Slashdot Mirror
Spam Over Internet Telephony (SPIT) to Come?
grub writes "According to this article on NewScientist.com 'Spam and spim - spam by instant messenger -- are about to be joined by "spit" - spam over internet telephony' Yup, spam via VoIP."
← Back to Stories (view on slashdot.org)
Aptly named SPIT, I see! ;-)
Way to go.
So long as enough people are responding to spam to make it profitable, if you build it they will spam it.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
You know it makes sense.
I have to pay for traffic, why should I pay for the traffic caused by spit?
- Kaos games and encryption systems developer
Personal Telephoney Objectionable Object Immediate Eradication
SPam Eradication Wirelessly
Highly Unwanted Reduction Logic
A feeling of having made the same mistake before: Deja Foobar
Not even blind people are safe from SPAM now....
When a media is used to send spam to other people it is alive and well. When it is used to transport pr0n it will have a prospective future.
A monkey is doing the real work for me.
I'm going to become rich when I invent a way to stab people in the face over the internet.
At least with this one type of spam I know that the spammer is paying big bugs in bandwith to make it work. Just maybe we'll be lucky and it will turn out that voip spam isn't profitable and we will be free of it.
The GeekNights podcast is going strong. Listen!
If telemarketers leaving voice mail becomes a problem, I'm sure that's quickly addressed by the service provider (=store no voice mail from abroad or from unknown numbers).
The owls are not what they seem
Well, I for one, think I will just work myself into a tizzy until I reach critical mass and expload.
So, what's next?
SPam Ethernet Wires?
SPam over Low Amplitude Telephony?
SPam Over Older Generation Ethernets?
Something tells me that this is about to get sillier...
Norman Cook's Ode to Sl
I received about 10 automated phone calls from some hotly contested positions in the Washington State primary. (democrats only, no republicans.)
I don't see the same people that respond to spam, as the same people using telephoney. I will predict that the profit margin to people that respond will be too low to make this worthwhile until VOIP becomes more mainstream like email. (I can dream can't I)
Stay tuned for new sig...
RING, RING
Hello?
Hello! We have some wonderful Costa Rican Properties for sale. For more info, please visit wearetryingtoripyouoff.info. Or, if you are lacking in a certian area, you can receive generic drugs from us directly. Just go to the same site. (In a fast, hurried tone) To remove yourself from out call list, please call the following number: 8003287448 Thank you!
What's the point of a sig?
Given that corporations are the biggest users of VoIP right now, and given that it takes a burning-bush level miracle to get in touch with a human person at most large corps, I imagine most of this will be computerized voices yammering at each other for minutes on end. "Thank you for calling Bank of America." A: "Free trial of Viagra, no commitments" B: "For information about your account, press one now."
Always a godfather; never a god. -Gore Vidal
SPIM is for running MIPS programs. Not Spam Over Instant Message...find another acronym...
When I get spammed I swear to myself while pounding . If my voip device rings I can swear at THEM for once! When I get a reputation for blowing out eardrums we'll see how often they sell my name.
Spam Over Analog Telephony...
Otherwise known as mortgage brokers and insurance salesmen who call you at dinnertime.
Does this mean I will finally get telephone calls?
-
If I devise a technique to filter, oh, I don't know, undesirable HAM radio advertising, and patent it, can I get this kind of publicity, too?
He adds that viruses are also possible with VoIP. A virus sent to phones could be used to launch more spit or to bring together thousands of VoIP systems to launch denial-of-service attacks.
Yeah, right, 'cause we always execute our voice mail messages!
Also, how is spamming voice mail via VoIP any different than just calling everybody up POTS?!? This article sounds more like another company trying to promote their "solution in search of a problem." Here's a hint: if spammers spoof their caller id and figure out how to insert random variations in the outgoing messages, this system isn't going to work anyway!
"Freedom means freedom for everybody" -- Dick Cheney
Are you really that suprised?
Read: telemarkerters.
What do they stop at? Nothing.
One of the biggest problem of spam is the inability to identify the source (and why so many people believe that solutions like SPF will help out).
VoIP is end-to-end, so if someone starts "spitting" the network, he can easily be blocked.
Of course, other solutions would be to have white lists for VoIP, but it is weird to think about white lists to telephony, since the idea is that anyone could reach anyone.
I think dubious character companies will try to do it anyway for some time, but with time blocking will keep the problem to manageable levels.
* Caller ID Falsification Service
* Caller ID Spoofing Firm Gets Death Threats
I'm sure people can be fooled into answering calls apparently originating from their own phone number...
Spam over Internet Telephony is
SOIT not SPIT
Unless they rename it
SPAM PERMEATING/PERVADING INTERNET TELEPHONY
Bah. Accidentally modded as "Interesting". Posting to invalidate...
I can see them now.... "All your voIP are belong to spit!"
I don't use Emacs; it uses me.
Spam Will Always Live Longer Over Wireless
Can't say you didn't expect this.. However, now that I think about it, I could use another way to buy vi@gra!
I can't wait till I start getting the XXX calls... mmmmm....
This is more or less the scheme I've got going at home, thanks to Asterisk.
Unless I've badly misunderstood the configuration, I'm not allowing any unauthenticated connections, so incoming calls will be from my extensions or my VoIP provider. At that point, they have to prove to my auto-attendant that they can obey simple instructions, something a pre-recorded message probably won't be able to do. If they can't, they get disconnected, without even being able to leave a voicemail.
The day the first worm for VoIP comes out, everyone not using the vulnerable product will think an old BBS is calling them or something.
SPOTS: Spam over Plain Old Telephone Systems
Which is what I'm getting from all the silly acronyms triggered by this headline.
Enough already.
Looks like 'network' the dog is going to have some competition from 'spit' the dog'. Good choice in name.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Because its VOIP, we should be able to use software to fight it. How about blacklists of known telemarketers?
It seems to me that the move the VOIP should lessen spam rather than increase it since it puts more power into our hands to fight it.
It may be over the internet, but at least vocal spam already has precedents in 'do not call lists' and such. I figure the more popular VoIP becomes, the faster this crap will get squshed. It won't take the decades phone spam legistlation took to enact. Everybody is taking a good, hard look at how to crush unwanted solicitations in every form these days.
You need a FREE iPod Nano
As for spit, I really don't plan on getting VoIP anytime soon as I'm satisfied by my POTS landline. Do I have to pay taxes on it, yes; so what? We pay taxes on everything, including VoIP indirectly. You might not have taxes on VoIP, yet, but I'll bet there are taxes and surcharges on your Cable/DSL bill. The article itself does not have much content past the rhetorical comments regarding growth and registries. And the moment that I get a virus on my telephone is the moment I dig out an old beige mechanical AT&T phone. Seriously, how many features does your household phone need? Caller ID, sure; Call Waiting, nah, if its important, they'll call back; voicemail, get an answering machine and save $5/mo.; etc.
Take a deep breath people and realize that humans and our respected cultures have existed for thousands of years and by turning your electronic toys, at least for a few minutes, you might find peaceful relaxation or learn something that does not have power requirement.
But what do I know, it seems the Slashdot audience lives behind the glow rather than under the sun, so I may be preaching to the wrong crowd. --Amigori
"The quality of life is determined by its activites."--Aristotle
Spam Hampering Information Technology = SHIT ha!
In fact, we'll show you how to get even more publicity, once you purchase our exclusive list of 76 million VoIP addresses! Act now and get 128 million email addresses with DNS records today!!
SPam: Electronicly-generated Retail Messages
for a minute there, i lost myself...
Fortunately, VoIP is young enough such that they could modify the protocols to nip this in the bud.
Cryptographic solutions would probably be the first place to look. For example, suppose my phone will only look at incoming connections which are begun with some certificate signed by the VoIP service provider (Vonage, Skype, whatever). So, in order to be able to call me, your phone first contacts the provider, requests a certificate to connect to me, and the provider gives that to the phone, and then their phone uses that as credentials to get my phone to not ignore it. Then, all the service provider has to do is watch out for excessive numbers of connections coming from one customer.
I wouldn't be surprised in the least if this isn't already built into the VoIP systems. After all, we've been trying for some time now to move email into the domain of cryptographic authentication (SPF is just an intermediate fix) to stop spam. So, we've known for a while that this is "the way to do it right", and we also know from the way e-mail is going that it's a major pain to try to change the system to use it after the system is already in place. So, I'd expect that they might already have this capability.
You pick your handset to answer a call, instead, SPIT comes out of the speakers!?
But what about the other half? There's the porn?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Many of these techniques can be adapted to VoIP systems. I am surprised that SER and Asterisk do not already support DNSBLs -- even if there is no call for them yet, we will certainly need published lists of abusive hosts or networks within a few years.
The flexibility with which one can express access restrictions is an important part of any system's security. My workplace is just starting a VoIP deployment. I want to be able to say things like:
i spit on the clod moderators who failed lit class
http://spit.slashdot.org/article.pl?sid=04/09/24/2 032205
Hmm, that may be true in the short term, but think long term. One could also say that the operating costs prevented conventional telephones from become uber-spamming machines. However, the telephone is evolving and that is no longer true. Bandwidth prices will simply continue to drop. The day will come where a VoIP call will be as insignificant as an email in cost.
Photos.
For starters, this is a fluff piece about a company that has just applied for a patent on this "technology". Of course, it's in their best interest for this to be a problem.
Unfortunately, I don't see how this problem is going to affect me when my ATA only accepts directives from VoicePulse, Vonage, Broadvoice or whoever's switch to which I'm buying service. Worse, it sits behind a router so there's NFW the ATA is going to even see packets that are not "new, established or related" (iptable speak).
Perhaps the author hasn't effectively communicated how this technology works, or maybe the company isn't divulging how it works, or maybe the have a great solution looking for a problem.
As mentioned here many times before, "move along, nothing to see".
Sounds like one of my fetishes has finally gotten the recognition it deserves!
This would be telemarketting with NONE of the regulations....
Or maybe ALL of the regulations. It all depends on how the corts see it when someone desides to sue over it.
Spammers have said "Spam is just like other forms of marketting" putting on some fake eco-friendly face on spam with domain names like "SaveTrees" etc.
But Spam was never regulated and the other forms of "direct marketting" are.
Voice over IP or Telephony is basicly the Internet answer to the telephone but there are some major diffrences.
Here we have one... Voice over IP Telemarketting isn't regulated.
There are rules and regulations as to whom you can call with telemarketting and how you may obtain a phone number. VoIP has no such rules.
There are rules for when you can call (no calling someone while they are sleeping)...
VoIP has no such rules.
So there you have it....
VoIP... Telemarketting free to do all the criminal scams of the past.
I don't actually exist.
There is no shortage of threats made against spammers. I'm just waiting for some public news of someone actually carrying out the threats. Maybe, just MAYBE spammers will rethink thier occupation.
They know they can hide only from the least informed people. I check the news every day hoping those bastards get what's coming to them.
I'm just reaching here, IANAL and all. But as far as I can tell from a quick search nobody has attacked SPAM on the basis of Disturbing the Peace. Every community enforces rules about annoying other people. In most cases I think it's pretty vague, based on the level of annoyance and on how abnormal the offending behavior is deemed. Running a gas powered lawn mower on Saturday afternoon is normal, but running it continuously for 12 hours a day 7 days a week might be considered disturbing the peace. Sending email is normal, but maybe sending a million emails an hour is disturbing the peace.
Any attorneys care to comment?
Sorry mommy,
I didn't get your last voicemail msgs because the Bayesian filter deleted them. Care to use walkietalkie from now on, since my voip is taken over by spit? (not what u r thinking, I mean the other spit!!!)
The worst is yet to come.
Eliza already could fool lots of people into thinking they were talking to a real person.
just wait untill artificial intelligence is a bit better than it is now, and you will find spambots engaging in random conversions on slashdot, usenet, blogs,
recomending their product wherever it might be remotely ontopic,
suplying anecdotical evidence that it really is the best thing since sliced breadth,
and you won't be able to tell the difference between them and normal people that are genuinely recomending something they like.
(some might argue that this is already the case as of now. But seriously, we have not yet seen the worst)
Just use the same technique as many forums and email servers use to avoid registering in bulk:
assume that you called your friend over IP... you dialed his number and there you've heard:
-- please press twenty two cz
or a bit more elaborated
-- what is the day today?
And what if everybody puts about 5 questions in the pool, then you need to have pretty nice AI in your "SPIM" software to answer all of the possible (hell there can be many of them) questions...
Only after you answer the question correctly, IP phone starts ringing on the other end -- that solves any spim problem immediately. Sure telemarketers are smart enough to answer this questions to get through the fence but that is a different story.
Spam Proofing Of Outrageous Fees
Telemarketers already spam me over the phone, and by the automated leaving of messages on my voice mail. How's this any different?
I've often wondered what would happen if EVERYONE allocated just 5 minutes per day to "responding" to spam... heck we spend that long deleting the stuff or updating mail filters anyway.
Just pick a couple of spams and:
- View the web site
- If you can find an email address or contact form for the seller, abuse it. (do not use your own email address if possible)
- If you can find a free-call number, ring it - and keep them busy as long as you feel the need to - the company is paying for your call.
- Request free samples, forms to fill out or advertising material (printed form only, email is pointless). Fake the address, or if you like, grab the freebie
- Waste their time - time costs them more than anything else if they have to put on employees to deal with the crap.
- Waste their resources (web server time/bandwidth doesn't count, printer ink & shipping does)
If even 10% of their spam results in time wasters, the economics go right out the window
Unfortunately many spams link to a "insert credit card here, we will send goods" page with no other contact info, but many have links to the companies web site, and even an email to abuse (or better still anonymous contact form to prevent spam).
Any company that suffered such a manual DDOS attack would likely stop spamming - and as the spammers got less, the effect would get worse (well, better actually).
yes, some idiot will send out a spam on behalf of someone else just to get them attacked, but at least using human attakers there will be some basic checking.
As with all wars there will be casualties. At the moment that casualty is email, and EVERY internet user suffers for it.
Hopefully I'll only recieve pr0n voice spam so I have something to help pass the time at work.
Even though thoughts of the old Beavis and Butthead phone sex episode come to mind...
It was overheard that Dick Cheney has said something to the effect that Kerry was soft on spam terrorists...
Story at 11:00...
Get your Unix fortune now!
Let's combine all these into a single acronym...
Spam Harnessing Internet Technology (SHIT).
Famous Last Words: "hmm...wikipedia says it's edible"
Some people just can't do acronyms.
Spammer: I spit in your ear. User: Bleah; it is wet and nasty.
"Spam" (telemarketing) over certain VoIP services might be a problem, yes. I'd say that those ripe for the picking would include such things as Free World Dialup and Skype.
But I really, really don't see how services like Vonage, Packet8, Broadvoice, Broadvox, Primus/Lingo, etc. can fall victim to this type of thing, because they are inherently different from the FWD and Skype-alikes in that you pay for the service, have tie-ins to the POTS network, and are assigned a real POTS-addressable phone number. This last point is the biggie in my mind. Us Packet8 customers are charged the 3% Federal Excise Tax fee (but that is the only additional charge that shows up on my bill from them). Although this has been a controversial topic amongst P8 customers and the VoIP community in general, the defense for the charge is that Packet8, although not a regulated phone company, does internetwork with POTS and even provides a POTS "alias" (number) for each Packet8 account.
Since this phone number is provided to Packet8 by a nationwide CLEC (Level3) that serves them in each market that they provide local numbers in, and since Packet8 phones cannot be addressed by any other number (even by other clients on the Packet8 network), I don't see any reason why a Packet8 account -- or any other non-free VoIP provider that works in a similar manner -- would not be protected by the nationwide and statewide "Do Not Call" lists equally along with "real" POTS phones. If telemarketers start to call my P8 number (which, so far, hasn't happened yet...hooray for unlisted numbers), then I will simply add my P8 POTS number to the Do Not Call lists, and if they continue to call after that, I will sick the law on them.
Because, after all, the phone number that the telemarketers are calling is a real POTS number provided by a CLEC.
-- Nathan
The usual FUD here. Whitelists and blacklists already exist in packages such as Asterisk and aren't remotely difficult to setup and administer. Your VoIP network is only as succeptable to spit as you let it be. I suppose telemarketing calls to regular PSTN numbers don't qualify as "junk" as do unwanted calls to VoIP numbers all of a sudden?
For spit software I would go with SPITWARE !
I actually like this term. Don't use it, I'm trademarking it next week!
I've been using Vonage for 3 months. The first 2 weeks, I recieved 52 phone calls from unknown people on my 800 number. Wrong numbers? Lonely freaks? Bug in the PBX? Still haven't figured it out, but I called customer service and changed my 800 number. So far, no more freaky phone calls, but if I start getting SPIT on I'm going to be pissed.
Blast! I already reserved that name for good stuff. I guess after this, either http://spit.sourceforge.net/ will get very unpopular, or it will get many, many page hits (possibly after introducing the word 'Anti' in my meta tags or so)
ANYTHING which has been advertised in a spam message? I know I haven't. I can't imagine what these people think they're after when almost no one responds to the adds.
GJC
Gregory Casamento
## Chief Maintainer for GNUstep
Think...
"Hello sir, would you like to order your favourite large pizza thisevening" at dinner time.
Versus the email analogue "Hello sir, VICODIN AND DILDOS AND PENIS ENLARGERS AND VIAGRA 50% OFF!!1"
I have found that my computers working at 100% load 24/7 (MPriming) generate enough heat to keep my room much more warmer than the rest of the rooms here. Although this is undesirable now, in the winter it will be a bless.
I have some creative ideas on what to do with all that spam. How about a program that...
if the program is coded in such a way to waste many cpu cycles at 100% load, it will be able to generate enough heat to warm up your room during the winter (provided the room is small and the program runs on many computers).
Right on!! My impression was the same. Look who's benefitting from this story. Spread the FUD on a nonexistant problem. It will cost the spammers money to send those voicemails. And they'll be more easily indentified and cut off from service. Any voice provider will certainly notice 1000 outgoing messages per min/hr in bandwidth consumption endlessly hogging their system resources. An added tax by providers for x number of calls would make spit less attractive than conventional spam.
"Oh SPIT...this is really gonna fuck with dinnertime"
A bullet may have your name on it but splash damage is addressed "To whom it may concern."