How One Small Company Blocked 15.1 Million Robocalls Last Year

TechCurmudgeon sends this excerpt from an article at Wired: Aaron Foss won a $25,000 cash prize from the Federal Trade Commission for figuring out how eliminate all those annoying robocalls that dial into your phone from a world of sleazy marketers. ... Using a little telephone hackery, Foss found a way of blocking spammers while still allowing the emergency alert service and other legitimate entities to call in bulk. Basically, he re-routed all calls through a service that would check them against a whitelist of legitimate operations and a blacklist of spammers, and this little trick was so effective, he soon parlayed it into a modest business. Last year, his service, called Nomorobo, blocked 15.1 million robocalls.

Re:

[Anonymous Coward]

The service actually does some fairly cool stuff since he has lots of customers. He can see if one caller is hitting several of his users in multiple areas and if so, automatically blacklist it for all the rest unless it's explicitly whitelisted. Of course users can also report bad numbers that get through so everyone else gets the benefit of the shared blacklist, and report any legitimate calls that get blocked so they can be whitelisted. Sure, a spammer could TRY to sign up for the service and whitelis

Click here!

[Aboroth]

Some regular guy got $25,000 from the government with one weird trick!

Re:Click here!

[Lord_Breetai]

Some regular guy got $25,000 from the government with one weird trick!

Robocallers hate him.

With a name like his

[Rosco P. Coltrane]

I sure hope his hack is free/open-source.

Re:

[Whiney Mac Fanboy]

I sure hope his hack is free/open-source.

No, it would appear that Foss's software is non-f/oss.

Re:With a name like his

[stephanruby]

I sure hope his hack is free/open-source.

He's using Twilio. Twilio [twilio.com] is not free for him (with the amount of phone traffic he's generating). Somebody has to pay for the service, whether the customer ultimately ends up paying for it, or the service is being monetized by advertisements, or a phone company decides to pay for the service as a value-added service that they pass to their own customers. The source code itself is nothing special. The idea itself isn't even new. This guy just happened to have entered a contest/hackathon sponsored by the FTC.

For white listing phone calls, google voice (integrated with Sprint) is actually pretty good. If you're looking to combine both white listing and shared black listing at the same time, there are many other startups that are offering that kind of service as well. With cloud services like Twilio or Voxeo, it's fairly easy for just one developer, or a small startup, to get into the telephony business.

Re:

[Sique]

If you get hold of a list of robocallers, you could put something similar up yourself with Asterisk or any other of the free phone switch software packages.

Re:

[roc97007]

I've got it! The service is free to users because it's paid for by ad robocalls.

No, wait...

Re:With a name like his

[TrollstonButterbeans]

His last name is "Foss" ("free and open source").

Pretty great joke, I never would have noticed the name.

Re:

[rot26]

He's really thrown a wrench into their operations.

BOOYAH.

Re:

[Barsteward]

no, its only proprietory OS users that like to steal

Implement locally?

[Alrescha]

Any reason not to just do this on your phone? e.g: my phone doesn't ring unless the caller is in the address book / contact list.

A.

Re:

[Anonymous Coward]

There are plenty ways to implement screening yourself, https://www.wrbishop.com/telecom/end-robocaller-solicitation-and-hangup-calls-with-asterisk/ has a from scratch way. There are many of these asterisk callscripts available, from simply always playing a no sollicitors message and needing a keypress from the caller to, white/blacklists and greylisting unknowns by having them enter a message and have you decide what to do with calls (accept once, whitelist/blacklist/ignore/terminate)

Re:

[nospam007]

"Because there are plenty of reasons you might want to receive calls from someone that's not in your contact list yet."

Name 3.

(for private persons obviously, not business)

Re:Implement locally?

[ThatsMyNick]

1) A close family member's cell phone battery dies, they try to call you from a pay phone or a friend's (or stranger's) cell phone.
2) A friend (old friend if you wish) has changed their number, and wants to reach you.
3) Someone who has you as their Emergency contact number had a mishap, and the emergency service wants to reach you..

Re:

[Alrescha]

With the possible exception of #3, I think voicemail has this covered.

A.

Re:Implement locally?

[wvmarle]

Who's ever going to listen to voice mail, knowing that the ten voice mail messages the system has waiting for you are recordings of a robocall, because thanks to the white list all robocalls are automatically sent to voicemail?

Re:

[radarskiy]

The advantage is that I can go through voice mail asynchronously.

Re:

[s.t.a.l.k.e.r._loner]

My smartphone is configured to send all calls straight to voicemail if they come from restricted, unavailable, or unknown numbers. This wipes out the majority of them. I wouldn't necessarily be opposed to sending all numbers not in the contacts list straight to voicemail, but I haven't done so yet. In my experience, only people or companies who have a legitimate reason to speak with me will bother to leave a voicemail. Maybe a tiny minority of robocalls are configured to leave a recorded message, but all t

Re:

[ThatsMyNick]

Voicemail is not the same as picking up a call. It does not have it covered, atleast for me.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Stewie241]

It is probably the cost thing.

In the US it generally doesn't cost either party any money once you pay the flat monthly rate for the telephone line, which can be had for pretty cheap.

So it's a tradeoff, really - it is nice to be able to make calls across the country without thinking about the cost. On the other hand, it lowers the bar for telemarketers.

Re:

[jittles]

With the possible exception of #3, I think voicemail has this covered.

A.

That is definitely not true for #1. I ran in a marathon event and I had my cell phone with me. At the end of the event, some woman who was not feeling very well at all was desperately trying to get a hold of her boyfriend. I called him 10 times in a row from my cell phone and, after he ran into her by chance, he admitted that he ignored my calls and voicemails. I suspect his girlfriend was not happy with him after that.

Re:

[Anonymous Coward]

Why didn't you text him with "<insert GF's name> is sick call back asap" after the first call went to voice-mail?

Re:

[goose-incarnated]

Calling ten times is better than a single SMS? I ignore calls from unknown numbers usually. If it's important they can send me an SMS.

Re:

[jratcliffe]

Assuming they're calling from a cellphone.

Re:

[goose-incarnated]

Parent said

I called him 10 times in a row from my cell phone

Re:

[jratcliffe]

In this case, yes. But, in general, someone with an important call might not be calling from a cellphone, and hence not have the opportunity to send an SMS.

Re:

[Ritz_Just_Ritz]

Sure, I get there are edge cases where you might want to get a call from an unknown caller. The circumstances on your list (for me) are rare. I'm talking maybe once every few years rare. Robocalls are obnoxious and legion. I pretty much don't even answer my landline anymore because it rings several times a day with junk calls. Registering the number on the do not call lists had zero effect. More needs to be done to punish purveyors of this service at the source.

It would be nice if you could have your

Re:

[del_diablo]

1: SMS
2: SMS
3: Why didn't they clear with you first?

Re:

[ThatsMyNick]

1) The payphones here dont have SMS
2) Fair enough.
3) I am talking about someone close enough that it is an implied contract. Your children or your significant other or your parents or someone you care deeply about.

Re:

[ibpooks]

3: Why didn't they clear with you first?

How would you know what number an incoming emergency call would come from whether you knew you were the emergency contact or not? If your wife is hurt at work will a call come from her cell phone, her supervisor's cell phone, desk phone, main business number, the HR office, one of hundreds of hospital numbers, etc?

Re:

[del_diablo]

Thats why you clear it. Things can be arranged without issues, so long they are arranged.

Re:

[tlhIngan]

2: SMS

I don't SMS. Sorry. I don't even have a texting plan at all because I've never used it, never had a reason to use it, and all the texts I've received over the years were all spam. Maybe only a couple were legitmate, one when I was keeping a number alive via Google Voice, and another when Google or someone texted me a confirmation code (I think it may have been my carrier to confirm a purchase).

Now, I too only answer the phone when I recognize the number. However, I admit, I have a landline as well and

Re:

[Greyfox]

There is no situation I could be in where an incoming call is important enough to warrant my immediate attention. There's a guy at work whose wife is expecting a baby, I assume he's made arrangements for immediate contact. Maybe his wife should have a talk with him about working for a company that lets him work from home.

The old asterisk voice menu system I used to run was pretty good at shutting down telemarketers and robocallers while still letting legitimate callers through. I don't think it'd be so ea

Re:

[MooseTick]

" There's a guy at work whose wife is expecting a baby... Maybe his wife should have a talk with him about working for a company that lets him work from home. "

#1 Are you saying he should change jobs so that he can be available for a call for the singular time that he may get a call that its time for her to give birth?

#2 Not all jobs lend themselves to working from home. What about those people who actually have to be somewhere to get work done?

"There is no situation I could be in where an incoming call is

Re:

[corvax]

I would add robocalls from schools. whenever school is going to be cancelled or delayed the school robocalls all parents to let them know. This happens hours (8 to 10 sometimes) Before it shows up on any lists on the school websites or local news. Each time we get a robocall from the school it has been from a different number (non local)

Re:

[TWX]

If someone is calling from a borrowed phone, then there's a timelimit on the use of that borrowed device. By the time one calls back, the person trying to reach you might not have access to the handset anymore.

Many payphones have no receive-call feature anymore, in part to prevent drug dealers from using them to semianonymously set up their final meeting points. Can't return their call even if you try.

Phishy

[bagofbeans]

In USA, your 2) will be a fraud attempt.

Re:

[AlecC]

Yesterday I got a call with number withheld which turned out to be the hospital making an appointment for me to attend for a scan. I would not have wanted to miss that call, but they withhold their number for reasons I can understand.

Re:

[Anonymous Coward]

they withhold their number for reasons I can understand.

No, there's no reason for them to withhold their number. Most clueful hospitals and clinics just have their outbound number set to their reception desk, meaning that anyone calling out from the facility on any extension will have their apparent number be set to their reception desk, much like how NAT works for IP.

Unlike individuals, hospitals and clinics need to be reachable via fixed landline phone service.

Re:

[cdrudge]

No, there's no reason for them to withhold their number.

Medical privacy? Perhaps a patient doesn't want others to see "Midwest Cancer Services" on the caller id. Or "Planned Parenthood". Or any other possibly recognizable number/name.

Re:

[mordred99]

Actually this happens all the time. Caller ID works great for land lines, where there is no switching. However when you go through multiple services (like a sip connection, through google voice, to a cell phone) the caller ID gets lost A LOT. They are not blocking it - just the phone call is of higher priority than the caller ID session that gets passed and it is not updated once the "call" initiates the ringer on the end device. So if it gets lagged by 1/2 a second, it won't even show up on the end dev

Re:

[rikkards]

Surprises me no one has come up with a box that you put between, have a little wireless connection and a web page to manage. It could mimic the same as the android blocker app. You could back up your white and black lists. Basically it checks the call display and hang it up if it is on the black list. Your phone would never ring. You could also send logs via email if needed.

Re:

[rot26]

Go for it. I used to have something like this, but it was cheap and didn't work that well. Maybe you can do a lot better. Or maybe you'll find out why nobody else has done it.

Re:

[wvmarle]

Technically, I'm sure is totally doable. Myself I have an app called "SudioKuma Call Filter" installed, this is a blacklist for Hong Kong local junk calls. Also I am on a government do-not-call list, which blocks robocalls, but allows calls made by humans - the call filter takes care of that one. They have a blacklist of some 20k numbers, and a whitelist of some 162k numbers, so far less than what this company is dealing with. The size of that blacklist (TFA mentions 850,000 numbers, and hundreds of changes

Re:

[unrtst]

The size of that blacklist (TFA mentions 850,000 numbers, and hundreds of changes a day) may be an issue for a regular phone, particularly the database lookups may be too slow for it to work well.

There are MUCH better ways than what I'm about to suggest, but this is just to get a generic feel for the size of the dataset you're talking about...

US phone numbers easily fit into a 64bit int.
64bit * 850,000 = 54,400,000 bit = 6,800,000 byte = 6.5mb

Even if you just iterated over every item, a phone could search that plenty fast enough (especially if you cache it in memory).

This could also be implemented the same way that the RBL (realtime blacklist) anti-spam lists are managed - DNS. To improve speed when

Re:

[darkmeridian]

I use Root Call Blocker on Android. It hacks the phone sub-system so that calls you do not want to receive do not even register on the phone system. RCB picks up the call and then hangs up. Your phone doesn't ring, and the caller get to voice mail, and no one is wiser. I have nothing to do with RCB other than a satisfied user.

Am I reading The Onion?

[andyn]

...because that's what I just thought.

Newsflash! Government pays entrepreneur USD 25 k for coming up with a technological solution for a legislative problem!

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

It's not a legislative problem. At least not one that is fixable with more legislation. I still get robocalls, they just do more to hide who they are to avoid complaints and government action. And even then, the penalty is a slap on the wrist generally, or they bankrupt and change names and start again.

Here is the solution - TALK TO THEM. They went to robocalls to eliminate the bad lead cost of a person calling. They tell you if you are not interested to hang up - with further reduces THEIR costs in ma

Re: Am I reading The Onion?

[phocion]

So if you're right (and I think you are), then what we need are roboanswerers to combat the robocallers. They could answer, convince the robocallers that they are a real person, and then tie up the real telemarketers for as long as they can pass the Turing test.

"Re-route the calls"

[Anonymous Coward]

So, yet one more party that gets to peek at all your phone traffic?

Sure, filtering robocalls is useful, but I do have questions about the way it is implemented.

I quite enjoy them

[Chrisq]

Wait until they answer. Pretend you are from a competing company. Tell them you have everything they sell. Tell them you are a Franciscan and have taken an oath of poverty. Try to sell them something. Say yo want to buy it until right at the end when they want credit card information then say "I'll have to ask my doctor, here at the psychiatric hospital they take away all your personal belongings".

Sounds like a lot of work

[TrollstonButterbeans]

Very humurous (--- now medical students studying bones will find this page in their searches)

Re:

[Anonymous Coward]

Not with that spelling they won't!

I don't get this

[bickerdyke]

Why do you need to route calls through a seperate business just to do some basic black/whitelisting? That's a basic feature of anything that can forward or route calls anyway.

Re:

[Anonymous Coward]

As usual, the service is the maintenance of the black-/whitelists. You can DIY, but then you lack the economies of scale and it's not worth it.

Let's get this straight

[Required Snark]

The NSA has metadata (and most likely recordings) of most of the phone calls in the entire world. The FBI (and a bunch of other unnamed government agencies) can and do tap phones without court orders. Cell phones can be used to track individuals 24/7. And yet somehow between the FCC and all the phone companies no one can figure out who is making robocalls. Really?

What's actually going on is that phone companies love robocalls because they make money on them and the FCC doesn't give a damn and/or is too "pro-business" to do anything for consumers.

Just stop lying and pretending that this is a hard problem. It's bad enough that this crap goes on in the first place. Pretending that nothing can be done is adding insult to injury. STFU and admit that it happens on purpose and nothing will change because you like the status quo. Stop lying to us!

That's Right!

[TrollstonButterbeans]

And free cable too!

FCC currently seeking comments

[Anonymous Coward]

The FCC does give a damn and is currently seeking comments http://www.fcc.gov/document/cgb-seeks-comment-call-blocking-letter-attorneys-general [fcc.gov] on telcos blocking robo calls.

The telcos tried blaming it on their status as common carriers ... so the FTC jumped in http://www.ftc.gov/system/files/documents/advocacy_documents/ftc-staff-comment-federal-communications-commission-public-notice-da-14-1700-regarding-issues/150127fcccomment.pdf [ftc.gov] with their legal opinion that common carriers are allowed to block robo ca

Network neutrality

[Anonymous Coward]

In fact, if you read the original filings from the telecoms, they specifically claim that it is the network neutrality obligations which come with common carrier status that tie their hands from blocking robo calls. They don't miss a trick in the fight for the Internet.

Re:

[sumdumass]

I eonder how that will trickle to ISP provided Email if the make ISPs common carriers?.

Re:

[wvmarle]

NSA et.al. work in secret, outside the law. Formally they're covered by the law, but the problem is that this includes many secret laws giving them lots of leeway, and if the law gets in the way they'll ignore it anyway.

The FCC and phone companies however work more in the open, and are bound by the law. One such laws says that the phone company must do their best to make all phone calls come through, no matter the content. This is typical part of being a common carrier (like the postal service): they can no

Re:Let's get this straight

[DoofusOfDeath]

NSA et.al. work in secret, outside the law. Formally they're covered by the law, but the problem is that this includes many secret laws giving them lots of leeway,

I disagree. No U.S. law can supersedes the Constitution. Much of what they've done violates the fourth and eighth Amendments. The problem isn't simply secret laws, it's a lawless executive branch, a pandering legislative branch, and a cowardly judicial branch.

Re:

[Carewolf]

While technically easy, it's legally not so. The phone company must put through those calls, even if they know this are robocalls and the customer doesn't like robocalls. The customer however is free to install blockers on their phone, or to have their calls rerouted through a third party which helps them filtering the calls.

If the phone contracts says you are not allowed to do robocalls or local laws does not allowed they are legally allowed to block them. Also they are legally allowed to track who calls

Re:

[wvmarle]

In that case, they would be allowed to block any robocalls originating from their network (because those customers are violating their contract); not the ones entering their network. That'd be a legal quagmire: how do they know for sure it's a robocall until it's answered and listened in to? They're not legally allowed to listen in to calls, a warrant is needed for that.

Re:

[Coren22]

http://twothirds.us/the-oaths-... [twothirds.us]

All federal employees have an oath to uphold the constitution. Just because you don't understand the legal reasoning behind the different programs you have heard only pieces of, doesn't mean that every person in these organizations is doing unconstitutional stuff. If you want, most of the legal opinions have now been published, so you can read exactly why the programs are legal and constitutional.

Re:

[dargaud]

That. In most European countries there's no such thing as robocalls. They get their line disconnected fast.

Re:

[Ol Olsoc]

That. In most European countries there's no such thing as robocalls. They get their line disconnected fast.

So you head on over to India, Africa, the Bahamas or the Ukraine to disconnect people's phones?

Christ, you Europeans have this shit all figured out.

Re:

[dargaud]

It's probably too expensive for robocallers to call from outside.

Re:

[fustakrakich]

Just stop lying and pretending that this is a hard problem. It's bad enough that this crap goes on in the first place. Pretending that nothing can be done is adding insult to injury. STFU and admit that it happens on purpose and nothing will change because you like the status quo. Stop lying to us!

People have to stop rewarding the liars with their votes if you expecting to happen at all. You will get nowhere with the continued 95% reelection rate that Congress enjoys.

Re:

[dnavid]

The NSA has metadata (and most likely recordings) of most of the phone calls in the entire world. The FBI (and a bunch of other unnamed government agencies) can and do tap phones without court orders. Cell phones can be used to track individuals 24/7. And yet somehow between the FCC and all the phone companies no one can figure out who is making robocalls. Really?

What's actually going on is that phone companies love robocalls because they make money on them and the FCC doesn't give a damn and/or is too "pro-business" to do anything for consumers.

Just stop lying and pretending that this is a hard problem. It's bad enough that this crap goes on in the first place. Pretending that nothing can be done is adding insult to injury. STFU and admit that it happens on purpose and nothing will change because you like the status quo. Stop lying to us!

Who said its hard to figure out who is making robocalls? Its not difficult to figure that out. The problem is that it is not illegal to make robocalls. The concern is that some robocalls violate the law by calling people that are registered on do not call lists and do not have a valid legal reason for calling, and other robocalls are perfectly legal but the recipient doesn't want to answer them anyway. Services like nomorobo and others are intended for people who want to control the kinds of telemarketi

How about a real solution?

[thogard]

Why not 20 digit number where wrong numbers all answer and charge the caller? That would fix telemarketing forever.

Re:

[thegarbz]

Don't be silly. They know your number. People carelessly give it out all the time.

Another option

[symes]

In the UK we can set preferences with the telephone preference service [tpsonline.org.uk]. But another is to set up a premium rate line and rake in the money [theguardian.com] - although it might be polite to set up another regular number for family and friends.

Re:

[Anonymous Coward]

In the US we have a Do Not Call list also. Telemarketers just regard it as a confirmed good number list.

Block spoofing. Or charge for that privilege

[140Mandak262Jamuna]

The telcos are dragging their feet and they are squarely to blame for the situation with robocalls and other unsolicited messages. They don't have to support the ability of the user to spoof. At the time the call comes into their POTS network, erase whatever spoofed header the call originator is supplying and replace it with the point-of-presence number. Once spoofing is stopped many other tools can be brought to bear to handle the situation.

Root cause of the problem seems to be, some large corporations with large phone banks want to spoof their number. They don't care if that ability is misused by shady operators peddling junk. They are totally wrong, it is better to pay a few cents more per call to get an account with the privilege to spoof the originating number. If they reduce the number of junk calls, their potential customers might actually answer their calls. Right now the junk call menace is so high most people are refusing answer any unknown number.

Just charge 1 cent per call to spoof the originating number, the junk call volume will go down by orders of magnitude.

Re:

[aardvarkjoe]

I don't even care if they allow spoofing or not -- Just when the number is spoofed, the receiver should get an indication that it has been spoofed, and then I can make my own decision on whether I want to receive those calls or not.

I'd just drop any call from a spoofed number. If somebody want to talk to me, they can get a real phone.

Re:

[bswarm]

AT&T lost me as a customer due to the ridiculous amount of telemarketers calling me. They wanted to charge me even more money to add call blocking or Caller ID. No thanks, got a cell phone for 1/3 the price of my landline and only family got that number, all others get my google call number.

Re:

[vandamme]

I wish they'd do that to spam too. Hey, they could charge a tenth of a cent per message and it would still kill the spammers.

Re:

[mgcarley]

Sounds like your setup is needlessly complicated and/or your service provider(s) is/are having a laugh at your expense.

What would be wrong with having the 800 number show up as the caller ID*? In most organizations, the 800 number is usually associated with the business, not the local number(s) - ideally, I can dial an 800 number and be geo-routed to the nearest branch, or for businesses that don't have an 800 number, it is normal to assign 1 number as the main number/CID and all the others are connected to

banana phone?

[portwojc]

What ever happen to the raspberry pi banana phone guy? http://lifehacker.com/5981063/block-telemarketers-and-robocalls-for-good-with-the-raspberry-pi-powered-banana-phone

I was looking forward to seeing that. I even bought the parts for it but haven't had time to build my own.

Someone need to make this for cellphones.

[Lumpy]

A blacklist call app that downloads daily a new blacklist number list. If a marketing call get's through, I can manually blacklist and it reports back, if 10 or more of this same number comes in from users, it's added to the global blacklist.

It would decimate the scumbag telemarketing industry within a year.

Re:

[Tunefix]

I just store all the telemarketing numbers i a single contact on my phone. And name it "Telemarketers".
Then when I see some telemarketeers calling me, I answer, and put the phone on mute.
I believe someone went on for over a minute with their script before hanging up.

It worked for a while

[Ol Olsoc]

Then the fuckers seem to have worked their way around it.

So I just don't answer the home phone any more unless I recognize the number.

Re:

[PPH]

So I just don't answer the home phone any more unless I recognize the number.

Same here. My home phone is generally used for outgoing calls like emergencies and where I want someone like a bank to recognize me (look up customer acount databased on my incoming number).

But here's an interesting thing I noticed lately: I may make one or two calls a week from my home number. And I get very few robocalls (having kept my number out of most marketing databases). But these robocalls all seem to come in within a few seconds of my having hung up from a legitimate call. I'm wondering if my pho

Easy solution

[cciechad]

Simply require the carriers include incoming ANI info for all calls on the customers bill. They can change the CLID as much as they want but changing their ANI is quite a bit more complicated.

I just want his blacklist...

[Kazoo the Clown]

I don't suppose the list is available?

Re:

[Kazoo the Clown]

Hmmm... i wonder if I could scrape 800notes.com and create a blacklist...

What does Nomorobo do with the call data?

[questro]

I have looked at the Nomorobo website to see how it works, but what is not clear is what happens with all the call history? I understand that the "bad" calls get logged to improve the ability to block calls but the Nomorobo "Privacy Policy" is silent about what happens to all the data logged for the call attempts etc. Seems to me that this solution is another "Free" service to fix a problem that should not exist to begin with, and oh, by the way now there is yet another point of data collection on calls.

Better system

[vandamme]

Your caller gets a message "dial 75 (random number) if you are not a robot, and you will be connected." It would get rid of most of them.

Re:

[sumdumass]

Something being banned or made illegal does not prevent it from happening. It just prevdnts it from happening legally. See speeding for reference.

Re:

[ganjadude]

not only that, but banning things is not what makes a civilized society. Freedom does, and yes, that includes the freedom to be a dick

Re:

[Kazoo the Clown]

Well, if robocalls aren't a "zone of lawlessness" I don't know what is...