> The Commission does not collect criminal fines for violations of section 227.
> If a party fails to pay a forfeiture, we refer the matter to the U.S. Department of Justice for further enforcement action. We have referred to the Department of Justice forfeiture orders involving violations of section 227 by Adrian Abramovich, Marketing Strategy Leaders, Inc., and Marketing Leaders, Inc. (Abramovich), Philip Roesel, dba Wilmington Insurance Quotes, and Best Insurance Contracts, Inc. (Roesel), Affordable Enterprises of Arizona, LLC, and Scott Rhodes a.k.a. Scott David Rhodes, Scott D. Rhodes, Scott Platek, Scott P. Platek (Rhodes). 34 During calendar year 2020, the Attorney General did not collect any forfeiture penalties or criminal fines for violations of section 227 cases that the Commission has referred. We lack knowledge about the U.S. Department of Justice’s collections beyond those cases.
It said earlier that these entities owe tens of millions of dollars in forfeitures. Why were they not collected? If these criminals know that there’s no penalty, they’ll continue acting badly. (And we can see already that they do this. They change names and start over.)
Are you upset about the lack of criminal penalties imposed directly by the FCC? That's mostly just an organizational issue. The FCC isn't law enforcement. They can only impose civil penalties.
Referring the issue to the Justice dept is really the only thing they can do. I think this goes for all independent agencies. Of course, once it's referred over there, it goes in the big tumbler of prioritization for the FBI/US Attorneys.... and I'm not shocked they wouldn't immediately jump on a non-violent, extremely technically complex case.
Can't help but think that if marijuana decriminalization/legalization finally happens, law enforcement will be rooting around for other low hanging fruit. Seems like this just might fit the bill. Imagining heavily armed SWAT teams breaking down the doors of call centers and swarming in. On that happy note...
First hand statistic attesting to it, watched it happen right before my eyes in a Texas court (except the other kid was being charged with his second DUI).
Then they're in luck, because call center employees have exactly the demographics you would expect at low-paying jobs with high turnover, long hours and no benefits.
It's a resource issue. You should run for office on the platform of raising taxes to hire more investigators to collect FCC fines. Let me know how that goes for you.
You need to front the capital to start the investigation, though. This is like saying that you can pay for asteroid mining by mining asteroids. That's true! You just need a few billion dollars to mine that first asteroid.
Like startups, criminal prosecutions don't have a 100% success rate. The system, despite its flaws, has a lot of protection for defendants. So you're basically asking the taxpayers to speculate on your pet project. Sometimes they do, sometimes they don't.
> Like startups, criminal prosecutions don't have a 100% success rate.
Here we're primarily talking about collecting civil forfeitures. DOJ can go scoop up assets they find, and defendants can try and claw them back (and the DOJ only requires a preponderance of the evidence to keep the money).
Maybe the fines could be used to pay for future prosecutions? Or maybe let the justice department outsource prosecution to private sector attorneys who can keep most of what they win? Doesn't California do something similar for ADA cases?
In today's telecom world where everything is tracked and logged down to the microsecond, it's extremely angering that the only reason we still get robocalls is because the players in the telecom game are making a lot of money from letting them happen.
Nope, the problem is not what you thought of. The low level communication protocols did not consider security issues when they were designed as at which time every peer could be trusted, and thus no Authentication & Authorization mechanisms were incorporated at all. That was not really a problem until VoIP became a thing. Before VoIP it would be extremely hard if not totally impossible to fake a caller id, but with VoIP there is no longer a physical port associated with a caller, so technically everyone can claim to be anyone as long as they have the service end point details as there is no way to validate if you really are who you claim to be, so don't be surprised when picking up a call from your own number. Doesn't look good, isn't it? Unfortunately, there is no easy fix without an overhaul of the telecom infrastructure by replacing all legacy equipment that does not support A&A. I'm wondering if that is ever going to happen.
But you were right about one thing, telecoms do profit a lot from the robocalls.
Funnily, the FCC rules around porting numbers has lead to a lot of this problem.
Telephone numbers used to be handled pretty much like IPv4 addresses. A telecom would get a block of numbers and distribute those to their customers. It wasn't really possible for you to move your number from one carrier to the next.
The 2003 rule change around number porting forced a bunch of upgrades to telecoms to make it possible for any phone operator to send out a call for any number.
> The 2003 rule change around number porting forced a bunch of upgrades to telecoms to make it possible for any phone operator to send out a call for any number.
Are you trying to claim that's the reason that anyone can forge a number? Because I don't buy it. Just because you're forced to accept an inbound number doesn't mean you don't log where the number came from -- the peer service provider at the very least.
"Just because you're forced to accept an inbound number doesn't mean you don't log where the number came from -- the peer service provider at the very least."
And then what are you supposed to do with the peer service provider data? How the heck does that help an operator?
The whole point is VOIP and the porting rules broke the implicit trust relationships that used to exist, and the low level call routing protocols don't have a solution for that - because it could have never been a problem before VOIP and the new porting rules.
Until the underlying call routing protocols for long distance get enhanced, this problem isn't going to be fixed any time soon. And I'm not holding my breath on an overhaul of what is fast becoming legacy infrastructure. And in a VOIP only world establishing trust will be no easier, maybe harder, than doing so with email today - so that's not the answer either :p
Carriers know who originated the call. There are reciprocal compensation deals between the carriers to terminate call on their networks. They know exactly who originated the call because someone is paying for it. Calls aren’t free. Rural areas are especially pricey to terminate calls too which is how freeconference.com exists.
VOIP gateways upended that end to end accountability. I suppose the baby bells could just refuse all calls from VOIP gateways further relegating them to irrelevance. Good luck ever convincing a cell phone provider to do that.
Actually if phone providers would prefix calls from VOIP gateways with an asterix then I could set up a rule to just force all of those to voicemail by default. Would probably kill 90% of the bogus calls. Hell I'd pay an extra $5 a month for that feature.
I will set up a front company, and create thousands of phone customers that are hard to track back to me. Then I'll have my front company call all of my 1000 fake customers repeatedly. Those customers collect $100 each for every call from the phone carrier, and when the phone carrier tries to collect from the originator, poof, they don't exist anymore.
Better make sure your front company can't be traced back to yourself and those fake customers can't be traced back to you otherwise you've just committed wirefraud.
Very likely, if this $100 fine came into play, the first change telcoms would implement is verifying every single line in and out to make sure this exact situation can't happen. Will be cool to need a passport and birth certificate to get a new phone number.
As long as you don't try the most obvious approach, that is just buying the sim straight from one of the official operators, the thing is quite simple.
In Europe, esp eastern europe, like Bulgaria, there's a vast market of stolen phones, stolen or resold sims. You'll have to ditch them after several weeks of course. But it is not in any way impossible.
I'd guess it's the same in Americas.
It's been several years since I worked at an MVNO, so I can't say much about how do you get number capacity nowadays, but back then that was literally the least problem imaginable.
A whitelist works well for me. Call centers here have big randomized pools of phone numbers, so blacklisting them is impractical, and sometimes I do expect a call from a call center.
Phones and snail mail have been supplanted by equivalent Internet services, and both are trying to stay alive/relevant by selling out to annoying commercial interests.
Telegrams gave way to phones, but it was never possible to spam someone with telegrams, and they had a cost per word.
If telcos want the phone to be relevant, this is the wrong way to go about it. Just 10 years ago I answered my phone when it rang, even with an unknown number. Does anybody do that anymore? It's become nearly unusable, for example, as a way for businesses to contact customers they have an actual relationship with because of all the spam.
Imagine if nobody ever used or knew about traditional phones, and then someone came up with the "Phone app":
"Yea, so here is an app you will love! Install it, and it allows anyone, anywhere, anytime, to interrupt whatever you are doing on your device, background whatever app you are running, cause it to ring, buzz, and notify! Further, if you press the green button, it will allow that random person to start talking to you."
Even if it managed to get past either of the app stores' rules, who would install such an intrusive app?
Yet, every smartphone sold today has that exact annoying app pre-installed!
Be nice if you didn't actually have a phone number and you exchanged cryptographic keys with someone touchlessly when you were in physical contact. Then you'd have two-way ID verification, and if a merchant abused that by leaking their key material (or if it leaked in a hack) you could revoke that key's permission.
A large weakness with existing communication systems (phone, e-mail, physical mail) is that its a pipe where anyone in the world can blast at you, often anonymously.
Yeah, why would anyone want an app like Facebook or Discord or Skype or Teams or Google Meet or Zoom or the littany of other apps that have some version of the functionality you just described?
> It's become nearly unusable, for example, as a way for businesses to contact customers they have an actual relationship with because of all the spam.
On top of that the telcos are joining in on the fun. I am an AT&T cell phone subscriber and in the last month they’ve started robo-calling me non-stop to sign up for their ailing DirecTV service. Who in their right mind would subscribe to that with all the better streaming options available? But the worst part is that they technically aren’t breaking the rules themselves because we do have an existing business relationship (if you can call paying my bill on time and doing everything in my power not to otherwise interact with them a relationship).
Supposedly, some of these are scams. But DirecTV admitted to hiring Telecel Marketing Solutions to place robocalls. There have been multiple class-action lawsuits against AT&T for such things.
It's bizarre that AT&T would sabotage the usefulness of their own customers' telephone service, but this is a bizarre world.
OK, fair enough, but in my book it’s still on AT&T because they have to know this is going on. They must be getting complaints about it.
Oddly enough I remember DirecTV doing this ~20 years ago. It was the first time I was willing to pay for CallerID. DirecTV (or some representative that had that as their outgoing name) called me several hundred days in a row. I ended up making a game out of it, seeing how many times they’d call back if I never answered.
What. You mean AT&T being your carrier is the only relationship between AT&T and spam? And how many unanswered calls they made? Here spammers give up after 6 unanswered calls or so. Not sure why they give up though, but eventually it becomes quiet.
I recently questioned this when setting up my mother and grandfather with TV and internet for their new house. The internet TV provider either don't have, or charge so much extra for channels they consider "essential" (that's another issue) that it's not worth getting the service, as the price is equivalent or more to a satellite TV provider.
But you’re assuming that the ATT/DirectTV calls are legit and direct from HQ. DirecTV is resold through 3rd parties all the time, I am pretty sure these calls are from a 3rd party or even a scam.
> Who in their right mind would subscribe to that with all the better streaming options available?
Large swaths of the US can't get usable broadband. These people use satellite TV services. Of course that market is already developed so growth requires pestering the people with better choices available.
US telcos know at best two things at this point: keep the network up and collect rent. They cannot solve complicated social problems like spam or internet security. They just don't have the skills or the willingness to invest. We will all continue to pay them if only for internet access, and for a good price too thanks to countless mergers leaving consumers with few choices, but they are otherwise transforming into dumber and dumber pipes at a pretty fast clip. There's more profit to be made for them being a dumb pipe while device and OS manufacturers pick up the security / spam slack for free (eg, how much is anyone actually willing to pay for spam filtering) because it lets them provide a trusted environment to sell apps and ads in.
My bank was trying to get a hold of me due to them turning off autopay, and I wasn't answering their calls because it doesn't show a phone number or anything. Just "Spam Likely"
IMO I'd rather see all calls coming to my phone, and send them to VM if I want. Devices nowadays even have the capability to block calls from outside your contact list if you want.
These decisions should be up to me! Not some blackhole where algorithms decide if I should receive the call or not.
I'm always wondering why Americans allow their lawmakers to get away with this.
In order to stop robocalls, you just need to do three things:
* Flat out ban them and make it illegal to route them at network handover points
* Make caller ID mandatory with a reachable number to call back to
* Create an authority caring for those robocall reports
Then, put heavy fines on violations and go enforce the heck out of it. That's exactly what the EU did pretty much in the infancy of this technology.
I can't recall ever getting a robocall here in Germany.
That being said, my bet is this being a tragedy of the commons, as the only two parties in the system seem to heavily rely on the tool for fundraising — oh and they probably also make millions for some selected members of congress... ¯\_(ツ)_/¯
> I can't recall ever getting a robocall here in Germany.
The simpler reason you haven't gotten a robocall on your cell phone^W^W"handy" is that the caller pays a non-negligible amount of money to call you (at some point it was around £0.25). This makes the sort of mass spam calling that's happening in the US uneconomical. In the US, the receiver pays the cost of the tower-to-mobile connection; meaning it's fractions of a cent to call anyone, even on their cell phone.
Making the US more like Europe in that regard would instantaneously get rid of a massive amount of spam calls, without the need for any more complicated regulation.
It would also get rid of a massive amount of useful calls. Germany doesn't get robo calls, but that is at the expensive of not being able to use their phones as a phone when they want to.
Back when cell minutes were expensive what Germany has made sense. Today nearly everyone in the US has unlimited voice minutes (in and out) and nobody worries about how long they talk to each other.
> Back when cell minutes were expensive what Germany has made sense. Today nearly everyone in the US has unlimited voice minutes (in and out) and nobody worries about how long they talk to each other.
The thing is, the "flatrates" aren't flatrates under the hood. The providers still pay fees per minute to each other, they're just fractions of a cent now - but at a scale of hundreds of thousands of minutes a month, a robocall outfit can still generate five to six figures of revenue for the phone networks.
This is just flat-out wrong. I am sitting here in the UK and I get occasional calls from my bank, from businesses, and even from what appear to be random numbers (e.g. when my Ocado driver is running late/early and wants to update me about delivery using his own phone.) Because I do not get bullshit robocalls [0] I actually answer the phone. Yes, a lot of people have limited minutes of phone time, but since most "calls" are over IP-based comm channels I know of few people who hit the limit; it is effectively unlimited minutes here too.
Want to know the number I do not answer? My US VOIP number that I keep for business purposes. It all goes straight to voicemail and I wait for the transcription to tell me if it is another extended warrantee offer, someone wanting to tell me my computer is infected with herpes/ebola, a fake tax issue from a state I have never lived in, or if it is in the 1% of calls to that number I actually want to receive. US mobile customers have had unlimited calls for more than a decade, but I did not get a noticeable level of spam calls ten years ago.
It is not about the number of minutes available, it is simply a matter that Europeans care about the problem and prevent it from happening while US carriers do not care and their customers did not care enough to create sufficient political pressure.
[0] there actually has been a rise in one type of scam robocall over the past couple of years: the "we have been notified that you were recently in a car accident" calls are a once a month or so annoyance.
If i understand you right, by IP based you mean you are switching from a system where anyone can call anyone on any system to one where both parties have to be on the same ecosystem (proprietary app). That is not a win for communication.
> Germany doesn't get robo calls, but that is at the expensive of not being able to use their phones as a phone when they want to.
Can you explain this? My German friends have never mentioned that as a problem and based on how surprised most Europeans seem to be that Americans let spammers train the country not to answer calls it seems like the opposite is true.
It has been 10 years since I looked - 10 years ago spam wasn't a problem and Americans usd their phone for voice about 5 times as much as anyone else.
Even today most people I know answer their phone when it rings. And most people call each other often (though video calls are becoming common) We complain about the spam problems, but most people still answer the phone.
Anecdotally I can say spam calls were never the majority of my calls - and I don't talk on the phone much compared to most people I know. And the amount of spam calls has been going down a lot.
A large proportion of the spam that makes it into my gmail inbox is from American politicians and I'm not even American. They are indeed part of the problem.
Turn off spam call detection, if possible. Let all calls not from contacts go to voicemail. Turn on voicemail transcription (unless you're concerned about the privacy implications). Spam calls rarely leave voicemails. Everyone else has been trained to leave a VM if there's an actual business or personal need to do so.
This is a very old problem. In the days of landlines, we screened our calls with the answering machine for this very reason.
This is quickly becoming not the case! I get several spam voicemails every week now. They're intentionally hitting my voicemail by placing a "dummy" call to my phone, then another call a second later (forcing it to my VM due to the first call being in the middle of setup). The first call is disconnected before I have a chance to answer it. It's only there to force the next call to voicemail.
The voicemails all follow a similar pattern. Here's one:
Hi this is Josh calling. We spoke some time ago about solar for your home but the timing was bad so I wanted to reach back out because we have a brand new program that's only for a limited time...
and it goes on from there. I've never once spoken to "Josh" about solar for my home.
These are call placement patterns that should be trivial to detect on the carrier's end.
Visual Voicemail and voicemail transcriptions are the greatest inventions ever. I love it that Apple also finally added the option to force all calls not in your contacts to Voicemail too.
Nomorobo used to be awesome, but even though they are not as effective as they used to be for the stuff they do detect I have it set to just discard the calls and that's better still. Keeps voicemail from filling up with junk. Now if I could just get Nomorobo's SMS filtering to actually work - not sure if it's them, Apple or some combination; really need to pursue that though because SMS junk is getting totally out of hand :p
I get a lot of spam calls, but only one reliably leaves VM: the “auto warranty is about to expire” scam. At this point my warranty has been “almost expired” for years, never mind that I never had an extended warranty.
I have started answering many of these calls more so because of WFH as no one is watching me have fun. When they ask me, my car is always old - from 1929 Ford T to 1980s Toyota Celicas. Then they get on to either disconnect or ask if you have another car which is an opportunity to give them another old car or argue with them why they can't give me warranty on a 1929 Ford T. Fun times although I wish I did not have to do that.
Those are the only calls I get on my work phone and we can't get the IT people to either activate the free call screening from the phone carrier or whitelist at least one call filtering app. So freaking annoying!
For calls that Nomorobo detects, you can have it just terminate them - it's the only reason I still happily pay for their annual sub. Sadly they aren't nearly as effective as they were a few years ago, but they still get probably 70% of the junk which still makes it worth it.
It’s interesting - my gmail spambox is mostly accurate, but I get actual important emails there a few times a month. I’ve received real emails from my bank there before! I’ve received emails from Google services there before!!
On the other hand, I frequently get obvious spam emails in my inbox, including from one address that I weekly received a spam email. It was a very obvious email (“increase the size of your member with this one quick trick”), and each time I would mark it as spam, but Gmail never realized that that address was spam. I eventually just had to create my own filter.
I’m not sure what’s up with it, but they need to rethink their approach.
No, I don't feel the same way about Junk email. I can go through it at my leisure and there's history there. Carriers potentially blocking calls is just some black box deciding what's "safe" for me.
There are issues with mail servers being blacklisted and they can't send emails to me. But there's actual visibility to that. You can look up mail server IP's and get to the root issue of why you're blacklisted.
Honestly I'd rather the government focus on the endless junk mail I receive to my home than anything. I spend more time sorting that rather than hitting decline on my phone.
The email that makes it into your Junk folder are just the “probably spam” ones. Email providers are outright blocking “definitely spam” messages, where the decision is being made by a black box. There’s no history you can check for those, and the decisions are made in a much more complicated way than just checking an IP blocklist.
Totally. I recently set up email on a few domains, backed by protonmail. Most of them work just fine. But my internationalized domain -- a .com in fact -- can't send email to Gmail, it is wholly rejected (I get a bounce-back failure notice, and the email never gets to even the recipient's spam folder).
There doesn't seem to be any way to tell Gmail that this email is fine, in fact it's coming from me.
Meanwhile countless horrific obvious spam gets through to my gmail just fine, much of it straight to my Inbox.
You (you "You" and royal "You") need to recognize that industry/developers have been making these kinds of decisions for decades, but in the last two decades that I've been paying attention, matters have grossly accelerated to the point that some tech platforms are basically entirely driven by industry desires, and not users.
In fact, I'm getting to the point I may start deprecating "Users" in my lexicon, and replacing it with "victims" upon whom technical implementations are "inflicted".
Because I can't honestly say that industry has been looking out for anyone but industry in a looooong time.
You may be able to turn that off. I'm on TMobile and I have controls for that.
What drives me nuts is that spammers leave a voicemail that's essentially 2-4 seconds of silence. Why can't the carrier or my phone determine that there's no message and just auto-delete the voicemail? I get five or six of these a week.
I think it's likely that some banks will start building better communication features inside their apps because of this. IMO the telecom companies in the US lack not just the incentives but the skill to fix the spam problem, so people are just becoming blind to phone calls and texts, with phones abetting that blindness with spam filtering features.
Not widely advertised, by my provider (Telus) offers "call-control" which asks callers to enter a randomly selected digit before the call comes to me, unless they are on an approved list, or they have passed the challenge previously. I can turn the service on or off, and add approved numbers using a web app. I had to contact them to activate this service, but I am very happy I have it.
Of course not all robo-calls are by bad players. For example, if I am offered a call-back from a tech support call because of wait times, I need to remember to turn call control off until the call comes. Rob calls from political parties during election time, on the other hand, I am happy to live without.
I wish all providers were required to provide this service.
I’ve often thought this was a quick work-around but wonder if it works because not enough people use it?
For example, what happens if the robocaller sends 0-9 digit tones in rapid succession? Does it let them through even though they got it wrong an average of five times before getting it right? They could even use voice to text to listen to the number requested.
I would love if my provider had this feature but it doesn’t. So I end up whitelisting my contacts and putting my iPhone into Focus mode. One of the ways of getting past Focus mode default settings is to call twice in fast succession. I’ve noticed some robocallers calling, hanging up immediately and calling right back which puts the call through.
It would be a big step in tech stack of a typical dialler to add this. It's not hard, but requires a bit of effort up front. Unfortunately, as soon as it's done, it will be sold as a service.
I saw a Shitty Life Tips the other day claiming that if you mentioned Tienanmen Square to the Chinese robocallers that they'll end up on a list.
I only know enough about Mandarin to distinguish it from all the other East Asian languages. Maybe I should have my coworker teach me "fuck off and stop calling me," but what I really want is a Mark as Spam button on my phone instead of just block caller.
That's definitely a bad life tip. The square itself is still call "Tiananmen". Even if the Chinese government censor any mention of the massacre, simply mentioning the name of the location won't trigger it because it's like saying "Capital Mall" -- it's a place people go. For that to remotely work, you would have to actually say "Tiananmen Square Massacre" but I doubt most people would be able to say it in Mandarin. (In Chinese it's called the June 4th incident so Tiananmen isn't even mentioned).
I'm now actually more curious about the meme itself. I wonder if the actual motive is to get non-Chinese people to be more curious about the event. If so, it would actually be a meme or a mental virus. Fascinating to say the least.
I use the Nomorobo app and I also add any spammers that manage to still get through to a contact I titled "DO NOT ANSWER". And as soon as Apple added the option I set that contact to go straight to voicemail. I must have a few thousand numbers in it now - freaking ridiculous.
Sadly with cheap VOIP numbers I rarely get more than one call from the same number - apparently it's too cheap and easy for them to buy new numbers to rotate through.
The US government failed attempts to stop robocalls is my favorite example of how ineffective and corrupt the system is. We all know that in a healthy system it is an easy problem to solve. All the lobbyist and corporate interest is goin in the way. It's ironic because the government officials know how directly the general population feel the pain of this one and sometimes really want to do the unordinary and focus on interest of The People but can't get it done!
Honestly, its like all the huge DDoS attacks by spoofed UDP packets. In both cases, their is already tech in place, that prevent you from forwarding packets for networks that are not 'under' you (BCP 38 came out in what, 2000?) But their is very little incentive for the provider to do the work.
Well...my personal experience has been that during the Obama administration spam call frequency drastically reduced. The do not call list was maintained, people were prosecuted for running spam call boiler rooms. Then, pretty much on inauguration day, it was very noticeable there was a huge increase in inbound spam calls. It was as if a bat signal had gone up to the effect "do do evil, it'll be ok". And now, in the newest administration we now have new government activity to crack down on spam calls. For me, a pattern is emerging...
Phone service is an oligopoly. Spectrum is sold by the government and it is EXPENSIVE. No new companies can join the market, and customers have nowhere to go. So prices are high and companies do the bare minimum.
Email is more of a fair marketplace. In theory, you can even roll your own on a $5/mo VPS. Switching costs are low. You can forward messages anywhere. So email providers cannot charge exorbitant rates or require 12-month contracts, and they must provide better service to retain customers.
I think you have this backwards. E-mail is actually a good example of why you shouldn't open up communications systems too much. Because they're more or less free to send, people who want to send advertisements send loads of them. This makes e-mail entirely unusable unless you are very proactive in restricting who can send mail to you. Technical limitations like SPF, DKIM, and so on only prevent the worst abuses. What does really work has been IP blacklisting and reputation systems that more or less make rolling your e-mail very difficult.
Yes, you can roll your own e-mail; but you're taking on the challenge of both getting spam out of your incoming mail as well as getting your outgoing mail to be deliverable to everyone else. As a homelab[0] training exercise, it's fun; but businesses that need reliable mail just outsource it all to Google or Microsoft. The end result is that e-mail users more or less reinvented the restrictive systems that phone service used to have before the FCC opened POTS up to everyone that wanted to call an entire state about the their car's extended warranty.
When you mention spectrum limitations, that's for providing mobile phone service; which is only tangentially related to the actual phone call routing these days. Just getting a dialable number or placing a call is hilariously cheap and plenty of services of varying quality will let you do this in bulk. Providing access to that number over wireless spectrum is the expensive part; but you don't need spectrum to spam people.
[0] Don't try to take the word "homelab" literally and run your mail server on your residential ISP. It won't work.
I think you're right, but we're looking at this from opposite angles. We can never stop people trying to make spam calls, because human nature. At the same time, I don't think it's a desirable design goal to have a communication system that isn't open to everyone. So we must address spam on the receiving end. That's exactly what email is doing, in a decentralized way, pretty effectively in my opinion.
Now why are cell carriers dragging their feet even for basic problems like caller ID spoofing, which have been solved in the tech industry for decades now? 10 years ago, if I could have switched to any carrier at all that blocked spoofed calls, I definitely would have. But no company offered that service for the reasons I mentioned, and now it's too late and people have mostly given up on voice calls.
If email were a government-bolstered oligopoly and we all had to rely on Verizon's in-house engineers for spam filtering, email would be good as dead too. Email is certainly not perfect, but overall I think email's open model has aged much better.
> We can never stop people trying to make spam calls, because human nature.
Bit of a tangent, but I don't think people are making these spam calls because "human nature". They're making the calls because we have a society based on the accumulation of fungible wealth through profit, they can make a profit from shilling something through these calls, and the expected negative consequences of doing so aren't significant. Nobody wakes up with the natural urge to talk to hundreds of strangers about refinancing their student loans.
> E-mail is actually a good example of why you shouldn't open up communications systems too much. Because they're more or less free to send, people who want to send advertisements send loads of them. This makes e-mail entirely unusable unless you are very proactive in restricting who can send mail to you. Technical limitations like SPF, DKIM, and so on only prevent the worst abuses. What does really work has been IP blacklisting and reputation systems that more or less make rolling your e-mail very difficult.
Unfortunately the real problem with email is liability. There's no way for me to force liability of a received email onto the sender. I can't tell Gmail to block all non-US email. I can't even tell Gmail to block all mail from specific IP blocks or domains. If malicious email originates from the US then there's some very strict laws around malicious use of computers...
A phone call though? The liability is in the caller or, at least, the service provider.
You're thinking about cellular service. Most of the phone spam I'm aware of is coming from VoIP connections and the reason there's so much of it is it's extremely cheap.
1) Emails are decentralized and the telephone network is much less so. It's controlled by a relatively small number of companies. I can't run my own server and connect it to the VoIP network and start sending packets. The major companies can all agree to ban caller ID spoofing and block any carriers that allow it to happen, or at least block any of them for domestic numbers. But they don't.
2) We actually have kinda solved the caller ID problem with email. We have SPF and message signing and the Telco industry seems to be dragging their feet to implement equivalent caller ID verification technology. Imagine if you could block a spam caller and report their endpoint on the telephone network. They'd at least have to purchase a new number each time this happens, rather than just impersonating as they do now.
> Emails are decentralized and the telephone network is much less so. It's controlled by a relatively small number of companies
E-mail is largely controlled by a small number of companies. The vast majority of people use Microsoft, Google or Yahoo Mail. The reasons it's not centralized is the same as with phone numbers - interoperability.
As you note, all the major e-mail providers already implement SPF and DKIM which is more advanced than anything the carriers are talking about implementing. Spam remains a problem. I think spammers will evolve the same techniques of attacking and taking over "valid" endpoints and routing traffic through them as they do with e-mail today. Of course, this is a good thing. It raises the expense and risks associated with spam phone calls. Still, I think the claim that any technical measures will stop these calls is unhelpful hyperbole.
Ultimately the only way to actually stop these is to starve these services for funds which will be lobbied against heavily by large players who rely on these services (knowingly or unknowingly) to drive sales.
Is email truly decentralized? Roll your own and you'll encounter issues with deliver ability just from being new in the market. Large providers manage their own block lists and prevent some messages from some ips being delivered at all. This is a practice that shuts down decentralization and creates an oligopoly, although I agree it isn't as severe as the tele situation.
There are ways to enter the VoIP market by purchasing trunk access but iirc that's still controlled by a few big players.
Another difference is that email in your junk folder still contains the information. Blocking a spam call means no information gets stored.
As a person who runs an email server, I have to jump through several different hoops to prove that the e-mail that I sent from my e-mail server comes from my e-mail server.
This isn't the case for phone calls. Any phone call originating from anywhere on the planet, from any network, from ... literally fucking anywhere can claim to have originated from any random phone number.
If I own the DNS name foobarr.com, and foobarr.com points to my IP address, 1.2.3.4, and my IP address 1.2.3.4 opens a connection to another SMTP server, and claims to be coming from the domain foobarr.com and the source IP address of the connection is 1.2.3.4, that still isn't fucking good enough. I need to do a cryptographic challenge (DKIM) that shows that it's the legitimate address. And SPF too, which I forgot how it works, but I need to pass SPF also.
With phone calls... the calling number just claims to be from 1-800-555-1234, and the carrier is like "ok cool, we'll send you right through" with ... no verification. At all. It just.... goes through.
The comparable situation with phones is that a home IP address with no DNS server attached to it connects to a random SMTP server and claims that its originating e-mail address is joe.biden@whitehouse.gov and the the SMTP server is simply expected to deliver the email. It is the dumbest of all possible systems.
More info here: Advanced Methods to Target and Eliminate Unlawful Robocalls: Petition for Reconsideration and Request for Clarification of USTelecom – The Broadband Association https://ofr.report/pi/2021-28212/
Can the FCC revoke the major mobile operators' spectrum licenses if they fail to verify Caller ID records? I know that won't help with land-lines and VoIP but I imagine it would take away the bulk of the incentive for the perpetrators.
They could revoke the land line companies authorizations too.
The problem is it's a complex issue affecting millions if not billions of what is now legacy phone equipment that would have to probably be replaced. And for land lines that's a dying market - no one in their right mind would want to modernize infrastructure that's more than likely on it's way out. Might be able to get cell phone providers attention far easier.
Both groups have significant lobbying presences, I'm sure, so it will continue to be a pitched battle - but if it's ever going to be a traceable/solvable problem the fundamental protocols used between phone exchanges are going to have to be beefed up with spoofing in mind. Before VOIP and the number porting rules others have referenced in this thread it was nigh impossible to spoof numbers because each phone company owned their own block and that was that. Now any number can be held by any phone provider - the horse is out of the barn :p
At one time phones were useful. Robocalls have stolen all our phones from us. I would like my phone back. I would like us all to have our phones back. The penalties actually paid need to increase until we get our phones back from the thieves.
It shouldn't be a matter of penalities. Robocallers are attacking critical infrastructure and preying on the vulnerable and causing many people to die prematurely. They should be treated like terrorist and the US should sanction countries that are not taking the issue seriously and label them supporters of terrorism.
If these people feared having military attack their call centers and operations they would turn on each other in a heartbeat.
Or when your grandma or grandpa spend their life savings and are stuck without adequate care and services, then they die much sooner than they normally would.
I now get them on whatsapp, twitter DM and signal too. As well as group text messages, daily spoofed sms text messages on top of normal spoofed calls. Its getting ridiculous at this point.
On Signal? Wow, this is bad news because I have my immediate family on Signal and I won't pick up a call unless it's a Signal call.
Regarding the money trail, etc: I can't help but think we'll never really see the "surveillance economy" properly regulated, where our data is profited from. Because there is just too much profit.
EDIT: The context for this thread: I get SPAM calls on my mobile about extending my car's warranty. How do SPAMMERs know about my car purchase? How do they know the exact model and date of purchase? Someone sold this data.
Yea unfortunately I have to agree with your second point. Maybe in Europe they will successfully regulate it since most of these companies are American, but I think the only way we could stop our data from being profited from is if we stopped centralizing the data and giving so much power to service providers.
That’s why I like what Tim Berners Lee is doing with Solid, but I think the main point is we need to build some way for personal data to be distributed and encrypted so that it’s fundamentally very difficult to steal every customers data even if the system itself is broken. I dunno if it’s possible though since most tech companies make a significant portion of their money on their customers’ data.
Yes, most government data is awful but it's usually at least workable. That's why sites like sec.report and https://fccid.report exist. https://www.ecfr.gov is actually good though.
Scroll down to the last section "Send unknown and spam callers to voicemail". You want to activate the Silence Unknown Callers feature.
Go to Settings > Phone, then tap any of the following:
Silence Unknown Callers: You get notifications for calls from people in your contacts, recent outgoing calls, and Siri Suggestions.
Call Blocking & Identification: Turn on Silence Junk Callers (available with certain carriers) to silence calls identified by your carrier as potential spam or fraud.
How has nobody mentioned Ajit Pai overturning net neutrality which to me is exactly when the robo calls stopped flossing in. With Net Neutrality in place callers had to get your permission to call. And shocker, you remove oversight and allow free acces to run scams how is anyone surprised robocalls have become a huge issue.
For landlines we had a Do Not Call Registry, but nothing like that was ever implemented for mobile as far as I know. For me, false or misleading CallerIDs are the most immediate problem. If we required commercial entities to clearly identify themselves in their CallerID (the way many states require commercial vehicles to display their business name and contact info) then we'd have a fair shot of cutting down phone spam through "technical means". Almost all the "landline" (VOIP) calls coming into my house already go to voicemail thanks to around a dozen call treatments I've got in place: but delayed notice of an important call from the proverbial clueless bank or doctor's office with a blank CallerID is a constant risk.
The Do Not Call registry is for mobile numbers too. The problems with the registry are twofold:
- The robocallers DGAF. Many of them are already doing something illegal to start with. The only entities who really seem to be concerned with downloading the registry and scrubbing their call lists are big legitimate corps. Rachel from Cardholder Services just wants to dial as many numbers as possible and isn't going to comply with the law.
- Reporting violations is an effort in futility! A couple years ago I decided to report an idiot who was calling multiple times a day. The form asked for a bunch of information about the call, I filled all of it out, and several weeks later I got a reply from the FTC through postal mail with a dozen printed pages (including my complaint rendered onto their internal paperwork) saying sorry, they didn't have enough information to act.
I get 10+ robocalls a day, I'm not spending my time filling out a form that goes nowhere. It's unfortunate, but the registry has no teeth.
Interesting take, however your observation is opposite of reality. Can you explain why the number of robocalls have exploded soon after Ajit Pai's policies went into place?
> The Commission does not collect criminal fines for violations of section 227. > If a party fails to pay a forfeiture, we refer the matter to the U.S. Department of Justice for further enforcement action. We have referred to the Department of Justice forfeiture orders involving violations of section 227 by Adrian Abramovich, Marketing Strategy Leaders, Inc., and Marketing Leaders, Inc. (Abramovich), Philip Roesel, dba Wilmington Insurance Quotes, and Best Insurance Contracts, Inc. (Roesel), Affordable Enterprises of Arizona, LLC, and Scott Rhodes a.k.a. Scott David Rhodes, Scott D. Rhodes, Scott Platek, Scott P. Platek (Rhodes). 34 During calendar year 2020, the Attorney General did not collect any forfeiture penalties or criminal fines for violations of section 227 cases that the Commission has referred. We lack knowledge about the U.S. Department of Justice’s collections beyond those cases.
It said earlier that these entities owe tens of millions of dollars in forfeitures. Why were they not collected? If these criminals know that there’s no penalty, they’ll continue acting badly. (And we can see already that they do this. They change names and start over.)