Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Communications Spam United States

T-Mobile Begins Verifying Calls To Protect Against Spam (theverge.com) 106

T-Mobile is beginning to roll out support for call verification technology, which will confirm that a phone call is actually coming from the number listed on caller ID. From a report: Now, if one T-Mobile subscriber calls another T-Mobile subscriber, the person receiving the call will see a message saying "Caller Verified" if they have a supported phone. Unfortunately, there's only one supported phone -- Samsung Galaxy Note 9 -- for the time being. Call verification won't put a stop to spammy phone calls, but it will start to help people identify which calls are actually coming from real people. As anyone with a phone knows, spammers have relentlessly spoofed local phone numbers in recent years, making it appear that you're getting an incoming call from someone you may know. Call verification is meant to combat that.
This discussion has been archived. No new comments can be posted.

T-Mobile Begins Verifying Calls To Protect Against Spam

Comments Filter:
  • by fred6666 ( 4718031 ) on Thursday January 10, 2019 @02:28PM (#57939242)

    so it will block spammers spoofing T-Mobile's numbers to call other T-Mobile's customers. But won't block all other spoofers. As much as I'd like this to be a good start, I can't see how it can be useful.

    • by ceesco ( 259588 )
      True, but probably around 50% of the spam calls I get are spoofed from my own NPA/NXX, presumably because it looks familiar. Since that would also likely be owned by T-Mobile, I don't see the harm in it. ANY reduction is a plus.
      • True, but probably around 50% of the spam calls I get are spoofed from my own NPA/NXX, presumably because it looks familiar

        Mobile:
        Not sure if you use a smartphone, but in mid 2018 F-droid added a "Blacklist Blocker" app (com.kaliturin.blacklist). "Blacklist" is a misnomer -- even the official description shows coverage for whitelisting or contacts-only or blacklisting. I am a new user and see that there are combinations of some of the above possible.

        Setting the blacklist filter to "contains" for your 6 significant digits should help kill those obvious 10k neighbor spoofs. The "starts with" blacklist should block whole area cod

    • I would think this would be less useful for stopping spoofers so much as letting customers know that they can trust particular calls.
      • they won't trust the call. The only thing they can trust is not being spoofed by other T-mobile customers

  • Seems like a feature that is all about unauthorized spam and not spam in general.

    • I'm fascinated that someone thinks there is such a thing as "authorized spam", as opposed to "unauthorized spam".
      • by Shaitan ( 22585 )

        "I'm fascinated that someone thinks there is such a thing as "authorized spam", as opposed to "unauthorized spam"."

        Oh, are you one of those who thinks the authorized sort isn't spam? If I'm a business who pays t-mobile to let me blast their customers is that not still spam to their users? If I've signed up for texts about the latest sales from company x would you still classify that as spam?

        By my account both are spam and are authorized or unauthorized from the perspectives of either t-mobile or the user th

        • Oh, are you one of those who thinks the authorized sort isn't spam?

          The authorized sort of what? By DEFINITION, spam is unsolicited. If you authorize the contact, it is no longer spam. That means that calling something "unauthorized spam" is redundant, and implies you think there is "authorized spam". There is not.

          If I'm a business who pays t-mobile to let me blast their customers is that not still spam to their users?

          Of COURSE it is spam, because it is unauthorized, unsolicited contact.

          What, are you one of those who thinks that the MEDIUM provider can authorize unsolicited commercial contacts to you? Why do you give them that authority?

          If I've signed up for texts about the latest sales from company x would you still classify that as spam?

          Of course not. And solicited texts are

      • There are multiple definitions for "spam". Bulk email and voicemail is considered spam by many people, even if it fits the legal requirements of the "CAN-SPAM" act and is from a company you've agreed, in writing, can contact you for commercial offers, or one for which you've opted in.

    • I am worried that in the hurry to curb inappropriate number spoofing, we'll lose the ability to legitimately use such a service. They should have a system to check if the user is AUTHORIZED to use a number.

      For example, as a physician I use a dialing service to be able to place calls from my cell phone to my patients, which identify as coming from my office.

  • by sinij ( 911942 ) on Thursday January 10, 2019 @02:40PM (#57939326)
    I think excessive spam is existential crisis for voice calling. I no longer answer any calls from unknown numbers as chances of spam are near-certain. This has been going on for couple years, to the point that I permanently silenced voice call notifications on my phone - no vibrations, no ringing. Consequently, now it is much harder for legitimate callers to get through.
    • I think excessive spam is existential crisis for voice calling. I no longer answer any calls from unknown numbers as chances of spam are near-certain. This has been going on for couple years, to the point that I permanently silenced voice call notifications on my phone - no vibrations, no ringing. Consequently, now it is much harder for legitimate callers to get through.

      I have to answer because I'm always on call, before then I used to have a blacklist app on my phone which automatically sent to voice mail any number not in my contact list.

  • AT&T and Verizon have provided services like this for over 2 years (Sprint may also). AT&T Call Protect is an app you can download to do so and it's free.
    • An app does not have access to carrier ANI data that's routed with the call. So if you're spoofing using real local numbers, they can't mark those as spam. Otherwise that actual customer being spoofed would show as spam when they make outgoing calls.

      • Yup.. The only 100% solution (or the only one that could possibly be 100%) is to *require* any call that enters a switch be from either a trusted source (such as another switch who only accepts trusted calls itself) or from untrusted PBX's for which you have validated the ANI, DNS, Billing number to be associated with that PBX's owner. That way spammers cannot spoof any number they want, but only numbers they are registered for or the call won't be routed.
  • Comment removed based on user account deletion
    • It's not a bad idea for those that can do it. Unfortunately, some of us communicate with new numbers daily.

      I tried the whitelisting method a while back, and I missed too many business calls to make it worth while. Had to turn it off.

    • by mark-t ( 151149 )
      That sucks if you are doing something that requires you be ready to accept calls from people you don't personally know, such as during a job hunt, where you don't necessarily know the exact number that a person who may call you for an interview will show up as.
    • I started receiving an increasingly large number of phone calls over the last year or so. To the point now where I get at least one a day.

      I screwed around with Tasker on my Android phone to see if I could set up a whitelist and wasn't really able to get it to do what I needed.

      I ended up buying the pro version of "Calls Blacklist PRO" which, despite the name, actually can function as a whitelist as well.

      Since installing that app, I have had zero spam calls and all of my normal calls come through just fine. I

    • by dissy ( 172727 )

      I'm reversing the sentences of your post in my reply (disclosure to others)

      With all of the problems around strangers and kids, I can't believe that the industry is so pigheaded on making this a standard feature.

      Nearly everyone doesn't and can't use phones that way. No phone company will spend time and money on a feature that only a fraction of a fraction of a percent of their customers would like.
      That said, I'm one of those lucky few who can and does exactly this, so maybe this will help:

      I would prefer to just whitelist my contacts at this point. If I don't know you, I don't want to take a phone call from a seemingly random number.

      One can do this on Android and iPhone fairly easily.

      Android, free app called "Call Blocker"
      https://play.google.com/store/apps/details?id=com.vladlee.callb [google.com]

  • I use T-Mobile and recently they have been marking some incoming calls as "Scam Likely"

  • by UnknownSoldier ( 67820 ) on Thursday January 10, 2019 @02:47PM (#57939368)

    It's disgusting that in this day and age we have to put up with spam calls that appear to be coming from the SAME bloody phone number as our phones!

    I guess the telcos are more interested in money then respecting customer's time.

    What can customers do to change the situation since the FCC appears to be doing fuck all about it ?

    • If you answer, is there a person on the other end pretending to be you?
      • If you answer, is there a person on the other end pretending to be you?

        Can I then talk to myself and not be considered crazy? THAT's The real question.

    • by mentil ( 1748130 )

      Probably since many people have their own number in their contact list, to call voice mail. That makes the phone ring for people who only let it ring for numbers on their contact list.

  • They need to just block anything that they can determine is spam. To start with, if the number is registered with the same carrier, it should be trivial to verify that the call is genuine, and drop it otherwise. Then they add something where they pass this verification on when sending calls outside the network, so if the call is from a number registered to Verizon, but Verizon hasn't verified it, it gets dropped, regardless of the carrier.

    The lack of any system like this indicates that the phone companies

    • Caller ID spoofing is still required by a lot of business telephone systems - especially regarding outgoing calls on an MLTS. They can really only vet their own numbers right now. And that probably isn't even enough to stop local number spoofing because of the number of wireless and landline carriers in a given area.

      • by Anonymous Coward

        Either the business owns the number or they don't. This requires some infrastructure on the carrier side to determine whether the number should be allowed to be set by the PBX. Doesn't mean the PBX should be allowed to spoof numbers willy-nilly. If there's some weird use case where a company wants to use numbers it doesn't own (maybe an outsourced call center, who knows) - too bad, so sad - they can always set their number as missing. And then people being called are free to ignore those calls.

        • This requires some infrastructure on the carrier side to determine whether the number should be allowed to be set by the PBX.

          And numbers can come from more than one carrier. This infrastructure doesn't exist yet. I own a phone number through Google Voice, but I spoof that number when calling out from my home PBX so that return calls hit my cell phone too.

          Google Voice, in turn, spoofs the numbers of the caller when forwarding incoming calls to my cell so that I know who the forwarded calls are coming from. Google does not own the numbers at all here, but it's still a legal use case for spoofing the numbers.

        • Either the business owns the number or they don't. This requires some infrastructure on the carrier side to determine whether the number should be allowed to be set by the PBX. Doesn't mean the PBX should be allowed to spoof numbers willy-nilly. If there's some weird use case where a company wants to use numbers it doesn't own (maybe an outsourced call center, who knows) - too bad, so sad - they can always set their number as missing. And then people being called are free to ignore those calls.

          They can also just forward the inbound call from specific numbers to the outsourced call center themselves. Yea it burns up two trunk lines per inbound call, but (as you say) to bad, so sad, consider it a cost of doing business.

  • Update the phone software system to get with the 21st century. A simple change, where the caller's provider takes a signed and registered cryptologic hash of the callers information and the receivers information and presents that during the call initiation, The receivers provider checks the certificate and verifies that the same provided information hashes to the exact same value, and that the certificate used matches the registered callers provider certificate, which is signed by a central governing author

    • by mark-t ( 151149 )

      I would suggest that there should be no need for a governing authority... just an augmentation to the protocol for completing a call.

      Right now a caller sends call display info, that can remain... what can happen at the recipients end is that the destination makes a sort of "half-call" back to the calling number, asking that number if it really called the destination. If there is no response, then the call display number can be considered unverified, but if the sending number affirms that yes, it really

  • Which is why this is meaningless.

    • by Mousit ( 646085 ) on Thursday January 10, 2019 @03:38PM (#57939834)

      Really? Why bother, TMo?

      That limitation is temporary. I wish the summary had bothered to mention anything about the technical side of what T-Mobile's doing, because it's news for nerds after all.

      What T-Mobile is implementing is a technical standard known as STIR/SHAKEN [transnexus.com] which is explicitly designed to prevent spoofed calls [transnexus.com], among other things. Even the FCC itself [fcc.gov] (PDF) back in 2015/2016 was big on this particular framework for combating robocalls. So much so that one of the very, very few things Ajit Pai managed to do right for consumers was have the FCC require [fcc.gov] (PDF) that U.S. telecoms implement STIR/SHAKEN, and do so "without delay". Oh yeah, and they're required to interoperate.

      So right now the Note9 is the first phone to support it. Others will follow. I'm sure Apple devices will get it quickly, probably with iOS 13 this year. And to respond to your specific complaint, it's "only TMo to TMo" right now because they're the first to implement the framework. Once the other telcos get their STIR/SHAKEN setups going, calls between networks should also be able to be verified.

      And just for funsies, here's a full hour-long [youtu.be] (!) video on the framework and how it works, as well its status in various countries, not just the U.S.

      • by mentil ( 1748130 )

        a technical standard known as STIR/SHAKEN

        I bet spies just LOVE that.

      • If it requires any sort of technology on my own phone, then they are doing it WRONG. The telephone network is no different than the Internet network. If I am an ISP or Telecom provider, nothing enters my network without permission and nothing exits my network without permission. Source and destination, within my own network, is essentially guaranteed. I am not letting anything into my network without a known, by me, source and destination. There is ZERO room for "unknown" activity without cutting wires and

        • by Mousit ( 646085 )

          If it requires any sort of technology on my own phone, then they are doing it WRONG. The telephone network is no different than the Internet network. If I am an ISP or Telecom provider, nothing enters my network without permission and nothing exits my network without permission. Source and destination, within my own network, is essentially guaranteed. I am not letting anything into my network without a known, by me, source and destination. There is ZERO room for "unknown" activity without cutting wires and sending random voltages down them... and the results of THAT will not leave my own network anyways.

          No. If this requires technology on MY end as a consumer, then this is not about preventing spoofing, it is about tracking and gathering data, presumably to monetize it.

          I gather you did not even glance at the linked whitepapers? I'll quote the relevant line. "Using STIR/SHAKEN, the call is authenticated by the calling party’s service provider that digitally signs the calling number. The called party’s service provider validates the digital signature to verify the calling party identity. The SHAKEN governance framework defines how service providers are authenticated and authorized by a certificate authority to digitally secure the calling number of telephone c

  • I really could use something similar on my landline. The technical prerequisites for detecting and preventing caller ID spoofing are there, but where I live (Germany) CLIRO is sadly only available for special called parties like police and emergency services. CLIRO stands for Calling Line Identification Restriction Override and means that the real caller ID is always transferred.

    But perhaps something like CLIRO Light could be introduced, where spoofed calls are automatically rejected at the telephone exchan

  • Is it just the United States that suffers from a non-functioning phone system?

    Seriously, the US phone system is so over run with SPAM phone calls that land lines are useless and the problem is now destroying the cell system.

    Do people in other countries suffer from the problem?

    • Is it just the United States that suffers from a non-functioning phone system?

      Seriously, the US phone system is so over run with SPAM phone calls that land lines are useless and the problem is now destroying the cell system.

      Do people in other countries suffer from the problem?

      Anecdotally, I get very few spam / scam calls. I do get solicitations but those are from organizations where I regularly donate and thus do not mind them. Most of the spam I get is political calls during election season; and the occasional tech support / credit card rate scams.I work is slow I'll often play with the scammers for a while out of boredom. There's nothing like getting one to start screaming at you and laughing back at them.

    • In Europe, Calling Party Pays, is the rule, so spammers don't like to make spam calls to cell phones because it costs them money over POTS calls.

      The phone system in the US suffers from being "first" and needing to provide backwards compatibility. We also have "called party pays" for cell phones, which means the spammers are free to call any phone number without any added cost.

      So I'm not so quick to disparage the US's system, but obviously there are technologic solutions we need to apply here. I'm for r

  • Now that almost nobody accepts calls and relies on texts and messaging, it's a bit late for that.

  • Maybe it's just me, but if I see a call come from a number I don't know, I don't answer the phone.

    Does this mean people have become Pavlovian to answering their phone regardless of anything else? Wouldn't it be easier to simply not answer the phone every time it rings? Or is that too simplistic?

    • by amorsen ( 7485 )

      The spammers are working on using numbers you DO know as caller-ID. It isn't widespread. Yet.

  • I wish AT&T would do this, as I get shitloads of calls on my AT&T service.

    I've resorted to wildcard blocking certain partial numbers to help stifle it, but this is really something they could do on their end.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...