Perhaps they can tell the USPS to not sell the change of address info, including phone numbers. If you do a change of address online you are required to accept they will sell it to every shady marketing company that exists. I actually contacted the USPS regarding the matter and their response was tldr: fuck off, you need to physically fill it the form to disable that.
As someone said on HN a month or so ago, do a temporary change of address. The USPS does not sell this data. You can do one for up to six months; so, if you do two consecutively, it's the same as the permanent change of address information, which they sell.
Why would a family rebuilding their home do a permanent change of address? If you are rebuilding a home, the USPS could simply hold your mail at the Post Office.
There's an incoming audio channel and some metadata [caller id]. You have no idea whether the metadata [email recv from] is spoofed. All you know _really_ know for sure is the carrier you're receiving the call from [sort like an IP address] and whether or not you "trust" them not to lie about the authenticity of the metadata.
If the FCC wants to tackle this problem, as another HN user said, we really just need the equivalent of DKIM and SPF signing of the call metadata.
Despite the TCPA Act outlawing the calling of cellphones...
robo callers in the USA rotate phone numbers very quickly, so as to prevent anyone from figuring out who and when placed a call.
I very often get spam robocalls to my cell phone (on T-Mobile US prepaid) that come from a number identical to my phone number but with the last 4 digits altered (and random every time).
FYI, T-Mobile US rolled out a free spam blocking feature at the start of the year, but you have to opt into it (presumably because of the risk of dropping valid calls). I don't know if it applies to prepaid, unfortunately. If you log into your account it should be listed under features you can add to your line.
I get calls with no caller ID, ie its blank or "0" or a number too short to be a phone number. I don't understand why a carrier would forward that call to a terminal, that's like sending on an email with no (or an impossible) sender address.
"Decency" is not something that exists in the telco world - the industry is based on shady practices but nobody wants to change that as it would put a lot of middlemen out of business.
In a world where you can watch a 1GB Youtube video in Europe that's hosted in the US at pretty much no charge, do you think it's decent to charge for texts - something that's only 160 bytes of data? Yet that's exactly what the telcos are doing.
I've been getting robot calls/voicemails (IRS/FBI impersonator) where the scammer leaves a callback number that matches the caller ID number. Always an 800 number. Any insight into how this works for the scammer, how they don't get caught doing this?
That's probably a different breed of scam. One in which they claim some tenuous relationship with you. Could be a form or survey you filled out, sweepstakes entry etc. For these, I would try the "take me off your list" response. It usually works for me for persistent, non-spoofed calls.
I should have been specific, these calls are impersonating the FBI and IRS. I do know that they started after I registered a domain with a real phone number - lesson learned.
"The constant reassignment of phone numbers creates further problems in determining which calls are legitimate and which aren’t."
I find that hard to believe. Shouldn't the phone company know up to the second exactly which numbers it has assigned and which it hasn't. And couldn't it pass that info on to peers?
Without going into too much detail there's a master carrier caller ID database maintained by neustar, formerly Lockheed Martin information systems, but that registry is hilariously bad and expensive, so people cache caller ID in secondary databases and perform "dips" against these janky databases for cash.
This doesn't even take into account the problem that sending an arbitrary caller ID is trivial and verifying ownership of a given caller ID is impossible (this is a design choice inherent to SS7 having caller ID bolted on after the fact).
First we need the equivalent of a Registrar for a phone number to say we own it. Right now the carrier owns your number and you just get access to it as part of your service.
Unless you own a business and sell a phone number as part of the business then you probably can't sell your phone number to another person.
Not to mention its hilariously easy for a thief to port a number. They still handle port requests by fax at some phone companies.
A registry wouldn't do any good unless each call is backed by cryptographic proof that you own the caller ID, and every telco provider verifying this proof and rejecting any call that has fake/invalid CID.
The ability to sue is the point, companies won't respect anything less.
The telco already has proof of the caller in their call records, and consequently the party with financial responsibility, but that information is not normally available without a subpoena or FBI badge. This would be an enforcement of a chain of ownership of the call, and someone who receives a call will (should) always be able to find the responsible party for DNC violations and more.
Oh, but what if the bad caller is just a person who signed up for Mechanical Turk or whatever, an independent representative? They can provide proof that they were hired and pass the responsibility up the chain to BobJonesHawaiianVacations LLC.
Well the telco doesn't exactly know who is the caller. They only know through which carrier the call came from - and they in turn charge that carrier per minute of inbound calling. It only allows them to pinpoint it to a specific carrier, however the spam calls often use the same carrier as the legitimate calls, and this is where the trail ends.
Having an end-to-end chain of ownership for the call that can be verified cryptographically would help a lot, since even you on the receiving end should be able to verify this provided you have the appropriate software on your phone.
Bad callers using Mechanical Turk would be a minor issue - you won't even have to sue, just get in touch with their telco and they'll shut down their access for violation of ToS (in fact a lot of telcos already prohibit using their consumer-grade plans for business usage, even if not spam). Unless you're paying those Mechanical Turk contractors a lot nobody is gonna bother setting up extra lines to make those calls, and nobody is gonna pay them a lot of money because the only way this spam works is because it's dirt cheap to spew out those calls with the current situation.
A DNS lookup can be answered by any DNS server in the world, so even if that goes down you can retry with another one. If the equipment responsible from taking calls from your phone is down there often isn't a second one it can automatically fail over to.
Thats comparing two vastly different parts of their respective networks though - its a bit like comparing Apples and Volkswagens. No ONE DNS server is as reliable as a Class 5 Telephone Switch.
The telephone network is on whole more reliable than any single component of the internet - and its certainly more reliable that the internet on whole. The internet however is more survivable - much more, because there are less common choke points to fail.
In a way you are correct though - nearly every component required for internet access is unreliable (because you can substitute another one with ease) whereas every network element in a phone call is much more reliable (because beyond a certain point, you cannot).
Not really, most of today's SS7 traffic goes over IP, so if IP is somehow flawed you'll be in trouble in either case.
Luckily IP links are pretty reliable so that's not an issue - VoIP also allows for more resiliency, for example my phone has two independent network connections, mobile and Wi-Fi, and my VoIP provider has two servers (advertised via DNS SRV records). So my VoIP app can try each server over each connection to make a call. A conventional landline or mobile on the other hand has a single link to the telco, so if that's down you're in trouble.
Not "private" as in "dedicated to voice traffic". Almost all modern telcos route their PSTN as packets on the same MPLS/IP or pure-IP network as internet traffic.
This network is usually "privately owned" by the telco in the USA, but is publicly owned or subsidized in many parts of the world.
But there is in general no "separate" PSTN other than last-mile copper in most of the world.
Well my SIP client app manages the loss of Wi-Fi or mobile connectivity pretty well - I loose audio for a second while it renegotiates the path through the other network link but after that it's business as usual. On a conventional call when I loose cell coverage the call is dropped, so SIP is a winner for me.
On the server side you can do amazing things with high availability like floating/virtual IPs (the IP of the SIP server is actually shared between multiple machines, and if the primary machine goes down the secondary takes over its IP and as far as the client is concerned nothing happened).
Twilio assigns and reassigns pools of numbers (charging $1 each time) to their customers. It seems numbers are designed, and profited from, by being ephemeral.
For my home line, I use a whitelist/blacklist approach, with numbers on neither getting an automated voice prompting them to press 1 to ring through, else they end up going to voicemail. This has eliminated all robocalls for years. I use Anveo's call flow since it was dumb simple to setup.
For my cell, Google Voice's spam blocking seems to work pretty well.
I got rid of my home phone 15 years ago because of all the spam calls, and it used to be illegal to spam cellphones.
Now I get at least a call the week about my mortgage or car warranty. At first I explained to the people that I had neither a car nor a mortgage so I could get off the list, but that hasn’t helped.
She will answer and after 20s, will say: "Sorry, I have to go fetch a (tissue, glass of water, …)" Then she'll simply leave the phone on the table and will go gardening/watching TV.
The guy on the other end will be very pissed of after having waited uselessly 10 minutes and will never call again.
As a European (I have absolutely never ever received one of these calls), is this really so bad? How many calls a month do you receive? What do they offer? Isn't there any kind of regulation?
If I remember correctly the law here says it's ok for you to call people to offer services or sell things, but there has to be a human talking, which is quite the deterrent.
Varies by time and by recipient. My "bad" months only net ~10 robocalls, but I'm apparently on the low end. That's more than reaches my email spam folder! I basically no longer pick up for unrecognized numbers - which has it's own problems.
> What do they offer?
From what I can tell, the ones calling me are straight up scammers. "Rachel with cardholder services", "free vacation" nonsense, etc.
> Isn't there any kind of regulation?
Ineffective ones, yes. I may have recieved one or two legal robocalls (there are a few exemptions for e.g. political calls) but the majority I get are illegal. Enforcement is problematic - caller ID spoofing is common. VOIP lets a call center in India spoof your local area code, and even enforcement against domestic callers has taken distressingly long.
> If I remember correctly the law here says it's ok for you to call people to offer services or sell things, but there has to be a human talking, which is quite the deterrent.
We have similar here - although I'm not sure if it's legal to blind call cellphones, or numbers in the "do not call" registry, unless you've established some kind of business relationship. They're also generally required to add you to their own "do not call" lists if you tell them to (possibly an exception there for debt collectors?)
Meanwhile, these robocallers don't have a means of opting out, don't have the scammer on the line to yell at, and run the same fucking campaign for months! It'd be one thing if those ~10/month calls were varied - but no, it's the exact same prerecorded message 20 times from 20 unique spoofed phone numbers all hailing from my own area code, that I hang up 3 seconds into because I remember their intros.
Some days I get 5 of these calls per day. It's gotten to the point that I pay $2/month for an app subscription on my iPhone that blocks most of them. Unfortunately, it can't stop them from leaving voicemails or block numbers on the same area code & exchange as you.
I believe some of them are because literally 5 years ago, I registered a domain without using WHOIS privacy. Some of them are probably from other marketing lists, like the USPS change of address forms, and some is likely just random.
> I basically no longer pick up for unrecognized numbers - which has it's own problems.
Curious, what problems? I haven't regularly answered calls from numbers I don't recognize as long as I've had a cell phone. Anyone who has a real reason to call me would leave a voicemail (or text me these days).
> Anyone who has a real reason to call me would leave a voicemail (or text me these days).
My experience is that this is only mostly true - and of course it's hard to tell exactly what I've missed from calls I didn't pick up except for the few times when I still hear about it later. For me this is the occasional missed social or family event - being easy to reach has it's benefits.
Doctor callbacks are an issue. Their phone systems seem to be quite the hodge-lodge due to all the "hospital system" consolidation in the USA since 2010. My doctors never call from the same number twice.
Holy hell. At that point Id just delete those phone numbers and do everything in my might to stop the calls. Maybe even block all non contact numbers and tell people to write me emails instead.
I don't pickup my cell unless it's from someone I know. I get at least a couple a day and my parent's landline gets even more. I use google voice for voicemail and get zero service at work so I get notifications about having a voicemail throughout the day. Most of my voicemailbox is recordings of spammers and robocallers. Google has started identifying spammer numbers by a report service so anyone can flag a number as spam. This helps a bit but most of the calls don't show up as spammers. It's no use to delete the numbers because they will probably never be used again to call me.
Believe me, I hear you. If it weren't for the need to keep the copper landline for the comfort and safety of my elderly father, who I had move in with me after my mother's passing, I would have nuked all landlines years ago.
Do you mean that he likes having the landline, and would rely on it in case of emergency?
fwiw, my elderly father uses a cellphone. The only time we can't reach him is when he leaves it inside to go outside, and then a landline wouldn't help him, either :P
Mostly that. He also has a cell phone, but is quite deaf, so he prefers the loudness possible from a boosted land-line phone over wearing his hearing aids and using his cell.
I often get back to back calls with one bearing my landline prefix and followed by one to my mobile with its prefix (both numbers undoubtedly spoofed).
Vacation scam, 'this is IRS' scam, 'update your google business account' scam, 'this is microsoft support' scam, and then ~20% of the time someone trying to sell me window blinds, security systems, or other low-value, high-margin crap.
Although once I did get a phone call from Adobe, back when they had that big userinfo leak. I thanked them for the call, but said I wasn't going to do anything over the phone, they could contact me through my email address, which they did. So that's one legit one, at least.
I have to leave our house fax unplugged most of the time for the same reason. It is a genuine annoyance.
You have a fax system at your house and even that gets spam? I can't imagine that those are widespread enough to make that profitable for the scammers.
In Australia, it's usually ATO (IRS-equivalent) scams. The non-robo calls are typically sub-continental SEO spammers, marketing surveys, charity drives, politicians, etc.
do you think you gave your numbers out numerous times which is in some but-for sense an ultimate source of your calls (if you had never given your number out you would ultimately not be receiving these calls?) Or do you think everyone gets that many calls per day regardless of whether they've ever given their number out?
They just call every number. They spoof the area code and prefix to make it seem like it's a neighbor or local business calling.
This tactic may work for landlines, where prefixes are similar in particular neighborhoods (at least in the US). But for cell phones, it's actually a dead giveaway for many people. This is because prefixes are less correlated to location. For example, I have only ever known one person who had the same prefix as my cell phone. So whenever I see a matching prefix on the caller ID, I know it's a spoofed robocall.
But it's possible that these robocallers actually don't mind that people like me get wise to them in this way, because they'd rather only reach less tech-savvy targets, who don't know about caller ID spoofing.
This is like how spammers are rumored to use well-known tropes in their messages because then the only people dumb enough to respond are "qualified leads" that are more likely to fall for scams.
No. Our landline is not my business line, and only family has it. My fax line is something I've given to a lot of businesses, but the # number of calls is roughly the same. My cell is also my business line, and thus freely given out, but thankfully the number of calls is less than either of our landlines.
Yeah it seems the amount of money the US spends on BS products and services caused by bad or lacking regulation is atrocious
(not that the cookie directive is better, but the cost is small and people usually overdo it)
Anyway, to me the issue is that exchanges that plug into the POTS service needs to be held accountable
Things like: you're allowed to spoof the number if your own that number (like IP blocks) and can receive a call on that number, otherwise call gets blocked and/or you get fined (the interchange)
VoIP call rates seem to be around 3c per min (compare that to a pre-paid cellphone minute in the US and see how it's extortionate)
I do receive at least between 2 to 5 calls a day ! Same for my wife. We are in the Bay Area.
It is becoming such a pain, that I have decided to work on an app (iOS first) to help filter/detect such calls... it will not necessarily catch every calls but it should help make a dent into it.
There are many apps on iOS with similar features, but I have a different/novel approach for it. The most important piece is the backend system which I have almost complete now, so I have started as of yesterday the iOS code... I would love to get some beta testers before I release it. Contact info in my profile.
UK: We get robocalls (completely automated recording) for PPI, and in the past for government schemes like boiler replacement or lost insulation, wherein they try to misrepresent the call as being from the government.
Auto-dialers with spoofed caller ID are usually Indian call centres doing "Microsoft support" scam; or are UK fake invoice scammers; or are UK "phone companies" who try to convince you to change your phone/broadband (or sometimes energy supply) usually by saying someone else already agreed to it and this is just the final confirmation call.
My numbers, my wife's too, have been on the FTC's DoNotCall list for over a decade and I check every 2 or 3 years to make sure they are still on it. We still get a total of around 250 calls per year. I also used to actively report each call until I realized it seems like the FTC is farming robocallers for cash using fines. Now I just block the caller and move on.
At least 2 calls a day call my phone, but it used to be more. Currently I am using the "Mr Number" app and it will send every call to voicemail unless they are in my contact list.
Robocallers tend to not leave messages (unless it is my auto insurance on a holiday telling me to drive safe).
It's worth mentioning that answering will tend to reduce call volume; in general scammers will mark a number as done once their pitch has failed. They don't do that for no answer.
Definitely possible. There are legit VOIP services that will spoof my outgoing caller ID to a different phone number of mine that I have previously confirmed with them.
Somebody should rent one of these robocalling centers and give them a list that consists entirely of phone numbers of US congress members. They'd find effective regulation in a hurry.
I'm not sure how they do it, but here in the Netherlands I have received _zero_ automated calls in the past few years - in fact our landline probably hasn't ringed at all in six months. Two or three times a year I'll get a [human] call from my cellphone or energy provider and that's it.
The real solution is to have an authenticated caller ID system.
The regulatory organisation responsible for the country's phone numbers holds a root certificate, and as number ranges are allocated they issue a certificate to the new owner. This cert can in turn be used to sign more certs as this new owner is in turn allocating numbers to their customers. When a call is placed the originator uses its own certificate (issued to them by their phone provider) to sign the call request and this can be verified by any carrier in the path of the call. Any unsigned caller ID gets flagged or the call is outright dropped.
I have a 100% foolproof method to deal with unwanted calls - I don't pick up calls from unknown numbers. If they really want to contact me, they'll send me an SMS.
I've got another method that's working. I'll answer the call and immediately mute the line. Then wait. If it's a real person they'll talk first. Robocallers will hang up. And they seem to call less after.
I do the same thing, and it does work actually. Sure, I miss the first call, but when they leave a message I then know who it is and call back. If they don't bother to leave a message, then I know the call wasn't important. A message can be voice mail, and not SMS.
Generally, people who really need to get a hold of you will find a way.
The great irony of this era of connectivity is that there's no single way to definitively reach me. I'm so inundated with spam and notification noise that I tune basically everything out.
> Generally, people who really need to get a hold of you will find a way.
Having tried to reach someone from jail, this is surprisingly hard when you don't have your cellphone with you, and one of the few numbers you've memorized doesn't accept collect calls.
The worst are misconfigured or broken robocall systems.
I once received a call on my phone system which ended up in a several hour long message of pretty much every ad that was on the robocall system. Very interesting but also very disturbing in a way.
So why do the phone companies allow the number to be spoofed? Now I have not worked on phone related software for twenty odd years but back in the nineties we used ANI data provided by the phone companies to track where employees logged into work from. Being part of a guard services company with operations nationwide it was the easiest and best solution we found. Guards would call in from a phone at the location being served, enter their employee number or SSN#, and log in to out of work. It served the purpose of us knowing they were on site and enforced the requirement that guards had access to land lines at all sites increasing their safety.
So am I to understand that the phone services don't see the spoof attempt? I know its a separate information that is passed along but the number should be sacrosanct and if not from a physical location that the phone company can verify should be represented as such on the end call. The name and text I know isn't simple to deal with but none of the robo calls I am getting provide it.
I have found that waiting for the real person to pick up and asking for company name so I can report them does tend to cause the calls to drop off for awhile. Still I would prefer them to not be on my cell. they certainly do not respect any do not call list.
There's an implied trust between the telcos. Everybody has to trust everybody's caller ID, because there's no other information available. This works as long as your Telco cares. But many don't.
There are valid reasons to have a "spoofed" caller ID. Calling out from a company phone, providing switchboard caller ID. Having multiple (or a block of) numbers. Having international number from another provider bound to your cellphone. And many others. But for that to work, whoever you're calling has to accept what the Telco sends them.
I'm glad to know that the FCC will crack down all businesses that use robocalls to harass people. I hope it won't just only be a sentence on the news. There have been so many complaints regarding robocalls and telemarketers that have been filed by people. I even read an article at http://www.whycall.me/news/my-4500-payday-from-a-telemarkete... about a woman who sued a company after being harassed with dozens of robocalls.
Presumably robocalls are a numbers game, i.e. they work because somebody somewhere is choosing to respond to that offer of a free vacation? You only need to sell one $500 vacation or warranty replacement to cover thousands of calls.
Technically, there is a pair of standards called SHAKEN/STIR that basically puts a trust model into the call flows (certificates, signing, attestation etc.) but it's not yet widely deployed. Kind of like DKIM/SPF for SIP. Companies like Neustar and Metaswitch have software to do this for example.
Personally, I think attacking spammers directly feels like a losing game. They're pissing in a sea of piss at this point. What I'd rather have, is more positive assurance that a call is legitimate. Spammers will try to use it too, but in the modern age with feedback systems, you could at least raise the costs and time required to match a legitimate caller, and make it easier to lose that status, too.
Same goes for "legitimate" robocalls. I don't want to take your customer surveys.
I've not once gotten a robocall on my mobile phones in Sweden or Japan.
What are these countries doing differently? More expensive calls? (I know that in the US as opposed to other countries the receiver pays the extra costs of a mobile call vs the caller, even if these days those extra costs may be zero with "all you can eat" style plans)
My cellphone's microphone has broken, which I hope is actually a boon when it comes to these - whenever I pick up, the caller hears literally nothing; hopefully, this marks my phone number as invalid in some database.
I used to faithfully report telemarketers and robocallers to the FTC using their claim report site. Then recently, there was a case where one of those outfits got fined $100 Million (going on memory here, don't quote me). That's when it hit me, if they could be fined that much and I know I do get multiple calls to my numbers from the same callers then the FTC must be farming cash from them through fines. Now I just block the caller's number and move on.
US postal service is against you on that one. I recall them suing a startup out if existence that removed spam by, IIRC delivering digitized scans that we're easy to delete in bulk.
USPS got very upset for someone taking aim at spammers who are their major revenue source (really! and this is my government :( )
USPS makes deals with the devil, because your government is trying its best to asphyxiate it. They are in a budget crisis, which is entirely manufactured.
IIRC USPS has been making deals with the same devil for decades, way before the current generation of budget crises started. While they are not getting all the funding they want IMO they are not using what they get well enough.
Their disdain for technology and ignoring end user desires is phenomenal (send an overnight package via FedEx, see it by the minute as the package travels; send an overnight via USPS, see "no record for package" until 24-36 hrs later by which time the package is usually delivered already). This IMO costs them a lot of potentially highly profitable business. But they do not (seem to) care.
it is a first world problem I admit, but it is frustrating to get these calls on my cell phone.
Asking about being put on a do not call list often ends up just them laughing at me or hanging up right away. I tried the national do not call list, even was submitting every instance of these calls to their database for a month or so, but it didn't make any difference.
I was going to try pretending to be interested in their service then trying to find their company name or address. But then I heard that's not that easy, their either don't give that away easily (expending people would do this) and once you do that it's hard to sue them because then you have established a "business relationship".
If they are in another country altogether, then anything like small claims courts is just a joke and don't work either.
With the way the caller ID easily spoofed I don't see any obvious solution.
I actually get excited when I get telemarketers because the robot sometimes fools them enough to keep them on the line for a few minutes. The longer the conversation, the more irritated the telemarketers get, and that's quite satisfying. Here's some sample calls:
I've gotten some of them irritated, not on purpose, but it ended up them being quite angr, yelling new and interesting expletives I had never heard before, I took it as an enriching cultural exchange with country all the way across the globe. But then I started to wonder if they'd just go and add my number to some "please call me" database in revenge.
A good example is when roofers or other construction (generally using the "we will be in your neighborhood anyway..." scam) company calls. Just reply, "give me your contractor's license # so I can look you up."
Seems like the recording is fixed? Lenny is great because the script actually waits for the marketer to finish speaking, making it more believable and stretching the call further :)
Post this elsewhere on the thread, but you might try this approach: answer the calls and immediately mute the line. Robocallers will hang up because you haven't triggered their systems and seem to call back less. Real people speak up.
How strongly can one aim at something? Can it be measured in pounds or kilograms? Or is this one of those strong people things where they pull 18-wheeler trucks?
> FCC Chairman Ajit Pai is trying to put more muscle into the agency’s efforts to combat illegal and fraudulent robocalls. Last month, the FCC proposed a record $120 million fine against a Miami man who the agency said was responsible for making almost 100 million falsified robocalls in late 2016.
Why bother fining a single guy $120 million? What purpose does that serve?
Heh. Apparently they are seeking the maximum fine only for the 80,000 calls the FCC verified (http://transition.fcc.gov/Daily_Releases/Daily_Business/2017...). Had the full 96 million spoofed calls been used, Mr. Adrian Abramovich could've been eligible for a $144 billion dollar fine.
My guess is, this is legislation designed to sting when even large, resource-heavy corporations do it. Example: Dish Network got fined $341 million in two separate TCPA violations recently (http://www.fcclawblog.com/2017/06/articles/fcc/dish-network-...). Such numbers will make even a Dish Network notice. Dish Network is not going to wince once if a fine designed for an individual scammer is utilized.
