How One Small Company Blocked 15.1 Million Robocalls Last Year

TechCurmudgeon sends this excerpt from an article at Wired: Aaron Foss won a $25,000 cash prize from the Federal Trade Commission for figuring out how eliminate all those annoying robocalls that dial into your phone from a world of sleazy marketers. ... Using a little telephone hackery, Foss found a way of blocking spammers while still allowing the emergency alert service and other legitimate entities to call in bulk. Basically, he re-routed all calls through a service that would check them against a whitelist of legitimate operations and a blacklist of spammers, and this little trick was so effective, he soon parlayed it into a modest business. Last year, his service, called Nomorobo, blocked 15.1 million robocalls.

Click here!

[Aboroth]

Some regular guy got $25,000 from the government with one weird trick!

Re:Click here!

[Lord_Breetai]

Some regular guy got $25,000 from the government with one weird trick!

Robocallers hate him.

With a name like his

[Rosco+P.+Coltrane]

I sure hope his hack is free/open-source.

Re:With a name like his

[TrollstonButterbeans]

His last name is "Foss" ("free and open source").

Pretty great joke, I never would have noticed the name.

Re:With a name like his

[Whiney+Mac+Fanboy]

I sure hope his hack is free/open-source.

No, it would appear that Foss's software is non-f/oss.

Re:With a name like his

[stephanruby]

I sure hope his hack is free/open-source.

He's using Twilio. Twilio is not free for him (with the amount of phone traffic he's generating). Somebody has to pay for the service, whether the customer ultimately ends up paying for it, or the service is being monetized by advertisements, or a phone company decides to pay for the service as a value-added service that they pass to their own customers. The source code itself is nothing special. The idea itself isn't even new. This guy just happened to have entered a contest/hackathon sponsored by the FTC.

For white listing phone calls, google voice (integrated with Sprint) is actually pretty good. If you're looking to combine both white listing and shared black listing at the same time, there are many other startups that are offering that kind of service as well. With cloud services like Twilio or Voxeo, it's fairly easy for just one developer, or a small startup, to get into the telephony business.

Implement locally?

[Alrescha]

Any reason not to just do this on your phone? e.g: my phone doesn't ring unless the caller is in the address book / contact list.

A.

Re:Implement locally?

There are plenty ways to implement screening yourself, https://www.wrbishop.com/telecom/end-robocaller-solicitation-and-hangup-calls-with-asterisk/ has a from scratch way. There are many of these asterisk callscripts available, from simply always playing a no sollicitors message and needing a keypress from the caller to, white/blacklists and greylisting unknowns by having them enter a message and have you decide what to do with calls (accept once, whitelist/blacklist/ignore/terminate)

Re:Implement locally?

[ThatsMyNick]

1) A close family member's cell phone battery dies, they try to call you from a pay phone or a friend's (or stranger's) cell phone.
2) A friend (old friend if you wish) has changed their number, and wants to reach you.
3) Someone who has you as their Emergency contact number had a mishap, and the emergency service wants to reach you..

Re:Implement locally?

[wvmarle]

Who's ever going to listen to voice mail, knowing that the ten voice mail messages the system has waiting for you are recordings of a robocall, because thanks to the white list all robocalls are automatically sent to voicemail?

Re:Implement locally?

[jittles]

With the possible exception of #3, I think voicemail has this covered.

A.

That is definitely not true for #1. I ran in a marathon event and I had my cell phone with me. At the end of the event, some woman who was not feeling very well at all was desperately trying to get a hold of her boyfriend. I called him 10 times in a row from my cell phone and, after he ran into her by chance, he admitted that he ignored my calls and voicemails. I suspect his girlfriend was not happy with him after that.

Re:Implement locally?

Why didn't you text him with "<insert GF's name> is sick call back asap" after the first call went to voice-mail?

Re:Implement locally?

[TWX]

If someone is calling from a borrowed phone, then there's a timelimit on the use of that borrowed device. By the time one calls back, the person trying to reach you might not have access to the handset anymore.

Many payphones have no receive-call feature anymore, in part to prevent drug dealers from using them to semianonymously set up their final meeting points. Can't return their call even if you try.

Re:Implement locally?

[Stewie241]

It is probably the cost thing.

In the US it generally doesn't cost either party any money once you pay the flat monthly rate for the telephone line, which can be had for pretty cheap.

So it's a tradeoff, really - it is nice to be able to make calls across the country without thinking about the cost. On the other hand, it lowers the bar for telemarketers.

Re:Implement locally?

[unrtst]

The size of that blacklist (TFA mentions 850,000 numbers, and hundreds of changes a day) may be an issue for a regular phone, particularly the database lookups may be too slow for it to work well.

There are MUCH better ways than what I'm about to suggest, but this is just to get a generic feel for the size of the dataset you're talking about...

US phone numbers easily fit into a 64bit int.
64bit * 850,000 = 54,400,000 bit = 6,800,000 byte = 6.5mb

Even if you just iterated over every item, a phone could search that plenty fast enough (especially if you cache it in memory).

This could also be implemented the same way that the RBL (realtime blacklist) anti-spam lists are managed - DNS. To improve speed when you're not online, sync the data periodically (nightly, weekly, whatever), and let DNS deal with misses by fetching them from the RBL. Lots of ways to do this.

Anyway... the real "problem" or hard part would be in doing PBX-list operations, such as silently answering the call, then doing voice prompts, and interpretting the response from the other end (press 2 if you're a human, etc), and call handling after that point (forwarding them, ringing other lines, voice mail, etc). It all *should* be completely doable on an just about any android phone.... asterisk was out a LONG LONG time ago and handling many calls on single desktop-class machines - versus - on the cell phone, you'll only ever have to handle one call at a time (maybe 2), so there's plenty of power for that. Here's a conversation about it from a couple years ago (plenty of "sure, but I don't know you'd want to do that" naysaying): http://community.spiceworks.co...

Re:Implement locally?

[mordred99]

Actually this happens all the time. Caller ID works great for land lines, where there is no switching. However when you go through multiple services (like a sip connection, through google voice, to a cell phone) the caller ID gets lost A LOT. They are not blocking it - just the phone call is of higher priority than the caller ID session that gets passed and it is not updated once the "call" initiates the ringer on the end device. So if it gets lagged by 1/2 a second, it won't even show up on the end device. That is what "unknown" is for.

Am I reading The Onion?

[andyn]

...because that's what I just thought.

Newsflash! Government pays entrepreneur USD 25 k for coming up with a technological solution for a legislative problem!

Re:Am I reading The Onion?

It's not a legislative problem. At least not one that is fixable with more legislation. I still get robocalls, they just do more to hide who they are to avoid complaints and government action. And even then, the penalty is a slap on the wrist generally, or they bankrupt and change names and start again.

Here is the solution - TALK TO THEM. They went to robocalls to eliminate the bad lead cost of a person calling. They tell you if you are not interested to hang up - with further reduces THEIR costs in making a sales pitch. This is an economic problem. The solution is to make it uneconomical by answering EVERY telemarketing call and taking up their time. They make thousands of robocalls daily. If even 25 people out of those thousands answered the call and kept them going for 10-20 minutes on their pitch, it would waste 1 agents day of no calls. Given that maybe 1 on 10 people actually buy, having maybe even 2-3 of those calls could be enough to keep an agent from making a sale. Insufficient sales, no more telemarketing.

Nothing against NoMoRobo, but it actually HELPS the telemarketers by culling out the obvious technical savvier dead leads in concert with the robodialers. The ones that get through are ones more likely to make a sale, thus providing profit, and ensuring the economic viability of continued telemarketing.

Let's get this straight

[Required+Snark]

The NSA has metadata (and most likely recordings) of most of the phone calls in the entire world. The FBI (and a bunch of other unnamed government agencies) can and do tap phones without court orders. Cell phones can be used to track individuals 24/7. And yet somehow between the FCC and all the phone companies no one can figure out who is making robocalls. Really?

What's actually going on is that phone companies love robocalls because they make money on them and the FCC doesn't give a damn and/or is too "pro-business" to do anything for consumers.

Just stop lying and pretending that this is a hard problem. It's bad enough that this crap goes on in the first place. Pretending that nothing can be done is adding insult to injury. STFU and admit that it happens on purpose and nothing will change because you like the status quo. Stop lying to us!

Re:Let's get this straight

[wvmarle]

NSA et.al. work in secret, outside the law. Formally they're covered by the law, but the problem is that this includes many secret laws giving them lots of leeway, and if the law gets in the way they'll ignore it anyway.

The FCC and phone companies however work more in the open, and are bound by the law. One such laws says that the phone company must do their best to make all phone calls come through, no matter the content. This is typical part of being a common carrier (like the postal service): they can not discriminate against content, they have to put through the message, and also are not liable for any content of the message.

While technically easy, it's legally not so. The phone company must put through those calls, even if they know this are robocalls and the customer doesn't like robocalls. The customer however is free to install blockers on their phone, or to have their calls rerouted through a third party which helps them filtering the calls. This is exactly how it's done now.

Finally, you should really equate this with Internet filters. They're hated here - yet phone filters are asked for. Phone filters can also be used to block political rivals and let your own calls go through, for example. That will give your party an edge at the next elections.

Re:Let's get this straight

[DoofusOfDeath]

NSA et.al. work in secret, outside the law. Formally they're covered by the law, but the problem is that this includes many secret laws giving them lots of leeway,

I disagree. No U.S. law can supersedes the Constitution. Much of what they've done violates the fourth and eighth Amendments. The problem isn't simply secret laws, it's a lawless executive branch, a pandering legislative branch, and a cowardly judicial branch.

Re:I don't get this

As usual, the service is the maintenance of the black-/whitelists. You can DIY, but then you lack the economies of scale and it's not worth it.

How about a real solution?

[thogard]

Why not 20 digit number where wrong numbers all answer and charge the caller? That would fix telemarketing forever.

Another option

[symes]

In the UK we can set preferences with the telephone preference service . But another is to set up a premium rate line and rake in the money - although it might be polite to set up another regular number for family and friends.

Block spoofing. Or charge for that privilege

[140Mandak262Jamuna]

The telcos are dragging their feet and they are squarely to blame for the situation with robocalls and other unsolicited messages. They don't have to support the ability of the user to spoof. At the time the call comes into their POTS network, erase whatever spoofed header the call originator is supplying and replace it with the point-of-presence number. Once spoofing is stopped many other tools can be brought to bear to handle the situation.

Root cause of the problem seems to be, some large corporations with large phone banks want to spoof their number. They don't care if that ability is misused by shady operators peddling junk. They are totally wrong, it is better to pay a few cents more per call to get an account with the privilege to spoof the originating number. If they reduce the number of junk calls, their potential customers might actually answer their calls. Right now the junk call menace is so high most people are refusing answer any unknown number.

Just charge 1 cent per call to spoof the originating number, the junk call volume will go down by orders of magnitude.

Re:Block spoofing. Or charge for that privilege

[aardvarkjoe]

I don't even care if they allow spoofing or not -- Just when the number is spoofed, the receiver should get an indication that it has been spoofed, and then I can make my own decision on whether I want to receive those calls or not.

I'd just drop any call from a spoofed number. If somebody want to talk to me, they can get a real phone.

Re:Block spoofing. Or charge for that privilege

[bswarm]

AT&T lost me as a customer due to the ridiculous amount of telemarketers calling me. They wanted to charge me even more money to add call blocking or Caller ID. No thanks, got a cell phone for 1/3 the price of my landline and only family got that number, all others get my google call number.

FCC currently seeking comments

The FCC does give a damn and is currently seeking comments http://www.fcc.gov/document/cgb-seeks-comment-call-blocking-letter-attorneys-general on telcos blocking robo calls.

The telcos tried blaming it on their status as common carriers ... so the FTC jumped in http://www.ftc.gov/system/files/documents/advocacy_documents/ftc-staff-comment-federal-communications-commission-public-notice-da-14-1700-regarding-issues/150127fcccomment.pdf with their legal opinion that common carriers are allowed to block robo calls.

This plague is 100% on the telcos wanting the money and 0% on government.