Well, imagine for a moment that the unwelcome participants are the ones against murder. Everyone currently in the group thinks murdering people who disagree with you is a fine way to solve problems. Outsiders might share insights and opinions to discourage this way of thinking, so they're not allowed to join.
Yeah? That's the nature of social circles. To take the example further, I definitely won't be able to work my way into a social circle of violent criminals who murder rival gang members and think murder is okay. I will not be on board with their general way of life and general perspective on the value of human life, or my overall aversion to committing crimes. They will definitely not "let me in" (unless they intend to exploit me as an unwitting participant in something, lol)
The jist of what I'm saying is, I don't feel like I have a right to join every conversation everywhere just because I have a computer and an internet connection. Groups of people have established norms for what's acceptable and what's not. For once, those social boundaries, the delineation between one group of people and another, can actually be represented in server-to-server communication permissions.
That doesn't mean that "murdering ppl who disagree with you is okay" people will never interact with the "murdering ppl who disagree with you is bad" people. They just probably won't be on the very same server, but the servers will probably communicate between each other unless the conflict level gets particularly high, at which time one server may defederate from or block the other. I regularly see opinions and views I don't agree with or share. Life isn't so black and white, I don't (and my server doesn't) block people just because they say something a bit spicy or weird. Some people/servers might, but the idea is that, for myself, I can interact with those different chunks of humanity in a way that works for me. All part of the word I keep saying, "agency".
Beyond all that, I've not seen anyone provide any reasons that an opt-in consent-based medium has any ill effects.
Silksong starts very difficult compared to Hollow Knight, largely because there are many early foes that will deal 2 masks of damage. Those sorts of big attacks were generally reserved for mid to late bosses in Hollow Knight, and it caught even skilled players off guard. Hornet has a lot of mobility though, and a much easier time dodging out of the way, so once you adapt to her playstyle (be patient, dodge, and punish only when you know it's safe) the difficulty settles down and the game feels pretty fair.
As usual, you're gaining all sorts of tools and abilities along the way, and a few areas you can technically access early are best saved for later, when you have better gear. Some players aren't super thrilled with arena challenges, which this game has more of: suddenly 3-4 enemies in a small room all at once. I enjoy the meta challenge though: which tools can thin the crowd? Which minions should I focus to make the rest of the group manageable? If I can avoid taking damage, I can cast spells to thin the crowd much more effectively, etc etc.
With everything doing 2 points of damage, including environmental hazards, the player is at effectively 2.5 hitpoints for a large majority of Act 1, as opposed to 5 in Hollow Knight. This changes the feeling of the game from "oh, a challenge, let's see what will happen and I'll learn" to "shit, a new room, I don't want to explore because I'll just get killed, where was the last bench, can I even get back here?"
The other big difference, I think, is that Hollow Knight starts you out with a very straightforward downward attack that you can use as a pogo to mitigate a lot of damage/environmental hazards.
Hornet's 45º downwards attacks are significantly harder to aim/time, and pogo chains (where they are even possible) take a lot of practice
This is my strategy as well. There are some issues I care about enough to follow, mostly related to lgbtq+ topics and technical regulations affecting my industry. But for the larger political sphere and what I hesitantly refer to as "headlines that belong in tabloids" I actively do not care.
It'll take me about a day or two (per candidate) to get back up to speed when elections come around, so I can do my civic duty and vote. Beyond that I don't let it consume my life. I've got stuff to do, and not very much time left to do it.
I have a number of friends that are addicted to Outrage Pron (almost all media -mainstream or fringe- qualifies). They -literally- spend almost every waking hour, doomscrolling. One of them occasionally forwards videos to me, that are clearly edited for angst, but he takes as gospel. AI will make that kind of stuff much, much worse.
I had a friend tell me "If you're not outraged, you're not paying attention!" He thought it was a clever, brand new saying (Spoiler: It's not —I first heard it, in the 1970s).
I've found that I can get a lot done, when I pay attention to the things over which I have direct control.
Being complacent also won't lead to any change. People need to be outraged but they also have to do something about it. You have to pick a lane -- if you're going to not do anything about it, then commit to not doing anything and bury your head. If you're going to get outraged, you can't just go into work every day like everything is normal, the cognitive dissonance will get you. Outrage needs an outlet.
Generic Outrage leads people to ignore the issues they do have control over. Local government bodies in the US are immensely powerful. You can call a city council rep and talk to them about concrete plans/actions which can happen in your community. Local reps can largely even block federal mandates by virtue that there are simply too many local bodies to sue for compliance.
Focus on what you can control. Consider that the goal of the outrage inducing media is to make you feel powerless, or direct attention at impossible battles.
There's very little under your control, that's the first lesson. Once you let go of the need to control the chaos, everything becomes a little more bearable.
You've really let yourself off the hook there; that's way too easy to say. What exactly do you suggest, that would make an actually useful contribution to improving the situation?
You're right that optimism has a difficult job of looking for tangible, actionable things while nihilism can stretch out in a hammock and watch the world burn.
Historical situations like our own might be a good place to start to look for solutions.
> Historical situations like our own might be a good place to start to look for solutions.
If you have a suggestion about something practical, that can actually help, please speak up. Offering more platitudes is just way too easy; it feels good, maybe, but it's really just an admission that we don't have a good outlet for our outrage. Which is why so many of us spend our days venting online, because apparently (judging from the lack of concrete ideas offered) it's about as effective as anything else we could do.
Why are you afraid to say "off with their heads"? Is it because you know that it's not actually useful advice that anyone can or will follow today? If you can't even bring yourself to utter it online, why should you expect anyone to take it as a serious suggestion?
I ask again, do you have any practical advice that people can follow today?
But "off with their heads" is just belling the cat. I would never suggest a thing I wasn't willing to do myself.
Your insistence that someone have a concrete, unassailable answer for you plays right into nihilism. Why don't you suggest something yourself? Or is "off with their heads" in fact your suggestion?
Because I don't believe there is anything to be done. You're the one who claimed history held the answers we needed. Why are you so reluctant to actually spell out your solution? If you are so positive about the future, please stop asking me to guess what part of history you're suggesting we emulate. Or just admit you have no idea what to do, and you're just spewing platitudes about avoiding nihilism.
I guess it depends on why the outrage. But if you are outraged about issues that are caused by the recent political shift, then the best thing you can possibly do is work, as in make it your actual job, to elect the political opposition.
A lot of people don't like that option. They find it distasteful, they don't have the time, or they think it will not change much at all. But that's the truth -- Democrats taking control of Congress in 2027 is the fastest way to improve the current situation.
> I'll take me about a day or two (per candidate) ...
I have so much trouble deciding on primary elections. There are often 5 primary candidates, and 10 seats to decide upon. And I've found no good tool to help evaluate their policy and record.
I want some sort of score board website that tracks their political and public behaviors towards various policies.
I’ve found sites like Balletopedia to be good starting points when I do my research.
Then I generally go to the candidates individual websites or see what their main talking points are. You don’t always get a sense for everything, but you kind of figure out who they are in general.
From an actual example of a candidate’s official Facebook page in my state, if you see them post something like “how come the MAINSTREAM media isn’t covering the BLACK on WHITE crime?!” you generally don’t need to do much research on them after that.
That's my standard process too, ballotpedia > candidate website. But campaign websites often feel like general bland taking points repeated by all the primary candidates.
I use this, but recently ran into an issue: I only have one Android device. It's great to be able to back up my secrets, but frustrating to need to spin up an emulator on my computer to run an Android app just to use the backups, if my primary device is offline for whatever reason. Is there a way to use the vault directly?
Very interesting question, I have no experience here. What I do instead is scan my QR codes into two apps on different devices when I make them (I do not make them very frequently so it's not a chore). Because I'm sort of pessimistic after a lifetime working in tech - everything that uses electricity breaks and fails. I build redundancy into all my (things) and just expect one of them to fail. Goes for email providers, hard drives and OTP codes - if I could have a backup washing machine, I would. :)
I just copy the OTP-URL from Aegis and place it into pass (passwordstore.org, with the pass-otp extension) on my desktop computer. That pass instance is backed up along with everything else which matters.
If you move the secret tokens onto the same device (like in that emulator that presumably runs where your password manager also runs), we're again back to the oathtool solution that is described in the OP, that doesn't have the same security benefits as the original intent of supplying you with a 2FA token. Not saying you shouldn't do this, just something to be aware of when you use the export mechanism in this way
1. Aegis has a setting for creating secure backup on every change.
2. Autosync that backup directory via syncthing to your PC.
3. Run a compatible desktop software (e.g. linux has authenticator) to import aegis backup files manually.
Since totp addition is not a frequent activity, the last manual import step was not a hassle to do whenever needed.
Never in those 20 years did I need one on Windows either. It turns out if you vet the software you install in the first place, malware is pretty rare. That isn't the bar for most regular users of software though.
Working in retail tech support, we got folks bringing in their new macbooks, freshly ruined by new ransomware, utterly baffled that it was possible at all. But when you're trying to use Photoshop without paying... well, shady stuff's still out there.
Social accountability, for one. Never underestimate shame as a motivating factor for humans. I'm generally in favor of protecting anonymity, so I'm not fully in agreement that this should be a hard requirement for a software project, but I can at least see the appeal of the idea.
Web browsers are also a rare class of software with high complexity and also high privilege (considering the data that typically passes through them), so perhaps higher scrutiny of this class of software is warranted.
True for PayPal though. I just recently had to jump through seven different hoops to verify my ID (with creepy, creepy face scans) and they absolutely refused to even start the process on desktop. Eventually got the stupid thing to work on my iPad; Android+Firefox was a no go, and it's stock Pixel 5a with Google OS.
Thankfully I don't actually rely on PayPal for anything serious, but there are artists whose commission I like to pay, and being able to actually pay them would be nice. :/
For logins, at least, they support passkeys on the desktop as well, so long as the browser does it. Which basically means Win11 or macOS, either some Blink-based browser or Safari.
I use my yubikey on both my android and linux (tumbleweed) with exclusively firefox, I have not found something that does not work.. Maybe you mean non-hardware passkeys built into the os? But one could just use keepassxc or like bitwarden, those work in Firefox and Linux as well
At this point I'm firmly of the opinion that "leak this 10 digit code and anyone on the planet can call me relentlessly" is just a broken model. Maybe that worked better when the calls carried a significant cost, but clearly the scammers are able to do this sort of thing at scale.
In practice of course, my phone is 100% permanently in "do not disturb" mode and does not ring at all unless I've added you to my contact list. Which means the scammer, already pretending to live in small town rural USA (where they most certainly are not) has to correctly guess the number of one of my relatives before my pocket actually rings. It also means I'm unreachable for anything actually important that isn't in my contact list. That's an annoying price.
I'm not sure what the correct end solution is, but the current solution seems to be very broken.
I didn’t realize how bad it got until my father stopped answering calls. It turned out he was getting (no hyperbole) 90 calls a day from spammers and vendors he had no relationship with.
I used the iOS filter, the AT&T filter, and turned on the shortcut so the phone doesn’t ring unless the caller is in his contacts.
The problem is that it already changed his behavior. He doesn’t answer the phone anymore, even if it is a person he recognizes. The Pavlovian response to his ringtone is still very negative.
I’m sure there is a non-trivial percentage of the US who already viscerally hates receiving phone calls.
Haha yeah, I do that for me. My VIP contacts have a different ringtone and Messages sound.
I didn’t realize how bad my alert/notification sounds fatigue got until I realized that a coworker’s (in an open office layout) phone was the same brand as the office fridge (so his notifications made me get up to check if the fridge was left ajar) and his home doorbell was the same sound as the office doorbell.
Try being a business where you are obligated to answer the phone in case it's a customer. We easily average a hundred junk calls for every one valid customer call.
I have taken to speaking like a robot, repeating two sentences in a loop ("You have reached technical support, please describe your issue." -> "I am sorry, I cannot deviate from the technical support script. You have reached technical support...") until the spammers come to the realization they cannot manipulate me into giving an affirmative response that they can interpret as consent to move our phone service, subscribe to service offerings, etc.
They have made phone service effectively worthless, just as they have made all other forms of communication effectively worthless.
Edit: Just remembered something else I do: I do not answer the phone with "Hello" or anything like that. The vast majority of calls that we receive are originated by an autodialer that is listening for a typical greeting so it knows in what language its payload should be delivered. Instead, I answer with only the name of the business and nothing else. If I hear silence, I repeat the name of the business. After a short time, the autodialer gives up and terminates the call.
That's wild. I'm in the US, and I get maybe 1-2 spam calls a month. I get more spam texts than calls, though not many of those either. I've never done anything special to try to prevent them, so I wonder what the difference is.
I get about 6 a day, just as another data point. As the other poster said I've set my phone so that only people in my contacts make it ring. Unfortunately that still means I have to manually go delete the voice mail notifications, all of which are 6-10 second of silence (6 out of 7 times) or some Chinese (I'm not Chinese and don't speak Chinese).
Stupidly, AFAICT, none of the phone services bother to auto-delete silent voice messages so I have to manually delete them, each one taking ~6 seconds ("call from One Two Three Five Five Five Six Seven Eight Night at three twenty seven pee em, on friday june twenty sixth ..........." delete. Repeat
(1) he was self-employed, so his business contact info (also his personal info) became public record
(2) he NEVER opted out of anything (eg “type STOP to opt-out”), never told callers to take him off their marketing list, and he was VERY sloppy with handing out his primary contact info on websites (maybe shopping or sweepstakes).
My theory is age. I get very few calls. Neither does my wife. My mother in law is called multiple times a day. I assume there’s some basic demographic data available out there and they’re targeting retirees because they know (statistically speaking) they’re an easy hit.
I think an important factor is also how long you had the same number. I switch numbers every couple of years because I get a new contract and moving the number to the new company is such a hassle. Over time you share your number with more and more companies and people who sell it or get breached.
My parents had their number for ~30 years. I never get spam calls or texts. They get one once a week or so (this is in Germany, we get a lot fewer of these calls).
If you pick up it's a positive signal that routes more to you. For a week or two I was like "eh, takes 5s, maybe it's a call from my doctor or something" and would pick up. Big mistake, got like 10 a day for a while after that.
Set a default ringtone to silence. Give each contact on my phone a custom non-silent ringtone. If a non-contact calls and it's important enough, they'll leave a voice message. The first year or so some spammers would leave a message (usually half a message as my outgoing message caused their canned robot to start speaking), but the past year or so, no bad voice mail messages.
voicemail is a dead technology, just like the mini tapes they used to be saved on. its just 1 more notification type to waste your time anymore. disable it and never look back and i assume you that you wont regret it. if they really need to contact you they will text afyer an unanswered call. I suppose its only redeeming factor is if someone you care about passes away you have a recording of their voice to hold on to, which is priceless to some. regardless, I haven't had it enabled in over 10 years and it hasn't held me back
I have my phone set to ignore any unknown callers (not in my contacts) and when someone I do want to talk to but never put in my contacts (example I'm taking bids for a new roof) I need my voice mail to help identify who called / if I care.
I suggest the caller stakes a little bit of money as a deposit that is, by default, returned to them within a day... But an angered recipient can retaliate by choosing to seize the deposit.
I think this works for many situations:
1. Between amicable friends and businesses/clients, nothing changes.
2. If there was a normal relationship, but one side starts unfairly seizing call-deposits... Well, maybe it's time to no longer have them as a vendor/customer/friend.
3. Spammers either eat the additional cost, or they have to work harder to make sure they only call people who are unlikely to retaliate.
_____
There's still a problem where someone asks to be called (the number needn't actually be theirs) as a way to trick the caller into losing money... But even then, I think it represents an improvement over what we've got now.
Yes, but this is probably best instituted at the telecom layer as there are fewer people to educate / complain / litigate drama. Telecoms who self-police don't need it and if they fall from grace they can post collateral to be let back in. I predict that suddenly the telecoms who previously turned a blind eye towards scam call-centers will suddenly become very good at pursuing scammers once they become a threat rather than an asset.
> There's still a problem where someone asks to be called (the number needn't actually be theirs) as a way to trick the caller into losing money... But even then, I think it represents an improvement over what we've got now.
That's basically the purpose toll free area codes used to serve; and there's no reason that same sort of solution (with some adjustments for the modern era) couldn't continue to be used under a deposit based system. Just add some universal prefix, some unused country code for instance, that can be dialed for a "no deposit" call; and then give control to the recipient whether they want to accept such calls.
Or, well, since most modern dialing is done by submitting the whole number at once rather than digit-by-digit; it could even be a suffix. If your number is +12125551212, maybe something like +12125551212*0 could indicate a "no deposit" call. I mean, the whole suffix space could even be turned into something akin to a password so instead of just opening up accepting "no deposit" calls from the entire world, you might only accept them from specific whitelisted suffixes; and if someone leaks one and you start getting spam calls on it, you can just turn off that suffix. There might need to be some provider-enforced fail2ban to prevent wardialing those suffixes, but it doesn't sound like it'd be too difficult.
If I could just block the numbers, or auto send to voicemail, that my phone already flags as Spam/Telemarketing this wouldn’t be so frustrating for me. I do need my phone to ring for unknowns/outside my contacts numbers, so the blocking ability I need isn’t available (on iOS anyway.) I am left manually doing this when something rings if it is flagged, I will ignore it and if it’s unknown and not flagged I will answer it. It’s not perfect but could easily cut more than half of my current interruptions.
For what it's worth, upcoming iOS 26 has a new screening feature. The idea is that calls from numbers you don't have a connection with will be asked to briefly identify themselves and why they're calling. It'll show you this text and give you the choice to block/send-to-voicemail/ignore/accept.
The problem I have with my iPhone is not callers, thankfully, it’s random iMessage from emails spamming me constantly, as many as 5 per day. The “filter unknown senders” option does not appear to work at all for these scammers.
I had this on my old Pixel. The result was that people generally hung up and didn't leave a message. Apple is a little bit better with marketing and hopefully won't make the same dumb move of making it a "pro only feature" so maybe it'll be different this time around...
I've been running the iOS 26 beta for a while and really the only problem people have had with it is that it's very clear the message the caller gets is pre-recorded, and without fail everyone who's interacted with it was expecting a beep, like an answering machine, before responding to it; but it doesn't actually beep, it just asks the caller to describe who they are and why they're calling.
So every screening popup I got had amusing text like "Is it going to beep? Hello?"
When it becomes commonplace, I expect the real problem with it will be that spam callers will recognize it and just starting giving false information to it to try to trick the party into accepting the call.
Spammers leave a message because they hear something and their bot starts talking. So it is worse than if I just don't answer.
But legit people, they just hang up. That's also a worse situation than not answering because in that case they'd have left a message. (this is hit or miss. Sometimes they leave a message. But 0 times have they actually responded to the screening)
There's also a "send unsaved numbers to voicemail" option if you don't like the call screening, and a separate toggle that puts calls/voicemails from unknown numbers on a separate list from the main one.
Yeah. I'm not sure why Spam Risk rings because it almost certainly is spam. But I do get doctor offices, service people related to something I'm dealing with at the moment, emergencies related to family members, etc. that are legit. I suspect the permanently do not disturb faction are mostly in a different life stage than many of us.
I'd probably add that the area code + exchange calls from an area code that you don't actually live in are spam as well though don't see those as much as I once did.
As others have alluded, there are unknown third parties who must call you (and you would want their call). For example, the hospital: something has happened with a loved one. We can probably solve this problem with certification. Show me your medical license (or hospital scale equivalent) and you get to make unsolicited calls. Then we allow people to select certified unsolicited calls by category: medical, financial, civic, etc.
Even in this case, I'd rather get a text message. A mere call doesn't provide any context and is not informative. Maybe your loved one showed up in their ER or maybe it's a billing issue.
The text message should explain the nature of the call and which number to call in reply.
I agree that a text can help provide context, and I definitely prefer it for non-emergency communications, but sometimes people want to go straight to synchronous communication so they can discuss urgent details without delay.
> The text message should explain the nature of the call and which number to call in reply.
You lost me here. If I get an unsolicited text message claiming to be a doctor who needs to speak to me urgently about a loved one's medical emergency, I'm not calling back via any number other than the hospital's front desk or switchboard. Invoking an emergency and asking you to call an unverified phone number is scamming 101.
I think there are HIPAA issues there. You can't just SMS a random number medical information, it ends up being something like "$HOSPITAL has a message for you, log in at $RANDOM_EHR or call us back at $NUMBER".
I've received I think two total spam calls in the years since I ported my cell number to a voip service and set up an IVR in front that just says to press any number. It also blocks the very, very few robocalls I might actually want, and occasionally some company will refuse to accept a voip number as a cell number, but most everything just works fine.
I use voip.ms, which gives full SIP for something like $4/mo / line. Their SMS/MMS bridge is a bit limited, but I really don’t use that, and otherwise I haven’t really run into any issues.
Imagine if the concept of a phone call did not exist. We still have these computers in our pockets, but without the history of the telephone system.
Then, one day, an app developer thought: Wouldn't it be cool if there was an app that would interrupt what the user was doing, play a sound, vibrate the device, and put up a full-screen dialog, that this all could be activated remotely by any other device by simply typing in a short numeric code, and that if the recipient pushed a button, the remote attacker could send audio data and activate the recipient's microphone? Most app stores would classify this as malware, yet here we are today with devices that all have built-in apps that do exactly this, and only because of how normalized the legacy idea of a "phone call" is.
A similar hypothetical was in the classic book "Peopleware" from 1987, if I recall correctly, imaging the reaction if the phone was a new invention and the phone company salesman wanted your company to put a phone on every engineer's desk which would allow anyone else in the world with a phone to at any time interrupt your engineers with no warning.
They had an anecdote about one company they consulted at which illustrated how normalized interrupting engineers had become. The engineers were putting their phones on "do not disturb" (DND) to stop all the interruptions so they could get their work done, and management sent around a memo saying that the engineers needed to stop putting their phones on DND because that caused the calls to forward to the secretary, and all the calls were making it hard for the secretary to get any work done.
> Wouldn't it be cool if there was an app that would interrupt what the user was doing
It seems like this sort of idea is extremely common, considering how many websites love preventing me from viewing their content by slapping multiple modals asking me to sign up for a newsletter and/or to get my permission to be tracked using cookies.
It also shows up in native apps, in the form of some prompt asking the user if they are enjoying the app. NO! I do not enjoy being funneled into an App Store review or any similar bullshit. If I like using the app, I'll use it. If I don't, I won't. Stop asking me!
I build websites for a living and I'm constantly battling requests to infect our sites with these god-awful modals. It's like sitting down at a restaurant, being handed a menu, only to have the menu taken away seconds later and being asked if you'll return in the future. Not only is it rude, it's the wrong time to ask the question. Let me read the damn article or whatever, and when I'm done, if there's a newsletter form, MAYBE I'll sign up. Let me eat my meal, and if I enjoy it I'll think about returning.
> Then, one day, an app developer thought: Wouldn't it be cool if there was an app that would interrupt what the user was doing, play a sound, vibrate the device, and put up a full-screen dialog, that this all could be activated remotely by any other device by simply typing in a short numeric code
When you're actively using your smartphone, phone calls show up as notifications, not full-screen dialogs (which trips up my non-technical relatives, since they don't know how to answer a call through the notification). Given that, it's not that different from what we had on computers with instant message applications like ICQ. In a world without the concept of phone calls, they would be a natural evolution from these instant messengers (and, as I'm sure you remember, ICQ used a short numeric code as the user identity).
That‘s a great example of how technology can change the rules. In the era of rotary phones hardly anyone would have felt the need to describe it that way. But nowadays it‘s appropriate.
> I'm not sure what the correct end solution is, but the current solution seems to be very broken.
I think one of two high-level approaches:
We could be ultra-strict about who is allowed to call whom, and have penalties and enforcement similar to how we police credit card fraud.
Or, we could do away with phone numbers and instead come up with a scheme where you show a QR-like code to allow someone to call you; and then you can revoke that permission if/when it is abused.
---
Finally, I think the crux of the problem is that in the US we tolerate far too much of this kind of behavior. (Unsolicited contact for the purpose of sales.) Without a corresponding publicity campaign, there's far too much cultural tolerance of allowing anyone to contact anyone at any time for any reason to accept the kind of change needed to truly contain SPAM.
That's how it was before about 1980. Every call outside the local area cost money, and every international call cost a lot more. As a result, spam landline calls were rare and international spam calls were nonexistent.
Keep in mind this was the era before CallerID so you never knew what number was calling you in advance. You answered every call on blind faith. And strangely enough most calls were worth taking, because all calls cost money.
I don't have this problem at all thanks to Pixel Phone. That spam screen feature alone is keeping me on the Android ecosystem. I don't recall one spam call in the last year. And legitimate new caller (not on my contact list) can still reach me after like 5 seconds with the bot.
> In practice of course, my phone is 100% permanently in "do not disturb" mode and does not ring at all unless I've added you to my contact list.
I go even further, unless there is a good reason for someone to have the ability disturb me, they're not whitelisted. I have no phones that ring unless it's for a specific and temporary purpose.
A ringing phone is an anachronism, it's incredible to me that people let anyone bother them in this way these days. Its an invasion of ones personal space.
There are so many simple solutions, just like phone privacy is fixable (firewall your phone)
I just don't think anyone wants to fix it. Why can't apple let us send "spam risk" to voicemail?
Like adding extensions, possibly with passwords to your phone line.
It would be good to give an extension or password to friends, or one for each business, which can be automated to input with a pause after answering, and it gets through (or further) if possible.
> I just don't think anyone wants to fix it. Why can't apple let us send "spam risk" to voicemail?
You can. At least with iOS 26 you can, I don't know if it's new or not. You can have known spam numbers silenced, sent right to voicemail, and then the voicemail is immediately put into a spam folder.
>I'm not sure what the correct end solution is, but the current solution seems to be very broken.
If we just made it impossible for phone calls to reach US destinations if they originate from a short list of foreign countries, would that actually do anything to address this issue?
I’ve tried this method, but it didn’t work out for many reasons. I often have to deal with people I don’t personally know for various reasons (mechanic, lawn care, doctors, school staff, etc.), and I have missed too many important calls like this, so I basically just have to deal with it. About 50% of the time it seems to be caught with “spam risk” or something like that, otherwise I just use my judgment.
Leak? It's a 10 digit code where you can throw out more than two thirds of them. The only leaking is getting names attached and being currently active.
I mean numbers are as terrible as social security numbers. For both of them you can take your number, add one, and get another valid number.
I'm also not sure what the correct solution is but I'm sure there's some pretty smart people out there that have some really good ideas and understand the issue with a lot of complexity (aka: I won't believe anyone who starts with "It's so simple, you just...")
> I'm also not sure what the correct solution is but I'm sure there's some pretty smart people out there that have some really good ideas and understand the issue with a lot of complexity
While there are certainly technical challenges and various trade-offs, those are not the main reason we're still getting buried in spam calls. My understanding is that smart people have already come up with good solutions which can be implemented at relatively low cost and which would be substantially effective - but the solutions have not been universally deployed because:
1. They generally require coordinated action between governments, standards bodies, regulators and disparate companies at different levels of the telecom ecosystem. These parties have divergent processes, goals and opinions on who should bear the costs and/or responsibilities for implementation, enforcement, etc.
2. The major U.S. telecom companies make money by transiting calls they know (or should know) are very likely spam. They don't want to give up that revenue so they find ways to not fully adopt, delay or weaken various proposals. These can include the motivated leveraging of legitimate technical issues or concerns to complicate, defer and otherwise hinder the processes in which they are involved as significant stakeholders. Many mobile phone operators now also earn revenue selling spam call blocking as a separate feature or part of more expensive plans. If the problem was substantially fixed they would lose that revenue.
3. There are various political stakeholders, industries and companies (not the off-shore, bottom-feeding spammer/scammers) which have a vested interest in keeping unsolicited calls legal. These include some of the more legit-ish forms of domestic telemarketers such as recruiters, fund-raisers, political campaigns, pollsters, market survey companies, etc. These companies have industry associations which hire lobbyists and make political donations to ensure their particular use is exempt from any regulations and that their cost of doing business doesn't go up to comply with the new system. Carving out all these exceptions and exemptions significantly complicates and/or weakens most technical solutions.
This is why I believe there is currently zero hope of any significant improvement despite the FCC issuing positive sounding announcements exactly like this one every 6 to 18 months for the last ten years. These FCC announcements rarely mention the workarounds, exemptions, appeals processes, delayed or unfunded enforcement which industry insiders already know will allow spam calls to continue with no substantial change. These announcements are merely the FCC fulfilling their political role of appearing to regulate and taking steps to mitigate the problem. Now the FCC managers who are measured on "do something about spam calls" can check that box on their KPIs. However all the various parties in the ecosystem have already taken steps to ensure whatever the FCC is announcing won't really work well or can be worked around relatively easily. For example, I'm sure most of the people behind the companies supposedly banned in this announcement (or their large offshore spammer/scammer customers) have already made other arrangements to continue operating uninterrupted. I hate that it's this way but the reality is, until the three fundamental blockers listed above change, this is all just "Regulatory Theater" much like the TSA's "Security Theater" performances.
It also means I'm unreachable for anything actually important that isn't in my contact list. That's an annoying price.
Calling me is now the equivalent to wanting to send me a telegram. The phone system is broken, we all know it's broken, and yet you want my phone number? Send me an email, it's just as fast and has better tools for managing scumbags. Unknown callers are silenced and go to voicemail. Wife is in an auto accident? State troopers know how voicemail works. Kid is in trouble? It can wait 30 seconds while I wait for the VM to come through (and, haha, trick question: we don't have kids).
OTOH, I grew up in the era of landlines and payphones, and well before answering machines (old school VM). People still got in accidents, kids still got sick at school and needed to come home, doctors still called, and we all got along just fine. Because EMTs still took people to the hospital, the school nurse still took care of your kid, and the doctor either called back or sent a letter, and the world move on despite not being able to instantly reach people 24x7. I realize I sound like one of those "we didn't have $SAFETY_FEATURE, and we lived", when in reality not all of us did. But we aren't talking about lawn darts, for the most part I think we did get along just fine. (Auto accidents and breakdowns are something made better by cell phones, but in the day lots of folks had CB radios. ::shrug::)
Both times my wife was in a car accident, and once that my son was, in the past few years, an unknown phone call was not necessary as either their phone or their car immediately alerted me.
One of the most common issues we helped customers solve when I worked in web hosting was low disk alerts, usually because the log rotation had failed. Often the content of those logs was exactly this sort of nonsense and had spiked recently due to a scraper. The sheer size of the logs can absolutely be a problem on a smaller server, which is more and more common now that the inexpensive server is often a VM or a container.
Just about nobody logs passwords on purpose. But really stupid IoT devices accept credentials as like query strings, or part of the path or something, and it's common to log those. The attacker is sending you passwords meant for a much less secure system.
You probably shouldn't log usernames then, or really any form fields, as users might accidentally enter a password into one of them. Kind of defeats the point of web forms, but safety is important!
A password being put into a normal text field in a properly submitted form is a lot less likely than getting into some query or path. And a database is more likely to be handled properly than some random log file.
reply