T-Mobile Begins Verifying Calls To Protect Against Spam (theverge.com) 106
T-Mobile is beginning to roll out support for call verification technology, which will confirm that a phone call is actually coming from the number listed on caller ID. From a report: Now, if one T-Mobile subscriber calls another T-Mobile subscriber, the person receiving the call will see a message saying "Caller Verified" if they have a supported phone. Unfortunately, there's only one supported phone -- Samsung Galaxy Note 9 -- for the time being. Call verification won't put a stop to spammy phone calls, but it will start to help people identify which calls are actually coming from real people. As anyone with a phone knows, spammers have relentlessly spoofed local phone numbers in recent years, making it appear that you're getting an incoming call from someone you may know. Call verification is meant to combat that.
T-mobile to T-mobile only? (Score:3)
so it will block spammers spoofing T-Mobile's numbers to call other T-Mobile's customers. But won't block all other spoofers. As much as I'd like this to be a good start, I can't see how it can be useful.
Re: (Score:2)
even if AT&T joined, spammers would spoof other numbers, or even better, non-mobile numbers
Re: (Score:1)
Re: (Score:2)
or sends straight to voicemail.
Why do you want to waste time listening to spam voicemail? It's bad enough that there is a flaw in the system that allows spammers to dump directly into voice mail, saving them the few seconds per call for the system to forward their unanswered calls there.
For the GGP who talks about this blocking calls, no, it's pretty clear from TFS that this doesn't block anything. It marks verified calls as such, on the one model of phone that it works on. It really solves nothing.
Re: (Score:2)
or sends straight to voicemail.
Why do you want to waste time listening to spam voicemail?
From my experience the spam calls almost never leave voicemail, if they are leaving a voicemail it's because I actually gave them my number at some point. The spam calls don't want to be called back as it could potentially lead to them being identified. After all, the vast majority of them - as mentioned in the summary - are spoofing numbers to begin with.
Re: (Score:2)
From my experience the spam calls almost never leave voicemail,
From mine, it is a semi-regular occurrence. I walk out of work and see voicemail with no missed call to go with it.
The spam calls don't want to be called back as it could potentially lead to them being identified.
Nothing about leaving voicemail requires leaving a valid callback number. Perhaps the callers who do this do, I don't know. It's usually Chinese gibberish.
Re: (Score:2)
The spam calls don't want to be called back as it could potentially lead to them being identified.
Nothing about leaving voicemail requires leaving a valid callback number.
True, though it isn't very useful for the person who left the message to not leave a valid callback number. I have yet to get a voicemail that asked me to visit a website, send an email, send a text to a number that is not standard for my county, visit a physical location, etc (though I'm sure some exist).
Perhaps the callers who do this do, I don't know. It's usually Chinese gibberish.
I have been getting the Chinese singing spam at my phone at work. When I get them they come from a Chicago number (in my case right time zone wrong state). One time I answered one and started mashing
Re: (Score:2)
you'll only get calls from t-mobile customers then.
Also there might be a legitimate use for fake caller ids. Let's say I am using a voip application and want you to call me back on my cell phone, I may spoof myself.
Re: (Score:2)
Re: (Score:1)
Personally, it's super rare that I get these kinds of calls on tmobile. I have their scam block feature (free) enabled, and what it does is prevent calls that don't appear to come from a valid carrier from being able to connect to your number. I simultaneously carry a Sprint phone, and Sprint is shit so they don't have that feature at all, and I get these calls all the time on that phone.
That scam block feature works really well. I think most tmobile customers either haven't heard of it, or are concerned th
Re: (Score:2)
Re: (Score:2)
True, but probably around 50% of the spam calls I get are spoofed from my own NPA/NXX, presumably because it looks familiar
Mobile:
Not sure if you use a smartphone, but in mid 2018 F-droid added a "Blacklist Blocker" app (com.kaliturin.blacklist). "Blacklist" is a misnomer -- even the official description shows coverage for whitelisting or contacts-only or blacklisting. I am a new user and see that there are combinations of some of the above possible.
Setting the blacklist filter to "contains" for your 6 significant digits should help kill those obvious 10k neighbor spoofs. The "starts with" blacklist should block whole area cod
Re: (Score:2)
Re: (Score:2)
they won't trust the call. The only thing they can trust is not being spoofed by other T-mobile customers
How about the spammers paying the telcos? (Score:2)
Seems like a feature that is all about unauthorized spam and not spam in general.
Re: (Score:2)
Re: (Score:3)
"I'm fascinated that someone thinks there is such a thing as "authorized spam", as opposed to "unauthorized spam"."
Oh, are you one of those who thinks the authorized sort isn't spam? If I'm a business who pays t-mobile to let me blast their customers is that not still spam to their users? If I've signed up for texts about the latest sales from company x would you still classify that as spam?
By my account both are spam and are authorized or unauthorized from the perspectives of either t-mobile or the user th
Re: (Score:2)
"Authorized by who? For adjudicating spam, the receiver's authorization is what matters."
That is begging the question.
"In your first example, the T-Mobile authorized the business to send the messages, but their authorization doesn't play a role in whether it's spam or not."
Says you, and obviously me since that is the stance I took in the post you are agreeing with and repeating points from while taking a tone that suggests you are arguing. T-Mobile on the other hand would argue that they own the network and
Re: (Score:2)
That is begging the question.
No, it was precisely the point. Spam is UNAUTHORIZED, always. As soon as you authorize the contact, it is no longer spam BY DEFINITION. It may be commercial, it may be bulk, but it not unsolicited.
T-Mobile on the other hand would argue that they own the network and that mass and commercial messages THEY don't authorize constitute abusive and possibly a form of unauthorized systems access.
Oh for Christ's sake. There is nothing about them authorizing the messages, it has everything to do with the claimed SOURCE of the message (the caller ID data) matching the SOURCE of the message (the actual calling number as they know it from their own system information.) They can't authorize unsolicited junk mes
Re: (Score:2)
"And what T-Mobile is doing is not blocking spam -- of any kind. They make no such distinction. They are labeling some calls as likely scams because the caller ID data doesn't match their own verifiable caller source data. That's all."
For now in order to get better identification and exploit the new commercial opportunities afforded by net neutrality and if not T-mobile which admittedly is far from the worst along those lines it will be another carrier soon enough.
As for what is spam BY DEFINITION, there is
Re: (Score:2)
For now in order to get better identification and exploit the new commercial opportunities afforded by net neutrality
This has nothing at all to do with net neutrality.
As for what is spam BY DEFINITION, there is no official and universal definition of this slang term
I'm sorry you came late to the party. Unsolicited commercial email. UCE. Unsolicited.
and no amount of foaming at the mouth and asserting otherwise will make it so.
That's right. Your foaming at the mouth about how you get spam after you signed up for a mailing list in exchange for a coupon for something doesn't make the email spam. It make it solicited.
Opt-in, out-opt, at what point have you authorized it?
I'm sorry that English is not your first language. At the point you authorized the email or contact. That is opting-in. When you sign up for it.
Hell, messages from a script you yourself wrote blasting to your screen at annoying frequency is generally referred to as "spam."
Only by morons who want to get worked u
Re: (Score:2)
Oh, are you one of those who thinks the authorized sort isn't spam?
The authorized sort of what? By DEFINITION, spam is unsolicited. If you authorize the contact, it is no longer spam. That means that calling something "unauthorized spam" is redundant, and implies you think there is "authorized spam". There is not.
If I'm a business who pays t-mobile to let me blast their customers is that not still spam to their users?
Of COURSE it is spam, because it is unauthorized, unsolicited contact.
What, are you one of those who thinks that the MEDIUM provider can authorize unsolicited commercial contacts to you? Why do you give them that authority?
If I've signed up for texts about the latest sales from company x would you still classify that as spam?
Of course not. And solicited texts are
Re: (Score:2)
There are multiple definitions for "spam". Bulk email and voicemail is considered spam by many people, even if it fits the legal requirements of the "CAN-SPAM" act and is from a company you've agreed, in writing, can contact you for commercial offers, or one for which you've opted in.
Legitimate uses (Score:2)
I am worried that in the hurry to curb inappropriate number spoofing, we'll lose the ability to legitimately use such a service. They should have a system to check if the user is AUTHORIZED to use a number.
For example, as a physician I use a dialing service to be able to place calls from my cell phone to my patients, which identify as coming from my office.
Existential crisis for voice calling (Score:5, Interesting)
Re: (Score:2)
I think excessive spam is existential crisis for voice calling. I no longer answer any calls from unknown numbers as chances of spam are near-certain. This has been going on for couple years, to the point that I permanently silenced voice call notifications on my phone - no vibrations, no ringing. Consequently, now it is much harder for legitimate callers to get through.
I have to answer because I'm always on call, before then I used to have a blacklist app on my phone which automatically sent to voice mail any number not in my contact list.
Re: (Score:2)
I have to answer because I'm always on call,
On call for anyone, or just the company / selected corporate customers?
You can set an audible ringtone for those in your contact list - (if the number of legitimate callers are limited) and have "silence" as the default ringtone for others.
If something goes wrong and they're missing in action for a technical failure of their own making, it's not good enough to scapegoat an employee's unexpected / secret whitelists. Blame avoidance doesn't work that way.
Being on call requires being able to handle unforeseen circumstances, including getting non-silent calls from some vicepresident* stepping in for an answer while Rome is burning on your watch.
* eg: people whose personal numbers you'd never have been allowed to know in advance... and who have al
Re: (Score:2)
I also have to accept unknown calls: I don't always have the phone numbers of every employee or contract partner who may have urgent business with me, especially when a surprising disaster occurs. I and some of my colleagues are the "third tier" of escalation for many different projects.
Been Available For A Long Time (Score:2)
Re: (Score:3)
An app does not have access to carrier ANI data that's routed with the call. So if you're spoofing using real local numbers, they can't mark those as spam. Otherwise that actual customer being spoofed would show as spam when they make outgoing calls.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It's not a bad idea for those that can do it. Unfortunately, some of us communicate with new numbers daily.
I tried the whitelisting method a while back, and I missed too many business calls to make it worth while. Had to turn it off.
Re: (Score:2)
Re: (Score:2)
I started receiving an increasingly large number of phone calls over the last year or so. To the point now where I get at least one a day.
I screwed around with Tasker on my Android phone to see if I could set up a whitelist and wasn't really able to get it to do what I needed.
I ended up buying the pro version of "Calls Blacklist PRO" which, despite the name, actually can function as a whitelist as well.
Since installing that app, I have had zero spam calls and all of my normal calls come through just fine. I
Re: (Score:2)
I'm reversing the sentences of your post in my reply (disclosure to others)
With all of the problems around strangers and kids, I can't believe that the industry is so pigheaded on making this a standard feature.
Nearly everyone doesn't and can't use phones that way. No phone company will spend time and money on a feature that only a fraction of a fraction of a percent of their customers would like.
That said, I'm one of those lucky few who can and does exactly this, so maybe this will help:
I would prefer to just whitelist my contacts at this point. If I don't know you, I don't want to take a phone call from a seemingly random number.
One can do this on Android and iPhone fairly easily.
Android, free app called "Call Blocker"
https://play.google.com/store/apps/details?id=com.vladlee.callb [google.com]
Scam Likely (Score:2)
I use T-Mobile and recently they have been marking some incoming calls as "Scam Likely"
Re: (Score:2)
That is a feature you can turn on or off. As is the even better feature "Scam Block" where instead of saying "Scan Likely" they just drop the call.
The "scam likely" marker is free and convenient, and a default on some Tmobile phones, but still manages to tantalizingly wave at your face. That interrupts a few seconds of your life, and if you're playing music or listening to text-to-speech, there's not always a smooth transition back from that. IIRC the scam "block" feature is an upgrade that requires a monthly payment [~$5?] for their "effort." It's a bit like the old trialware and demo days where all the non-stupid features were behind a paywall...
What about spam calls "from" my phone number? (Score:5, Insightful)
It's disgusting that in this day and age we have to put up with spam calls that appear to be coming from the SAME bloody phone number as our phones!
I guess the telcos are more interested in money then respecting customer's time.
What can customers do to change the situation since the FCC appears to be doing fuck all about it ?
Re: (Score:3)
This is how mass confusion ensues and how you break cell calling...
Cell calls are routinely routed all over the place using source and destination numbers that only have a passing association with your handset. Unless you happen to be in your handset's home MSC (unlikely) then when you make a call, the ANI is not going to be your actual phone number, but a transitory number assigned by the MSC to the call you are making. For the voice circuits to get setup, this number has to map to a specific MSC so the
Re: (Score:2)
You can start a new telco that drop the "caller ID" numbers, and displays the real billable numbers instead. For the telco always knows who to bill for any call. They know the real number.
They only know the real number for calls coming from their own customers. For calls received from another provider, all bets are off. This is why the T-Mobile solution only covers T-Mobile customers.
Re: (Score:3)
Re: (Score:2)
If you answer, is there a person on the other end pretending to be you?
Can I then talk to myself and not be considered crazy? THAT's The real question.
Re: (Score:2)
Do you have to talk out loud to be considered crazy ? :-)
Re: (Score:2)
Probably since many people have their own number in their contact list, to call voice mail. That makes the phone ring for people who only let it ring for numbers on their contact list.
Re: (Score:2)
No one gives a fuck about your political alignment or ideology.
Stop trying to push some bullshit narrative that is irreverent to the discussion at hand.
Just block spam (Score:2)
They need to just block anything that they can determine is spam. To start with, if the number is registered with the same carrier, it should be trivial to verify that the call is genuine, and drop it otherwise. Then they add something where they pass this verification on when sending calls outside the network, so if the call is from a number registered to Verizon, but Verizon hasn't verified it, it gets dropped, regardless of the carrier.
The lack of any system like this indicates that the phone companies
Re: (Score:3)
Caller ID spoofing is still required by a lot of business telephone systems - especially regarding outgoing calls on an MLTS. They can really only vet their own numbers right now. And that probably isn't even enough to stop local number spoofing because of the number of wireless and landline carriers in a given area.
Re: (Score:1)
Either the business owns the number or they don't. This requires some infrastructure on the carrier side to determine whether the number should be allowed to be set by the PBX. Doesn't mean the PBX should be allowed to spoof numbers willy-nilly. If there's some weird use case where a company wants to use numbers it doesn't own (maybe an outsourced call center, who knows) - too bad, so sad - they can always set their number as missing. And then people being called are free to ignore those calls.
Re: (Score:3)
This requires some infrastructure on the carrier side to determine whether the number should be allowed to be set by the PBX.
And numbers can come from more than one carrier. This infrastructure doesn't exist yet. I own a phone number through Google Voice, but I spoof that number when calling out from my home PBX so that return calls hit my cell phone too.
Google Voice, in turn, spoofs the numbers of the caller when forwarding incoming calls to my cell so that I know who the forwarded calls are coming from. Google does not own the numbers at all here, but it's still a legal use case for spoofing the numbers.
Re: (Score:2)
Re: (Score:2)
Either the business owns the number or they don't. This requires some infrastructure on the carrier side to determine whether the number should be allowed to be set by the PBX. Doesn't mean the PBX should be allowed to spoof numbers willy-nilly. If there's some weird use case where a company wants to use numbers it doesn't own (maybe an outsourced call center, who knows) - too bad, so sad - they can always set their number as missing. And then people being called are free to ignore those calls.
They can also just forward the inbound call from specific numbers to the outsourced call center themselves. Yea it burns up two trunk lines per inbound call, but (as you say) to bad, so sad, consider it a cost of doing business.
Just do the right thing and update (Score:2)
Update the phone software system to get with the 21st century. A simple change, where the caller's provider takes a signed and registered cryptologic hash of the callers information and the receivers information and presents that during the call initiation, The receivers provider checks the certificate and verifies that the same provided information hashes to the exact same value, and that the certificate used matches the registered callers provider certificate, which is signed by a central governing author
Re: (Score:2)
I would suggest that there should be no need for a governing authority... just an augmentation to the protocol for completing a call.
Right now a caller sends call display info, that can remain... what can happen at the recipients end is that the destination makes a sort of "half-call" back to the calling number, asking that number if it really called the destination. If there is no response, then the call display number can be considered unverified, but if the sending number affirms that yes, it really
Spammers only use methods where they don't pay (Score:1)
Which is why this is meaningless.
Only one phone, and only TMo to TMo? (Score:2)
Re:Only one phone, and only TMo to TMo? (Score:5, Informative)
Really? Why bother, TMo?
That limitation is temporary. I wish the summary had bothered to mention anything about the technical side of what T-Mobile's doing, because it's news for nerds after all.
What T-Mobile is implementing is a technical standard known as STIR/SHAKEN [transnexus.com] which is explicitly designed to prevent spoofed calls [transnexus.com], among other things. Even the FCC itself [fcc.gov] (PDF) back in 2015/2016 was big on this particular framework for combating robocalls. So much so that one of the very, very few things Ajit Pai managed to do right for consumers was have the FCC require [fcc.gov] (PDF) that U.S. telecoms implement STIR/SHAKEN, and do so "without delay". Oh yeah, and they're required to interoperate.
So right now the Note9 is the first phone to support it. Others will follow. I'm sure Apple devices will get it quickly, probably with iOS 13 this year. And to respond to your specific complaint, it's "only TMo to TMo" right now because they're the first to implement the framework. Once the other telcos get their STIR/SHAKEN setups going, calls between networks should also be able to be verified.
And just for funsies, here's a full hour-long [youtu.be] (!) video on the framework and how it works, as well its status in various countries, not just the U.S.
Re: (Score:2)
a technical standard known as STIR/SHAKEN
I bet spies just LOVE that.
Re: (Score:2)
If it requires any sort of technology on my own phone, then they are doing it WRONG. The telephone network is no different than the Internet network. If I am an ISP or Telecom provider, nothing enters my network without permission and nothing exits my network without permission. Source and destination, within my own network, is essentially guaranteed. I am not letting anything into my network without a known, by me, source and destination. There is ZERO room for "unknown" activity without cutting wires and
Re: (Score:3)
If it requires any sort of technology on my own phone, then they are doing it WRONG. The telephone network is no different than the Internet network. If I am an ISP or Telecom provider, nothing enters my network without permission and nothing exits my network without permission. Source and destination, within my own network, is essentially guaranteed. I am not letting anything into my network without a known, by me, source and destination. There is ZERO room for "unknown" activity without cutting wires and sending random voltages down them... and the results of THAT will not leave my own network anyways.
No. If this requires technology on MY end as a consumer, then this is not about preventing spoofing, it is about tracking and gathering data, presumably to monetize it.
I gather you did not even glance at the linked whitepapers? I'll quote the relevant line. "Using STIR/SHAKEN, the call is authenticated by the calling party’s service provider that digitally signs the calling number. The called party’s service provider validates the digital signature to verify the calling party identity. The SHAKEN governance framework defines how service providers are authenticated and authorized by a certificate authority to digitally secure the calling number of telephone c
For all phones please :) (Score:2)
I really could use something similar on my landline. The technical prerequisites for detecting and preventing caller ID spoofing are there, but where I live (Germany) CLIRO is sadly only available for special called parties like police and emergency services. CLIRO stands for Calling Line Identification Restriction Override and means that the real caller ID is always transferred.
But perhaps something like CLIRO Light could be introduced, where spoofed calls are automatically rejected at the telephone exchan
Do people outside of the US have a phone system? (Score:1)
Is it just the United States that suffers from a non-functioning phone system?
Seriously, the US phone system is so over run with SPAM phone calls that land lines are useless and the problem is now destroying the cell system.
Do people in other countries suffer from the problem?
Re: (Score:2)
Is it just the United States that suffers from a non-functioning phone system?
Seriously, the US phone system is so over run with SPAM phone calls that land lines are useless and the problem is now destroying the cell system.
Do people in other countries suffer from the problem?
Anecdotally, I get very few spam / scam calls. I do get solicitations but those are from organizations where I regularly donate and thus do not mind them. Most of the spam I get is political calls during election season; and the occasional tech support / credit card rate scams.I work is slow I'll often play with the scammers for a while out of boredom. There's nothing like getting one to start screaming at you and laughing back at them.
Re: (Score:2)
In Europe, Calling Party Pays, is the rule, so spammers don't like to make spam calls to cell phones because it costs them money over POTS calls.
The phone system in the US suffers from being "first" and needing to provide backwards compatibility. We also have "called party pays" for cell phones, which means the spammers are free to call any phone number without any added cost.
So I'm not so quick to disparage the US's system, but obviously there are technologic solutions we need to apply here. I'm for r
Too little, too late (Score:2)
Now that almost nobody accepts calls and relies on texts and messaging, it's a bit late for that.
Question (Score:2)
Maybe it's just me, but if I see a call come from a number I don't know, I don't answer the phone.
Does this mean people have become Pavlovian to answering their phone regardless of anything else? Wouldn't it be easier to simply not answer the phone every time it rings? Or is that too simplistic?
Re: (Score:2)
The spammers are working on using numbers you DO know as caller-ID. It isn't widespread. Yet.
Re: (Score:2)
I wish AT&T would do this (Score:2)
I wish AT&T would do this, as I get shitloads of calls on my AT&T service.
I've resorted to wildcard blocking certain partial numbers to help stifle it, but this is really something they could do on their end.