Spit Will Be Worse Than Spam

KentuckyFC writes "A team of German computer scientists has developed a program that reproduces all the known forms of spit (spam over internet telephony) attack. Their plan is to make the spitting software available to computer security experts wanting to test antispit strategies. Developing these won't be easy. There are various antispit techniques, such as white lists that allow only calls from predetermined callers, Turing tests such as audio CAPTCHAs that make a caller prove he or she is human and payment-at-risk services where the caller makes a small payment in advance and is refunded immediately if the receiver acknowledges the call as legitimate. But all have weaknesses, say the researchers. The main difference between junk calls and junk email is that the email arrives at your mail server before you access it. This gives the server time to analyze its content and filter out the junk before it gets to you. Not so with internet telephony, which is why radically different strategies are needed."

#1 question

[khasim]

Can this get to my regular phone or cell phone?

If yes, then this is a problem.

If no, then this is not that big of a problem.

If yes, but only if the spammers (spitters?) pay for cell minutes or something, then this is not a problem at all.

Re:#1 question

[geekoid]

It will be a big problem. VOIP makes a lot more sense then Cell.

By 'Cell' I mean using Cell for traditional voice, as opposed to using the towers for data.

Re:#1 question

[Hatta]

What if VOIP is your regular phone? Then it is a big problem.

Few people use VOIP as their home phone, and problems like this will keep it that way.

Re:#1 question

[wile_e_wonka]

Vonage, Skype, and MagicJack. There are plenty of people out there who use these as their "regular phone."

Re:#1 question

[tlhIngan]

Can this get to my regular phone or cell phone?

That's called telemarketing. This isn't.

This has the potential to be as bad as (or worse) than spam. Think about it - if you were telemarketing, you'd have to hire a bunch of people to work in a call center. This costs money (rent, phone lines, people).

But over VoIP, all you need is an internet connection. Said internet connection just has to connect to a VoIP phone over some standard protocol (Skype, SIP, what have you), and blast the message away. You can convert a botnet from sending spam to sending spam via VoIP quite easily - just change the spam-mailer to a spam-over-voip thing. If your endpoint is a regular phone line to act like a POTS line, well, get a bigger answering machine. It costs little to "spit" millions of VoIP phones, and they'll be sure to try "calling" multiple times in the hopes you pick up (or someone picks up).

It's like why the spam problem is worse than junk mail - sender has to invest in sending junk mail, while spam costs just bandwidth and botnet fees. It probably won't reach normal landlines since things like SkypeOut etc. cost money.

About the only solution would be to ensure that whoever's calling you has a real phone number at the other end and not just an arbitrary IP address. Not sure how foolproof that is, though or if it could be faked. Nor am I sure whether or not things like Vonage will be affected (do they allow calls from non-Vonage (IP-only) and non-incoming line (landline/cell/etc) people?).

Re:#1 question

[Hatta]

That's called telemarketing. This isn't.

What's the difference?

This has the potential to be as bad as (or worse) than spam. Think about it - if you were telemarketing, you'd have to hire a bunch of people to work in a call center. This costs money (rent, phone lines, people).

So the difference is how many people you need to do it? Then it's just a matter of degree, and not a fundamental difference. VOIP spam is only worse than telemarketing because there's more of it.

It's like why the spam problem is worse than junk mail - sender has to invest in sending junk mail, while spam costs just bandwidth and botnet fees. It probably won't reach normal landlines since things like SkypeOut etc. cost money.

Funny thing is, I get a lot more paper spam than email spam. From where I stand, paper spam is a worse problem. It certainly kills a lot more trees. And I can't set up a filter for my paper spam.

Re:#1 question

[AMuse]

If yes, but only if the spammers (spitters?) pay for cell minutes or something, then this is not a problem at all.

If the spammers/spitters pay for the minutes, it's not a problem? Are you sure? I got 1,981 spams last night - about one every 45 seconds (math in head not exact). Do you think you would use a cell phone if it got telemarketed to once every 45 seconds, or just turn it off? And if you just turn it off, how does your family/friend/etc get ahold of you?

Re:#1 question

[ArcherB]

This has the potential to be as bad as (or worse) than spam. Think about it - if you were telemarketing, you'd have to hire a bunch of people to work in a call center. This costs money (rent, phone lines, people). What about all those pre-recorded calls I get telling me to vote for Hillary Clinton or whoever?

(Disclaimer: That was not a jibe at Hillary. I actually got a call from a real live person working for the Hillary campaign when my state's primaries were looming. She just started talking, so I actually thought she was a recording. I was joking with my wife about "Hillary Clinton" showing up on the caller ID and said, "I told Hill not to call me at home! I wonder if Bill knows how much she calls me? I guess what's good for the goose..." That's when the lady said, "excuse me?" I then realized she was a real person.)

Re:#1 question

[Frantix]

Actually there are a lot of people that DO use VOIP. Most of the people I know that do, use it because their main form of communication is their cell phone. They have no need for a full service (fee) home number as well.

Re:#1 question

[SanityInAnarchy]

VOIP spam is only worse than telemarketing because there's more of it. That, and because legislation wouldn't do shit to stop it.

With telemarketing, I can put my self on the national do-not-call registry, and I can tell individual telemarketers to take me off their list. And because there's a real call center, there's almost certainly an actual corporation that I can track down.

With VOIP spam, all the same rules that make normal spam unaffected by legislation still apply. There's enough more of it that I can't just hang up. So there would likely be just as much VOIP spam as email spam -- but you can't really set up a filter on VOIP spam, either, or at least, not a content-based filter.

Re:#1 question

[SanityInAnarchy]

If the spammers/spitters pay for the minutes, it's not a problem? Are you sure? I got 1,981 spams last night If the spitters pay for the minutes, you won't get 1,981 of them.

Re:#1 question

[duffbeer703]

I think it can... I've been getting spammed by spanish-speaking callers selling Mexican phone cards. The caller ID reads 000-000-0000

Re:#1 question

[aplusjimages]

The only real fight against it is to educate everyone about it. The only reason spam is so successful is because grandma still clicks on the ads. So with a recorded message hopefully it will be easier for grandma to just hear the message and hang up. No need to reply or show the spitter that there is interest and hopefully the people paying the spitters will see that it's a waste of money. *crosses fingers*

Re:#1 question

[AMuse]

Good point! I do not know where my brain is today...

Re:#1 question

[darthflo]

It's simple economics. Let's assume sending one spam e-mail costs .02 cents to a spammer. A sale of the advertised product brings in $8 while (I'll go with the unlikely case of the spammer actually shipping) costing only $1. Additionally, re-sale of the CC number and personal data bring in another $3.
To make ends meet, the spammer would have to make one sale for every batch of 50,000 messages.
Now using up his airtime/minutes, OTOH, a call may very well cost him $.02, (contrary to what Verizon thinks) a hundredfold difference. Now every 500th person called would need to listen to his babble, be interested in his merchandise and actually go for the sale. Which is rather unlikely, which means he's not going to be calling you. :]

Re:#1 question

[darthflo]

(I completely forgot one factor: The U.S.' um.. "interesting" system of free calls.)
Unlike the local short-distance POTS (on which you tend to get harassed by robodialers as well as Hillary C.), your cell operator charges the operator of whomever's calling you a few (fractions of) cents per minute, so cells are very likely to be spared.

Re:#1 question

I can't say I ever saw a commercial for Skype or even heard of MagicJack. As far as Vonage is concerned, I have actually seen their commercial.

The problem with Vonage is that I've also seen their 1/2 infomercial. Trying to sell your product using infomercials completely destroys your credibility in my eyes. I will never trust a product I've seen in an infomercial**. I am sure I am not alone.

And, no, thankfully I was smart enough that I did not have to learn that the hard way.

    **Except for (maybe) the Little Giant Ladder. I've had hands-on and they are actually pretty well built.

Re:#1 question

[Intron]

Why not? Do you think that people who hack other people's computers to send spam would not be willing to hack other people's phone IDs and use their minutes?

Re:#1 question

[brianosaurus]

I've "solved" my junkmail problem by putting a recycling bin by my front door. I let the mail collect by the door for a week, then on trash day I go through the pile, separating the bills and throwing everything else in the recycler without even bothering to open them. Its absurd.

My email still gets spam, but spamassassin and Apple's junkmail filter do a pretty good job of hiding most of it. Hitting "delete" a few times a day is annoying, but tolerable, especially since I don't constantly check email, so I can batch delete the spams that slip through. I don't check for false positives anymore, since about 97% of my email is spam (I get over 1000 spams a day.. its ridiculous), so false positives are rare and too hard to find.

As for the phone, I don't answer my home phone anymore. The last time I did, it was "Jill with a recorded message from ". F That. I keep the phoneline for my alarm system, and to receive faxes. In fact, the fax machine is what answers calls, which has done more to eliminate telemarketing calls than any of the "pay extra to not be annoyed" extortion services offered by Qwest.

If I start getting spam calls on my cell phone, my cellular provider will either fix it or lose my business.

I already filter calls based on the caller ID. If I don't recognize the caller (or I'm not expecting an unknown caller... like when I'm expecting a call from a delivery driver), I don't answer. If its important, they'll probably leave a message and I'll check it later. I don't think I've had more than one or two spam calls on my cell phone for as long as I can remember.

I check my voicemail maybe once a week, but only when I suspect there's an important message. I wish I had the iPhone's "Visual Voicemail", since then I could selectively listen to the important message and delete all the, "Hi. its me. call me back" messages that are redundant with the missed call log. I wish providers would enable that feature for other phones (and I really hope Apple doesn't have some retarded patent on the "technology").

If VoIP spit starts clogging my voicemail, I'll just stop checking it, period. In fact I'll ask my provider to remove voicemail from my account, and if they cannot do it, I'll switch to a carrier that can. I already consider voicemail an inconvenient, inefficient means of communication, so I really wouldn't miss it.

I'm still dumbfounded that spam (and junkmail, and etc) are viable businesses.

Re:#1 question

[lilomar]

That's actually kind of a strange philosophy you have there.

Just making sure I understand you, the only thing you have ever bought that had an infomercial you like, but you don't believe that anything else you have ever seen on an infomercial would be acceptable.

Now, I'm not saying that most of the stuff on infomercials isn't crap, but if you know of one exception, what makes you think that there aren't any more?

Re:#1 question

[smorken]

Funny thing is, I get a lot more paper spam than email spam. From where I stand, paper spam is a worse problem. It certainly kills a lot more trees. And I can't set up a filter for my paper spam. Where I live (Canada) you can mark your mailbox with a label that says "No ad mail", and they will stop putting fliers and other junk in it. I imagine that USPS, and others, have a similar policy. Unfortunately this won't work for mail that is actually addressed to you. In that case you could probably call the sender to tell them to take you off the send list.

Re:#1 question

[brianosaurus]

Totally. I'm still amazed when my parents tell me how many emails they get in their "junk mail" box and that they actually spend time looking through them to delete them. No matter how many times I tell them to just let it go, they keep looking.

On the flip side, I've looked in my junkmail box a few times, usually when I add some new anti-spam rule and want to make sure its not overreaching, or when my mom says my aunt emailed me and I never replied. Turns out her message was a false positive, got filed in Junk, and I missed her telling me that she was coming to town and wanted to see me (missed it by 6 months, but maybe next time she'll call). It sucks when that happens, but its so rare that I can't really check for it. (I have whitelisted her so it won't happen in the future, but it won't help other relatives I don't see much.)

It sucks that email is so abused by "marketers" to the point of being practically useless as a reliable communication medium.

Re:#1 question

[odourpreventer]

But they (we) also use white lists. And I don't see that going away anytime soon.

Re:#1 question

[wattrlz]

Not necessarily. In the US system the cell owner pays for incoming minutes. The spitter would only be paying connection charges, which could be low enough that it would still be economical. Legitimate VoIP companies offer unlimited plans, so it's probably ot negligible

Re:#1 question

[Logger]

You should check Consumer Reports. The Little Giant line of ladders have good quality, but they are way over priced. CR rates several other competitive ladders as having even better quality at half the price. You might try a Werner or Gorilla ladder instead, or check out CR for details.

Re:#1 question

[Sandbags]

Well, actually, more than 2 million people in the USA alone use VoIP as their home phone.

On to the topic at hand however...

VoIP actually is uniquely structured as to easily be able to prevent SPIT. You see, unlike a cell phone or land line, incoming calls DO get sent through a server, like e-mail, and contracry to the articles ideas.

For big business, running in-house VoIP systems, there is a central server, which has built in software in most cases for call screening and filtering (ShoreTel's system does, I'm sure others do). For home users, Vonage, Time Warner, and others can easily filter calls from their central systems, blocking numbers from known SPITers and from those who spoof caller ID.

A big idea with SPIT is to get you to answer, claim to be someone you are not, demand a payment, and make money. If someone answers the call, it's an issue. Pestering rings at 4AM are a problem, but personally, I disable the VoIP box through a router rule at night, so I simply don't get calls at 4AM (though a voicemail will bounce to my computer and if it;s from a whitelist caller, my computer wakes me, as it's likely a family medical issue.

White lists are one thing, simply not answering blocked calls is another. What I do is a bit of both: I don't ansewr blocked calls, and any calls I get from caller ID where I don't have a name record (I save every phone number I can identify into my phone, and calerID with name fills in the blanks). Calls from unknown local numbers that are important end up either leaving a voicemail, or I call them back. ALL calls from 800, 866, and other likely business extensions, I simply call them back to verify their identity, unless I'm expecting their call, since they rarely leave voicemail...
I also know what companies I do and do not do business with, and since I have a stirct No Telemarketing policy in my house, calls from any business I don't already do business with get a stern request to have me removed from their list (and I track who I spoke to and go after the ones that call back).

All of this is very easy to do with a VoIP system, and much of it can be automated for businesses, or by Vonage or another VoiP Provider. Cell phones and land lines offer no such luxuries, so you;d have to do it all like I do, the hard way...

Re:#1 question

[value_added]

Funny thing is, I get a lot more paper spam than email spam. From where I stand, paper spam is a worse problem.

Where you stand (in the simplest scenario possible) is at the other end of a connection to a server deluged with spam day in and day out, and where the email admin is doing his damnedest to ensure you don't get any of it, while making sure that your mail gets to you without being swallowed up by the mess. And if he's having any success, you won't be asked to pull your head out of your ass to realise that just because it's sunny where you are, it might be raining somewhere nearby.

Re:#1 question

[thePowerOfGrayskull]

Yeah - my Grandma would love to be l0ng3r and h4rd3r!

Re:#1 question

[OldeTimeGeek]

Now, I'm not saying that most of the stuff on infomercials isn't crap, but if you know of one exception, what makes you think that there aren't any more?

Troma Films did one called The Troma System a bunch of years ago that I caught late one night. Can't say I bought any of their films - other than the ones that I already had - but it was hilarious.

Re:#1 question

[WK2]

Where I live (Canada) you can mark your mailbox with a label that says "No ad mail", and they will stop putting fliers and other junk in it.

Wow. That must be really nice. I wish you could do that here in the U.S. Unfortunately, the USPS is partially subsidized by spam. There is no way they would ever implement such a program down here.

I imagine that USPS, and others, have a similar policy.

Nope. We wish.

... you could probably call the sender to tell them to take you off the send list.

That works for phones (officially, at least) but not usually for mail. Mailers are not required to specify contact information for getting yourself removed from their lists, and they rarely do. It's just more costly to maintain lists of people that won't buy their junk, or removing them from the list of potentials, than it is to just send the junk to everybody they can. Bulk mail is much cheaper than first-class mail, because the Post Office wants to encourage junk mail.

Re:#1 question

[legirons]

It all sounds so easy when there are only a few calls per day.

When it becomes anything like regular spam, you'd be receiving 20 calls per minute continuously from automated processes (e.g. perhaps from other broadband users running Windows, including your family, colleagues, and business contacts) - then it would take a lot more effort to block everything correctly

Re:#1 question

[Sandbags]

I doubt you'll every see that level of activity. Remember, VoIP calls to a person have to be placed through a central service, and that service does NOT provide free toll charges to businesses the way it does to people.

Folks on Skype, and other non-centralized VoIP (direct IP to IP calling) may be suceptable to this, but since SSkype can't support e-911, it;s not really an issue... IP to Vonage calls, for example, in part run across telco networks, and those incur charges. The SPITers won;t be able to make good on their investment.

Besides, the Teloc netowkrs and VOIP networks would not be able to handle that volume. e-mail gets bogged down due to Spam, but calls either work or not. If this becomes an issue, the FCC will be on it lightning fast and with great ferocity. Each call is a trunk line, not a few packets...

A PC can't really just CALL a Voip line... The softphone, even for the very small percentage of people who use them as opposed to most people on VOIP havoing a hardware device, is a proprietary program, and on the back end is interfacing with an authentication system. Some random virus is not going to be able to interface with Vonage to make calls that way...

Like I said, Skype might be a hackable system, but business voip is all inter-office (VPN tunnels) not open internet calls. Businesses using VOIP use PRI or BRI trunks and traditionsal call networks to place person to person calls (except intra/inter office over secure systems). SPITing on a business extention means placing a call through a terrestrial phone company. Those can be traced, and blocked, if abused.

If SPITing was potentially that successful, I'd be getting 100 calls a day at my home line already.

Also, a Drone infrected PC that was SPITing, how many calls a day do you think it would be making? and how many calls a day (or at a TIME!) is it reasonable for a human to make? It should be easy for phone companies to identify drone VOIP machines and shut them down... Calling habbits for a household are easy to model, and since even a telemarketer working from home has to have a business class phone license, they'll be easy to identify and eliminate false positive screenings. (most home telemarketers run through VPN to a central switch anyway).

This really isn't a big deal. If they ever figure out HOW to make it a big deal, expect strict and sweeping legislation. Attacks on the US phone system are considdered terrorist activity, unlike spam which is just a civil, not even criminal, in most cases offence. Also, VoIP is easy to trace, since it;s clearly a 2 way communication requirement, unlike spam.

DDoS is a possible abuse, but even that should not effect centralized VoIP providers and their customers (100 calls in 3 minutes? block it. Done.)

Re:#1 question

[spikedvodka]

A big idea with SPIT is to get you to answer, claim to be someone you are not, demand a payment, and make money. If someone answers the call, it's an issue. Pestering rings at 4AM are a problem, but personally, I disable the VoIP box through a router rule at night, so I simply don't get calls at 4AM (though a voicemail will bounce to my computer and if it;s from a whitelist caller, my computer wakes me, as it's likely a family medical issue. There's only one thing worse than a wrong number at 1AM...

Re:#1 question

[phulegart]

SO the AC and yourself, Willy, don't trust infomercials, unless you like the product, in which case, you then reverse your position on infomercials conditionally.

Sounds like you enjoy making blanket statements, then ignoring their content to what suits your needs.

You OBVIOUSLY have no issues with infomercials themselves, regardless of what you might say, since if the product is something you need or want you don't seem to mind infomercials all that much. If you don't like the particular product, then you shout to the world that you don't trust infomercials. They might be silly or stupid, but infomercials work. They worked on you. You want a Little Giant ladder.

Let me guess. Since you don't like Moxie soda, you hate all cans and plastic bottles... right?

I know, I know... the whole stupid idea of a half-hour or hour long commercial, thinly disguised as a talk-show, is really stupid. Yes, it is. So is Fox News. So is the ABC fall line up. So is NFL football. But regardless of all that, like I already pointed out, infomercials already worked their magic on you, even if you hate them.

Re:#1 question

[petermgreen]

A PC can't really just CALL a Voip line... The softphone, even for the very small percentage of people who use them as opposed to most people on VOIP havoing a hardware device, is a proprietary program, and on the back end is interfacing with an authentication system. Some random virus is not going to be able to interface with Vonage to make calls that way...
Indeed, voip is generally not an open system like email is (even though it sometimes runs over open protocols). For calls to pass from one operator to another there needs to be either a specific agreement or the calls need to pass through the conventional chargeable phone network. I would guess that spit friendly providers will find it difficult to form agreements with other providers.

Businesses using VOIP use PRI or BRI trunks and traditionsal call networks to place person to person calls (except intra/inter office over secure systems).
Some do, others particularlly smaller ones can't resist the low cost of internet based voip.

Re:#1 question

[Evro]

On Long Island, NY, Cablevision has displaced Verizon as the #1 home phone company with their VOIP product. There are about 7 or 8 million people on Long Island. Here's a story from 2006 when they reached 1 million customers:

http://www.voipmonitor.net/2006/07/18/Cablevisions+Optimum+Voice+Surpasses+One+Million+Customers.aspx

Re:#1 question

[petermgreen]

I don't see it happening because most voip systems are much more closed than the email system. The reason we have so much trouble with email spam is because we accept mail from machines that we have no trust relationship with.

People could get arround the existing telemarketing laws by calling from outside the country. They in general don't because of the cost. I imagine a similar thing with happen with SPIT, no voip provider will want to directly interconnect with SPIT friendly providers forcing SPIT friendly providers to pay POTs rates.

Re:#1 question

Can this get to my regular phone or cell phone?

That's called telemarketing. This isn't.

This has the potential to be as bad as (or worse) than spam. Think about it - if you were telemarketing, you'd have to hire a bunch of people to work in a call center. This costs money (rent, phone lines, people). Unfortunately, this is not necessarily so. I usually get tons of automated robospam calls on my home line -- which is why I screen all my home calls instead.

Re:#1 question

VoIP calls to a person have to be placed through a central service

No, they don't. You have been sucked into a mindset by those who run the central services. You can phone anyone at my house using a SIP address that looks just like an email address. It's just another protocol on the Internet and you don't need to pay a central service to use it.

A PC can't really just CALL a Voip line
Incorrect again. There doesn't need to be a "VoIP Line", it can be more akin to an open port on your home router. One that your PC can call up and play wav spam into if someone answers.

I subscribe to gateways so that I can connect to the PSTN, but I'm never required to route my calls through any particular one. I have to pay to use those gateways for in/outbound PSTN calls, but I make and receive pure Internet-only VoIP calls all the time for free without the use of a central service. Think of it like I'm serving web pages from my house or receiving SMTP messages. That is the future of Internet-based telephony.

Proprietary services like Skype and Vonage are not yet swimming in the bigger waters, despite the fact that they let you connect to the PSTN. Their kind of VoIP is still in the same mode as email was when CompuServe couldn't peer with FidoNet, which couldn't peer with GEnie, etc.

If I ever pay a central service for VoIP, it will likely be just to filter the coming SPIT.

Re:#1 question

[Richard+W.M.+Jones]

Funny thing is, I get a lot more paper spam than email spam.

Well you must live in Victorian times then. I have to actually deal with the spam (ie. it isn't filtered when I see it) and the amount is enormous, overwhelming, a giant attack on all fronts, not just email but wikis, contact forms, attacks on my BBSes and mailing lists etc.

Rich.

Re:#1 question

[Belial6]

Funny thing is, I get a lot more paper spam than email spam. From where I stand, paper spam is a worse problem. It certainly kills a lot more trees. And I can't set up a filter for my paper spam. You could look on the bright side. When those trees get killed, they make room for new trees. If the paper that the trees were made from get buried in a landfill, the carbon that those trees absorbed gets sequestered for a very long time. Possibly permenently. The more trees that are grown and buried, the more carbon that gets put back in the ground.

Re:#1 question

[jonbryce]

Actually, when you bury paper in landfill, it decomposes and releases methane. That is much worse for global warming that the carbon dioxide it was made from is.

Re:#1 question

On the contrary, I use my Cell phone on a regular basis.

Re:#1 question

[Trogre]

Do "No Junk Mail" signs not hold legal ramifications in your district?

Re:#1 question

[wile_e_wonka]

SO the AC and yourself, Willy, don't trust infomercials, unless you like the product, in which case, you then reverse your position on infomercials conditionally. No--I just unconditionally don't like infomercials. I never said anything about trusting or liking them or products who use them. Also, to stick up for AC, he also didn't say he likes the infomercials for the ladders, just that he likes the ladder even though it happens to have an infomercial (which he usually automatically equates with a low quality product).

Re:#1 question

[SanityInAnarchy]

Do you think that people who hack other people's computers to send spam would not be willing to hack other people's phone IDs and use their minutes? No, but I think that people would keep their computers (or VOIP phones) clean if they found that it was costing them money -- and getting them banned from their friends' phones.

Re:#1 question

points depleted/mod parent +1 insightful

Re:#1 question

[dosowski]

Funny thing is, I get a lot more paper spam than email spam. From where I stand, paper spam is a worse problem. It certainly kills a lot more trees. And I can't set up a filter for my paper spam. Sure you can:

Sign up for the Direct Marketing Association do-not-mail list at http://www.dmaconsumers.org/ and opt out of credit card and insurance offers at http://www.optoutprescreen.com/ . It takes several months to see the effects, but these days the only mail I get is some of the local advertisements with no mailing label ("To Postal Customer") and stuff that is actually for me.

Re:#1 question

[SoupIsGoodFood_42]

Sounds like you guys have a real bad setup. Here, you don't get charged for receiving cellphone calls, only making them, so as you'd expect, telemarketing on cellphones has never been a problem.

Why waste time on anti-spitting strategies when the problem is easily fixed with a billing policy change?

Re:#1 question

hahaha... just like putting "No Soliciters" on your front door stops solicitations? Oh man, that's rich.
I live in the greater Vancouver area, and neither of those do jack. You must live in a relatively small town where people still have common courtesy. I envy you.

Spit contains more germs

[phoneteller]

Spit contains more germs and viruses. Spam contains... well.. info about organ enlargement and secret inherited fortunes. I prefer spam, at least there's something called spam filter. Is there a spit filter available?

Re:Spit contains more germs

[geekoid]

Ans SPAN contain enlarged organs! hmm I sense some sort of Soylent green thing going on.

Soylent green: Tastes different from person to person.

Call Screening

[Orange+Crush]

Seems about the only way to avoid junk calls. I never answer if I don't recognize the number, and certainly not if it's private. Pisses the bank off if I forget about a payment or something, but they'll usually send postcards too. If it's a legit call and they can't be bothered to leave a message, then I can't be bothered to call them back.

Of course, once the spam bots start leaving ads in my voicemail, then I'm getting violent.

Re:Call Screening

[geekoid]

"Of course, once the spam bots start leaving ads in my voicemail, then I'm getting violent."
You know that's going to happen.

Re:Call Screening

[getuid()]

Turn off your voice mail, have them send you an e-mail for off-line messages. The "spit" there is called "spam" and it's something we more or less know how to deal with :-) besides, it takes a blink of an eye for (most of) us to identify a text mail as spam, but it's going to take longer to identify a voice message as nonsense...

Re:Call Screening

[Hatta]

I already get spam bots leaving messages on my POTS answering machine.

Re:Call Screening

[zappepcs]

If that starts happening, cellular providers/voicemail providers can simply let you vote to have that number blocked. If they get a trigger value of no votes, it gets blocked network wide. Feedback would be quick, number would be blocked, so when they move to the next number to call from, it too will get blocked.

Groupsourcing the identification of spitters would be easy enough, or so it would seem.

Ideas anyone?

Re:Call Screening

[us7892]

My current VOIP settings allow me to filter by number, and dump callers to busy signal, msg, blocked message, etc. I have about 20 numbers in my list right now. And I add a new number about once a month. Not too bad.

Re:Call Screening

[BigJim.fr]

Indeed I'm already using a rather aggressive stance : I reject calls with no caller ID, I don't have any voicemail, I take names and complain for every single spammy call (which are actually very rare - maybe one every two months). But ultimately, whitelisting will be unavoidable and other callers will get screened. Collaborative blacklisting will also be needed - the email experience will help set up systems for that.

Re:Call Screening

[wile_e_wonka]

Dad,

Your son at college asking for money is not a "spam bot."

-Jim

Re:Call Screening

If that starts happening, cellular providers/voicemail providers can simply let you vote to have that number blocked. If they get a trigger value of no votes, it gets blocked network wide.

What number?

If there's no POTS phone on the other end, just a botnet spoofing fake caller-ID data into the system, blocking 555-123-4567 isn't going to do anything. Because the next spam will come from 555-123-0001, 0002, and so on.

It's the telephone equivalent of blocking spammer1234567@hotmail.com.

Re:Call Screening

Everything Orange Crush said, times two.

Re:Call Screening

[garcia]

Of course, once the spam bots start leaving ads in my voicemail, then I'm getting violent.

You mean like Justice A Clothing Store for Girls already does? They aren't alone however, most of the time I have a message from some carpet cleaner or other douchebag company that leaves no contact information except a reminder to get my fucking carpets cleaned.

I am seriously considering unplugging the fucking answering machine now too.

Re:Call Screening

[mapsjanhere]

That always requires the spammer to use a true caller ID. There's enough spoofing software out there, and since it's incoming VOIP there's no way to verify the sender like you'd have with an old fashioned incoming phone call via a fixed line.
I realize I have to find a way to "skip" messages in my voice inbox, right now my service only lets me delete stuff AFTER I fully listened to it. Highly annoying.

Re:Call Screening

[SanityInAnarchy]

If that starts happening, cellular providers/voicemail providers can simply let you vote to have that number blocked. Works for POTS. Won't work at all for real VOIP -- that "number" would be an IP address, one of thousands in a botnet.

Re:Call Screening

[daem0n1x]

I stopped using voicemail long time ago, simply because people are too stupid to use it effectively.

• After a meeting or something I would have 10 empty messages in my voicemail. Since I had no way to know they were empty I had to listen to and delete every single one of them.
• Everytime I left a message in someone's voicemail the person would either not listen to it or, even worse, listen and ignore. This, even for important/urgent matters.

Re:Call Screening

[delvsional]

My current VOIP settings allow me to filter by number, and dump callers to busy signal, msg, blocked message, etc. I have about 20 numbers in my list right now. And I add a new number about once a month. Not too bad.

What service is that?

Re:Call Screening

[darthflo]

Caller ID is spoofed as easily as a MAC address.
Taking names and complaining about this Spit will work just as well as it does for spam. Not. Remember, it's happening on the internet, not POTS.
Collaborative blacklisting will be as difficult as it is for email since most Spitters will be zombies in large botnets.

Re:Call Screening

[ceoyoyo]

It already does. Congratulations! You've won an all expense paid cruise in the Caribbean! Press one to accept!

My stupid bank called my cell to off me some identity theft protection. I hung up on them. Then they called back the next day and had the nerve to say I'd asked them to.

Telemarketers aren't a VOIP problem, they're a problem, period.

Having said that, I'm going to write a VOIP application that only allows you to complete a call if you transfer five cents to the receiver.

Re:Call Screening

[QRDeNameland]

There's enough spoofing software out there, and since it's incoming VOIP there's no way to verify the sender like you'd have with an old fashioned incoming phone call via a fixed line.

Well, my POTS Caller ID often times either comes up as Blocked Call or something weird, and I simply don't answer those calls. While it may be trivial for them to spoof a phone number, it is not trivial to find a number that I will trust (say, a friend or relative). That does somewhat limit the threat.

Still, it doesn't make me want to rush out to get VOIP.

Re:Call Screening

[CodeBuster]

there's no way to verify the sender like you'd have with an old fashioned incoming phone call via a fixed line. It would be possible to use public key cryptography, with certificates issued and maintained by the carriers through trusted roots, and digital signatures to make spoofing impossible or at least highly impractical.

Re:Call Screening

I agree with this wholeheartedly. Of course, last time a number came up as "Unavailable" I was in the bathroom at work. Since it's always a telemarketer, I decided to answer it and let them know exactly what I was doing. Boy was I caught off guard when it ended up being the Director of Communications for the company I was applying for. Just goes to show, you never can tell...

Re:Call Screening

[profplump]

Whitelists would work for VoIP for the same reasons and with the same effectiveness as email-from whitelists -- faking the source address only help if you know which address(es) are accepted in the first place. I may be predictable, but I'm not predictable enough for a spam robot to guess the email address and phone numbers of my friends.

Re:Call Screening

[profplump]

You should set your voicemail server to delete messages less than say, 3 seconds in duration, and to print the duration of other messages in the text section of the associated message, so you know what to expect before listening.

Re:Call Screening

[wattrlz]

That'll be great until the spitter increments to spoofing your number.

Re:Call Screening

[marvinglenn]

It already happened to me.

Near the top of this year I was getting these political speech snips in my voicemail, each 5 minutes long (the max length my system will record), and the phone number they were calling to send this shit to me is an 800 number! (I have a VoIP system, but it's only accessible to the outside world by the regular phone system.

It got so bad that I wrote a rule to drop all calls that came from the same area code and prefix. The calls were originating via VoIP out of a provider in the midwest. I sent them an email that I'd null routed the phone number blocks assigned to them, but never heard anything back.

The calls didn't stop until I escalated it with the FCC who originally said they were protected calls because they were political in nature. (Of which they weren't because they were to my toll free number.)

Re:Call Screening

[Chris+Mattern]

Of course, once the spam bots start leaving ads in my voicemail, then I'm getting violent.

You mean you aren't getting them yet? I get a recorded ad on my answering machine almost every day.

Re:Call Screening

[Threni]

> Pisses the bank off if I forget about a payment or something, but they'll usually send postcards too.

Not really - you'll be paying them more money!

> If it's a legit call and they can't
> be bothered to leave a message, then I can't be bothered to call them back.

That doesn't really work if you're running a business and need to answer calls to pay for food, rent etc, or if you're looking for work and are waiting for agents to call you.

Re:Call Screening

Jim,

Get a "job".

-Dad

Re:Call Screening

It's called Asterisk (or any other PBX software capable of interfacing with voip service providers).

Re:Call Screening

[gnuman99]

I just set up Asterisk to answer all my calls. Then it says

  "Hello, thank you for calling Blah & Bo. If you want Blah, press 1. If you want Bo, press 2"

I get about 10-15 calls a day that hang up before even 2 seconds of the automated prompt. And these tend to call the same time each and everyday, until they give up a week or two later.

I get NO telemarketers, EVER, as they don't really have keypads AFAIK. When once was upgrading the Asterisk machine, it was down for 2 hours. I managed to get 2 telemarketers. I just told them to call back in the evening as I had no time. Guess what? Asterisk was up by then and they never got through! :)

Re:Call Screening

[CuriHP]

I thought my voicemail was like that. Then i pulled out the little card the phone company sent me when I signed up and found that you can hit a couple keys to jump to the end (I think it was *3 on mine).

Re:Call Screening

[mapsjanhere]

Thanks, so that only shifts the problem: Find the little card they gave me :)
Actually I went online to my provider's page, and while I didn't find a way to skip ahead, I found out that my digital voice actually lets me see the voicemail inbox. So if this gets to be a real problem I at least will be able to screen my voicemails just like my emails.

Re:Call Screening

[oldspewey]

I have to find a way to "skip" messages in my voice inbox On most voicemail systems I've used, "3" skips ahead by several seconds, and "33" skips to the end of the message. Since "7" tends to be the delete command, and quick "337" usually trashes the message without having to listen through to the end.

Re:Call Screening

But your daughter at college is definitely a 'spitter'!

Re:Call Screening

[idontgno]

I may be predictable, but I'm not predictable enough for a spam robot to guess the email address and phone numbers of my friends.

Maybe spitbot doesn't have to predict anything. Maybe, like any modern bot, it just has to infect your friend's VoIP PC and lift his phonebook. Trusted call source, probably already in your whitelist... delicious.

Look for worm-based or trojan-based VoIP spitbots. Enough compromise penetration, and that's a lot of potential phone number targets.

Re:Call Screening

He's a "spam son".

Re:Call Screening

The bots did start leaving messages on my answering machine. I didn't get violent because I just hit the erase button. BUT I got several calls from a very persistent solicitor, who was trying to sell me a mortgage and when I asked, told me the company was called "Mortgage Company" (literally!). I got pissed off enough to check things out and found my telco has a service called "Do not disturb" which makes them enter an access code (if their number is not on the allowed list). I just give the access code to people I will allow to call and it works fine - and no way around it - complete peace.

--Dave

I perfer the term

[geekoid]

Squirt to spit...

Spit?

[truthsearch]

The name leaves a bad taste in my mouth.

(Sorry.)

Re:Spit?

[A+beautiful+mind]

Is that you, Monica?

Re:Spit?

That depends. Is that you, Hillary?

--

FWIW, I for one welcome our Spit overlords. This will finally give Joe Sixpack a reason to want to kill off unsolicited/untrusted immediate mode conversation. And yes, mr Spam won't work form letter guy, the solution will involve both a blacklist and a whitelist, except it will be more of a network of trust.

Re:Spit?

[javaxjb]

No, it's Colonel Angus.

Spam? Spit? What's next?

[oahazmatt]

Spam? Spit? What's next? Spam in Everday Reading Material?

"I'm getting sick of the SPERM in the morning paper."

Re:Spam? Spit? What's next?

[phoneteller]

How about a virus in your morning newspaper? Or lead poisoning? Thats more dangerous than digital germs.

Re:Spam? Spit? What's next?

[DriedClexler]

How about Spam in Object-Oriented Graphics Engines?

"Parents! Don't let your kids buy GTA V, its graphics include SPOOGE!"
"Okay Mr. Thompson, it's time for your meds."

(Alright, alright, kind of strained)

Re:Spam? Spit? What's next?

Then stop reading The Sun!

Re:Spam? Spit? What's next?

[memoryhole]

In everyday reading material? So that's SPERM in your eye?

sorry, I couldn't resist. :)

Re:Spam? Spit? What's next?

[MightyYar]

Spam doesn't mean anything, so why should the term for the VOIP stuff have to be an acronym? We should just pick another nasty, maligned meat product. I vote scrapple.

Re:Spam? Spit? What's next?

[jollyreaper]

Spam? Spit? What's next? Spam in Everday Reading Material?

"I'm getting sick of the SPERM in the morning paper." Spam it all to hell!

Re:Spam? Spit? What's next?

You do know the name "spam" was picked with no relation to the *quality* of the canned meat product ?

Re:Spam? Spit? What's next?

[MightyYar]

Quality? Who's talking quality? I'm more-or-less ambivalent on the taste of spam, but I like scrapple. Taste is reletive - more than just Hawaiians must be buying Spam.

By the way, I understand that the term spam is agreed to have come from the Monty Python skit, but have you stopped to think about why they thought it was so funny - wartime rationing aside?

Re:Spam? Spit? What's next?

[CastrTroy]

I vote for Klik. As a bonus, it's an onomatopoeia for the sound of hanging up the phone.

Re:Spam? Spit? What's next?

At least it ain't Spam in Hypertext Internet Tools. Don't you just hate the SHIT floating on the Net?

Re:Spam? Spit? What's next?

[master811]

Spam doesn't mean anything, so why should the term for the VOIP stuff have to be an acronym? We should just pick another nasty, maligned meat product. I vote scrapple. No, SPAM means "Stupid Pointless Annoying Message", so yes it does mean something.

Re:Spam? Spit? What's next?

Ahh, but if that were the acronym, then we could attempt to stop it using a system called "Filter for Automated Nuisances". Then it would be a great thing when the SHIT hits the FAN.

Re:Spam? Spit? What's next?

[lilomar]

That's a Backronym

Re:Spam? Spit? What's next?

[LtCmdrJoel]

Exactly. Or, we could at least a more correct acronym... "SPOIT" (Spam Over Internet Telephony) http://www.urbandictionary.com/define.php?term=spoit SPOIT: (v.) to ejaculate (n.) semen (n.) "I can't wash all of this spoit out of my hair!" *SPOIT!*

Re:Spam? Spit? What's next?

[remmelt]

I really hate those made up acronyms that don't even bother to have all their characters accounted for in the actual name of the thing.

SPam over Internet Telephony?

I have a better one

spaM Over iNterneEt telephOny

See, two can play THAT game

Re:Spam? Spit? What's next?

[lilomar]

MONEO?

I think you meant to put
spaM Over iNternEt telephonY

Re:Spam? Spit? What's next?

[Icculus]

I vote for 'skeet'

Re:Spam? Spit? What's next?

[remmelt]

utter failure.

Re:Spam? Spit? What's next?

[MightyYar]

With all due respect Marshall, you're wrong about the beards.

(obscure reference here.)

Re:Spam? Spit? What's next?

[MightyYar]

Klik and Kam now have me obsessed. What the hell are they? Even trusty old Wikipedia can't tell me. I've also never heard anyone actually try to market products with names like "flakes of ham, flakes of turkey, flakes of ..."

FLAKES????

Maybe Canadians associate it with snow instead of dandruff?

Re:Spam? Spit? What's next?

[CastrTroy]

Flakes is often used to describe tuna. You can get "chunk" tuna, or "flake" tuna.

Re:Spam? Spit? What's next?

[MightyYar]

Oh, yeah - you're right. But at least fish is inherently flaky. There's nothing about ham that should ever be flaky :)

Re:Spam? Spit? What's next?

Loads Of Obnoxious General Interest Email -- LOOGIE

Re:Spam? Spit? What's next?

[zobier]

I already get SPOTS (Spam over Plain Old Telephone Service), not just telemarketing, but automated calling agents.

I'm considering setting up an Asterisk box with an IVR asking for the first x letters of the name of the person you are calling otherwise you go to voice mail.

Server first

[ubrgeek]

The main difference between junk calls and junk email is that the email arrives at your mail server before you access it.

Not really. With things like Google's phone service (Grand Central or something?) I get a notice of who's calling me an asking me if I want to respond. Couldn't that be tailored to do the same thing?

Re:Server first

[Nibbler999]

The point is that the contents of the communication cannot be analysed in advance. The system doesn't know what the caller will say until the conversation has started and you have already been disturbed.

Re:Server first

[aaarrrgggh]

For first-time callers, you need a little bit of an IVR front end, ideally some kind of TellMe system. Then you have additional information about a caller before it rings your extension, and if it is really advanced it can determine who the call actually goes to. If the caller is accepted as legitimate, it gets added to the whitelist, if it is rejected (by a human) it goes to the blacklist. Everything else stays greylisted.

Re:Server first

[Sherloqq]

Wish I had points to mod you up...

Re:Server first

It's easy to "analyse" if the caller is sending
some money along with the call request.

So if the caller isn't whitelisted, sending
some amount of money, or passes a quiz which
family/friends could pass then it's refused.

Obvious, simple, solution. (Quick! Patent it!)

[ivan256]

Arrange the usage of internet telephony over e-mail, SMS, or IM before initiating or accepting a call.

The intrusive nature of the required synchronicity of telephony is unacceptable anyway. It always has been. Hence the invention of call-screening devices, caller-ID, answering machines/voice mail, etc...

If you weren't expecting the call, don't answer it. Then you won't have to give anybody money for yet another "security" product.

Re:Obvious, simple, solution. (Quick! Patent it!)

[aaarrrgggh]

Works great for individuals, not so well for businesses. You never know when a lead will come in, and you have to be careful how much effort you put a potential customer through.

Re:Obvious, simple, solution. (Quick! Patent it!)

[MikeyTheK]

While this is true, it generally takes us only a second or two to figure out that the person calling is garbage. 1) Call center background 2) Obvious headset use 3) Mispronounce name. 4) Ask who's calling, from where, and the nature of the call. At least for us we're off with the asshats in less than five seconds total.

Re:Obvious, simple, solution. (Quick! Patent it!)

[ivan256]

Honestly, if you're that worried an extra step will scare off a lead, you should deal with the spam calls. This problem is only interesting the other way around. (Businesses spamming individuals)

Re:Obvious, simple, solution. (Quick! Patent it!)

[Rary]

Arrange the usage of internet telephony over e-mail, SMS, or IM before initiating or accepting a call. ... If you weren't expecting the call, don't answer it.

That's not so good when an old friend I'd lost contact with passes through town and decides to look me up in the phone book. Or when my girlfriend is traveling through Europe and calls from assorted hostels whenever she gets the opportunity. Or when a relative calls from the hospital pay phone to tell me to get down there right away to say goodbye to Grandma, who probably won't live through the night.

I don't want unexpected calls from spammers/spitters/telemarketers/whatever, but I absolutely want unexpected calls from friends/family/acquaintances.

Re:Obvious, simple, solution. (Quick! Patent it!)

[profplump]

It works for many people in many businesses. It maybe doesn't work for sales people, but it does for almost anyone else.

But even in sales, a simple greylist doesn't seem like a big deal:
"Thank you for calling Bob's Widgets. Please press 2 to be connected to Bob, or 8 to reach our switchboard operator."

It's not a lot of work, even to do every time. But if you're worried about annoying people, just auto-whitelist any number that has successfully pressed 2 within the past 90 days, and reset the timer whenever they call back. And of course give Bob the ability to blacklist/whitelist numbers manually.

Re:Obvious, simple, solution. (Quick! Patent it!)

[ivan256]

You missed the point. This is *internet* telephony. It is good in all those situations, 'cause if you're using it, you've got internet access. Period.

There is no excuse for using internet telephony without at least an IM first, since IM is available by definition if you've got access to internet telephony.

Re:Obvious, simple, solution. (Quick! Patent it!)

[petermgreen]

2) Obvious headset use
Afaict while headsets used to be mostly restricted to call centers with the rise of voip a lot of softphone users are also using them.

Re:Obvious, simple, solution. (Quick! Patent it!)

[Rary]

You missed the point. This is *internet* telephony. It is good in all those situations, 'cause if you're using it, you've got internet access. Period.

There is no excuse for using internet telephony without at least an IM first, since IM is available by definition if you've got access to internet telephony.

Not quite. Internet telephony is much more than just sitting at your computer talking to someone using a headset. You could have, for example, a regular telephone handset connected to a VoIP interface. No need to be sitting at your computer to receive a call. No option to connect via IM first. In fact, the person at the other end could be calling from a traditional phone, meaning they could have absolutely no means to IM you anyway.

Look at the article linked from the summary:

"Junk phone calls at 4am are going to drive you mad because the chances are that antispit software won't be able to intercept the call."

What's the point of the 4 am reference if you're sitting awake at your computer with your IM client running anyway? The point is that they're talking about a phone ringing and waking you up. How does your IM solution work in this situation if the 4 am call is actually legitimate, for example in the hospital scenario I gave previously, and if the VoIP line is your only phone line?

SPIT will rock !!!!

[DrLov3]

I never was bothered by SPAM ... I don't think SPIT will bother me either ....

However the solution is simple, and it's not in technology that we will find the answer, it is USER education : don't buy from SPAM/SPIT, then the senders will go backrupt or at least they won't be making profit and since they are money motivated, they will go look for another martket.

Re:SPIT will rock !!!!

[aderuwe]

Yeah, this worked wonders with spam too, yes? I guess that's why the mail server I run at work blocks on average 75% of all connections based on the spamhaus lists...

Re:SPIT will rock !!!!

[Zibri]

The cost to send out spam is extremly small. If only, say 0,1%, of the sent mails leads to an order the margin is met. You will not be able to educate those 0,1%. Some always slip through.

Re:SPIT will rock !!!!

[nuzak]

> I never was bothered by SPAM

Says the guy not publishing his email address on slashdot.

Re:SPIT will rock !!!!

I've come to the conclusion that the problems we have with SPAM currently are because anti-SPAM was effective in the past.

Think of it this way.
    SPAM, for the most part, is a social problem being delivered via a technical method.
    anti-SPAM is a technical solution to the technical method that doesn't address the social problem.
    SPAM continues to evolve into other technical methods and anti-SPAM follows.

Now, if we never developed a technical solution, the average user would be facing the social problem front and center. This would have led to para-military organizations hunting down the people who responded to the SPAM and eliminated them from the general population.

Old Turing Test

[Thelasko]

Play a Special Information Tone before the phone starts to ring. Most autodialers won't waste their time and hang up. Humans will realize it's a fake tone and stay on the line. I don't know if it works with VoIP though.

Re:Old Turing Test

I have tried this in the past. It doesn't work. Humans hang up too and the autodialers don't care. The autodialers just think the line is down or something and may actually call more often.

Re:Old Turing Test

[amRadioHed]

VoIP isn't synchronous like autodialers so they don't have much to lose by ignoring those tones.

Re:Old Turing Test

[kiehlster]

It may reduce spit temporarily until spitters catch on, but imagine the number of annoyances you'll get from friends who meet you and say your phone is disconnected because they heard those tones and instantly hung up thinking the number didn't work. This does give me new ideas for funny answering messages though...

Re:Old Turing Test

[Thelasko]

his does give me new ideas for funny answering messages though... The best one I ever had was a simple:
"Hello"
I used to get voicemail messages from people that were so angry, it was hilarious. Other times it they would be clueless and keep on talking as if I was on the line.

I had to get rid of it when I started looking for a job.

Re:Old Turing Test

How will the humans know that it's fake?

Re:Old Turing Test

[stdarg]

Back in high school, my friend's sister made a brilliant answering machine message. She made a recording of their normal answering machine message, which then became interrupted as if someone picked up the phone. There was a voice saying "Hello? Hello? Just a second the machine picked up..." while the original message kept playing in the background.

Re:Old Turing Test

[Thelasko]

It doesn't have the, "I'm sorry, the number you have dialed is no longer in service" after it. If you are concerned, I suppose you could add a message like, "please remain on the line." after the tones.

Re:Old Turing Test

[mistahkurtz]

wait, play a SPecial Information Tone to see if it's SPIT? I'm confused

Re:Old Turing Test

I used to do that, but sadly, it's no longer effective enough. One suggestion from somebody I know is to play an announcement that this is a pay service billed at XXX dollars a minute. He said he gets zero solicitations.

--Dave

Comment removed

[account_deleted]

Comment removed based on user account deletion

Different from POTS telemarketing how?

How is this different from phone advertisements over POTS?

Do current measures against telemarketing not apply when the medium is voip? Will there be more voip ads than pots ads?

Data is data.

[khasim]

By 'Cell' I mean using Cell for traditional voice, as opposed to using the towers for data.

If you're talking the current (3rd generation) of digital phones, there really isn't a difference between "voice" and "data" as it gets to your cell phone.

How is this different than now?

[faedle]

The rapid increase of telemarketing on land lines generically has spawned a whole host of solutions to this "problem", from the only marginally effective legislative angle (the US Gov'ts "Do Not Call" registry) to the completely effective technical ones like Caller ID Whitelisting services offered by the telephone companies.

Ultimately, since most of the VoIP services that have any leverage just extend the PSTN to a network connected voice terminal, the solutions remain the same. Don't accept uninvited sessions from unknown hosts at the terminal. Don't ring the phone for an unknown caller ID. Direct the caller to an IVR asking them for their name, and then give the caller the opportunity to accept or reject the call.

Lastly, perhaps the most effective "anti-spam" measure for voice spam of any kind (be it conventional telemarketers or some new-fangled network-enabled approach) is the simple auto attendant. Even though I don't have numbers in the do-not-call registry (and I see suspect calls hit my Asterisk system all the time) I _NEVER_ get any spam calls. My autoattendant has a voicemail default route and no route for 0 or 1.. this leave s about 99.999% of all junk calls dead in the water.

Re:How is this different than now?

[eggnoglatte]

While I agree that telemarketing has come to be quite annoying (I am in Canada), there is one big difference here: telemarketing is pretty much only free if you are calling from the same area code. That puts a fairly natural cap on the amount of telemarketing: once a marketing call costs even just a few cents, it mostly isn't going to be worth it, since the hit rate is just too low. Countries where you have to pay for local phone calls do not tend to have telemarketing at all.

Contrast this with SPIT, where calls are essentially free from around the world, which also allows the sender(s) to avoid local legislation. So now you can get viagra and penis enlargement phone calls 24/7. Even if you don't pick up, they'll just leave voice mail because, you know, they can.

If they find a way to bridge the VOIP calls into the regular phone network without paying for it, I predict the End of Civilization As We Know It (TM).

Re:How is this different than now?

[faedle]

In both the United States and Canada, telephone calls are so extremely cheap that it isn't the limiting factor. You only pay when the call is actually completed, you're only billed in six-second increments.

It is easy to get 1.9 cents a minute telephone rates in the US, with any bulk capacity at fractions of that. One Canadian company will give access to major Canadian cities at 0.6 cents a minute with a minimum commit of about 250,000 minutes.

In both cases, however, the labor costs are significantly higher than the $1.19/hour the long distance costs.

There still is a cost to VoIP calls: bandwidth costs money. Does it cost 0.6 "cents a minute"? I haven't done the math, but I'd venture to guess that it's still not what costs money: having a live body to handle the call once somebody does answer is what's gonna cost.

Add a Subject Line to the Caller ID

[Caption+Wierd]

How about a default or definable subject line? For persons, it could be something like the sig lines and for companies, it could be a one sentence sales-speak.

Re:Add a Subject Line to the Caller ID

Like people won't forge that as well?

Re:Add a Subject Line to the Caller ID

[TheRaven64]

Great, then you don't even need the person to answer, just put the advertising in the subject line and use the ringer to attract their attention to it.

Get it already...

[aaarrrgggh]

It's called headhunters.

Will deal with it in much the same way; known bad callers go directly to the honeypot, known good callers go through. Unknown callers will need some kind of probabilistic assessment as to how much IVR and call screening you put them through.

Anecdote

[Thelasko]

We had a dialer call through our company last year. It was pretty interesting. All of the phones in our company are on the same trunk. You could tell the dialer was just calling every possible number on the trunk in sequence because a wave of rings went through the office (it's normally pretty quiet). Everyone discovered they had a voicemail from "the job hotline" a little while later. The Attorney General eventually caught the guy and shut him down.

Re:Anecdote

They call it wardialling, after the film Wargames - although in the film, Matthew Broderick's character is trying to find numbers with a computer at the other end willing to accept a connection, as opposed to the vocal equivalent.

Re:Anecdote

[zobier]

Here we've had auto diallers that "prank", i.e. hang up after one ring in an apparent attempt to get you to call back at your expense. That was even funnier with the sequential numbers on our pbx; chirp, chirp, chirp... around the office in quick succession.

Use FreeSWITCH then.

Use FreeSWITCH then you can filter people out.

http://www.freeswitch.org

Re:Call Screening - Whitelist

[pushf+popf]

Whitelisted callers: Ring Ring . . . Answer Phone.

Unknown callers: Ring Ring . . . "If you're a human, please call my cell phone or send me an email containing your name and VOIP ID, and I'll add you to my whitelist, otherwise, have a nice day". Click.

Colour of bits in the packet

[DrYak]

there really isn't a difference between "voice" and "data" as it gets to your cell phone. But once it gets to your bill, there's a difference.

Re:Colour of bits in the packet

The difference is whether you pay for bandwidth guarantees or "best-effort". VoIP works so well right now because hardly anyone is using it.

Re:Colour of bits in the packet

[speculatrix]

actually, VOIP works very well. and this is despite the lack of proper QoS management in the internet's infrastructure. however, on a large scale, VOIP only really works in a full managed environment where you can keep voice and data traffic on separate networks, so that the low latency/low jitter needs of VOIP - which doesn't need much bandwidth - won't conflict with the uncritical high bandwidth data hog.

Re:Colour of bits in the packet

[StonedRat]

You pay to receive calls?

Re:Colour of bits in the packet

[Soruk]

There are some parts of the world where they think it's a good idea for mobile phone owners to pay to receive calls, rather than have the caller pay for the privilege of reaching someone who is out and about.

Some even charge to receive SMS messages.

Re:Colour of bits in the packet

[Miamicanes]

Um, in case you haven't heard, American cell phone customers pay for airtime on outgoing AND incoming calls.

10 years ago, I thought it was a Bad Thing. Now, I think it was ultimately a Good Thing. Why? Because the people who bore the costs were the cellco's customers, so we exerted direct pressure on our carriers to include more minutes of airtime and/or make nights/weekends/incoming calls (or at least the first minute) free. Nowadays, a typical American cellular customer pays about $50/month for service that, for all intents and purposes, is almost flat-rate. Contrast that with Europe, where the cost to call mobile numbers is set by faceless bureaucrats who are accountable mainly to the carriers themselves, and there's no incentive (or possibly even a legal way) for individual carriers to reduce the cost of incoming calls and use it as a competitive advantage over others. The net result is that a frugal person who rarely makes outgoing mobile calls can get much cheaper service in Europe, but Americans who pay 2-3x as much can basically use their phones all day (or at least all night/weekend) until the battery runs out with little risk of getting a big bill at the end of the month.

Re:Colour of bits in the packet

One more reason that Europe is a much place than the US.

Re:Colour of bits in the packet

A much place?

Re:Colour of bits in the packet

[jonbryce]

Not if, for example, you have a Skype phone from Three.

Re:Colour of bits in the packet

[Trogre]

That's one reason why no sane carrier charges you for incoming calls. Ever.

Re:Colour of bits in the packet

WTF? Where is this happening?

Re:Colour of bits in the packet

[b100dian]

Which one?

Re:Colour of bits in the packet

[BrunoUsesBBEdit]

Insert your adjective here.

What about the do not call list?

[slashname3]

So what happened to the do not call list? It has worked wonders the last few years eliminating virtually all telemarketers from calling any of my phones.

Re:What about the do not call list?

[csnydermvpsoft]

The do-not-call list works because the POTS network has limited points of entry - the telcos know who is calling (or at least where they're calling from), and the callers have to pay phone charges as well. If someone is found to be violating the do-not-call list, the FCC can easily track down and fine/prosecute them.

With VOIP, the network is open. For the most part, this is good - we have the potential to completely do away with phone charges - but, like email, there's no way to identify the source of a call other than the IP address, which could easily be a zombie PC or controlled by an ISP, not under FCC jurisdiction, that doesn't give a damn as to what is originating from their network.

My company currently has allows all incoming SIP calls to our phone system so that customers/associates can make free calls to us. Unfortunately, this will probably have to change as soon as "spit" becomes widespread.

Re:What about the do not call list?

[MikeyTheK]

It only works for folks who choose to comply. Folks that ignore the list and spoof their caller id can't be dealt with. In my case there was also a telemarketer who was calling because I was on a list from my mortgage company. I repeatedly told them to put me on their do not call list, reported them to the Do Not Call website, and called the mortgage company to complain. It still took 14 months to get them to stop.

Re:What about the do not call list?

[profplump]

First, as the parent noted, it *is* possible to determine where the call came from. You may not have that information on your CID display, but it is available.

Second, spoofing CID is a crime in and of itself. Report that to your attorney general and let him deal with it.

Re:Call Screening - Whitelist

[Slimee]

Makes sense to me

Easier solution (and the one I used before DNC)

[pla]

This gives the server time to analyze its content and filter out the junk before it gets to you. Not so with internet telephony which is why radically different strategies are needed

Or, you can just treat your phone as a verbal "inbox", and never actually answer it in person. Back before the Do Not Call registry, I know quite a few people who took that approach (myself included, to some degree).

Telemarketers will almost never actually leave a message, and the few who do, you can instantly detect and delete it.

National Do Not Call Registry

[jhRisk]

If enough folks were to use this system and then follow through with filing complaints then perhaps it could be useful in this fight. Several 2007 FTC related Acts set up this site (https://www.donotcall.gov/default.aspx) so you can register phone numbers telemarketers are to refrain from calling (with a few exceptions.) After 31 days you can file a complaint (http://www.ftc.gov/bcp/conline/pubs/alerts/dncverifyalrt.shtm)

Granted I'm remaining cautiously optimistic about it at best however it's worth giving it a shot I think. At least at this point it's the only recourse I have for all the craptastic marketing calls I get. Not answering unknown caller IDs just results in them leaving a voicemail so I'd rather pickup and hang up on them straight away.

low-tech solution.

the phone in my bedroom has the ringer turned off.. so call at 4am if ya want and leave me a message.

-db

Msn Friend List

[wiremind]

I don't understand why telephone and email providers dont adopt the instant messenger system of buddy lists.

Its effectively a white-list solution, but everyone understands it and it already works on MSN/Yahoo/Facebook. Extending it to email and VOIP would be very easy.

Kyle

Re:Msn Friend List

[amRadioHed]

Pretty obviously the problem is sometimes you need to get calls from unexpected sources.

Re:Msn Friend List

[wiremind]

Pretty obviously the problem is sometimes you need to get calls from unexpected sources. The ONLY Exception, is the government.

Caller ID info can be forged, and i think that is the bigger hindrance to the buddy list idea.

I am too amicable to outright disagree with you, but for me, people only call me after I GIVE THEM my phone number, and that makes them an expected call. I know for me personally, a telephone/email/snail-mailbox white-list would be a welcome change. (assuming the gov't exception)

Kyle

Re:Msn Friend List

[amRadioHed]

I am too amicable to outright disagree with you, but for me, people only call me after I GIVE THEM my phone number Good choice. If you outright disagreed with me you would have looked foolish assuming that something is true for everyone because it is true for you.

I use my phone frequently when working from home. I frequently get calls from people who I either don't know or from a phone number that I don't know. Also it happens outside of work once in a while, such as when my girlfriends phone dies so she calls me from her friends phone.

So easy to fix

[Sloppy]

Like cryptography, authentication must also be a part of the protocols used in future voice communication. Fortunately, the same tech happens to help with both.

Once you have a solid identity for the caller, they can be looked up somehow, and either be classed as someone you know (i.e. have personally vetted as human) or delegated through a WoT as probably human, or determined to be "nobody."

The reason this is a problem for current VoIP and POTS is merely that those things happen to suck due to legacy interoperability, CALEA, etc.

I really do think those concerns will eventually be left behind. Just like PGP over email, though, there will be social resistance (or inertia, at least). But the very problem being discussed here (phone spam being more annoying than email spam) will make securing voice more attractive to the mainstream, than securing email was.

among their findings:

[circletimessquare]

inventing cutesy acronyms (like "spit") vastly increases awareness in the media and in funding

White list

[despe666]

I don't really see this as a problem, at least at home. The list of people I actually don't mind calling me at home is very short. For the rest, let them jump through turing hoops to prove they're human. If it's important, they won't mind, if it isn't important, I didn't want to talk to them anyways.

The paper is stupid

[tkinnun0]

They setup a scenario where every call gives the callee a small payment, then find this weakness in it:

"Let us even assume, that Payment at Risk is used for every call. Even In that case an attacker could circumvent it, by impersonating as another user, so that he can establish calls and shift the costs on to ânormalâ customers."

Umm, if they could do that, wouldn't it be more profitable just to impersonate others and call yourself, collecting all their money?

Solution options might be

[Bomarc]

First the obvious: Have a white list tied with caller ID.

Next: Be able to exclude out of "area" calls (I get to define what the "area" is)

Next: For non-white listed numbers, have the disconnect signal sent (The there tone noise followed by "The number you have reached..."), followed by a question that requires a human to answer in a timely mannor:

Examples:
...Enter 1234 backwards
...Enter the sum of 1000 plus 1
...Enter the number one thousand followed by the number you dialed
...Enter the area code for the number you just dialed
...Enter the year as for digits
...Enter the age of the person you called
...Enter the number of pets owned by the person you called
...Enter the number of presidents running for office
...Enter the number of presidents in office.

By having a few questions - asked at random, that are always changing, the cat and mouse game can go on for years. And, adding some random 'noise' between the words (both low and high frequency, our side of normal human hearing) one could 'trick' the computers performing the dialing in to 'false' answers to the questions.

Re:Solution options might be

[WWWWolf]

Otherwise sound suggestions, but...

...Enter the age of the person you called

...a very good reason to actually remember someone else's birthdays, no? The System Automatically Hates Your Guts if you forgot. =)

...Enter the number of presidents running for office
...Enter the number of presidents in office.

Great, more culture-dependant CAPTCHAs.

I don't have the exact quote at hand, but to paraphrase Markus Kajo: "If I wanted to interrogate and expose foreign spies, I wouldn't ask them questions like 'who was the 5th President of Finland'. Most of the Finns wouldn't know that either! I'd ask them to make an omelet - if they just make you one without complaints, then they're obviously spies, because they weren't told that in Finland, you have to always apologise for your own cooking: 'I'm sorry it's a bit burnt on the edges...'"

Re:Solution options might be

[profplump]

It doesn't need to be anywhere near that complicated. Just ask them to "Press 4 to be connected" if they aren't on the whitelist, and blacklist any number that fails more than twice for ~30 days.

Low-value targets aren't worth trying to crack except by very simple means, and high-value targets are worth a little human intervention to overcome whatever system you put up anyway -- as someone who write automation systems that pretend to be people for a living, I do know a little about this.

voice message spam

[pikine]

If it's a legit call and they can't be bothered to leave a message, then I can't be bothered to call them back.

You're lucky that you've never encountered a voice spam that waits for the initial greeting, and then plays back a pre-recorded message. Sometimes if you answer the phone without saying anything, it will just be silent, but most people answer the phone with "hello."

Re:Call Screening - Whitelist

[nfk]

Well, I was just calling to tell you the shed in your backyard is on fire, but if that is going to be your attitude, you can burn in hell. And that will happen pretty soon, too.

It's a Scheme to Sell Spitware to End Users

[mpapet]

As someone that runs a VOIP server, I can speak from limited experience.

1. Unlike email, The offender needs a block of voip numbers to do any meaningful spitting. Those blocks aren't as costless as sending spam. Let's argue for a minute they don't need blocks. The VOIP server should not be allowed to process more than ~2 calls out per number. That's a configuration issue. On proprietary voip server software, I don't know if that's possible, but on openser it is.

2. This _should_ be the responsibility of the VOIP host, except we know that most current providers won't do it for free. It can, and should be automated. ex. *69 reports the call as spam. Even if the call is coming from a peering host, the source can be halted swiftly.

3. DB queries on call volume should identify the offender within 30 minutes anyway.

The article is an advertisement disguised as news.

Re:It's a Scheme to Sell Spitware to End Users

[CodeBuster]

The article is an advertisement disguised as news. That describes about 99% of the so called "content" in the trade rags these days. The entire magazines are nothing but open advertisements and "articles" which are really stealth ads written by public relations firms and submitted to publishers as "press hits" masquerading as news.

Re:It's a Scheme to Sell Spitware to End Users

[profplump]

As someone who runs a VoIP server, I have no idea what you are talking about.

Just like email, you can send calls to <arbitrary.address@hostname> And just like email the from address is completely unverified.

Now, if you want to terminate calls from the PSTN you need an address from that network (i.e. a phone number) so the call can be routed to your VoiP/PSTN exchange. But pure VoIP calls have no need of such things, nor do VoIP->PSTN calls.

Re:It's a Scheme to Sell Spitware to End Users

[petermgreen]

true, but afaict very few legitimate calls will be made that way. So you only accept calls from your provider who in turn only accepts calls from either the PSTN (where it costs money to make calls) or from trusted peers.

Yeah, let's captcha the entire Internet

[British]

Want to view a web page? Count the super-distorted kitties in this sequence of letters, numbers & symbols on the Stargate chevrons.
Want to leave a comment? Decrypt this email address that's worse than slashdot's email address obfuscation system, where you spend more time decrypting it than sending in a message.
Want to create an account? Play this java applet where you have to click on the moving bunny.

Ah, what a utopia. A whole internet that doesn't know if you are a dog, but will quiz you to make sure you are not a robot construct, or some farmer in India.

Re:Yeah, let's captcha the entire Internet

[PPH]

Ah, what a utopia. A whole internet that doesn't know if you are a dog, but will quiz you to make sure you are not a robot construct, or some farmer in India. We've got a fix for the CAPTCHA farmers in India: An FPS game involving shooting cows.

Re:Yeah, let's captcha the entire Internet

[b100dian]

> Count the super-distorted kitties in this sequence of letters, numbers & symbols on the Stargate chevrons.

Ok, this is rapidshare, right? The other two though..

Somehow I do not find this funny, but rather insightful..

The Fix Already Exists

[PPH]

In some countries, that is: Caller pays.

If you think that speaking to me is worthwhile, you pay for the air time.

Re:Call Screening - Whitelist

[SanityInAnarchy]

Well, I was just calling to tell you the shed in your backyard is on fire, but if that is going to be your attitude, you can burn in hell. So wait -- you're my neighbor, and you have my phone number, but you've never called it till my shed is on fire?

Re:Call Screening - Whitelist

[scuba_steve_1]

I had a whitelist for my mobile phone starting four years ago...and loved it, but lost it when I "upgraded" my phone a couple of years ago.

The capability was actually built-in to the specific Motorola mobile handset that I was using. The phone had an option to send callers directly to voice mail if they were not in my address book. It would also capture the incoming phone number in my call list. Friends and family got right through. Those whose numbers I did not have left a message...which I then added to the address book just by going to the call list and hitting "save."

The downsides:

- Calls from offices often come in with a semi-random PBX number...so even if I had my wife's or friends' office numbers in my address book, their incoming call would normally get kicked to voice mail. It actually trained them. They stopped calling from those lines and started calling me from their mobile phones.

- I had to remember to turn this feature off if I was expecting a service or delivery person to call me before they dropped by my house...because I didn't have a home phone either.

Small price to pay. That said, the "do not call" list has made my life somewhat easier...but I do miss the whitelist capability at times...and it looks like I might need it again some day according to TFA.

Scuba

But swallow will be better than spit

[BiggerBadderBen]

Something to look forward to!

No, that's not it

[hacksoncode]

The difference is that it's free to send the calls, not that it can be pre-recorded. Another difference is that it can be done tracelessly through bot networks.

It's already illegal in most jurisdictions (in the US) to telemarket with pre-recorded messages. This has teeth with a regular phone call because the phone company is pretty careful about being able to bill people that use its network, and if you can bill them, you can track them down.

And... regular (illegal) pre-recorded telephone spam still costs money to send on a per-unit basis, so the incentive is way overbalanced by the risk.

Too bad for those with GTK 2.8

[arizonagroovejet]

Firefox 3 needs GTK 2.10+. Too bad for those of use with Enterprise distros such as SLED10 which has GTK 2.8 https://bugzilla.mozilla.org/show_bug.cgi?id=418885

Re:Too bad for those with GTK 2.8

[triso]

Firefox 3 needs GTK 2.10+. Too bad for those of use with Enterprise distros such as SLED10 which has GTK 2.8 Anyone who uses an enterprise (long term) version of Linux isn't going to want to run the latest version of Firefox anyhow. Let them use 1.5 or 2.0.

Re:Too bad for those with GTK 2.8

[arizonagroovejet]

Yes, I know wrong story. Damn.

Easy to combat

Simple to solve, get a voip account with an IVR, my company will provide a number, extension and ivr department for less than £5, then simply have the message read, to continue to speak with someone please press x

It already is a problem

[quetwo]

I run the SIP gateway for a Major university. We run the SIP gateway in such a way for other universities to bypass toll charges when we call each other. It works great -- other universities can call my email address and my desk phone will ring. The problem is that spammer (SPITters?) are now searching for the SIP TXT DNS records and spamming those domains. They setup a VoIP connection to my SIP gateway and try, one-by-one to dial each number in my PBX. 0@uni.edu, 1@uni.edu, 2@uni.edu, until they start getting people. What we have seen is they play a short message (usually about 30 seconds or so) about some "male enhancement" drug or something. They fill up our trunks really quickly. The problem is, unlike real phone calls and paper marketing, there is no cost-for-entry for this type of marketing. People can have a single computer hooked up to the internet make 1,000 of calls an hour. This would normally cost you major money to run this type of call center.

Re:Call Screening - Whitelist

[wattrlz]

Ah, an audio CAPTCHA! Oh, how this will advance voice recognition technology!

The call at 3:00AM

[cgfsd]

When that call comes in at 3:00AM, who do you want to be there to answer it?

No one, it is just spit. 10th time this month, dam Chinese time zones.

Perhaps a better solution?

[mutube]

I've thought in the past that the ideal setup would be where calls (IM and phone) were only initiated when both sides have confirmed they are interested:

To start a call you identify the person you want to speak to. A notification is sent to that person's device(s) which then indicate a call is "waiting". It can buzz once, chirrup, whatever and then that status sits on your device until the caller cancels it or you indicate yes/no. If you select to accept the conversation, the original callers phone will "ring" and they can pick up to speak to you.

Instant end to ever being interrupted by needless phone calls, together with the flexibility to take calls in a convenient place. Also conveniently avoids phone tag. Note that if the original caller becomes busy (e.g. on another call) the request would be put "on hold", but in that direction only (i.e. if someone phones you they have no way to know whether you're ignoring them or actually busy).

This would explain...

[Reidsb]

That call about me 'winning a free cruise' yesterday morning. Of course, I have pay-as-you go service on my cell, so that cost me 25 cents.

Slashdot Spitvertisement

[kiehlster]

While I applaud these German scientists for their efforts in reducing spit, I don't see where spit is a huge problem. This just sounds like another scheme to sell people on something that inevitably will not work.

I don't know about you, but just cost alone shows how spitting is not the best way to advertise. Why spend a huge amount on servers/telemarketing personnel just to get some small number of actual sales? Instead you can spend your budget on a large data pipe, an email list, and one large server to send out shloads of spam to the gullible idiots who let their email out to the lists in the first place.

The Do Not Call lists work pretty well, and additionally the hate that many telemarketers receive just goes to show that it's a dying breed. People yell and swear at the humans making the sales calls, and soon those humans quit because of stress, then they get replaced by VOIP servers and then people swear at the phone company and the servers get shut down since VOIP is pretty easy to trace right now. I can only see spitting being a problem from foreign countries, but even then it's easy to trace in comparison to today's botnets. So how can spitting ever be worse than spamming? Are people hacking the phone companies to hide their call origins?

Re:Call Screening - Whitelist

[ady1]

Excellent point. Both windows mobile and UIQ has that particular feature. I also remember having this in nokia 7110 (not a smartphone by any standard)

The Economics of Free

Free Energy
Free Downloads
Free Software

And now this type of "free"... from an earlier post-

  "The problem is, unlike real phone calls and paper marketing, there is no cost-for-entry for this type of marketing. People can have a single computer hooked up to the internet make 1,000 of calls an hour. This would normally cost you major money to run this type of call center."

So its not that its 100% for free but its close (Spit Marketing) since broadband is a flat fee for unfettered access creating the economics of annoyance (enabling spitters and spammers) so ultimately Broadband will have to revert to pay for overuse, thats the only way to stop spam, spit or all of the other shit, MAKE THEM PAY

      Watch spit and spam die as it begins costing these fuck faces plenty to wreak their havoc because they have no other useful skills, thats too fucking bad for them, get a life.

    Now appply "Free" elsewhere and let your imagination run wild

Imagine histories Nightmares, Stalin, Hitler, Binladin with access to Free Energy
And then theres Free Downloading of intellectual property, great...until the producers decide to stop making the content and in a Randian fashion, no one has the desire to create since you cant eat for FREE

Free Software, a Slashdot favorite, where do you think that will lead...

      hmmm if your reading this you code for a living and guess what, you will soon be replaced by the UTOPIONOMICS OF FREE

Keep it up, I will always work since my skills encompass far more than just pushing buttons and will watch as you go the way of the US Steel industry

Safercalls gives control

[websae]

I know right now I use a service called Safercalls.com that blows my mind because of the control it gives me of what calls I get.

Anyone actually experienced SPIT?

[dobrien76262]

As far as I know, SPIT is theoretical only. At my old job I worked with VoIP product development, and worked on a VoIP quality analysis tool with a Maryland based company called Qovia. Their brass was having some drinks and discussing the need for some sort of press release. Their marketing director came up with the idea of SPIT. They had a good laugh, and then decided it could be interesting. They drew up a proposed solution, for a problem that did not exist, applied for a patent, and, voila, instant press release material! So who has ever received a SPIT call?

Re:Call Screening - Whitelist

[The+End+Of+Days]

Call the fire dept, jackass. I don't need to know about it, they do.

Do Not Call List Will Block This

[GeorgeTheGreek]

Just sign up on a do-not-call list and you won't get SPIT either. Unless you're not living in the United States. I don't know if other countries have do-not-call lists.

A solution for ALL systems.

[Anachragnome]

Simply do what I do.

Tell ANYONE, that you expect to call you, to dial, wait for 2 rings, hang up, then call back.

I do not answer any call unless they call back in a short time.

The number of rings can be used to "prioritize", or screen people, that you actually expect to call you, i.e., two rings for the Boss, three rings for family, etc.,etc.. Another benefit is that allows me more time to actually get to my phone. If the rings do not fit the profile, I do not even have to go and pick up the phone to see the caller ID info. I just keep doing what I was doing.

Applying for a job but fear that your prospective employer may find the process restrictive and not call you back? Do not worry. Almost every single person I have told about this, and explained the reasoning behind it, has praised me...."Gee! Why didn't I think of that? Good idea!". You've already set yourself apart from the other people applying for the job.

Now, I have not used VoiP, so I do not know if the rings are the same as on a phone, but I am sure the same system could be adapted.

TOEJAM IVR

[oldspewey]

I am intrigued by the TOEJAM Project, a java-based interactive voice response answering machine. This particular project doesn't look like it's had a lot of activity lately, but it's open source and I suspect the code could be modified to make callers jump through a few (highly configurable) hoops before your phone ever actually rings.

Re:Call Screening - Whitelist

[pushf+popf]

If a spammer ever creates a bot that's smart enough to hear the message, call me on my cell phone and convince me it's human, I'll be happy to talk to it.

Re:Call Screening - Whitelist

[ConceptJunkie]

So wait -- you're my neighbor, and you have my phone number, but you've never called it till my shed is on fire?

Well, that's only because my kid set the fire.

Just, please, no SIP Alert-Info header!

[Bookwyrm]

A major issue for end users will be if they use a SIP client/soft phone that actually pays attention to the (rather moronic) Alert-Info (or Call-Info) header. If anyone gets a SIP client out into the wild that actually implements Alert-Info, every hacker and spammer on the planet will be trying to figure out ways to trick the security on the SIP client into paying attention to their Alert-Info.

From RFC 3261 (Session Initiation Protocol):

20.4 Alert-Info

      When present in an INVITE request, the Alert-Info header field
      specifies an alternative ring tone to the UAS. When present in a 180
      (Ringing) response, the Alert-Info header field specifies an
      alternative ringback tone to the UAC. A typical usage is for a proxy
      to insert this header field to provide a distinctive ring feature.

      The Alert-Info header field can introduce security risks. These
      risks and the ways to handle them are discussed in Section 20.9,
      which discusses the Call-Info header field since the risks are
      identical.

      In addition, a user SHOULD be able to disable this feature
      selectively.

            This helps prevent disruptions that could result from the use of
            this header field by untrusted elements.

      Example:

            Alert-Info: <http://www.example.com/sounds/moo.wav>

iPhone visual voicemail

[SethJohnson]

I wish I had the iPhone's "Visual Voicemail", since then I could selectively listen to the important message and delete all the, "Hi. its me. call me back" messages that are redundant with the missed call log.

That is the killer app on the iPhone. It's the single reason I bought the thing. It has lived up to my expectations, too.

Seth

Known unknowns

[AlpineR]

I disable the VoIP box through a router rule at night, so I simply don't get calls at 4AM (though a voicemail will bounce to my computer and if it's from a whitelist caller, my computer wakes me, as it's likely a family medical issue.

That sounds great as long as the VoIP box is being used by a tech savvy person like you. And as long as the emergency call originates from your family member's home and not an unfamiliar cell phone, pay phone, hospital phone, jail phone, friend's phone....

The best defence against spit...

Swallow

Re:Call Screening - Whitelist

[nfk]

Yeah, and let's make bets while we're at it. Who'll get to the house first, the fire or the firemen?

Re:Call Screening - Whitelist

[nfk]

Maybe it's not common, but it's not impossible. When I was little my parents kept phone numbers of neighbors they knew but never called, just in case.

Canning Spit

Until the U.S. government starts taking spam and spit seriously - and they should, since the millions of dollars generated can be used to fund terrorist activities - the spam will continue to flow.

Re:Call Screening - Whitelist

[SanityInAnarchy]

There's a difference, I think, between "never call" and "have never called once, ever."

Solution: Use audio captcha at the handshake level

[bergeron76]

Since this is a real-time negotiation taking place, it will be much easier to include a challenge/response in the "handshake" portion of the connection.

Unlike, email (which gets queued), voice requires an instant connection between endpoints. If you simply used an audio captcha ("Hi, please say my first name after the beep to be connected..."), you can create a hurdle that has to be overcome immediately. Using VOX/IVR technology would easily create an AI nightmare for potential "SPITers". Add a short timeout (like 10 seconds or [with a few retries]) and then dump the dubious caller.

Corporations do it to us all the time when we call customer service "I'm sorry, that's not a valid option. Goodbye".

Roaming fee

[DrYak]

European carrier charge you roaming fees whenever you're on a some other countries' provider. Both for outgoing *AND* incoming calls. Currently most of the providers have organised a flat standard rate for roaming across whole Europe.

The problem is that Europe isn't very large, and there are rather small countries in there (...Switzerland...) so you can end up often on foreign service providers. In that case, telemarketer cost YOU money. I tend to be not very polite in such cases, specially when they persist.

BTW the way the initial discussion was about VoIP with data over UMTS and voice calls over UMTS are basically the same thing. My point was while technically it's true they are exactly the same kind of things including small details (because voice calls in UMTS are indeed processed as VoIP).
The billing is completely different where the end point with which your phone is communicating is the providers entry to the phone grid (call is charged as "phone call", based on duration, and cost if its an outgoing call or roaming call, but not for a incoming call) or if the end point is some other VoIP correspondent (call is charged as "data exchange", based on data volume, whichever is the direction of call).

Both are technically the same, but are charged differently.

Don't try this!

[akadruid]

Don't try this! - your voicemail could use 3 for immediate delete.

3 is delete on all UK landlines, using the 1571 voicemail anyway, and the voicemail on most, maybe all, UK mobile carriers.

Filter for paper spam

[everflow]

And I can't set up a filter for my paper spam.

I live in Austria, Vienna and I can filter my paper spam. Its not 100% and you have to know how it works but it goes like:

1) put "no adverisment" sticker to my door
2) talk with post service that no sendings without my name are allowed
3) sign to the "robinson list" ... companies which send advertisment to persons (with names not like to "a household" like 2) have to check it.

It takes some time and an once effort but is very effectiv. Until now I didnt need to enforce these things but I am pretty sure I could. Now I receive one unwanted advertisment once a week (mostly at my door) and thats nothing in comparsion to people who didnt take these steps.