Slashdot Mirror
AT&T, Comcast Announce Verification Milestone To Help Fight Robocalls (usatoday.com)
"The fight against robocalls can even bring telecom rivals together," reports USA Today:
AT&T and Comcast said Wednesday that they can authenticate calls made between the two different phone providers' networks, a potential industry first and the latest in the long-running battle against spam calls... The system, which uses a method developed in recent years, verifies that a legitimate call is being made instead of one that has been spoofed by spammers, scammers or robocallers with a "digital signature." The recipient network then confirms the signature on its side. The companies said consumers will get a notification that a call is verified, but exactly what that will look like is not yet known.
Both AT&T and Comcast will roll out the system to home phone users later this year at no extra charge. AT&T also said it will introduce the feature to its mobile users this year... Other major wireless and traditional home voice providers have pledged support for the verification method, including Verizon, T-Mobile, Sprint, Charter, Cox and Vonage, with several announcing plans to roll out or test the feature in 2019.
The day Comcast and AT&T made their announcement, AT&T's CEO was giving a live interview that was interrupted by a robocall.
Both AT&T and Comcast will roll out the system to home phone users later this year at no extra charge. AT&T also said it will introduce the feature to its mobile users this year... Other major wireless and traditional home voice providers have pledged support for the verification method, including Verizon, T-Mobile, Sprint, Charter, Cox and Vonage, with several announcing plans to roll out or test the feature in 2019.
The day Comcast and AT&T made their announcement, AT&T's CEO was giving a live interview that was interrupted by a robocall.
Sorry, Drumpftard traitors. You had your chance.
Did Comcast buy a POTS network somewhere?
I'm interested how they'll handle legitimate use cases. I call my patients via calling service that spoofs my number to look like my office. If I have to use my genuine cell number I will simply stop communicating this way.
You don't vote, you reap the consequences. That sucks for your I guess.
Let me guess, you're a Millennial?
Gee, How did I know??
Voting is for old white people.
Complaining is for millennials.
Notice how there is no mention of Google Voice and Google Fi. Are they a real phone company or not?
I don't want my phone to ring with a little alert that something is a scam. My phone already tells me when something is a potential scam. In fact if its a number I don't recognize, I know that 99 times out of 100 it's a scam. I want my phone not to ring at all. I want the call to get stopped before my phone is even involved. It's not answering a robocall that annoys me, it's having my phone ring in the first place.
Maybe 30 years ago, it would be prudent to roll it out to home first, but today? I know people my parents age, might still have a home phone (85 years old) although they don't, but it should go to mobile first. Why not? Because the mobile carriers make a ton of money off of calls, regardless where they come from.
So turn off the volume and catch the voicemails, sheesh. Is it really this hard? Imagine if your great grandfather could see you whining about THIS.
Yes, robocalling needs to stop, but at the same time, caller ID spoofing needs to be enforced, because it's illegal yet nobody cares. That's why people don't answer their phone anymore.
I agree. I want the phone companies to block shit from entering their networks, I don't want the shit labeled so I can choose to not answer it. that defeats the entire purpose of blocking robo calls.
I went out to *BSD's grave on Decoration Day. The old forgotten cemetery is to be found adjacent to the dark woods beyond the edge of town. There within olfactory distance of the municipal treatment plant you will find *BSD's final resting place.
*BSD's tombstone was shrouded by thick mosses and knots of noxious ivy. A mournful funerary crow sounded the requiem, as I gently pulled aside the tangled twists of thorns, and cleaned the decaying marker the best I could. A suffocating melancholia filled my heart, while I pondered that this indeed was *BSD's figurative charnel house of which so many have plaintively spoken.
Nothing is so pitiful as an untended grave, a loved one now forgotten. The short sad life of this doomed and fated OS makes us realize that there but for the grace of God go all of us.
I planted some wilting marigolds, found discarded in the waste heap behind the caretaker's shack,wishing that by some miracle these fleurs de mort might take root and bring a modicum of cheer to *BSD's God forsaken plot. My fervent hope is that the torpid colored boy, who so carelessly mows the grounds, doesn't slice them down, inadvertently mirroring *BSD's own doomed encounter with death's irresistible scythe.
Funny how things work out. Linux, that brilliant nova stella, now runs the Internet and the world's fastest computers, while *BSD lies moldering within its forgotten crypt. Let the barren silence of *BSD's tomb be a mute reminder that hubris and braggadocio were no defense on that woeful day when the Angel of Death's bleak umbra was cast upon *BSD.
And how does my business voip service join in on this authentication party? Either I am going to be too small to be considered a good guy or bad guys with $20k revenue a year will be able to do exactly the same things that I would need to do to make my business calls legitimate.
I don't think this is going to work.
> will end up reaching a phone number other than the one the caller is actually calling from (if any).
Your proposal will not work because: ...
F) it relies on first solving the problem, then using the results to solve the problem
The receiving end has no way of knowing which "number they are actually calling from", in general. In fact, there are no such thing as the number they are calling from.
in the industry a phone number is called a DID number. DID stands for Direct INWARD Dial. The destination in need number is defined, the call can very well come from a phone that has no number. Consider a company with 1,000 employees, each with a phone on their desk. They need a few phone numbers (inward dial IDs) - tech support, billing, HR, and maybe a "main" number. So four phone numbers, 1,000 phones.
Then you'll probably want to switch phones to use one from a real phone maker.
My phone has a setting to not ring when the "unknown" cid-bit is on.
I fully expect another setting to be added to work with a new "verified" bit, and be capable of not ringing when off.
Yeah sure, nobody in Silicon Valley can get a signal anywhere. /sarcasm /retard Or maybe the problem is that you're just a dumb cunt and even radio waves find you boring and not worth going near? God you're pathetic lol.
Crooks looking to steal cell service "a thing" decades ago.
Now crooks will clone so they can be "legitimate" AT&T or Comcast phone numbers.
Sigh.
There are a number of apps that do indeed block pam calls from ringing through, two I use are Hiya and NoMoRobo.
I have for a while been mulling over building a regex based one though as it would be lots simpler and probably more effective.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If a call seems to be coming from Telco A to Telco B, A must authenticate and owe a small fee to B. And vice versa. If it does not cost any money or revenue, there is no incentive for Telco A to be vigilant or sincere in the authentication issue.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
There are many reasons the US is full of spam calling, some are due to the way phone costs are paid, others are cultural, and others are language.
The US has always had caller + receiver pays for any phone calls on cell phones. This was setup because smaller companies in dense population areas needed to get paid for all the calls coming in. Many people have so many "minutes" or unlimited voice minutes in a month that it just doesn't matter, but my cell play still charges US$0.10/min for any call - in or out. Europe has a caller pays system. If it cost the robotcallers $0.10 just to call me, I bet they'd stop. Quickly. Phone companies are already stuggling since voice calls only happen between strangers. Most people use SMS or email or some other IP-network method to communicate.
In the US, robocalling tries to target the elderly who can be confused a little more easily. Most elderly people in the US will speak English and will expect to speak it on the phone. With all the outsourcing of call centers that US companies have done the last 25 yrs, there are millions of people who learned an American accent outside the USA. The fact that most of the business world uses English, not German, means our phones get to ring with spam callers more often. I would ask, in Germany, how often do you get personal phone calls that aren't in German?
Robocalling any cell phone for any reason is illegal here, unless you've provided the phone to a business with which you have a business relationship.
People already violating the laws don't care. The FCC is never able to track them down, since they aren't inside the USA. A solution to this is for phone providers world-wide to be held accountable for allowing spam calling from their networks. If AT&T and Verizon blocked all calls from India until the Indian govt got a handle on this issue, I bet it would get solved quickly. The same for Russian, Brazilian, and Filipino callers.
Robocalling to a non-cell phone is illegal with a few exceptions.
* religious calls - religious freedom crap.
* political calls - politicians want to force their message.
* surveys - Again, politicians want to learn what we think.
* Pre-existing business relationship. I cannot stop Comcast from calling me if I am a customer
* Debt Collections - I owe them money. Harassing phone calls is the only way debt collectors for most things can do anything. They can call 50 times a day, if they want. Legally, if I have debt, I can request they stop calling and they must. There are other legal protections, like they can't call my workplace or tell others about the debt, but the most effective collection companies will play very dirty and call your work, your boss, your parents, all your neighbors, trying to collect debt that some huge company already wrote off as a loss 3+ yrs ago. I only know about this because I had a cell phone long ago with the number of some deadbeat scum who didn't pay his bills. About once a year for 1-2 weeks, the phone wouldn't stop ringing from 7am until 10pm.
So almost all scam calls start out as a survey, then if you don't complain, they transition to a "send us money" scam. For a few years, their was the "you've won a 7-day cruise" scam.
In the US, we don't have many lottery scams. I'm guessing Europe must have a bunch based on the emails I see in the spam.
It is legal to spoof the caller ID too, so that huge companies can have their 1-800 number be displayed when calling from thousands of other numbers. This is helpful to everyone, really.
The real issue is that VoIP is so cheap and there's no provider that forces a single outbound number to be used per outbound line. I've been using VoIP service at home for the last 15 yrs. I can script a change to my caller-ID and even my originating phone number. As long as I'm not trying to defraud anyone, it is legal. It is possible to have my phone appear to come from the White House switchboard, for example. It is "political satire", which is protected speech in the U
Wow. Its about time. It's been more than 3 years since I started writing online, everywhere I could, and telling every single service provider's support manager I talked to, that they should standardize this exact technology between all carriers. If all device connections into each telecom network were verified in a standard way, and exchanged during handover, this problem would have been solved years ago.
The biggest problem is with the addition of VOIP, the spammers are able to put whatever they want into a database and thus spoof the number at the other end where it goes back into a telcom network. Enforcement of a digital signatures for each device would fix the problem and with that the exchanged caller id, though much larger in size, would finally be useable for something. So, If you think blocking numbers is useful or effective, you are just wasting time. A blocklist is just blocking random phone numbers of honest people who are not actually calling you anyway.
Let's explore your idea. Maybe there is a kernel of a possible idea there; perhaps you just don't know the terminology to express it clearly.
What information, exactly, are you expecting to get from this reverse lookup? I take it the input is the CID (caller ID).
Do you have some idea of what you plan to send this reverse lookup to?
Here's some background information on how the phone system and CID works, using a real example I did for a Coca-Cola facility. Note, btw, that DIDs and bandwidth connections come from separate companies. Just like you can order a domain name from Verisign and an internet connection from Comcast.
The facility needed to support 200 phones, 20 concurrent internal calls, and at least 10 concurrent calls in and out. So they ordered a PBX (private branch exchange) capable of meeting those requirements.
They ordered bandwidth for incoming / outgoing. A T-1 supports 24 consecutive calls, so that was a good match for their needs. They shipped several local providers for their T-1.
We made a list of how many DIDs (phone numbers) they'd need to list on the POTS, it was about 20. They ordered 20 DIDs.
We configured the PBX to route each DID to the appropriate pool of stations. So for example if a supplier is calling, that's routed to a certain hunt group, job listings get a different DID and go to a different hunt group. The same phone may be in multiple hunt groups, with reception at the end of every hunt group.
We also set an appropriate CID for each station. Note a station (phone) may be in multiple hunt groups, so it has many DIDs, or no hunt groups, so it has no DID. Therefore the DID and the CID cannot possibly match. For one or two stations, the best CID may be Atlanta headquarters, which is served by a different set of companies.
When Coke makes an outgoing call, their PBX sends a CID to the company they bought their T-1 from. Note this isn't the same company they bought their DIDs from. Their T-1 provider includes this DID when they route the call to a regional POTS provider. The regional provider knows that the CID was provided by the T-1 provider and nothing more. They have no way of knowing how I chose the DID or if the local provider changed it. The regional provider hands it to a national backbone, and potentially an international one. Then one of the backbones hands it to Cricket, who sends it to you. Cricket doesn't have any way of knowing which provider added that CID, much less if it's "right" for some arbitrary definition of "right".
It's embarrassing that we're in 2019 and we can't authenticate callers. I think it's amazing that we haven't seen some massive DoS type attack because phone providers just trust each other like "Well, you're in the club, you must be legit". So now they're going to solve the problem which is caused by their inadequate system, and do it free of charge? WTF?
Maybe instead there should be a tax on every call which is NOT end-to-end authenticated, and then let the free market take care of things.
Yes... the number. Essentially, you basically would be making a kind of special "call" to this number from your own phone, effectively performing a reverse lookup that is completely independent of the incoming phone call. This special call wouldn't be identical to a regular phone call, more resembling a "ping", to use tcp/ip terminology, but the idea would be that a phone line that wasn't actually calling you at the time wouldn't even try to respond to this sort of ping, thereby effectively notifying you through a lack of response that a spoofed # is not where the caller is really calling from.
The route that this special kind of call that effectively does a reverse lookup would take cannot be controlled by the original caller, so the caller has no practical way to spoof an arbitrary phone number unless the number they pretend to be from is not only a real one that the recipient has the ability to actually call back, but also a number is directly controlled by the caller as much as they control their own real phone line.
There would have to be some additional work to allow legitimate spoofing, such as showing only the main office number on any outgoing call for a company, even from a direct dial phone anywhere in the building, but since this spoofed number is one that would be directly controlled by the company, the general principle still works.
How I imagine it would work is as follows: The dialout line tells the main line that it is making a call to XYZ, and to act as a proxy for the reverse lookup request from XYZ when it happens. The main line verifies the number that the dialout line claims to be from using the same reverse-lookup protocol that the receiver would use, and if verified as an authentic number that it can proxy for, it would know to be a proxy for that phone call for a brief period... creating a temporary proxy entry in its cache so that it can authenticate a reverse lookup when it happens, and deleting the proxy entry after a short time (maybe 15 to 30 seconds or so, which should be plenty of time for a reverse lookup to happen) so that memory resources are not needlessly wasted.
File under 'M' for 'Manic ranting'
Thanks for the explanation.
You propose to replace the existing world wide phone network with new protocol.
https://craphound.com/spamsolu...
1, 10, 2 & 9 & 10, none, 1
With this setup, there is almost a guarantee, that an outgoing call and an incoming call will have different routes, even if the stations at the end of both connections will be the same.
It gets even more confusing in other coutries. In Austria for instance, any entity can get a number starting with 5 (four to six digits long), which acts like a separate area code reserved for this company. Calls to a 5xxx number are always considered local calls, and the difference to the rate of the actual call has to be paid by the owner of the 5xxx number. On the other hand, an owner of a trunk can have extensions of arbitrary length, it's not necessary to buy DIDs or similar, as long as the total E.164 number is not longer than 15 digits. One of my customers for instance has the extensions -5 and -6 for the call centers, but three digits extension for fixed stations and five digits extensions for internal mobile (DECT) phones. The caller IDs the customer sends to the PSTN thus have lengths between 8 and 12 digits (something totally impossible in the U.S. and Canada, where a phone number always has to have 10 digits, with 3 digits for the area code and either three digits for the local code and four digits for the extension, or seven digits for the subscriber number).
Phone providers in Austria offer online tools to their customers where they can define the routes for their trunks, define overflow destinations or caller ID rewrites, so incoming calls to their locations are routed to the right trunks. Especially if you have a 5xxx number, you can finely tune the actual trunks used for calls to your central 5xxx, depending for instance on the origin of the call, or on patterns in the extension numbers or both.
And the owner of the 5xxx number can have several independent local phone switches in the respective locations, and all of them will use the same 5xxx caller ID (plus extension), and in each case this is legitimate. But your scheme would still fail, as the phone switch at location L, where the call went out, is independent for instance of the phone switch at location C, where the call center is located, and where all incoming calls are routed to. Any "call back" feature you imagine would be answered by the switch C which has no information about the call from switch L -- and still the caller ID switch L is providing is totally legitimate.
No, I'm pretty sure that backward compatibility could be retained while it is being rolled out.
Caller ID didn't work either until at least the source and destination exchanges had been updated, but phone calls continued to work normally.
File under 'M' for 'Manic ranting'
As a factual point, you can actually still use a 1980 phone, to either make or receive calls. I still have a box of 1980s phone equipment that still works fine. Just because you have caller ID capability does NOT require me to update my stations, my PBX, or anything else in order to call you. You just won't get a caller ID frame if I don't send one, sonon your end it will show up as "unknown".
PS if by chance you do network or server admin, you may have a modem you can dial to work on the equipment. (You can't use the network to connect to a router that it down.). If you've ever done that, you've probably used telephone equipment that isn't caller ID capable. Many modems aren't.
The point being - they don't have to be. Caller ID does not and did not require everyone around the world to simultaneously replace everything.
Thanks for the idea, though. We'll put it in the file.
This is why I love the Do Not Disturb mode in Android Pie (9.0) You can tell it things in great detail like "Don't ring or show a text unless the call is from someone on my contacts (or even a subset)"
It makes all the call block apps that were necessary the past couple years completely unnecessary. I'm sure if I was in Sales or had some other reason to have to answer calls from numbers I don't know it would suck, but I identified early on in my career all the reasons I was NOT EVER going into sales.
"Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
To clarify, if I'm understanding your proposal correctly:
In order to make a call and not have it show up as suspicious, the caller would need to both switch their service to handle incoming calls while an outgoing call is ringing, and upgrade their equipment.
The receiving station would otherwise show the call as suspicious. Therefore, upon initial rollout by a station manufacturer, almost all calls would show as suspicious.
Is that correct?
Assuming that's correct, people would quickly learn that all calls they receive show as suspicious. They would stop using it within a week. Callers would have no reason to implement it, given that calllees ignore it.
They only want it would work would be if the whole world pretty much switched over all at once, everyone gets new phones, etc. Experience shows such ideas have not worked.
Btw, if you're going to require a "everyone switch this week", we have PKI, so there is no need for a callback. All callers could simply send their signed certificate, which all calleees would use to authenticate the call.
We've tried for nearly twenty years to get people to upgrade to IPv6. Even given that IPv4 requires goofy hacks, and there are no more IPv4 addresses to issue, people haven't switched to IPv6 - even with strong reasons for both sides to do so.
You need a system where it makes sense for either most callers or most calleees to switch, before the other end has done so.
Maybe now that there are more internet-enabled mobile phones than there are living humans, we should just develop a voice-chat relay system that uses PGP signed VOIP and bypass the phone companies entirely for calls that don't involve landlines, and then send all calls from landlines directly to voicemail without ringing.
Caller ID didn't require most callers to get a second line, so no, most calls showed the number.
But let's pretend it had. In every other case, it would show the caller's number - useful information.
A call-back system could only flag an incoming call as suspicious (after the third ring). Before it is widely adopted, it would flag all calls as suspicious.
If you're going to introduce a new protocol and get everyone to start using it, a certificate works after the first ring, rather than the third.
Again, thanks for the idea.
No... most calls did not show the number... the separate call display unit I had at the time either said "unknown" or "no caller info sent", with the the area where the phone number itself would appear on the device being blank. Other times, when the number did show up, in the text area for the display, it only showed the city and province or state that the caller was calling from, and not the caller's actual name. I actually don't remember how long this was the case, but it did it for long enough that even over 20 years later, I still don't pay as much attention to the name that is associated with a number in the caller ID info as I do to the actual number that shows up. Partial info was still moderately useful in the early days of caller ID even without the full name of the caller because the people who made the most use of it still knew the people's phone numbers for their friends and family, and unrecognized phone numbers were just that, unrecognized.
Why do you figure it would take until after the third ring? I'd imagine that this only would add one more ring to the delay for the info, at most. Secondly, even if you answer right after the first ring, before you've got the complete story, that shouldn't stop you from receiving the lookup info that you asked for as soon as you received the call, if it was available. Finally, as technology improved, I'd imagine that the delay before getting the lookup info back would get shorter and shorter, eventually becoming as unnoticeable as the fact that when your phone now first starts to ring, full CID info is shown as soon as it starts to ring... you don't have to wait for the first ring to finish like you used to.
File under 'M' for 'Manic ranting'
[quote]...an exchange of authenticated calls between two separate providers ...[/quote]
What about scam calls made _WITHIN_ AT&T or Comcast? Are they going to be screened or not?
Scammers have so much power (as in admin rights), they can switch their calls thru any switch.
Easy fix. Given that AT&T and Comcast, _ALLOW_ callerID spoofing. Scammers have total control over their victim's caller ID display.
The fix is to _DISALLOW_ spoofing. Switch it off.
Name and area is enhanced caller ID, a separate protocol launched several years later. The additional information is fetched via Analog Display Services Interface. It has a lookup delay and is subject to DIP fraud. Anyway that's a different topic than caller ID, which sends the phone number.
> Why do you figure it would take until after the third ring?
The first ring "wakes up" the receiving station. It is then ready to receive the 1500 baud, 450ms FSK caller ID frame. In your proposal, it would then call back that number. After the first ring of the second call (second ring of the first call), it could send the "did you call me?" query. Then it would await the response coming back.
> as technology improved, I'd imagine that the delay before getting the lookup info back would get shorter and shorter
There are 10 billion phones, which all have to interoperate. Any phone can call any other phone. For that reason, POTS ring protocol doesn't slowly improve. It doesn't gradually change. That's what you seem to be missing. It's not like Facebook Messenger, where a company can decide to switch up the protocol. The last major change was over 50 years ago, in the 1960s, when we started introducing touch tone dialing. It took 20 years after that to get rid of pulse dialing.
Btw before even trying to figure out a technical protocol, don't forget you need to fix the logic. A station is not a DID and a DID is not a station. It *may* be that your station (phone) has a phone number, only one phone number, and you never use call forwarding, and no other phone uses that number. Those things might be true for you today, but those are absolutely not rules in the phone system. Some people DO have call forwarding, and a a lot more.
It's a lot like the name Google.com - that does NOT identify a particular server. A dialed number doesn't identify a particular phone any more than Google.com identifies a particular computer. There are many buildings full of servers, and any request for Google.com will use several randomly selected servers from among thousands.
For example, I volunteer to receive calls for a crisis hotline which gets a few calls per month. The person in need of help calls the crisis number. They know which service they are trying to reach. They have no idea which phones will ring, and they don't care. They are asking for a service (1-800-help), not for a specific device (an IMEI or other station ID).
I'm not always able to answer the phone of course, so the crisis line doesn't just forward the call to my mobile phone. It rings my phone, and while it's ringing my phone if I don't answer within 10 seconds it starts also ringing another volunteer, ten seconds later it adds a third, etc, until someone both answers and presses 1 to accept the call.
Now suppose my phone were to call the person back, asking "did you call Ray's phone?" Their phone has no idea whether they called my phone or not! They called 1-800-help, not "Ray's LG phone, the one he just bought". Their phone has no way of answering that question.
The number you dial doesn't identify a device. "Did you call Ray's mobile" isn't an answerable question.
Similarly, if I miss a call that rings my mobile, I don't know if the caller was calling the crisis line, my business number, or my personal number. Any of those three numbers, identifying three different services, might ring the same device.
So get it out of your head that there is some fixed relationship between a phone and a number that someone can call. There isn't.