the FBI/Government that just means a larger government and less rights. Take the PATRIOT Act for example.

The three of these I have done have communicated with me via SMS or email.
Under public duty doctrine, police have a responsibility to the public as a whole but not any one person in particular (unless specially arranged).
There was a woman who would post up outside the Market St. Muni entrances with an unnaturally quiet baby and a sign saying she needed money for the baby. Same woman was there for multiple years, always with a baby around the same age.
Different baby? Or fake baby?