I received one spam call in the last 10 years, and the guy exused himself when I told him what he is doing is illegal.
This feels a bit like “weapon laws won’t solve anything” and “social healthcare can’t ever work”. So either Europe is living in an weird strand of alternate reality, or maybe some problems _are_ solvable if you really want to.
If a call originates from an untrusted network, you remove the number or indicate that it is user-provided and probably fake. It would help if phones would properly display the difference (P-Asserted-Id present or not).
I think that explains why it is much harder to do robocalls in some parts of europe at least.
Now that I think of it, it mostly stopped. Could it be GDPR?
Worse, Gmail’s spam filter generates tons of false positives, and these are often the messages I want most: password resets, legit balance alerts from my bank.
Your article advocates a (X) technical solution to robocalling.
Your idea will not work. Here is why it won't work.
(X) Requires too much cooperation from telephone service providers
Specifically, your plan fails to account for
(X) Extreme profitability of robocalling
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
2) Robocalling is probably not net profitable for the carriers. Much of it originates from abroad and much of it is associated with other kinds of fraud. Never mind the secondary impacts due to users deciding not to get phone lines if they are just going to receive spam.
That list is kinda defeatist and misses the fact that no solution needs to work 100% of the time
Only if you use one of the big email providers or if you pay to route it via some antispam system. If you don't and play around with e.g. Postfix and spamassassin then you'll notice more than enough spam.
>According to Sec. 7 (2) UWG; telephone calls to consumers for sales purposes are illegal if the calling company is not in possession of an explicit and effective declaration of consent by the consumer. If the call is made to another business, it is sufficient to prove presumptive consent.
Sometimes I have the feeling that people in the US just accept a lot of what happens in their nation as unchangeable in a quite fatalistic way. Problems that are literally solved in nearly every other nation are frequently painted as unsolvable. Does this have to do with the role of the state?
It's really not. Not for the operator / law enforcement anyway. 1. Ask operator where that call came from. 2. If it's another operator, go back to 1. 3. You got the end user.
They already have to have accounting/audit for billing purposes anyway.
No, the problem is who is responsible for paying the fines. If the terminating carrier were responsible for paying robocall fines, this problem would be solved overnight.
But for some reason, the American people can't stomach this solution because we have a obsession with perfection in justice. The counter argument is, "The carrier isn't the one who is making the robocalls!" My POV is, that doesn't matter.
Unless carriers are obliged to participate in creating a network that supports compliance, law enforcement will always hit a brick wall when attempting to enforce existing laws. Carriers have been given _years_ to solve this problem, and in 2019 we're pitched STIR/SHAKEN... Seriously?
Make the problem more expensive than complacency and it will get solved.
Carriers don't want to fix the issue because they make money on it. More calls increases revenue. They also started selling services to block the robocalls like ATT Call Protect.
- My personal phone number is in a remote area code, of a sparsely populated state, from where I don't know anybody.
- Any phone calls that come from this area code are blocked (well, actually, they have a silent ring tone.)
This gets rid of about 90% of the spam/robocalls because these days, 90% of them spoof a local areacode/exchange.
Of course, if everyone did this, they'd stop doing it. But it works for now and makes my personal cell phone useful. I did have to do some finagling to get my carrier (T-Mobile) to give me a phone with an area-code of a different state.
I don't have a lot of faith that STIR/SHAKEN will help in any real way. They'll just have to rent numbers from people who don't care about the law, and/or registered with bogus information so it won't be worth anyone's while to find them.
I don't use social media like Facebook or Twitter, but most likely an app on my phone or others' phones sold my contact info. I try to avoid installing third-party apps. Since I began using smart phones, I could count the number on two hands. But it only takes one bad app, and there are plenty out there.
I don't doubt telco call logs are available on the black market, but apps are the simplest and most likely vector.
I'm rather skeptical of going after Google and other big tech companies for anti-trust violations. The web is a big place. But it's much easier to distinguish Google's control of Android and the Android app market, both from a technical and legal perspective. And Google has deliberately made it difficult to limit app data access. I remember the brief period where Android by default provided a prompt of requested permissions and the ability to uncheck them before installing. They removed it because few people made use of it, few apps worked correctly without all their requested permissions, and most importantly Google was no longer worried about privacy concerns hindering Android adoption. But with the current attention being given to data privacy I believe the public is finally prepared to make effective use of such a capability. But now Google has even less incentive to provide such a simple and transparent opt-out prompt, so fat chance they'll bring it back without being legally forced. Tripe fat chance they'll make any of those permissions opt-in.
I got a spam call the other day FROM MY OWN NUMBER. How's that for subtlety?
I was very confused when I saw my phone ringing - I'm sure that was the spammer's intent though.
Mostly this is for VOIP. Telcos with TDM or CDMA transmission have serious backwards compatibility problems. Ones who peer only with SS7 have problems but those can probably be overcome.
One big problem is that there are off-brand telcos who specialize in services for call centers. "The Dialer Hardware is being hosted in our premises at Los Angeles - USA, where we have our own switch and termination facility with over 100 Carriers. We also have a redundant switch in New York connected to LA through a fat Fibre pipe."[1] Do those guys get to sign calls? Or what?
[1] http://www.callcentersindia.com/showall-orig.php?value1=1126...
That's not a counter-argument, it's a cop out. SSL negotiation uses more bandwidth than a vanilla HTTP GET request too, but sometimes a secure channel is more important than preserving bandwidth.
> Telcos with TDM or CDMA transmission have serious backwards compatibility problems.
More cop outs. In order to resolve problems, you have to make changes. You can't show up to the solutions meeting and proclaim that a problem can't be solved because "the old system doesn't work that way." Sometimes you must abandon the legacy systems to solve new problems.
Do those guys get to sign calls? Or what?
So the call signing doesn't have to be "a body that will block all robocalls and scams" it only has to be "a body that can be sued and fined". You rotate certificates weekly and issue a certificate to any company willing to make a deposit of $X against possible fines. Then adjust $X until robocalls and scam calls with fake caller IDs stop happening.
Of course, even if that stopped robocalls/scam calls with faked caller ID, profitable scams and robocalls would be able to use burner cell phones. So it's not a perfect solution by any means.
Surely the telco can trace who made the call?
I kinda wonder about that. Both the "semi legit" and "full on spam" calls I get just aren't credible. It's hard to imagine anyone falling for it. Or, I'll press "1" to hear their BS pitch, and go on hold forever.
It's so cheap to do, that I suspect there's an endless queue of people trying to make money, but failing. But "failing" costs them almost nothing.
So, maybe raising the cost of doing it will kill off the amateurs.
By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.
https://www.microsoft.com/en-us/research/publication/why-do-...
Any voip phone, and of course smart phone, can be easily set up for client side certificates.
Landlines and anything else that can be accessed via SS7 methods are already secure in terms of identity.
And that's it. Client side certs and you are done...
You might not need to have SRTP in the middle of a big telecom network, like one that handles millions of calls per day, just at the edges where you interconnect with others.
The Governance Authority will define policies on how certificates are to be issued.
Any old certificate from a web CA won't be accepted by the system.
It doesn't really matter, because mostly bad guys don't see the CA as the weak point, if anything what is remarkable about the Web PKI is that we did a good enough job elsewhere that actual bad guys sometimes try to attack the Web PKI. Not often, but it happens at all.
It's like finding out you did a good enough job securing your home that an actual burglar picked your front door lock! Yes, the burglar still got in because of course no door look is effective against somebody who knows what they're doing and has plenty of time to try - but still, apparently you actually did a good enough job that they weren't able to just climb in through a side window or force open a patio door. Go you.
If STIR/SHAKEN turns out to have the CA function as its weak point then everybody involved should clap themselves on the back for an extraordinarily good job.
1. Most calls I receive from numbers not in my contact list are spam. They also usually just call once, whereas if it’s a legit call that I was expecting, but neglected to pick up, they’ll call again within a few minutes. 2. I’ll get robocalls from one area code at a time. I remember getting calls from 772 one week, 727 the next, 643 a few days later, etc.
Obviously it won’t crush spam entirely, but I can imagine that fixing even just these two things would filter out a boatload if spam from reaching consumers.
Oh, and calls from “Scam Likely” should never reach my phone to begin with.
The rolling area codes you observed are already an anti-banlist mechanism.
Maybe a loose superposition of short half-life rules would work, like it works for email spam.
I wouldn't be entirely surprised if the carriers themselves were acting as the root CA for their given calls. There's no reason to tie it to the CAs on the Internet.