"At the telelphony-infrastructure level, it’s a supremely difficult problem that lacks a short-term fix because the underlying protocol is hopelessly insecure."
This is only partly true. Technologically the solution is difficult, but it's easy from the social side as carriers can blacklist the smaller carriers that allow this fraud to take place.
The real problem is that everyone except the consumer benefits from this. Every phone company in the chain from the scammer to you takes a penny out of the scammer's profits.
At this point these scam phone calls may be nearing the majority of the phone calls placed in the USA, so it's going to be a huge financial disruption to the carriers when they have to give up their game.
The FCC has recently "demanded" US telecoms to implement this [0], but at this point I don't believe there is actually a regulatory requirement to do so.
I prefer an economic solution. Currently, you can sue a robocaller under the TCPA, but good luck collecting. Make each carrier liable for judgments against robocallers routed through their network. So, if I sue John Doe for robocalling me and I can’t collect, and I’m a Verizon customer, the make Verizon liable for those damages. This should come with some limits, but they should be large (say 10% of nationwide annual revenue, and there could plausibly be a limit per carrier that routes to Verizon). This liability should be unaffected by any terms in Verizon’s contracts with its customers (e.g. arbitration clauses), and telcos should not be able to penalize their customers in any way for collecting.
I bet that a law like this would get the problem fixed fast.
So by 'economic solution', you mean requiring litigation in the courts at tremendous cost to all parties (including the taxpayer) to create an outcome that could easily be enforced proactively by the FCC?
How is adding a burden to the courts with suits you know will be unfruitful than a simple regulatory requirement that carriers must do what is clearly the righ thing to do?
I am far from convinced that the FCC is capable of picking a technological solution by fiat that will actually solve the problem, especially since, like almost all crypto, it will surely be easy for the telcos to be lazy and mess up the implementation in a way that robocalls get through.
Instead, I think the regulation should focus on the outcome: if a telco allows an illegal call through and cannot trace it back to a responsible party who can pay the fine, then the telco messed up and should pay for it. Then they’ll have a financial incentive to solve the problem in a way that works.
i bet that instead, you'd just get a new contract in which verizon decided that it was only free to talk to other verizon numbers, and would require you to pay extra to call outside the network. Then, they'd ask you to provide a birth certificate, SSN, CC number, and pay via direct deposit to have an account. if you want to penalize rob dialers, don't penalize companies that are not robodialing, or push the burden of law enforcement on them.
Huh? Those robocalls are not originated on Verizon cellphones. A contract like that would do nothing to reduce Verizon’s liability, but it would certainly help drive customers elsewhere.
How about people in your contact list get to call and text you for free and everyone else has to pay 10 cents? Telecoms definitely have the tech to do such billing. They could even take a cut. 9 cents for me and 1 cent for the telecom. This would solve almost all spam immediately and would be a long term solution.
This is my favorite solution. Time is money, if a caller is willing to pay me for it, I'd be ok with it. Make spam directly uneconomical, and spin the customer/vendor/3rd-party dynamic back to where it's supposed to be.
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(x) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Telephone spam was very rare when long distance calls cost $1 a minute. No reason that could not be enforced as an option by the phone owner. It is really too bad that phone communication is being wrecked by spam like email was/is, so much so that you think the email analogy to phone calls is a valid/witty one.
Until there is a regulation requiring stir & shaken to be implemented, you won't be able to trust your caller ID. Most of the telecom industry is stuck on legacy tech stacks that they actively resist upgrading, thus why calls are slung bareback over the web with no encryption on the metadata or the audio stream for nearly all providers.
The phone companies don’t benefit, because they are nearing a situation where people stop communicating with phone numbers. Probably there is nothing that can reverse that at this point, the telephone has fewer features and is less secure than alternatives.
There are so many simple solutions to this it's not even a challenge. Here's some simple ones:
1. If you want to make more than ~5k calls per month from a number, you must deposit $50,000 for every 10k calls you wish to make. If your number gets reported more than some cutoff number of times, you forfeit this bond money.
2. Call throttling. As a certain number (or customer) makes more calls, the interval between calls is increase. Let's say something like after 5k calls per month you must wait 5 seconds between calls, with the interval increasing.
Full disclosure, I worked at a telco for 4 years, but didn't do a lot with basic telephony.
The problem with both those suggestions is that it's trivial to fake the "from" phone number, as evidenced by the number of spam calls that share my area code and exchange numbers.
(Last time I setup asterisk with a T1, this was also trivial, but that was like a decade and a half back. I couldn't tell you how to fake your number today.. it's just clear that it's easy for the scammers to do.)
The first problem we need to solve is to make it hard to fake your number.
It's easy to fake the "caller-ID" field, but this doesn't fake the ANI: If it did, you could call 1-900 numbers and bill the White House.
You're right about there being a lot of little legacy problems though; The issue I see is that the carriers aren't on the hook for it: They've made it so cheap to call someone these scammers simply need to find people whose time is worth less than mine.
I dont have "a number", Im a VoIP provider with thousands of clients, pinky promise!
"your number" doesnt exist, my clients port their existing numbers thru my system, so I just let them pass those for convenience, all automated!
Are you saying my customer doesnt own the same area and prefix number as you, receiver of a spam call from India? Bad bad customer, must've been a glitch/fraud, I promise to take care of it.
I agree there’s a lot the carriers could be accomplishing in flagging “inauthentic” behavior of network participants, the root cause of SS7’s lack of authentication and encryption will remain and the problem will fester. Yes, carriers are definitely on the hook for making things better too.
That said, the decisions in Apple's client side software are atrocious for the considerations of 2019.
Aside: No idea why my post went from #1 on HN to the third page in under 30 minutes, I thought we were having a fruitful discussion here
I used to work in the mobile space for 7 years and i'm still amazed nobody has proposed and monetized a solution to SS7 being unfit for purpose. The reason it's not happened is nobody wants to spend money on even talking about the fix, never mind implementing it.
The sheer number of scammers and nation state actors that have taken advantage of this is mind-blowing, but we still use SMS as a 2FA.
If we have telephony providers responsible for these breaches the problem will disappear in 6 months.
Thanks for posting! If I had to guess, the post dropped down because it tripped the flame war sensor, which I understand to be based on a ratio of comments/upvotes. When this happens inadvertently (not a true flame war), you can email the mods (hn@ycombinator.com) and ask them to look into it. They're very responsive!
I’d be happy to have a SPF like framework for calls.
The phone number blocks are allocated to companies, and it should be trivial to ensure the incoming call comes from the legitimate holder of the block.
Add an authorized user api so you can still use your number in outgoing calls with Skype etc.
After number faking is fixed, I can safely ignore all calls from foreign countries and weird area codes.
I thought about a similar system but based on cryptography.
The telecoms regulators for each country would act as a CA and have their root key capable of signing anything for that particular country code, and phones would have all of them in their trust store (it could be all managed by the GSMA or something).
They would in turn issue certificates to any telecoms company that has number ranges allocated - those certs allow signing of calls for any of the number ranges the cert is for, as well as signing further certs. The telecoms company will in turn issue certificates for their customers for their assigned number only. It could be placed on the SIM card or distributed by email (perfect security isn’t needed here - “good enough” is all that’s required).
When a phone places a call it signs it with its certificate and the current date & time (to avoid replay attacks), and any equipment in the call path can verify the chain of trust all the way back to a trusted CA before relaying the call.
As the user still holds the end certificate, legitimate caller ID spoofing is still possible by them, but not anyone else.
> I can safely ignore all calls from foreign countries and weird area codes
Most of the real phone calls I get (my insurance company, my phone company ) that aren't from know contacts are from weird area codes. I like the authorised user idea though, especially if legit companies adhere to it.
I've gotten them from the same area code and exchange as my mobile. It all depends on whether they can get a number they can use that will look reasonable to sufficient numbers of people to get them to pick up.
>at this point these scam phone calls may be nearing the majority of the phone calls placed in the USA, so it's going to be a huge financial disruption to the carriers when they have to give up their game.
That's a shortsighted perspective. phone numbers will only survive if they solve the spam problem.
Many people don't pick up from unknown numbers anymore. It's just a matter of time before legitimate people stop trying to call as no one responds anyway.
>This is only partly true. Technologically the solution is difficult, but it's easy from the social side as carriers can blacklist the smaller carriers that allow this fraud to take place.
So, the MAPS RBL (and most of the following dns-based blacklists) did this for spam; and it helped a lot - I mean, I think it's the primary reason that ISPs don't actively serve spammers (spammers as defined by the RBL)
On the other hand, it didn't solve the problem; if your mailbox isn't behind serious spamfilters, an address that has been on the internet for any period of time still gets hundreds of spam mails a day.
Not sure. But they provide a service called Caller ID that purports to identity callers but can be trivially spoofed by people scamming their customers. Moreover, caller ID used to actually work (IE couldn't be trivially spoofed), so customers might have a reasonable expectation that it still does work. It's the telco's responsibility to present accurate caller information to customers.
Caller ID could always be trivially spoofed. It's just that most scammers didn't previously bother to do it. Telcos currently have no legal responsibility to present accurate caller information to customers. That would require a new law.
AFAIK, it's still the case that I can't block everything but numbers in my contacts, right? That's all I'm asking, and it can't be that hard. Add that simple feature that should have been there ten years ago and the problem is solved for me.
Yes, this, exactly. It's mind-boggling you can't do this. (You can kind of, sort of approximate it w/ do-not-disturb mode, but turns off other notifications too, unfortunately. It needs to just be a separate option. I have zero interest in picking up calls from non-contacts in real-time.)
There are Android apps that block calls from non-contact numbers. Including open-source apps on GitHub. Maybe there are such apps for iOS also? It baffles me that this functionality isn't built-in.
edit: Nevermind I can block non-contact calls in Do Not Disturb mode in the LG phone I'm using: https://i.imgur.com/ZcRSXlK.png Maybe iOS DnD has this too?
I've seen that, but doesn't it take SMS/iMessages with it? IOW, I won't be notified of messages no matter who sends it? Regardless, it's just phone calls I want to block, I don't get enough spam SMS to care about who is sending it.
I guess I'm going to have to fiddle around with when the wife gets home and gather some empirical evidence.
> I've seen that, but doesn't it take SMS/iMessages with it?
Indeed it does, which makes it a non-solution for me. I apparently have the same desire you do - an option for voice calls to go direct to voicemail unless they are in my favorites list, without having to use the more general Do Not Disturb mode.
This is only partially true on iOS. It doesn't take into account when you're using the phone, then it just lets everything through. Which is SUPPERRRRR annoying.
Unfortunately, they can just call you from one of your contacts... it's not like a zillion apps haven't already grabbed that information (from one source or another). Alternately, your name (reverse lookup) and your parents names and phone numbers are easily found.
> I can't block everything but numbers in my contacts, right?
I use an app called Should I Answer? which has that feature. It also uses a crowd-sourced database to know what numbers to block, if you want that instead.
Buy a silent ringtone and set it as your default. Then assign a ringtone to the contacts you want to come through. Now all calls are silent except those you specify.
Apple won't do this because they don't want to field a million support requests from angry users about missing calls when they turn this on and forget about it.
Fwiw, Android actually does do this. When the phone is unlocked, calls show up as a banner. In addition, they added that new call screening option, I've been using it and so far it has worked fairly well. Also, there is some built-in call filtering and third party apps as well, though I have mostly been able to rely on the built-in filtering.
Does iOS really not have any options for filtering? I swear last time I had an iPhone (running iOS9) there was Something... but then again, I was jailbroken.
It's a bit funny that we got full web browsers on phones before proper call filtering.
(Disclaimer: I work for Google but not on phones.)
Excellent, I'll add this to the article. No idea why my post went from #1 on HN to the third page in under 30 minutes, I thought we were having a fruitful discussion here
Not sure if this has been mentioned but Android's DnD mode allows granular settings including blocking non-contact calls: https://i.imgur.com/ZcRSXlK.png
I actually would like a regulatory solution for this.
Mandate a way for me to say whether incoming calls were spam. Require my phone company to pay me money every time I get spammed. Allow my phone company to, at their option, proactively block calls from specific upstreams and/or pass the charge to the specific upstreams.
Now from those incentives, the fines will naturally follow the upstreams to the source of the spam, and provide motivation for them to clean their acts up. Voila! (And if telephone companies decide that they need a more secure protocol to make spamming harder, that's up to them.)
Sounds like a 100x better solution than the US where I literally receive spam multiple times per day as phone calls. Why don't you go innovate on something useful?
There's as much need for a "measured approach" for unsolicited marketing calls as there is for fighting polio. That is, both need to be eradicated from the face of the Earth.
It doesn't work, and i'm in the UK too. Bad actors simply ditch their LTD Co when they eventually get a small fine and some use it as a whitelist of active numbers to use. IIRC there was an idea about making directors of companies who flout this personally responsible, I wonder if this happened?
The USA has a similar solution. See https://www.donotcall.gov/ for details. Until fairly recently, it also worked pretty well. And still does for legitimate companies doing phone solicitation. (Excepting political parties, because they are exempt from the law.)
However spoofers who know that they won't be tracked back to the source don't care about do not call lists.
It doesn’t work. Only honest callers would follow this. In addition, looking up a number in there is paid which is less than ideal. The service itself is already an inconvenience to its “target market” (aka telemarketers or robocallers) so at least you should make it as easy as possible to use it.
I actually worked on a lawful telemarketing operation a few years back (don’t ask - desperate times called for desperate measures) and paying for TPS lookups was both a surprise and a huge problem.
The only reason it seems like it works is because the US is a much juicier market for the scammers so most don’t bother with the UK, but I still see people occasionally getting tech support scams or similar so clearly there’s nothing actually preventing them from spamming the UK - for now it’s just that the US is a bigger fish.
> I actually would like a regulatory solution for this.
That's actually the only way to go. Adding support for apps to screen your calls, block unknown number or some other feature that requires an action from the user only benefits those who understand the technology and know that it's available. It leaves those most susceptible to fraudulent calls as the only target for scammers.
People often forget that those with limited technological understanding, such as the elderly, may need society to step in an actually solve the problems, rather than plastering over them with even more tech.
This really is the only way to root out the problem. The carrier networks have to hold the upstream VOIP providers accountable, so the VOIP providers hold their customers who create random spoofed phone numbers accountable.
Here in Germany - and I believe most of Europe - these calls are illegal and that works perfectly. I have never gotten a robocall on my life and am still free to phone around as much as I want.
(Not sure how exactly they are regulated. If they're illegal by themselves or if it's a side-effect from the ban on signing contracts via phone)
This is a really good idea in theory but my understanding is that a lot of these calls come in from spoofed numbers. So if you're the unlucky person whose number the spammers choose to spoof that day you're already in for a giant headache - getting your phone number blocked would add insult to injury.
The point is to target the spoofing process directly. The incentives should cause VoIP solutions that generate spoofed calls to get kicked out of the phone system.
Yes, this would cause false positives. However it is my belief that the general harm from false positives would be less than from current negatives, and that, given incentives, the phone companies should be able to figure it out.
I would love to be able to block all numbers coming from my area code and the first 3 digits of my number.. all my robo calls come from a number that looks just like mine.
There is an app on the Apple App Store called Exchange Blocker, it automatically blocks all calls from your area code and first 3 digits. I use it, and it works great so far
Or send to Google Assistant screening. It's the best feature ever but they need to open it up to rules for automation (i.e. all unknown numbers from XXX area code).
They need to make the audio available to the user. Their text to speech engine never maages to get a decent transcript figured out. That or people are just yelling gibberish into the phone when I screen them. Until I can review the call audio I'll never know.
That would be a problem for me as plenty of people I know have the same first six digits as they were allocated to Verizon Wireless about 20 years ago.
I just switched to Hiya from Nomorobo and the premium version allows for this, referred to as the "neighbor scam". It's worked really well, between my number and Gvoice I was getting 50 of these calls a week.
I'd used Nomorobo since inception but found more calls getting through, mostly neighbor scams. Went looking for a new call blocker and they are all similar. Hiya had built in support for neighbor scam which was a huge percentage of my inbound spam. It's worked as well as Nomorobo plus it blocks neighbor spam, so I'm ahead at the moment.
I use an app called WideProtect. It's not free, but it's also not a subscription. It lets you do exactly what you describe.
As a side note, CallKit on iOS doesn't support wildcard blocking, so WideProtect literally adds all the possible numbers within your specified range to the blocking database. This doesn't impact performance as far as I can tell (maybe calls ring another 100ms after they would normally), but there seems to be a delay of a few minutes after installing for it to show up as a block extension under Settings.
Hear hear. An interesting corner case is when the call is from your exact number.
I wonder if the keepers of the POTS (plain old telephone system) can start putting in safeguards to curtail the ability to fake your source phone number. I get that there are myriad instances where this is above board and even necessary, but nobody's proposing any changes.
> "Under the SHAKEN/STIR framework, calls traveling through interconnected phone networks would be 'signed' as legitimate by originating carriers and validated by other carriers before reaching consumers," Pai's press release explained. "The framework digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is from the person supposedly making it."
I use an app called Should I Answer? It uses crowd sourcing to collect robocalling numbers. My phone doesn't even ring for most of the robocalls now, and the ones it misses, I can add to their database so others won't get them.
Depends on the carrier. Proper equipment should be like “WTF? This is obviously spoofed” and reject the call but then again the entire telco industry is fucked up.
back in the 2000s, you used to be able to get into most peoples' voicemail by calling someone's phone with it's spoofed number. Lots of people didn't use voicemail passwords.
"I would love to be able to block all numbers coming from my area code and the first 3 digits of my number."
Very easy with Twilio. As I mentioned elsewhere in this HN thread, I ported my number to Twilio about 18mos ago and use-cases like this are quick and easy to implement.
In fact, I have noticed the same behavior (spam calls coming from the same NPA+prefix as my number) and I might just implement that this evening ...
That's a nice heuristic for some folks but it's a big failure on rural phone numbers. My neighbors and half the businesses I interact with all have numbers in the same prefix as my land line. For cellular numbers, you're basically talking about blocking 1000 random other cell phones in your city.
More recent robocalls that I've been getting have had the same area code and a slightly different prefix. More difficult to ignore. I assume it's just as easy to fake these numbers as others.
There are apps that do exactly that, e.g. NumberShield for iOS. Blocking calls from numbers with the same first six digit as mine has substantially reduced the amount of robocalls I receive.
The most common scam call I’ve been getting for the last month is my mobile number on the caller ID, saying they are my carrier and that my account has been locked.
We have the same system in the US (the Do Not Call registry) but it’s ineffective because Caller ID can easily be spoofed and these organizations are out of US jurisdiction. Seems more of a technical limitation than a policy one.
You’re just lucky. I was too. Then my number got on some spam list and now I’m receiving a few calls a month (which is still something many Americans would consider great, I’m sure) - from random locations all over Europe. The spammer is effectively unreachable by local regulations.
The downside of this is that it won't prevent companies from collecting your data; it just prevents them from calling you.
I've always found registering in a database to object to database registrations that I didn't consent to a rather curious concept. If they call me, then at least I know who's brokering my data? I resisted signing up for the no-call register for a long time.
For example, this is how I know that TNT/PostNL has sold my data to the post code lottery after I used their post forwarding service (you pay for the service, but they will still sell your data; at least, they did back in ~2011).
I once had an extended fight with a charity (hartstichting) where they gave me all sorts of abuse after I insisted they tell me where they got my phone number from. They were offended that I could possibly object to a charity collecting my personal data from mysterious sources (I never found out where they got it from, I gave up pursuing after a while).
Eventually I caved it as I grew exasperated and signed up. Now I live abroad and miss stuff like this :-( I got far too many calls when I lived in the UK (including one at 9am on Sunday; I was not especially kind to this person), and in New Zealand they will cram my post box so full of junk mail in just 2-3 days that I can no longer receive any mail :-(
Just caller ID, and even then it seems like it’s between service providers only - you have to trust your carrier to validate signatures and reject bad/missing ones.
FTA:
After the E wie Einfach GmbH had found agencies for the advertising measures, obviously no more control took place. Therefore the E.ON daughter is occupied now with a fine of 140.000 euro. Because as a client of the call actions it must guarantee the adherence to the legal principles. This includes above all that in each individual case an explicit consent of the consumers is present. The client is responsible for this, even if the telephone calls are carried out by subcontractors. However, the decision of the Federal Network Agency is not yet legally binding: the electricity supplier can appeal the fine in court.
I have no idea what a robocall is but I would LOVE a simple notification banner for when someone calls. I rarely get calls these days but when I do, it’s a major annoyance if I’m doing something on my phone. It’s time calls are relegated to the same level of urgency as WhatsApp messages and emails.
I know what you mean but it wasn't funny when I was recording my kid at his first birthday party and got interrupted by a robocall just seconds before he cut the cake. From that day, I've learned to put the phone on DND mode before recording anything memorable.
What I don’t understand is why Apple isn’t fixing this.
It’s simple - it’s broken UI, Android has done it, people want it, it doesn’t help in any way, so why keep it? I mean why? Hell, if you really want to keep it, give an option to disable it.
Add this to the list of reasons why advertising is a cancer on society. Without robocalls and telemarketers, calls wouldn't be an annoyance.
(Though I agree that they should be relegated to the level of notifications now. Smartphones are computers. Imagine if Skype call would lock you out of whatever you're doing on your desktop.)
I like in the UK and get maybe 5 robocalls a year. I'm not at all cautious about giving out my phone number and I've had the same number for at least 10 years.
Why is this such a problem in America but not elsewhere?
I'm not an expert, but I would guess that regulation around these kinds of `nuisance` calls is tighter outside the U.S. We (in the U.S.) have a National Do Not Call Registry[0] but I don't know how strong the enforcement of violations is. With scammers, I think much of the problem is that they're using VoIP and other technologies that make it difficult to pin down exactly who is making the calls, and from where.
I think there is less intelligence in the system than that. I get a lot of robocalls in Spanish, a language I do not know. (and other than living in California, there's not a lot about me that would suggest I know Spanish?) I mean, it is a small portion of my robocalls, but it's still several a week, when I answer unknown numbers.
But, I get a lot of robocalls; 3 calls a day is light. So clearly, some people get more calls than others, I'm just saying, I don't think the filtering criteria is particularly smart.
that's sort of what I was getting at? I mean, I think that we have the same problem we have with spam; it's so cheap to send it that it doesn't really matter that only a tiny fraction of those who receive the spam might actually be credible targets; but it's so cheap that it doesn't really matter.
It's not. Robocalls are one of those things that really upsets a small subset of people either because they are overly sensitive to robocalls or that they are a member of that unlucky subset that does receive a very high amount. Like most things in the social media era, the grievances of a very vocal minority appear to be a larger group than they actually are.
For example, the title of the article tells us that robocalls are "killing us".
> Robocalls are one of those things that really upsets a small subset of people either because they are overly sensitive to robocalls or that they are a member of that unlucky subset that does receive a very high amount.
Between my cell and landline, I get 5 to 10 "robocalls" a day. Recently I started getting them in the wee hours of the morning. They outnumber legitimate calls about 30:1. Very many show up with a Caller ID with a spoofed local area-code and prefix.
Still doesn't solve the core problem here. The whole screen being taken over. It's super annoying when on a google meet call or similar to have the call essentially cut you off.
That got me thinking. I haven't seen that message in a while, but I've moved from regular android to AOSP. I wonder if that scam likely CID needs some google play support ?
google play has plenty of apps that keep track of robocalls via third party solutions. truecaller is an app i used when i was in india getting inundated by robocalls.
Because my phone number is not from where I actually live and most of these robocallers fake a number from your local exchange, seeing a number that looks like mine pop up basically tells me right away it’s a robocall since nobody calls me from that exchange. Whole thing is still incredibly annoying though and problem is getting worse.
I never get robocalls in Europe - what's different here? Why does USA have this huge problem with spam calls and most of Europe doesn't? Is spam blocking on OS level really the right approach to fix this problem?
> Why does USA have this huge problem with spam calls and most of Europe doesn't?
Presumably because (1) it's much easier to find English speakers in countries where most robocalls actually originate, and (2) the same model can scale to 320M recipients with very little marginal effort.
That was the point of the parent poster. Why bother with german and other much less common languages when you could just target a de facto global language that both your victims as well as those responsible for those scams know?
As an Android user, I'm kind of shocked that the iPhone doesn't do this, and I'll say that the banner UI is decently better. Though I'm not going to lie, I still think we can do better, and I wouldn't doubt that Apple would just opt for the next generation UI instead of following Android's suit.
Sometimes I wonder what subtle differences there are between the two ecosystems, as I've never really gotten into Apple products before, with the exception of a few earlier iPods. Does anyone have confirmed differences that the other side might not understand?
We have this do not call list. Once added, calls, texts, etc, drop to like nothing. Infact I cannot remember the last time I had a call... I get the occasional text message but it's mostly shops telling me to use my store points before a certain date. A reminder.
Or NZ. I think I maybe get a spam call maybe once a year, or less. I haven't changed my phone number for the last 16 years, so I'm sure I'm on all the lists I could be on at this point. Why is this a problem in the US and not elsewhere?
Also the US is a much larger target, it's 300 million people that are almost guaranteed to speak English. Targeting countries like Denmark, The Netherlands or other countries where you'd basically need hire native speaker it's financially viable (That's not to say that the problem doesn't exist in these countries, just at a much smaller scale).
Sounds like the problem is to do with not honoring the do not call list and no punishment for those who don't honor it. Here companies are fined if they call people who are on the list.
My solution to robocalls is to answer them and then be totally silent. After a few seconds, they disconnect.
The number of robocalls I receive has plummeted since I started doing this. I receive hardly any these days. My theory is that due to silent answers, the autodialers eventually mark the number as bad, or as a machine-answered number. I have no proof of this, though.
I've always done something similar, it's been supported on every cell phone I've owned (flip-phones and Android phones): Instead of answering or declining, tap the volume key. That mutes the ringer but lets it keep ringing on the remote end. So from their perspective no one picks up, and it doesn't annoy you.
I can't tell if it would have the same effect as your method though, since I've done it for so long, but I only get like 1 scam call on my cell every 3-4 months (and it's usually one forwarded from my work phone). My desk phone at work, which I have to answer and haven't tried this with, gets one call every couple of weeks.
My solution is to play along with the pitch, taking as long as possible with my answers, until they ask for my credit card number. Then I make up 15 digits, making sure to mess up a couple times along the way.
I'll have to try that out. I've been noticing that most of the calls I was getting were from the same spammy place. I found out if I listen till the end they often have an option to be removed from their list. "Press 2 to be removed", if only it was always 2 that would be too easy. I hate listening to the entire ad but I have been getting a lot less since I've been hanging in there and asking to be removed.
It is a coincidence. Legitimate operations are not spoofing their numbers in the first place, whereas spoofers have shown themselves to be dishonest by spoofing.
So you are not being removed from any spam lists using this method. Not only do they have zero incentive to remove you, they have also received a reliable indication that a human answers your phone.
My solution is to let Google spam filter them. It does a good job and I report every call that manages to get through. Haven't picked one up in months now.
True, I do the same too. I take the call, mute my phone and keep it as long as the other person wants it. Spam has reduced, one call in the last 3 weeks. It could also be that the spammers are holidaying.
Apple provides a fix: get an Apple Watch and make your phone silent. Then you get a notification on your watch which you can suppress by placing your hand over it.
I make this comment in jest because obviously this is a very user-unfriendly "solution" unless you planned to buy an apple watch for some other reason. However I do use this feature.
As for the post's comment that dismissing the call leaks info: I don't know what the predictive dialers have any understanding of this -- if you simply refuse to answer it's simply a disconnect. I also doubt they keep stats on calls that go to vmail, if you accidentally do that or if you refuse to answer.
I have an apple watch... it doesn't solve the problem that if I answer a call that is not from a contact, it is 9/10ths spam, so I simply don't answer calls not on my contact list, and thus sometimes miss important calls from businesses that don't text.
I'm from Poland and while I never experienced a robocall, I have to deal with telemarketers every now and then because someone somewhere shared my number against my will and while in theory the caller is obligated to disclosure how my number landed in its company database, they're often hanging up in second they're asked or pulling the "it was randomly selected" bullshit, and recently, after GDPR they're giving premium-rated phone numbers claiming that's how you can exclude your number from database which obviously doesn't work.
While singing contract for fiber connection, I had to repeat few times that I want to opt-out almost losing nerves talking with agent saying that I'm really not interested having telemarketers clogging my phone even if that means I'll miss a chance to win something - because that's how she tried to advertise that. I could either allow those calls for 5 PLN less on my bill or opt-out for same amount added to it and I did choose the latter.
Anyway, there are sites and apps which are trying to "rate" calling numbers and warn other people - most of the times they do good job.
The other problem is with using third party navigational apps. While driving the phone app takes up the whole screen completely obscuring the directions. My wife constantly rejects calls because of this and I can’t talk to her!
Doing so could be hazardous. The act of double clicking the home button and then choosing the correct app from several other open apps would take your attention off the next turn and off the road.
Also when you take a video and someone calls it ends the video recording - even if you don't decide to answer. So you have to put your phone into airplane mode, which sucks because if you lost your phone before remembering to turn it off then find my iPhone wouldn't work... I wish there was some sort of option to not disturb while doing video... Something you could toggle on and off.
I would like to see this solved via a little regulation and tech industry cooperation that basically discards the entire phone system.
Problems that need solving
* Robocalls
* Companies using SMS for 2FA
* Companies still using phone numbers as part of my ID all. I'd much prefer companies contact me first via email/secure-text (whatsapp/line/messenger/...) and only later via secure voip
I feel like Google/Apple/Microsoft/Facebook whoever should basically design a new standard to replace the phone system and the government should then mandate that companies must support it (no more asking for phone numbers)
I'm sure there are lots of issues. I don't want one id to reach me, like email I want multiple IDs and if you want to know the ID I give you is me then send me a confirmation (I can crypto-sign it if need be)
I'm sure it's easier said than done but it does seem like it's getting to the point phone numbers are basically as useless as fax machines. Most people call me via Line, Hangouts, FB, Facetime, etc.. No one calls via phone number
> And disrupt they do, at a massive scale. Several billion fake calls are received each month in the US. Reports show this is a global problem, with Brazilians averaging 37 spam calls per month. Actually, I’m getting a robocall as I type this very sentence, my second today.
Is there a reason this isn't as prevalent in the UK? I get maybe 2 calls a month like this. Are robocallers in the UK more likely to get in trouble maybe? Putting this on Apple isn't addressing the core of the problem.
Auto-hang up on any call from someone who's number I don't have saved. Just give me a notification immediately thereafter. If it's someone I should know, I'll either have their number saved, or be expecting it. I don't want to be bothered otherwise.
This, and many, many other interesting use-cases is quite simple if you port your number to Twilio and create your own carrier inside their service.
I did this about 18 months ago and love the results. I manipulate and use the telephone network in many useful and interesting ways, all programatically, through twilio.
It’s not clear to me why Apple can’t have a Mark as Spam button for calls. Once you hit a critical mass from independent iPhones you simply block that number.
Since the phone companies are too busy trying to build content empires rather than working to improve their core competencies, it's time for Apple to step up the call-blocking experience at the OS level.
The addition of a call-blocking API was a very good first step, but the time is fast arriving when robust blocking patterns will be table stakes similar to what basic email spam filtering is today.
> I would love to be able to block all numbers coming from my area code and the first 3 digits of my number.. all my robo calls come from a number that looks just like mine
Somewhat humorously, this has destroyed my ability to receive phone calls from my home town. I instinctively hang up and block.
Indeed, which points out another UI problem: as far as I can tell there's no way to link the Mac/ipad calling to your phone (so it'll use the phone network to make a call) without enabling ringing on incoming calls. Thus I simply disabled this otherwise quite useful feature.
I turned off the feature that shows calls on my MacBook because of this. It's nice that the UI shows "Scam Likely" as the caller, but maybe give me an option to filter out those calls entirely? Let them go to voicemail or something... who is answering the phone when the caller is unknown and identified by the UI as "Scam Likely"?
Yes! I would even go so far as to say if the caller isn't in my phonebook let them go to voicemail. Or at least give me the option in settings. If I don't know who's calling they're getting my voicemail 100% of the time.
Elsewhere in the replies it was suggested that you put your phone on Do Not Disturb and configure it to allow calls from your contacts to get through. That might be a hacky solution?
imo the best way to combat this is to answer the call and waste as much of the scammers time as possible. Call spamming only scales because most people ignore or hangup immediately. If you waste 30seconds of a scammers time thats 30 more people they cant call. And that 30 seconds costs THEM money. I just answer say “hi” to start the recording and leave the phone on my desk until they hangup. Perhaps i dont completely understand the backend but if more people wasted the scammers time it would quickly become too expensive for them to continue.
When I was getting robocalls a while back, I started saying "hi" and letting them talk, then I'd put the phone on mute and continue whatever I was doing. The calls stopped a few weeks after that. Usually this would take about 10 seconds of my time, and about 90 seconds of theirs, per call.
I'm pretty sure that over the long term, it costs me less time as it made the problem completely go away.
Things that I'd tried before that, that didn't work, include: immediately hanging up, politely and no-so-politely asking them not to call back.
Isn’t it possible to opt out of a lot of bulk mail anyway? Bulk mail can never be as bad as online spam since it’s much more expensive to mail and easier to trace a sender.
It's effectively the same as opting out of these robo calls, there's a FTC list for both and yet it has zero effect. I also get 99.9% junk mail, so it's easy to lose actual mail in the pile.
About a year ago I put my phone on DND and have left it on ever since. My wife and the kids school are in my favorites so they can get through. If I have to make business calls I will initiate the call or just remember to turn it off if I get a calendar reminder for an incoming call. Maybe it will bite me in the ass at some point but it has been really nice to feel like I actually have some control of my phone again.
Same here. I also changed my outgoing voicemail message to say that I don't pick up unknown numbers so if you're a real person, leave a voicemail or text me. The voicemail transcription feature on my iphone is rudimentary but works well enough to see at a glance if a voicemail is a sales call or robocall.
Yea, it's funny how the fear of missing out makes people put up with so much bullshit in their lives. I don't use Facebook, I don't use Twitter, I don't deal with robocalls. I am not missing out on anything other than the high price of not missing out.
Honestly it blows my mind when I’m with someone who answers their phone when it rings with an unknown number. I have literally never done that, save for a handful of occasions where I’m expecting a call. It’s hard to imagine a scenario where it would be someone you would want to talk to.
Apple added hooks a while back so that 3rd party apps can interject into the call process, and I've been using https://hiya.com to do that and block scam calls.
I have it set to disregard suspected scam/fraud calls, so they never ring my phone.
I’ve completely turned off notifications for the phone. If someone wants to call me, they either need to use FaceTime (which hasn’t been overrun with spam, yet) or schedule a time with me. I also subscribe a call blocker.
How would someone without an Appke device or AppleID get in touch with you realtime? If all friends and family are already part of the Apple ecosystem, then okay for now, but you also would basically be filtering your communications to only people that fit that description in the future, as well.
People without Apple IDs can’t call me without texting first. I don’t get calls over FaceTime except from my parents anyway, everyone just texts, either iMessages or Signal.
It's not just robocalls, but any app that uses CallKit. It annoys me to no end that apps like WhatsApp can take over my entire phone with a call and I am unable to disable that like I can with notifications.
In India I got a Vodafone sim. Data was dirt cheap. $1.5 for 6GB of data.
However Vodafone would spam the shit out of everyone. Getting 10+ spammy calls in a day is very normal. They come from different numbers so you can’t block them.
Any phone that has a serious robocall spam filter mechanism built in would be a huge seller.
I can count on Apple to make such a bold move. I remember when Telcos used to block personal hotspots and Apple just gave them a middle finger and made iPhones only available to providers that would play by their rules and not the other way around.
In China, most Android users have native feature or Apps which can block harassing calls. And every user can label the new unidentified bad call numbers. The crowdsourcing model works well.
I have a suggestion. If you receive robocalls from legit companies, I think you can try to sue them. I read an article about this at https://www.whycall.me/news/consumer-wins-massive-229500-rob.... If those robocalls are coming from scammers, then you could just ignore those calls. There's no way we can stop them, anyway.
I don't know hardly anything about telephony protocols, SS7, etc but I'm curious how much information carriers know about where information originates.
Say I wanted to run a service offering phone numbers that can connect to VOIP or an app, where I connect to the global telephone network. How much information can I get at the lowest protocol level about where a call originates from? Can I tell the system the call came from? The country?
You connect to other carriers directly. Some of them will connect you to other carriers, and so on.
So for example if you’re a small operation you will just connect to one carrier like Twilio or Nexmo and it’s up to them to connect you to everyone else.
When you get bigger you may be able to set up “routes” (that’s how they’re called in the industry) to carriers directly.
So yes, carriers do see where the calls are coming from, however given that it’s commonplace to route your calls through a carrier that has no relationship to the originating number, there’s no easy way to tell whether a number is spoofed or not.
There is a solution which is to respond to complaints and stop interconnecting with a carrier that spews too much garbage, but that would go against the entire industry’s business model so nobody cares to do it.
I got fed up enough to set up custom call filtering with Twilio just this week (sadly neither the iPhone nor Google Voice allows filtering calls to contacts only). https://github.com/syakhmi/spamkiller
There are good reasons why WhatsApp and the like are replacing phone calls in many countries.
If you are in the “middle of a gaming experience” set to Do Not Disturb and set the option to allow calls from favorites. Meaning, if you are in a situation where a phone call is disruptive, then Do Not Disturb solves that completely, with the option of allowing favorites to get through.
Tapping Decline is not a great option because it actually tells the robocaller that you’re with your phone and are annoyed by the call, information I’d rather not give.
Call me paranoid, but I take it a step further and absolutely believe whatever cold call company is calling knows when my phone is moving, or I am around it. I am the type of person that doesn't carry their phone all the time, I usually keep it in my home and work in barn next door, but I notice I don't have many missed called from bullshit numbers. Not saying all, but the majority of these calls are coming when I am around my phone. Anyone else experience anything like this?
edit: lol to ianlevesque quick paranoid response, but start paying attention I dont think its too far fetched. I imagine some code that has some sort of delay to wait for the phone to move or what so long after it is moved to then start to ring. Its not like there is anyone on the other line half the time or it will just hang up. I dont understand robocalls at all.
No I work in telecom and he's not onto anything. It's technically impossible for one, and the ROI wouldn't be there even if it was.
The ROI on spray and pray is high enough. (EDIT: Not as high as like actual legit telecommunications services but it takes a tiny fraction of the expertise.) Literally all the information they need is your phone number. They just spoof the "from" number, often to appear to be a toll-free number or a number in your area code and crank out as many calls as their carriers will let them without shutting them down. The underlying costs are cheap enough where only a teeeeensy percentage of people have to fall for it for it to be worth it.
Maybe there's a pattern to when you are around your phone, and when you aren't. Most of my robocalls are during the day - when I'm at a desk, with my phone. In the evening when my phone is away from me appears to be a less popular time to call.
I have noticed that when I decline spam calls, I receive more calls, sometimes right after, sometimes over the next few days. I probably receive 30+ spam calls in a week, if I decline all of them.
It's amazing that calendar invitation spam isn't more prevalent. The times it has happened to me have been incredibly infuriating because declining means a response to the spammer and ignoring can leave it on your calendar.
So what's the trick? I've had the same cell number for a decade and I get zero unwanted calls a year. Is it just luck or am I accidentally doing something that keeps my number from being spammed?
While I don't get zero, I get far fewer than most others commenting here (50+/day!). My wife, on the otherhand, gets more than I do.
I sometimes somewhat arrogantly think it's because I have been more careful about giving our my info to untrustworthy sources, not using Facebook, myriad "phone/contact-sucking" apps like Line, Imo, WhatsApp, etc. that others in my family do/have, but then again, I finally caved and started using WhatsApp while abroad due to it being literally as or more important than a traditional line – many services here have WhatsApp-only numbers. I think I've finally lost the battle.
Same here. I have a Google Voice number that I give out to companies and a personal number that only my friends get. I haven't had a spam or robocall in at least a decade. Google Voice is nice too because I have it to screen all calls. The ones from actual people include a nice "Call from..." with the accompanying voice of the person identifying themselves.
I use callblocking software to mitigate this robokiller. It costs 2.99 per month but I get signifiantly less robo calls and it allows you to put custom answer messages for the robo calls.
I agree with the author's premise, and would go even go further and say that nothing should ever be able to steal focus from a user's active application. Ever. In any OS.
I'd like an option similar to the old answering machine / secretary screening for unknown callers:
1. A voice assistant says to the caller "may I ask who's calling [records response] and what is your call in reference to [records response]?"
2. Siri announces the call to me if the phone is not set to Not Disturb mode.
3. I accept the call or decline. If I decline, Siri gives the caller the option to leave an additional message.
TL;DR Caller states their name and business before I pick up.
> ...you can tap the “screen call” button. Google Assistant will then alert the caller that you’re using a screening service and that you’ll receive a copy of the conversation. From then, you can choose to pick up the call, hang up, or block the number.
Oh, that's great (and now I feel validated that my feature requests aren't crazy). Google definitely seems to be ahead in layering on top of traditional telephony to fix the limitations. I've used a Google Voice number for ages for this kind of stuff, and basically just never answer it.
The idea of a phone call taking up an entire screen and interrupting your activity hearkens back to the days when Apple emphasized that the iPhone should still be prioritized as a phone first. Clearly, people have evolved to richer forms of communication, and phone calls should not be put up on such a high pedestal.
Right now, any robocall hacker in the world can instantly take over your phone’s screen, knocking you out of your mobile gaming experience, disrupting you as you check out at the store, or breaking your concentration as you try and type out an email.
jesus christ, call james bond, this is a super-villain grade world domination issue
It's not a phone to me, it's a pocket computer with shovelware telephony that I'd rather do without. Just give me a data pipe, I'll figure out the voice communication part.
It is a mobile computing device that happens to be able to take calls.
"Smart phones" are "phones" in only so much that they can make phone calls. I've used my smart phone to make a call one time in the past 8 years. For me, it simply isn't a phone.
Most of my peers use their mobile computing devices to browse the internet, schedule things, and play games. Very, very few of them use it to make phone calls and those that do are calling family or their SO a majority of the time.
> It is a phone. If you need uninterrupted productivity, use any other type of personal computing device.
Phones have stopped being just phones for a while now. Modern smartphones are full fledged computing devices and are a key productivity tool for many users.
Personally I hardly even use the phone feature to justify calling my device a phone. I make maybe one or two traditional phone calls a month, as most of my day-to-day communications is done over the Internet.
Not a solution, for obvious reasons which have already been covered. These alerts show up on your other devices as well. Furthermore, your bias aside, the fact is that phones are the primary productivity device for hundreds of millions of users.
This is only partly true. Technologically the solution is difficult, but it's easy from the social side as carriers can blacklist the smaller carriers that allow this fraud to take place.
The real problem is that everyone except the consumer benefits from this. Every phone company in the chain from the scammer to you takes a penny out of the scammer's profits.
At this point these scam phone calls may be nearing the majority of the phone calls placed in the USA, so it's going to be a huge financial disruption to the carriers when they have to give up their game.