I don’t think we’ll get rid of legitimate political spam (no matter how much most people want it). At least STOP works for those.
But hopefully these same rules will help block the political scam stuff. Fake announcements, wrong polling place/election time info, libelous stuff not sent by legitimate (registered) organizations, etc.
...it's the same deal as replying to a spam email. All that automation picks up on the fact that the destination is more susceptible to an action than if you did nothing at all.
I'm not sure that's the behavior I would want from STOP. I have certainly sent STOP requests to retailers who over inform me of every step along the fulfillment process and each overnight stop as the item ships to me. I don't want all that.
I DO however want to receive notice when my item is out of stock or ready for in-store pickup if I chose that option.
> The problem is 99% of political SMS's I get are not for any politician I can vote for. They're almost all from random districts across the country.
I get this but via email, and they typically say it'll take 2 weeks or more to stop sending me this unsolicited bulk email. This is despite unsubscription being instantaneous.
Just as an aside, since high political office is a fairly direct path to immense wealth, I think these unwanted mails should be explicitly considered unsolicited, bulk commercial email. This is the precise definition of spam and we should treat it as spam and not just think of it as such.
A phone feature I'd love to have is to push a button and an AI chatbot takes over, with a goal to keep the scammer on the line as long as possible. Their whole business model would collapse.
The system effectively handles those calls, managing to keep the scammer on the line for a few seconds at a time, ultimately wasting their time. However, this approach is becoming less entertaining, as scammers appear to be increasingly aware of the robotic responses, diminishing its effectiveness.
If you read what the article says about what exactly is to be blocked, you'll see that it has a lot more in common with your certificate-pased proposal than the first amendment violation you inferred from the headline.
Carriers are being instructed to not deliver SMS purporting to originate from a phone number that carriers know is not capable of sending SMS. They're not being told to discriminate based on the content of the message or even based on the sender, except when the metadata about who sent the message has obviously been faked. Cryptographic signing is an obvious next step, but also unnecessary before even the most basic filtering of invalid spoofed data has been implemented.
I'm not well versed in telephony, but I've always wondered why after a century we still don't have something as simple as a three way handshake for calls/messages?
Uh, a text message is (famously) limited to 160 bytes. How are your going to sign this.
Instead, this proposal requires that carriers verify that the sender block "invalid, unallocated, or unused numbers." which is very much like ISP egress filtering.
Or forbidding IP spoofing a 1st amendment issue too?
> I really don't need nor want the government telling me who I can and can't receive a text from.
They aren't. They're simply saying that the sender of an SMS or phone call cannot hide their identity fraudulently.
Your argument is a bit like saying you're opposed to the government preventing people from creating fake IDs, fake Passports, fake License Plates, or fake Social Security Numbers.
I don't know why they focus on texts so much more than calls.
I get like 60 scam calls for every scam text. Scam texts are mildly inconvenient. Scam calls on the other hand are far worse. I get so many scam calls I don't pick up any phone numbers not on my contact list, and which causes me to miss several important phone calls a year.
Opposite for me. Few calls these days but constant sms. Also calls I just never answer whereas sms I need to go clear the app notification status so I can detect real sms.
Indeed barely no calls yet I have that iphone setting turned on that all unknown numbers go to voicemail (still am not seeing a lot of missed garbage calls though).
Lately all just getting those pointless Amazon scam b.s. texts that I hope the majority of the population know the drill.. .never open just delete.
The scammers I am afraid will start to really use AI ... hack/monitor legions of phones ...spoof your contact list and call you then actually spoof the voice of some of your contacts. For me then I would only use something like a Facebook messenger set up where I only add friends I know already and they pass a series of questions we only know between each other. It's going to get worse .. thinking ahead.
As I think your replies indicate, it's variable. I get pretty much only scam calls. But my SO gets lots of scam SMSs, even ones targeting my work, such as claiming to be from "my boss".
I get plenty of spam SMS, but they're not technically scams. (…unless I suppose if you jokingly consider the GOP a scam…) I wouldn't mind seeing those get cracked down on. (I'm not registered with them, and they continue to spam me about political issues in jurisdictions for which I've not been on the voter roles for over a decade.)
Also, spam SMSs trying to get me to sell my parent's home. (I don't think these are scams, per se, but from what I've read their offers aren't going to be good. Nonetheless, I'm not looking to evict my mother … out of a house I don't own?, of course.)
Finally, my hometown has apparently sold their soul … and somehow my cell phone information? … to a random private company. Instead of publishing WEAs like a normal jurisdiction, I get SMSes that have little to no context, like "take shelter from the storm" while it's completely sunny and the forcast is nothing but sun, and the radar is clear. (It took a while to figure out that they were warnings about a city a few thousand miles away, since, again … 0 context.)
> Recipients of a robocall have the ability to either pick up the phone or not. But on most devices, recipients of a robotext see at least some of an unwanted message immediately
> …unlike robocalls, scam text messages are hard to ignore or hang-up on and are nearly always read by the recipient – often immediately. In addition, robotexts can promote links to phishing websites or websites that can install malware on a consumer’s phone.
And per the article this particular regulation is already in effect for calls:
> The FCC already requires similar blocking of voice calls from these types of numbers.
FWIW I seem to have reduced them to a few a week by picking up the call and just not talking. If it's a legit number not in my contacts the caller will ask for me. If it's a scam call they just hang up after a moment and I think they're starting to put me on their own do not call lists. Any chance that might work for you?
Yes, as someone who has done volunteer telemarketing, we mark the call status. For example if you’re angry/rude, non-English speaking, disconnected, etc. Campaign managers can then target call sheets accordingly (e.g. for a Spanish-speaking line, have the Spanish team do a follow up call).
So many replies but few actually addressed steps the FCC indeed is taking. Eg; the implementation of STIR/SHAKEN: https://en.wikipedia.org/wiki/STIR/SHAKEN to prevent caller ID spoofing.
How does one get this many scam calls? Is this something that happens in the US but not in Europe? I've not been scam called once in the EU and only scam-texted once or twice.
Since your question gets asked almost verbatim every time this topic comes up on HN, I can help you with an answer. This happens both in the US and Europe. But some people, both in the US and Europe, get hardly any scam/spam calls. Other people, both in the US and Europe, get tons.
They don't. It's just that the solution to scam voice calls is a lot harder to implement--there's no point making rules to address voice calls because there is not yet the technical capability to follow any rules around that. The STIR/SHAKEN protocols which will address voice scam calls when they're fully deployed, but that's a fundamental change to the protocol, which takes time. Texts, on the other hand, can be text scanned independent of the number from which they originate, which allows for a lot of filtering.
It's a huge overstep. It's an infringement on free speech and could lead to a slippery slope of censorship. It's better to teach individuals to be vigilant and protect themselves from scams, rather than relying on phone companies or government regulations. And what about false positives?
There’s a defect in Verizon’s MMS systems, that allows spammers to spoof MMS messages onto the network with “xyzvzw.com” as the domain name in the MMS packet, no phone number at all, and then Verizon’s matching system only checks for substring “VZW.COM”, so the invalid messages get delivered (without a source phone number, showing up on your phone as a text from an email address). Since it’s processed as a system message, it’s guaranteed delivery, and their anti-spam system can only block phone numbers so it’s helpless too.
I tried reporting this and they were incapable of responding to or following up on the problem report, though they did helpfully detail the MMS packet defects to me. Maybe one of their engineers will read this someday.
I had my Wordpress site SMS me a copy of each new contact form just as a convenience for myself via Twilio. Twilios compliance requirements for using SMS has become such a regulatory mess that I deleted my Twilio account today. I am a reasonably bright person and I am unbelievably confused regarding what I am required to do to be in compliance.
I'll just use push notifications from here on out.
You're not wrong. It's horrible. Want to hear something even more funny?
Twilio is forcing Tollfree Number registation and their current timeline is 6 weeks to approve. Well a week or 2 ago they decided that they wanted more data than what was currently submitted. So everyone is currently being denied and having to resubmit their registrations.
10DLC / Local numbers is madness in and of itself too. Forcing businesses to pay quarterly fees so these poor ol' carriers can have more recurring rev.
Twilio is a dumpster fire. Trying to use it 100% legitimately, respecting "STOP"s, and bending over backwards to comply with every request they've made and they still randomly block us. So not only do they fail at keeping spammers off their service they are actively driving away paying legitimate customers.
I used to love them and they still might be good for a little personal projects (though your story says otherwise) but I would never pick them to use at scale. At one point they said they needed the /exact/ text of every message we were going to send ahead of time to approve before we sent it... Yeah that doesn't work when you send OTPs (yes, yes, I know, we have to have it as a fallback) or a user-specific/transaction-specific url. So pretty much they only thing you could send is generic marketing trash, cool...
Good luck with that. I hope it works, but I have come to have a grudging respect for the ingenuity of the scammers.
Lately, I have been getting a dozen or so "We've Locked Your Account" phishing texts per day. I will tend to get them in "bursts," where several come in, within a few minutes.
It would be ideal if phone calls and SMS were based solely on a whitelist system, where social norms dictate that legitimate communication occurs only after numbers have been exchanged. This would prevent unwanted contact from unknown numbers. Although many people already disregard such unsolicited calls or messages, having a systematic approach would make it much more effective and efficient.
Finally, law enforcement starts to enfoce the law and protect people. For some reason, the Internet (and adjacent services) is treated as a fraud free-for-all.
When there's a ransomware attack or data exfiltration, nobody says, 'where's the FBI?'. We just accept that the Internet is criminal and lawless. Maybe enforcement against crypto fraud was the first step.
How would that work exactly? How would the FBI protect infrastructure and which infrastructure?
Should it be at the ISP? Should the FBI give every business a black box and say "put this between the internet and your network, we'll monitor and defend against cyber criminals" but if the company did that they would be giving the FBI all of their inbound and outbound traffic.I guess you could use the _nothing to hide_ argument but that's ridiculous.
If we put the onus of security on the FBI/Government that just means a larger government and less rights. Take the PATRIOT Act for example.
There was a woman who would post up outside the Market St. Muni entrances with an unnaturally quiet baby and a sign saying she needed money for the baby. Same woman was there for multiple years, always with a baby around the same age.
67 comments
[ 0.21 ms ] story [ 168 ms ] threadBut hopefully these same rules will help block the political scam stuff. Fake announcements, wrong polling place/election time info, libelous stuff not sent by legitimate (registered) organizations, etc.
It’s something.
Hahaha no it doesn't.
Then change phone companies.
When I send a STOP message, I get a message from AT&T stating that the source number is now blocked from sending any more text messages to my phone.
I DO however want to receive notice when my item is out of stock or ready for in-store pickup if I chose that option.
I reply STOP and that always works for each individual campaign organization, but the problem is there are thousands of these orgs.
In the months before voting I'll sometimes get multiple a day. Ugh.
I get this but via email, and they typically say it'll take 2 weeks or more to stop sending me this unsolicited bulk email. This is despite unsubscription being instantaneous.
Just as an aside, since high political office is a fairly direct path to immense wealth, I think these unwanted mails should be explicitly considered unsolicited, bulk commercial email. This is the precise definition of spam and we should treat it as spam and not just think of it as such.
There's no such thing.
I wish they'd block the Hilton Hotel roboscam. I get calls from them 3 times a day, all from different phone numbers in the state.
What is it?
I've been getting these for over 5 years now. Sometimes they pretend to be Costco as well. Same voice and inflection, though.
A phone feature I'd love to have is to push a button and an AI chatbot takes over, with a goal to keep the scammer on the line as long as possible. Their whole business model would collapse.
Carriers are being instructed to not deliver SMS purporting to originate from a phone number that carriers know is not capable of sending SMS. They're not being told to discriminate based on the content of the message or even based on the sender, except when the metadata about who sent the message has obviously been faked. Cryptographic signing is an obvious next step, but also unnecessary before even the most basic filtering of invalid spoofed data has been implemented.
Instead, this proposal requires that carriers verify that the sender block "invalid, unallocated, or unused numbers." which is very much like ISP egress filtering.
Or forbidding IP spoofing a 1st amendment issue too?
Don't sign the message to the phone, sign the connection between carriers.
They aren't. They're simply saying that the sender of an SMS or phone call cannot hide their identity fraudulently.
Your argument is a bit like saying you're opposed to the government preventing people from creating fake IDs, fake Passports, fake License Plates, or fake Social Security Numbers.
I get like 60 scam calls for every scam text. Scam texts are mildly inconvenient. Scam calls on the other hand are far worse. I get so many scam calls I don't pick up any phone numbers not on my contact list, and which causes me to miss several important phone calls a year.
Lately all just getting those pointless Amazon scam b.s. texts that I hope the majority of the population know the drill.. .never open just delete.
The scammers I am afraid will start to really use AI ... hack/monitor legions of phones ...spoof your contact list and call you then actually spoof the voice of some of your contacts. For me then I would only use something like a Facebook messenger set up where I only add friends I know already and they pass a series of questions we only know between each other. It's going to get worse .. thinking ahead.
From my own anecdata, I've received about 50/50 texts/calls. I also do not pick up unknown numbers anymore.
My work doesn't use my personal phone# - I know this isn't possible for everyone but works for me.
Edit: I just did. Voicemail is an option too.
I get plenty of spam SMS, but they're not technically scams. (…unless I suppose if you jokingly consider the GOP a scam…) I wouldn't mind seeing those get cracked down on. (I'm not registered with them, and they continue to spam me about political issues in jurisdictions for which I've not been on the voter roles for over a decade.)
Also, spam SMSs trying to get me to sell my parent's home. (I don't think these are scams, per se, but from what I've read their offers aren't going to be good. Nonetheless, I'm not looking to evict my mother … out of a house I don't own?, of course.)
Finally, my hometown has apparently sold their soul … and somehow my cell phone information? … to a random private company. Instead of publishing WEAs like a normal jurisdiction, I get SMSes that have little to no context, like "take shelter from the storm" while it's completely sunny and the forcast is nothing but sun, and the radar is clear. (It took a while to figure out that they were warnings about a city a few thousand miles away, since, again … 0 context.)
> Recipients of a robocall have the ability to either pick up the phone or not. But on most devices, recipients of a robotext see at least some of an unwanted message immediately
> …unlike robocalls, scam text messages are hard to ignore or hang-up on and are nearly always read by the recipient – often immediately. In addition, robotexts can promote links to phishing websites or websites that can install malware on a consumer’s phone.
And per the article this particular regulation is already in effect for calls:
> The FCC already requires similar blocking of voice calls from these types of numbers.
In other words, it won't change anything. I still get just as many scam voice calls as I ever have.
BUT...
My carrier still has an email-to-SMS gateway (like people used to use in the late 90's), and that's how spam gets through.
I tried reporting this and they were incapable of responding to or following up on the problem report, though they did helpfully detail the MMS packet defects to me. Maybe one of their engineers will read this someday.
I'll just use push notifications from here on out.
Twilio is forcing Tollfree Number registation and their current timeline is 6 weeks to approve. Well a week or 2 ago they decided that they wanted more data than what was currently submitted. So everyone is currently being denied and having to resubmit their registrations.
10DLC / Local numbers is madness in and of itself too. Forcing businesses to pay quarterly fees so these poor ol' carriers can have more recurring rev.
I used to love them and they still might be good for a little personal projects (though your story says otherwise) but I would never pick them to use at scale. At one point they said they needed the /exact/ text of every message we were going to send ahead of time to approve before we sent it... Yeah that doesn't work when you send OTPs (yes, yes, I know, we have to have it as a fallback) or a user-specific/transaction-specific url. So pretty much they only thing you could send is generic marketing trash, cool...
Lately, I have been getting a dozen or so "We've Locked Your Account" phishing texts per day. I will tend to get them in "bursts," where several come in, within a few minutes.
When there's a ransomware attack or data exfiltration, nobody says, 'where's the FBI?'. We just accept that the Internet is criminal and lawless. Maybe enforcement against crypto fraud was the first step.
Should it be at the ISP? Should the FBI give every business a black box and say "put this between the internet and your network, we'll monitor and defend against cyber criminals" but if the company did that they would be giving the FBI all of their inbound and outbound traffic.I guess you could use the _nothing to hide_ argument but that's ridiculous.
If we put the onus of security on the FBI/Government that just means a larger government and less rights. Take the PATRIOT Act for example.