Your phone company knows the originator info of your calls and texts (or at least enough hops until they reach some even more untrustworthy than normal phone provider). They simply don't give you that info and instead show you an unverified caller ID that anyone can basically set to anything by whoever is contacting you.
Blame your phone company and the FCC for not solving this (and for not providing you with the data to solve it yourself).
It’s interesting to me that the carriers are intentionally devaluing the one protected monopoly they have. Nobody wants to receive phone calls or even SMS any more, because the spam/spoofing is so bad. One has to assume that they plan to simply monetize it until it’s gone. Then, it will be just IP over 5G with a race to the bottom.
In the mean time anyone who can’t just whitelist phone numbers loses. Being a business must suck.
Who can just whitelist phone numbers? I get calls all the time from numbers I wouldn't have known to whitelist; colleagues, people in other companies who I'm collaborating with on some project, food delivery people, customer support calling me back, etc.
I usually ignore calls from abroad at least, but even those I can't block; I'm constantly spam called by different anonymous numbers from the UK, but I also have colleagues in the UK whom I want to be able to accept calls from. I once got an unsolicited call from a French number which I ignored, only to find out that it was the phone number of a food delivery person who was there with my food. Just last week I got a call from an unknown German number; in that case, it was a call from a colleague in Germany.
I don't think a whitelist of phone numbers is a workable solution for most people.
I get maybe 2 calls a month that are both legitimate, and from numbers I don't recognize.
Which is frustrating! Because it might seem like that's a low enough frequency to make whitelisting a viable solution. But it's not—for the reasons you outlined.
2 calls a month are important enough to me that I must receive every spam call that comes in. I'm still pretty good at sniffing out most of them. A lot are still matching my area-code and exchange numbers on the spoofed ID—a huge red flag. Many others show rural cities that I'm certain no legit caller would call me from. But then there are the in-betweens: calls I can't make heads or tails of unless I answer.
Whenever I do get one of these legit-but-unrecognized calls, I immediately add them to my contacts in some vain attempt to reach whitelist nirvana. But I don't think I'll ever get there.
Voicemail. Why doesn't it work in this case? Do you work in sales? If so, why not use a separate "business" phone? Get the cheapest pixel you can find and enjoy the benefits of call screening. Maybe just a voip app on your current phone would work?
I'm having trouble understanding how 2 phonecalls, poses such a big problem. Please help me understand.
It's not business related. These are calls from dog groomers, doctors, and other service providers. I have a separate phone number for my job (which also is starting to get spammed).
My voicemail box is about 2/3 spam voicemails.
It doesn't really fix anything, just shifts it to another place that I then have to check to weed out spam calls and find the legitimate ones.
> I'm having trouble understanding how 2 phonecalls, poses such a big problem. Please help me understand.
Okay, so it's not a "big problem". I'm being a little hyperbolic in my previous comment. It's an annoyance, and a galling one. Like email spam was back in the day. I could still find the legitimate emails among that crap, but it sucked and I would've rather not.
The 2 phone calls themselves aren't the problem. The spam is. But the 2 phone calls each month are enough that I don't want to just ignore all non-whitelisted calls. Doing that will cause its own annoyance, as I miss calls that I didn't want to, and have to check voicemail each time a spammer calls me.
I ignore nearly all unrecognized incoming calls (average ~1 per day but varies a lot, sometimes 5-10 in one day). IME only a very small percentage actually bother to leave a message. But perhaps this varies by region, or carrier, or any number of other things.
I'm on your side of the fence - but with very aggressive whitelisting. You're in my phone book or not. I block 100% of calls that aren't in my phonebook, if they don't originate with my voip provider.
All of my incoming calls go to my VOIP provider, which in turn routes to my cellphone if someone has my 'extension'. Anyone who doesn't, has their message go to voicemail, which is transcribed to email (and the audio file attached). Prior to transcription audio plays telling the caller to enter a specific code, to leave a voicemail. Turns out this eliminates 100% of fake foreigners, and locals. They can't be arsed.
I ignore SMS. I receive nothing of value other than registered numbers (as in, a registration with the state) so I actively block them and add on an as needed basis.
I remember reading one guy who said he implemented a pre-screen before a call rang through. He said his first design was simple a voice message that said "Press 1 to continue" which he planned to ratchet up in complexity until spam calls stopped. He never ended up improving it because the "Press 1" message got the job done.
My grandmother's phone company offers something similar (a simple "press 1 if you are not a telemarketer prompt), and it also eliminated the majority of spam calls, which is not what I expected.
I'd like to do this in theory, but practically I find it not worth it. Consider a case where your partner or your kid lose their phone, are stranded, and borrow a phone from someone. They won't reach you.
I really like the feature on many Android phones where you can turn on Do Not Disturb and phone calls automatically go to voicemail UNLESS they are a "VIP" contact (which you set) OR if someone calls back twice in a row relatively quickly. I wish they had more granular controls like this - I use it currently at night when sleeping (so for example my boss or my family can still contact me at 4am if there's a real emergency) but it would be nice if I could do something similar during the daytime but a bit less restrictive.
SMS should be renamed to 2FA since that's the last remaining use for me, and only until the laggards upgrade to support Authenticator apps (I'm looking at you TD Canada Trust and PC Financial).
SMS is like email for me, these days: only used for transactional messages that I'm expecting, and spam. Both are almost exclusively ways for computers to send me messages.
I just realized that if this STIR/SHAKEN thing (or something similar) was implemented for SMS it could potentially make using SMS for 2FA much more secure - there could be a relatively secure way to verify automatically that the sender of the 2FA code is legit and that the code is only being sent to the proper device.
Agreed, it isn't a great solution at all. I've been dealing with winding up my dad's estate recently and in the last couple of months I've taken more calls than I have in the last 10 years, all legitimate too.
No, it literally doesn't. I've done exactly this - 3 times, in two different countries. It's no different than saying "here's the number at my desk in work".
Probably 90% of people under 40 years old. I've blocked unknown callers for over a decade, with no issues. Honestly, I'd be fine to lose the voice call and texting features entirely and just go entirely to email. Seems to be heading in that direction anyway.
I don't use food delivery services, but I think those mostly operate over text which could as well use email. Certainly takeout orders notify me of status over email or text, not call. If I need customer support, I send them an email and operate over email.
To add a data point—I’m in this demographic and for unrelated (but maybe not uncorrelated) reasons have never elected to receive a call back from customer support (being “on call” is almost as bad as being on a call) and have never had food delivered (the concept feels disgustingly lazy and wasteful).
> Who can just whitelist phone numbers? I get calls all the time from numbers I wouldn't have known to whitelist; colleagues, people in other companies who I'm collaborating with on some project, food delivery people, customer support calling me back, etc.
I assume most "whitelist" approaches don't actually send the messages nowhere, they just remove notifications so they don't interrupt you. For colleagues / etc, you can just use Signal (or whatever company-imposed collaboration tool exists) to hold the conversation completely, or barring that you can at least schedule a phone conversation in advance (so you can whitelist the requisite number).
I'm sure if you're client-facing / in sales you don't have this luxury, and you'd rather be interrupted at any time even if it's spam, but I doubt that describes most people.
Same is true for food delivery etc... if you're expecting something that might require your attention, you can disable the whitelist and let any call through during that window.
> I don't think a whitelist of phone numbers is a workable solution for most people.
My local hospital telephones with private numbers, which is the only reason I cannot completely block them and thus cannot use a whitelist. Outside of working hours I do not answer them. I told them it is a problem and they placed a note in my record to call me from a public phone which is nice of them (not their own desk but from a service desk which has a number displayed) but I imagine they sadly sometimes forget.
The UK number is a hassle too, all kinds of +44 numbers spoofing or reusing existing non-fixed location numbers to seem legitimate since some phones provide direct listing of the name of the company. They are actually foreign redirects which cost insane amounts of money if you call them back.
I would also like a native way of blacklisting number blocks (like +44), my phone currently can't unfortunately.
>My local hospital telephones with private numbers, which is the only reason I cannot completely block them and thus cannot use a whitelist.
Can anyone with more context explain to me why a rational person decided on this? It's Biblically frustrating for me because 9/10 withheld numbers are spammers or scammers and I don't want to pick up the phone to them but 1/10 it's my local doctor's surgery who I can't ignore. It's such an antisocial thing for doctors of all people to do, but it seems to be common enough people across the world have to deal with it.
Mostly because there is usually a bunch of phones in a practice (and a shitload in hospitals), and you don't want patients to call back to for example the MRT/CT lab.
The other problem is privacy... imagine a woman consulting her ob/gyn about an abortion. The ob/gyn calls the woman back, and suddenly the abusive husband sees the phone number of the ob/gyn practice on the incoming call log.
While I do understand this reasoning somewhat I don't know why its only limited to hospitals and doctors. I can imagine thousands of situations where this abusive partner would have a problem with an incoming number hospital or not. I'm not sure its a great idea to structure our communications around hypothetical abusive people, a call directly to the number that is provided from the organization you provided it to is private enough.
> I'm not sure its a great idea to structure our communications around hypothetical abusive people
Domestic violence is far from hypothetical [1], it is the sad reality we live in. Medicine in particular has a responsibility by the Hippocratic Oath to avoid causing harm, and the laws (e.g. HIPAA) reflect that responsibility.
So, women are abused sometimes therefore doctor's must mask their numbers due to the Hippocratic Oath and HIPAA? Do the doctor's have to disguise their voices as well? Maybe they should talk in code. I won't pretend to be an expert on HIPAA but I very strongly doubt that calling from random numbers is part of it. Wouldn't the random calls look suspicious to the abuser in this circumstance? IMHO something like this would cause more abuse than just I dunno.. lying about why the doctor's office called.
Physicians want to be accessible only via specific channels, to protect their time and to ensure there is consistent process across patients. Most of the time as a patient you can’t call them directly, unless you work through the page operator or you plan ahead with them on predefined phone number and time.
Unless they're using their personal cell phone, this should be a basic feature of the hospitals phone system, it is a feature decades old. No reason the caller ID should be set to the DID of the doctor.
Not from the UK, I don't actually get why calling a local/in-country number could incur high cost. How could one identify a paid/free/local number without trial-and-error?
In my country, you only incur normal minutes when you call an ordinary non-overseas number. By ordinary, these numbers have a normal number of digits, and a known prefix. Paid call always have shorter or longer phone number.
I'm from the UK and I can confirm that I am billed for the number I dialed not any forwarding endpoint. If I am inside the UK and I dial a landline (starting 01, 02 or 03) it will usually be included in my monthly contract allowance.
It's regulated by the UK regulator OFCOM. They publish a list of number prefixes and the maximum costs that can be incurred:
Some of those costs are high, but they are published, and capped. There are no surprises here.
There are a couple of myths that circulate endlessly in this country that:
i) You can receive a call from a scammer who prompts you to 'press 1' to be connected to an agent, and if you press 1 you're dialing a premium number and can incur large costs. This is impossible, inbound calls in the UK are not billable, nor can inbound calls count against any inclusive minutes on a contract.
ii) You can dial a cheap-looking number but the call is forwarded to an international or premium-rate destination and you can incur large costs. This is impossible, you can only be billed for the number you dialed, any onward forwarding costs would be incurred by the owner of the number you initally dialed.
This is an interesting pattern that I have noticed, and much of my work is in a similar vein. I have to be able to accept unknown numbers for my work. As a result, I pick up on a lot of robocalls. When it comes to business numbers, there really isn't a good solution for this.
I'd be interested to see if an entirely new business model rises up out of this. Some kind of verified business network of phone numbers people pay a small fee per month (per call?) to get assurance that it's a legit business call. A sort of for-pay group whitelisting.
At the very least, when it comes to my private number, I decline any call I do not recognize and I figure that if they are legit, they will either:
1) Call back immediately
2) Leave a voice mail and I can call them back in a minute.
It's tedious, but a sort of call/re-call seems to be like a kind of workaround to this. It's just a very tedious thing when it comes to stuff like doctors offices calling form a new number, 2FA from some website, or anyone I might not have saved in my contacts list.
Pagerduty does something kind of interesting - they create a contact on your phone with all their possible outbound numbers so you can allow them to ring through.. would be cool if other apps could do this without needing access to read every contact in your address book (at least on iOS).
It still doesn’t solve the problem of someone unexpected calling you though, or someone for whom you don’t know the number..
I think GP's point was that this is a situation where ethics and business value align (better origin verification is a selling point for a network) and yet bafflingly carriers aren't making the right choice--by either estimation of "right".
That ship has long sailed, and I don't think young people for instance value much having a phone number, except for conforming to social norms (e.g. getting called back for a job offer) and SMS confirmation codes.
Carriers are milking it as much as they can now, as they don't have leverage to otherwise stop any progress that would make phone numbers finally irrelevant.
Those social norms are changing too, ten years ago I'd have phoned people out of the blue but these days I'd only do that for urgent matters because it's rude not to text first.
I don’t even text anymore, I just ping people on Facebook or discord or wherever. And then I’m likely to call them from my computer on one of those services too, which means the mobile carrier is 100% cut out of the loop.
I'm from the last offline generation and don't hate the telephone, but the volume of spam calls my landline receives has to be 99% of rings. I may have gone to bat for landlines if there wasn't the spam problem as I think they have upsides over cell phones. Way better sound quality, more consistent service, and answerable by anyone at home.
However, I have been getting 20+ spam calls a day for the last week and I am ready to get rid of the landline forever.
The generational decay would be much much slower if telecoms did their job.
I don’t know if phone calls decay is that much a generational thing.
Our elderly parents stopped calling us and moved to Line the moment they had an iPhone (then an iPad), and even with their friends they seem to just hit the call button from the messaging threads. They still say they had someone on the phone, though they’re on third party services, so it seems it kinda just switched in their mind.
Perhaps the same way we were switching between local calls, long distance calls, special operator calls in the offline days, but we’d still just think of it as phoning people whatever the actual service we were using behind.
My phone company apparently provides anonymous spamming service. New data protection rules forbid them to share your name and phone number, so they went ahead and created a service where marketers can call people without a phone number.
You want to reach females aged 30-35 in a city? Simply call or send an SMS from the API and you will be connected to a random one who matches your criteria.
At least, that's what my spammer told me when I insisted on telling me who gave them my phone number. Apparently, I gave the consent to be included in the pool at the time of purchasing some data package or something like that.
I don't think OP indicated the carrier shared personal information - only that they provided a way to connect a 3rd party company to a customer. That transaction doesn't need to include any information beyond the defined demographic.
That's correct. Apparently they put me in a certain demographics bucket and the spammers can pay the carrier to call or SMS random person from that bucket, sometimes that's me. So they know my gender, approximate age and location(maybe some other stuff?) but they don't know my name.
To clarify: I think you're saying they don't know your name, but at least as important they don't know your actual contact details (phone, address, email).
TBH, this a system that if it's opt-in only, I don't have much of a problem with. If it's opt-out, I'm annoyed. If it's required, we should change policy.
The system is not advertised on the carrier portal, there’s no indication that you opted in and there’s no option to opt out.
To know about it, you need to be annoying like me and investigate. Once I learned about it through questioning the spammer, I called the carrier and requested opt out. First the call center people didn’t know what I’m talking about then at some point they used some innocent sounding name for it and promised that I’m out. I still receive spam everyday.
> Blame your phone company and the FCC for not solving this
I do. They don't care. AT&T doesn't even care that their cell network barely gets above 1 or 2 bars in a major metropolitan area. They mislead consumers by displaying 5Ge as the network (it just means you're on 4G but in an area that might have 5G service). My phone is really not a phone anymore, at least 95% of the time. I do make outgoing calls myself and only answer when I have a definite expected call from a known number. I use video chat apps for both audio/video calls for family.
I would probably say this is overstated, except today I got a phone call from “Djibouti” with a fake foreign code which was obviously a call spoofing a local area code, matched a very prominent local business, and left a message about… auto warranties.
Does the FCC have the authority to do that or are they beholden to Congress as is so often the case?
Part of the conservative push to deregulate is to argue that government agencies are incompetent but the reality is that they've constructed a system where these agencies literally lack the agency to do anything more than write a nasty letter.
This is only valid if it’s a US company and many of these are originating outside of the US. Many shady companies outside of the us simply ignore the fines.
Except, when it comes to prosecuting people they usually make a deal where they pay a $50k fee or whatever, or they just don't have jurisdiction over the spammers and they'd rather sanction Russia than sanction India or other countries that are originating a lot of the SMS and robocall spam.
Well, this issue was actually trickier than it looks. The real problem is the protocols our communication infrastructures built on was designed without almost any authentication & authorization mechanism. It wasn't a big issue when it designed as copper wires were required to make calls but it means basically anyone get those endpoints details can send SMSes, make calls claiming to whoever they want given now almost everything is on IP network. Yes you were right about that those telcoes do know what was the problem and how to fix it but they simply have no incentive to fix it as: 1. it needs overhaul of the current infrastructure, which needs lots of money and effort to proceed. 2. It requires all parties in the network to coordinate. One single exception means the issue remains or you will have to drop interconnection with those are not ready yet. 3. Negative impact to their revenue. So here comes the status quo.
Blame your phone company and the FCC for not solving this (and for not providing you with the data to solve it yourself).