Slashdot Mirror
New Google Service Manipulates Caller-ID For Free
Lauren Weinstein writes to raise an alarm about a new Google service, Click-to-Call. As he describes it, the service seems ripe for abuse of several kinds. One red flag is that Google falsifies the caller-ID of calls it originates for the service. From the article: "Up to now, the typical available avenue for manipulating caller-ID has been pay services that tended to limit the potential for large-scale abuse since users are charged for access. Google, by providing a free service that will place calls and manipulate caller-ID, vastly increases the scope of the problem. Scale matters."
Not exactly new....
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
receptionist at Google be if EVERYBODY put a call to her(/him)?
It might get the message across.
liqbase
Finally, technology that gives power back to the teenage prankster. Now "Hey, did you know your refridgerator is running?" calls will be answered with "Yes Mr. President, I did ... Oh, and by the way, your voice sounds so much younger in person" instead of "Johnny, please hangup the phone before I tell your mother".
Crack - Free with every butt and set of boobs
Scale matters. But control matters too. This is not like the spam problem where the cooperation of thousands of entities with different motives would be necessary to prevent abuse. The service is controlled by a single party that can make changes easily.
It would be very easy for Google to implement a verification mechanism. An automated system could simply ring any added Caller ID number and verbally present a verification code (or ask for a response). If a user can answer a certain number, it's not unreasonable to assume that they could also originate regular calls from that number. In the worst case, it still ties the user to an organization or physical location.
I agree with Weinstein that verification really should be a standard feature. Whoever runs even a simple mailinglist without user verification is considered a spammer these days; the ideas are not new. So it's fair to expect Google to carry out this verification.
However, Google is known for technological innovation so I'm not turning off my phone just yet. They'll probably fix it. Of course, a little public attention may help if they seem unresponsive.
( ^_^)/
This is stupid. It's a non-issue. The advertiser has to opt-in. Hell, I'm guessing that the advertiser is going to have to pay for it (it's part of AdWords). If the advertiser chooses to try it, and gets too much crap, the advertiser can stop it.
As a business owner, if I used AdWords (I don't... too much click fraud), I'd try it, because any way that customers can contact you easier is generally good. But if it gets abused by a bunch of 12 year old's, I'd cut it in a heartbeat.
Personally, I think the verification portion should NEVER call the phone.
However, after telling google you want to use a certain phone, you must dial a number displayed on screen to confirm - it doesn't have to be connected, simply ringing will be enough of a verification and should not cost any money.
liqbase
Much like SMTP relies on the sending email client/server to not lie about the originators email address, Caller ID relies on the PBX originating the call to set the caller ID value. There's no other way for the phone system to be able to deliver the correct direct-dial extension, only the PBX truly knows what the extension is, the phone company only knows the trunk id that the call comes from. As long as that's the case, there will never be a way to ensure that the originating PBX is telling the truth. DID ranges are (for the most part) not tied directly to outgoing phone lines, so they can't even be verified against those.
It's not opt-in anymore. Take a look at maps.google.com - search for a business and they'll ALL have the click-to-call thingy on them.
...by that logic, we ought to outlaw SMTP servers, since one can falsify email headers there more easily than this system allows the falsification of caller-id data...
This message printed on 100% post-consumer recycled electrons.
I see. My biz is in there, too. Hmm... Well, I think that this has the potential to be real problems for people who have their toll-free numbers listed in Google (luckily, only our local number is in there).
I don't know how many people will use this. It seems like it's *only* going to be used by people that want to call completely anonymously and people who want to call you long-distance for free. I think that even the laziest person in the world wouldn't find pressing buttons on a telephone to be too hard of a task.
Although the potential for fraud is there, we can already block caller ID with star-eighty-six and nobody seems to be abusing that too much. Just like anything else you'll get a few jokers but I doubt anyone will start "bringing down" businesses using click-to-call.
Google ambiguously states that Google "takes fraud and spamming very seriously. We use technical methods to prevent future prank calls from the same user within a reasonable period of time. You won't be charged for any such calls." Seems to me that they at least recognize the potential for a problem and at least have some sort of plan for how to handle it.
All-in-all, though, this seems like a pretty lame idea.
I like my women how I like my sugar.. granulated.
It's not the scale that matters. It's how you use it.
CallerID? Weak. Can you set your own ANI? Now THAT'S cloaking.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Lauren Weinstein is not a chick.
Comparing CallerID to SMTP is a pretty good analogy. However I don't agree that either of them are "broken". Neither of the two were designed with authentication in mind, nor were they ever advertised as a means of security. Before CID, you had to actually answer the phone to see who was on the other end. CID was introduced as a conveniance feature, not a security feature. It's people's expectations that are broken, not the technologies.
Entrepreneur : (noun), French for "unemployed"
I can see Weinstein's point, although I don't see that it matters much from a practical point of view (unless I'm missing something here). When I look at the Caller ID information on an incoming call, it's more of a whitelist situation - I let the machine get it unless it's one of a few numbers (family, friends). So whether the Caller ID information is valid or not, I'm not going to be answering the phone. Weinstein seems to be looking at it from a blacklist perspective, which I doubt is how most people use their Caller ID.
#DeleteChrome
However, the problem the blogger is concerned about is not the abuse you're thinking of. The problem is that a nefarious user could put click the "Call" link on a Business listing, but put in someone else's phone number. The "Caller-ID spoofing" part comes in here: Google's service calls the phone number entered, but the Caller-ID shows the number of the business that the "attacker" chose.
If, when the person picks up the phone, they are immediately connected to the business, they would assume that the business called them. The blogger is apparently envisioning something of a "Joe job" style attack.
However, this is easily protected against. Instead of connecting to the business directly, all Google has to do is play a recording along the lines of: "This is Google, calling since you entered your phone number on the "Click to Call" service, please press 1 to connect to the business you selected. If you did not initiate this, please hang up or press 2 to disable this service for this phone number."
and thinking, wtf can I possibly do- OTHER than have businesses connected to an enemy/friend I want to prank a few times.
the manipulation is ENTIRELY going into MY phone, if I use the service.
I canNOT use it to falsify my Caller ID info going to the business.
WHAT ALARMING potential does this possibly have? I see naught... can anyone identify a situation where using this service can let me 'get away with something' more intense than a prince albert in a can call?
every day http://en.wikipedia.org/wiki/Special:Random
On their Local Live site.
6 /26/647007.aspx
http://blogs.msdn.com/mappoint_b2b/archive/2006/0
Get the cheapest digital answering machine you can find. Set it to pick-up after one ring. Ask for the caller to leave his/her name and number, as usual. Hell, you can even mention you're likely in the office or at home.
Most telemarketers won't do that, and many pranksters won't bother to leave a message. If they do end up leaving a message, then you can easily delete it.
If the call is valid, and you want to get in touch with that person, pick up the phone before they're done leaving their message, and start talking to them. Better yet, if you're busy, you can get in touch with them later. And if you want nothing to do with them, then don't call them back.
You get the benefits of Caller-ID, without its weaknesses, without the additional monthly cost, and with only minimal hassle to all parties involved.
I doubt a whitelist would work for a company that may get hundreds, or thousands of calls each day. As I see it the whole idea of this service is that you can attract new customers by letting them contact a company after they have searched for something at Google, not to offer a way for existing customers to phone.
I think it could be a really valuable service. I know if I see something I want to buy very often I think it would be great to contact the company and ask questions, but I can't be bothered making a long distance call to get more info. This could actually be quite handy. I just hope the probs with false callbacks is addressed.
If the pattern goes 9am, 10am, 11am, why isn't noon 12am?
From the article quote:
"Up to now, the typical available avenue for manipulating caller-ID has been pay services that tended to limit the potential for large-scale abuse since users are charged for access. Google, by providing a free service that will place calls and manipulate caller-ID, vastly increases the scope of the problem. Scale matters."
Wrong. That's not what it does.
You enter your phone number in the box, and Google calls you. If you enter someone else's phone number, it calls them, not you. Finally, caller ID is blocked, so the business can't see your phone number. The only abuse would be automated prank calling, not caller ID spoofing.
800 type numbers do not get Caller ID data - they get Automated Number Identification data which is much hard to change and, as far as I know, click to call doesn't change the ANI information.
I ignored that fact and now I have to walk around in sweatpants all the time.
This service can not be abused in the way that you would think. Think about it, even if you can forge the caller-id, the google service calls YOU, and connects you to the number that the caller-id is spoofing. All you would end up being able to do is have the local police station number call a local drug dealer. When they answer, it will ring and call the police station. If you pick up the phone and get a ring, what are you going to do. I know that I am going to hang up unless I am expecting it.
This seems like a non-issue to me. Caller-ID is manipulated on the receiving end (i.e. MY PHONE) and not on the calling end. Google obscures outbound CLID to the buisiness I contact and spoofs inbound CLID to me, presenting it as the business. If I enter in an invalid number, the call will die. The only reason someone might enter someone else's number is to do a sort of "niki-niki-nine-doors" phone prank. Since IP's are logged and you have to put a valid number there are a lot of logs that might be present (ip, ss7, sip, etc.) that will be left behind. I wonder if it's really worth bothering with the cheap thrill anyway since you can't hide in the bushes and watch the pizza guy go to your neighbour's door over the internet?
What is actually news is that a girl submitted this!
[alk]
This is really a non-issue.
e r=32461&query=send+to+phone&topic=&type=
n dex.html
I guess a different form of abuse would be to register a friend as a business and then you have free calls to him, although depending on the description he might get a lot of wrong calls by others finding his listing on google maps.
Also something I never heard about is google providing free sms.
http://maps.google.com/support/bin/answer.py?answ
And they provide a firefox plugin so you can highlight text and send that.
http://www.google.com/tools/firefox/sendtophone/i
1. Use the strongest language possible. Calling names is always effective, and four-letter words show that you mean business.
2. Having a violent opinion of something doesn't require you to actually try it yourself. After all, plenty of people heatedly object to books they haven't read or movies they haven't seen. Heck, you can imagine perfectly well if something is any good.
3. If it's a positive review that you didn't like, call the reviewer a "fanboy." Do not entertain the notion that the product, service, show, movie, book or restaurant might, in fact, be good. Instead, assume that the reviewer has received payment from the reviewee. Work in the word "shill" if possible.
4. If it's a negative review, call the reviewer a "basher" and describe the review as a "hatchet job." Accuse him of being paid off by the reviewee's *rival*.
5. If it's a mixed review, ignore the passages that balance the argument. Pretend that the entire review is all positive or all negative. Refer to it either as a "rave" or a "slam."
6. If you find a sentence early in the article that rubs you the wrong way, you are by no means obligated to finish reading. Stop right where you are--express your anger while it's still good and hot! What are the odds that the writer is going to say anything else relevant to your point later in the piece, anyway?
7. If the writer responds to your e-mail with evidence that you're wrong (for example, by citing a paragraph that you overlooked), disappear without responding. This is the anonymous Internet; slipping away without consequence or civility is your privilege.
8. Trolling is making a deliberately inflammatory remark, one that you know perfectly well is baloney, just to get a rise out of other people. Trolling is an art. Trolling works just fine for an audience of one (say, a journalist), but of course the real fun is trolling on public bulletin boards where you can get dozens of people screaming at you simultaneously. Comments on religion, politics or Mac-vs.-Windows are always good bets. The talented troll sits back to enjoy the fireworks with a smirk, and never, ever responds to the responses.
9. Don't let generalities slip by. Don't tolerate simplifications for the sake of a non-technical audience. Ignore conditional words like "generally," "usually" and "most." If you read a sentence that says, for example, "The VisionPhone is among the first consumer videophones," cite the reviewer's ignorance and laziness for failing to mention the prototype developed by AT&T for the 1964 World's Fair. Send copies of your note to the publication's publisher and, if possible, its advertisers.
You may want to see a picture of Lauren before you say that.
What you are saying is partially true dependent upon the technology used and the type of service chosen. In dials are just that, they receive calls only and cannot be used to place calls. This does not matter on the type of technology used be it digital or analog circuits.
What you are implying is that the P(A)BX is connected to some form of voice grade digital circuit that can be used for both incoming and outgoing calls. The setting of CND data (presentation allow) is configured at the switch level more often than not and is dependent upon the requirements of the organization or business ordering the service(s).
As an example, some company orders a voice grade E1 (or T1, etc.) for inbound and outbound calls and requests that they be able to set the CND data. What you said would be true.
I would speculate (based on previous experience) that the vast majority of P(A)BX configurations do not control the presentation and that the prime number of the hunt group is usually set in the switch data for the group. There would be those however that wish to manipulate this data themselves however where the service would be configured on the switch to allow such but I would expect this to be on much larger systems installations than the normal (larger numbers of) small businesses.
I wouldn't be so sure on that part about bringing down businesses. Although it's in French, here's a link to an article I read just last week.
e xte_complet.php?id=81,12399,0,112006,1312244.html& ref=top_long
http://technaute.lapresseaffaires.com/nouvelles/t
Google translated
Btw, "bill-poster" should be "call display."
Considering this is for calling selected BUSINESSES only, I have no problem with this. In many states, it is ILLEGAL for businesses to have caller ID. For those that do not, this is a way one can call a business (to reply to an advertisement) anonymously, without providing a name. I find this a good, pro-consumer approach.
free or not, if i wanted to be an asshat like that i'd just pay for it. making it free just levels the playing field. nothing wrong with it.
If you mod me down, I will become more powerful than you can imagine....
I believe it's possible- but do you have a cite for In many states, it is ILLEGAL for businesses to have caller ID. further, if google can make the caller ID into you look like the business #, what makes you think they can't make the caller ID to the busness be your phone #??
every day http://en.wikipedia.org/wiki/Special:Random
I'd say the best case for abuse would be not towards the business being called but the person who's number you use. Seems it'd be easy to make a google hack that could pretty much disable somebody's phone by issuing click-to-call's every 2 minutes or so. Imagine a friday night out with your girlfriend and every 2 minutes a different strip club starts ringing your phone?
DONT PANIC
De jajah vu http://www.jajah.com/ , http://slashdot.org/article.pl?sid=06/10/29/193822 6?
if you read down a little, you'll see that the caller id problem is a non-issue -- the number you provide is just -- oh, just read it:
2. When you enter a number, Google uses it just once: to make the automatic connection between you and the business. Your number is blocked so that the business can't see it.
I thought for a second that you were making sense. Google isn't the issue, the caller-id/phone system is crap.
it would be a huge improvement for the Phone system to at least be reliable to the same country of origin, but that would hurt the telemarketers, the phone companies won't do that...
If the DMA, etc wants to ever do business with me over the phone again, they will fix caller-id to be 1) a crime if false 2)a meaningful trace, 3) and they will pay for the caller id to be accessible in my house.
to have their customers pay for a unreliable device that is the only method to determine if the person is really calling...
And volume here is crap, every business that has a T1 can determine their own caller-id, that has to be the majority of calls being wide open to caller id manipulation, not the opposite as this article implies.
Although Google Does know what ip address the compter entering the information came from. And, Google will keep a track of what numbers are entered to call and connect to. They do make it clear that spamming and fraud are not tolerated.
"What if someone enters my phone number instead of theirs as a prank call?
Google takes fraud and spamming very seriously. We use technical methods to prevent future prank calls from the same user within a reasonable period of time. You won't be charged for any such calls. Please contact adwords-support@google.com if you believe someone is entering your phone number without your permission or knowledge."
Cross referencing fradualnt / spamming calls with ip addresses from logs would be considered abuse by most isps TOS as well.
I am not saying that a person could not get away with it.. but I am saying if Google wanted to press the issue with the logs and isps of the offender.. they DO have the technology and the money to be able to press it..
I think that even the laziest person in the world wouldn't find pressing buttons on a telephone to be too hard of a task.
but what if their fingers are too fat?
ôó
There may be some reason for concern here, but not the type of fear mongering the above summary would seem to suggest. There is potential for abuse by someone entering your phone number and connecting you to the advertiser by phone. But nowhere on the Click-to-Call service page does it allow any sort of caller-ID spoofing. You can't just use it as a VOIP portal and call anyone you want. In fact, Caller ID is blocked even to the advertiser you are connecting to. Just read the details, it's all there.
I'd mod this "funny", but I don't know what you're talking about.
After years of the tell-all CID service foiling our evil plots, we can once again order pizzas to be delivered to our annoying neighbors, and the pizzerias will be none the wiser! I suppose this would work for Chinese delivery too. Oh the terror! Ban Google now!
I agree with you that it's going to be a question of scale, but the dividing line may be lower than you think. I work in a company of only 25 and we've got Caller ID configured to push the extension the call was made from. While restaraunts and offices small enough not to need a "true pbx" solution don't get the opportunity to configure their caller ID, the barrier to entry if you _wanted_ to push caller ID on your own is very low. Even lower with roll-your-own solutions such as Asterix@home being so easy to setup.
In such a world, relying on your caller ID display to tell you the truth is pretty much a bad idea.
...there will never be a way to ensure that the originating PBX is telling the truth. DID ranges are (for the most part) not tied directly to outgoing phone lines, so they can't even be verified against those.
This sounds very similar to the arguments against filtering spoofed packets on the Internet. "Our network is designed such that it needs spoofed packets to work," etc. And yet, responsible ISPs managed to adapt. It's time for the telcos to do the same.
I use this service,
I tell google, I wanna speak with toll free information (800) 555-1212
I select the # for toll free information and type in MY phone number,
my phone begins to ring, the caller id on my phone says the # calling me is (800) 555-1212
I answer the phone, and a few momments later I am connected to information.
where's the potential to misuse?
every day http://en.wikipedia.org/wiki/Special:Random
maps.google.com recommends using number 415-555-1212.
What's ANI going to tell them - google calling? It's not like you ever placed a phone call to the 800 number, there's no info for them to dig up - only google knows who you are.
Difficult to follow the logic on the argument against Google's new free call service
First, privacy is a personal, not commercial concern. Their setup asks for your valid phone #, but doesn't broadcast that to the business that you're calling. So the business can't access your personal digits. Not much danger there. The caller does receive the # they are calling, isn't that what most businesses want? If they're advertising on Google, then it seems as though they approve of the public calling them
Second, it doesn't make it easier to spoof another, since the caller ID # of the caller doesn't display. If I worked at a company that had caller ID and received a call which displayed my company's digits, I would naturally think that someone was ineptly mystery shopping me or a poor prank caller
This system has been around since caller ID was first introduced. It's called caller ID blocking & it's available through every local telco. They have your # but manipulate the digits so the business sees Private Call or similar
Well I think it's even more annoying...
I only mod funny =D
Google is testing a new feature that lets you speak directly over the phone, for free, to businesses you find on Google search results pages. When this feature is available for a business, you'll see a green phone icon in their advertisement or a call link next to their contact information.
Here's how it works: Click the phone icon or call link, and you'll be invited to enter your own phone number into a special field. When you do so and then click Connect for free, Google will call your number almost immediately. Pick up, and you'll hear ringing on the other end as Google connects you to the business you selected. When they answer, you simply talk normally as you would with any other call.
This isn't for prank calls. It's only use is to keep businesses from using their caller-id to amass a list of telephone numbers. They could arguably claim that the "do not call list" doesn't apply because they'd be returning calls to people who have called them.
It can help businesses too. If you're too small of an operation to afford a toll free number, you can have your customers call you for free and place orders from you.
There's no down-side to this.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
The click to call actually calls you - so if you enter a fake number... your not going to be connected to who you call. So if somebody connected your phone to some sex line... you would see the sex line number and could ignore it. This could be used to annoy but nothing more than current telemarketers. Oh and its free. This is a great service and Lauren needs to re read how to use the service.
How intelligent.
Most people aren't thought about after they're gone. "I wonder where Rob got the plutonium" is better than most get.
Well hey, it worked on Usenet. Of course, Usenet is effectively dead anyway, with topposters, forum people and other scumbags posting subjects like "who killed asmodean???!!!11one1 (n/t)"
A Slashdot-to-NNTP gateway might make the pain a little better, though.
Just earlier today my phone rang with "UNKNOWN/UNKNOWN". Assuming telemarketer or bill collector, I decided to answer anyway (out of boredom).
Turns out, it was the Indiana State Fraternal Order of Police, soliciting donations. I realize such "non-profit" organisations are exempt from the "Do Not Call" list laws, but why do they chose to hide the caller ID info? For all I know, it could easily be a scammer pretending to be the FOP. I give my CC or bank account number to the random person calling my home, and who knows?
The bottom line is this: why would such an organization choose to hide the caller-ID information? Wouldn't they be more trusted if the Caller-ID information matched the info provided by the caller?
For the record, my first question for the caller was "may I ask who's calling?" - and the caller replied with his full name, the organization he represented, and a toll free number I could use to verify the legitimacy of the call, all in a very friendly manner. I'm sure the FOP volunteer was most likely unaware his calls were not showing proper caller-ID information, so I didn't give him a hard time about it...
I would, however, advise that most companies (for- or non-profit) disclose their information via Caller-ID rather than hide it. I'm sure I'm not the only person who is automatically suspicious when this information is intentionally hidden/blocked...
NGWave - Fast Sound Editor for Windows
jajah.com provides the same kind of service
I can look up a phone #, click it, type in the phone# I want google to call, and to that individual google will modify the caller id info to show the # looked up.
so- I can get the police caller id info to show up on someone elses phone/caller id display, but when they pick up the phone, they are in fact going to be connected to that party(the police) You cannot use it to spoof YOUR caller id and call someone, google uses it to spoof their caller id to match the party they will be connecting you to...
where's the threat in that? I can (if I know your number) harrass you and connect you to the white house, dominos, and the local tobacco shops..
until google cuts me off..
there is no malicious scenario potential I can find.
every day http://en.wikipedia.org/wiki/Special:Random
Yesterday, I looked up an unusual word using the built in Merriam-Webster link in the Konqueror web browser. At the same time, I was logged into my gmail account, since I often don't bother to log out.
Today, I received some spam into my gmail's "Spam Folder" with that word as the subject line!!!
The word I had searched for is too unique for any random chance of it popping up just like that. My question who is the culprit? Google? Merriam-Webster? Or me, for trusting Google's login system?
"This is Google, calling since you entered your phone number on the "Click to Call" service, please press 1 to connect to the business you selected. If you did not initiate this, please hang up or press 2 to disable this service for this phone number."
It would not take too many of these types of spamcalls before you, too, began to have very bad thoughts about the Google brand. Nossir, this would be a mistake against previous investments.
but not always
The force that blew the Big Bang continues to accelerate.
I think you confuse adwords with adsense. Adwords are the adds on google search pages. I don't think people have much complained about fraud on those. You are welcome to advertise with google using just those.
Adsense does show you add on third party pages, and those are the ones that have had some fraud problems as you mention (even if Google, Yahoo, and others are working hard to minimizing those, and not charging customers where affected).
Either way, advertisers are free to decide whether they want to use that third party network, or not. To each his/her own...
)K then.
We used to have a shore house up until 2001 or so. We didn't have a land line phone there, since there was little point in paying for service year round when we only used the place 2 or 3 months out of the year. The problem was that a lot of the local takeout places would only deliver to a phone number in the form of 77xxxxx or 98xxxxx, so calling them to deliver from a cell phone was out of the question. Setting caller ID to blocked caused us to stop having problems :)
-b.
Why the hell are people so upset when people or businesses set their own Caller ID? Caller ID was designed to be manipulated. What Caller ID number do you suggest Google sends to these companies Lauren? Should they send their own? What good would that do? If I was paying for people to call me, I think it's appropriate that Google sets the Caller ID to the number of the person calling, so I can see who I'm talking to. It's a perfectly legitimate business use. Also, you do realize that Google calls you back at the number you provide, BEFORE they place the call to the company! So it's not like they let you specify a bogus Caller ID for the call. "Caller-ID should always be falsified."
Google is NOT the problem.
The problem is NOT that Google is letting you fake CallerID - it's that CallerID is trusted by anybody, when the telcos don't care a lick about securing it. (There are dozens of for-pay but cheap services to alter your callerID...) I'd even accept a nontechnological solution involving it being both criminally and civilly illegal for you to spoof it. But that clearly doesn't exist, either.
If anything I hope this abuse gets really widespread and callerID gets dropped as a trustworthy source.
And to think that lots of times telcos will let you into your voicemail based ONLY on spoofable callerID, when they could be using a more secure system. (Since legitmate calls to the voicemail on THEIR system would come from THEIR system)
This is a less important version of the SSN problem. The real SSN problem is NOT that some places don't guard your SSN carefully enough. The problem is that you have an ID number that you MUST give to all employers, employees, banks, etc. (fine...) AND which those places have decided to use as a password. It's this second part that completely bonkers and needs to be abolished. My SSN is NOT proof of who I AM! It can't be, I have to give it to dozens and dozens of people. Nor is anything on the public record, like my actual mother's maiden name. (I use a fake one, of course)
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
well the "State Fraternal Order of Police" calls I get are exactly that, basically a scam. They were not a tax deductible contribution, when asked, it was 80% of profits to police widdows or something, they couldn't answer what % of donation that was. I forget, but I was able to find something around 2-5% of the donation in a local papers investigative report. They were using a speed dialer, so they don't want call backs on the caller-id asking why they called and hung up on ya. because they were a for profit organization raising donations for FOP they wouldn't have even been able to guess who had called for what cause.
They were using a speed dialer, so they don't want call backs on the caller-id asking why they called and hung up on ya. because they were a for profit organization raising donations for FOP they wouldn't have even been able to guess who had called for what cause.
...it was 80% of profits to police widdows or something, they couldn't answer what % of donation that was.
This makes sense to me. For the last week I've been getting "UNKNOWN" calls, never leaving a message (since of course I don't answer calls I don't recognize). Once I finally answered one (partly out of boredom, partly wanting to know who it was) the calls have stopped. Before today, I'd get the calls all hours of the day, sometimes one ring, sometimes four, never leaving a message (typical behavior of telemarketers and others using auto-dialers).
They gave me the same widow story. I guess this type of story manipulates enough people, guilt-tripping them into donating... and while I don't have anything against the FOP directly, these tactics (stories encouraging guilt/sympathy, blocking caller-ID) don't do much to inspire confidence.
And again, with no caller-ID info, how does a potential donor know who they are giving their CC or bank account number to? I could call you and claim to be FOP (or whatever), and how would you know any different?
NGWave - Fast Sound Editor for Windows
The whole point of this (really stupid) idea is that the service will be more convenient than picking up the phone and dialing people.
We we heard about this at work, we spent about 45 minutes setting up crank calls for sex therapists, hair club for men, chinese food joints, etc.
Conformity is the jailer of freedom and enemy of growth. -JFK
I should have made that clear in my post, I think the real FOP is a really good orginazation (but I am not 100% sure of that.)
but if only one chapter in a state agrees to take money from a scumm telemarketer (telemarketers are not all scum) then that lends legitimaicy to the telemarketers so they can claim the same higher values of all the FOP chapters.
Several times per year another security advisory is released warning that another exploit for Javascript has been found allowing the execution of arbitrary code with the permissions of the user, and the workaround is to disable Javascript.
I expect Javascript from malicious troids who want to do things like reset my browser's home page to their home page. (Safeway tried that.) I don't expect it from geeks, except in very rare cases where it does something that really is impossible on the server side.
slashdottagsshorterthanhaikunewartform
I work for a phone company. One of our customer's called us last week. This customer was receiving calls from random people around the US that told him they got a call that showed his business name and phone number. There was an automated recording that said to hold on while it connected them to his business. When our customer got the call the CID information came across as Google Inc and had Google's phone number. This would be the Google Click to Call service. The problem is that the people who were connected to our business customer never actually initiated the click to call. This would be covered under question 5 of the Click to Call FAQ. Prank calling is possible with this system.
The other problem with this scenario is that our customer did call Google first and the person who answered said they cannot do anything about it. It would appear Google's phone in support staff haven't even been trained or read the FAQ which has an email address for prank call reporting.
They could do what Skype does with its SMS service; before your SMS messages sent from Skype can be identified as coming from your mobile phone, you must validate your phone by entering a code Skype sends to it. If you required a Google account and a single, validated telephone number in order to use click-to-call, this would solve the large majority of casual spoofed/prank calls.
I just got this email - spam, like most of them. It has the following body:
0ur Attorneys have discovered a loop-hole in the banking laws. Applying what
we have found, we're successfu1 by totally eliminating creditcarddebt with
out them having to pay another cent, We know that our firm can help you
with this too.
You can contact us at :
1--3 1 3--263--2706
[[plus that common gibberish that tries to make it look like a real letter from someone...]]
Fun way to tie up their phone number? Hit Google Maps and start connecting their phone number to varous businesses thruought the country. Best part? You can call with their number, and then once it connects to THEM, cancel the call once it starts dailing the business.
Yeah. Good times.
I'm also well aware that this method really does nothing and furthers the abuse, but it's sort of interesting.
s'wut i sed.