I'm in Northern Europe and lately spam calls, and especially spoofing from random peoples numbers have become so bad i know multiple who stopped taking any calls, or even changed their phone numbers because they got too many calls, or angry people called them because their number was spoofed.
To me the whole system is archaic - i know gen z would never ever take a call from someone they don't know, or even call each other - it's simply not something you do - it would be like reading your spam mails.
And i'm coming to the same conclusion, answering random people is naive.
Phone calls now produce JSON Web Tokens that identify users with cryptographic signatures. This was codified around 2018 by the IETF, SIP Forum, and ATIS.
So the public phone system now supports it, but the problem is that not all providers support it yet, which fundamentally weakens the system. Of course, you can’t just add a new “protocol version” to an over-100 year old phone system with zero time to do a migration.*
But now that it’s been a few years, we are reaching a point where, at least for the US, the FCC wants to ban any provider who hasn’t added support.
Are the signatures available to the end user? I would love to set up a call screener that only accepts verified calls, as most spam uses spoofed numbers. I'm assuming that the major players implement the protocol at least .. I'm ok if the filter rejects things that aren't real land lines or cell phones.
In general "hosted" services will hide the actual token from the end user, though they may offer either filtering features or the ability to tag calls in the Caller ID based on their signature.
Trunking services designed to feed in to a customer-controlled PBX will usually offer either the same sorts of filtering/tagging or complete passthrough of the token.
This is only possible if the call transits through all IP networks. If the call at any point goes over TDM, and out of band shaken is not implemented, then the signature is lost.
End to end authenticated calls is the ideal state, but I don't think we're fully there yet.
I get at least 10 calls a day lol. They are all from India. Insurance scams, life insurance scams, you name it. I had to switch to only accept calls from known numbers. The rest are just sent to voicemail. I will probably miss on something important, but I have had it.
I pick them up on purpose, bate them, waste their time, call them back, waste more time. It can be fun sometimes, had one hanging on me the other day, I was laughing so hard. "Stop calling us!", "Stop calling you?! Bro stop calling and scamming people!" lol... Im also always looking out for AI phone systems as well. It's real fun messing with those, specially when you can get them off the rails.
I recently did the same thing, as 95% of my incoming call volume in a week was spam calls. It's been great. The friction I feel is when interacting with ephemeral contacts like contractors, etc. I've had to try to be diligent about adding them as contacts if I expect a call back, or hoping they leave a voicemail.
It's sad there really isn't much you can do about it. I tried do-not-call lists, answering and telling them to stop calling me, reporting them - all was apparently a waste of time.
In our modern world, every last vestige of trust is being abused. Government bureaucracy is an increasingly-visible problem, and a lot of it is insulation to protect lobbied interests, but some of it is a good-faith reaction to the way various actors abuse trust in a market. Eventually, there will be no trust left in society, whether due to law or personal technology. Apple would do well to take the lead on better ways to handle this on the personal side.
yup, anyone who knows me knows to email if they want a reply, and that I only take calls by appointment. Leave a message and I might call back, otherwise my phone's not on me, doesn't ring if the caller isn't in my contacts and doesn't even have cell reception most of the time.
Which country? I am in Finland and have had the same number for over 20 years. It is publicly listed. I receive maybe 1-2 marketing calls a month and less than one SMS scam per year. I am somewhat restrcitive filling in my contact details when I don't expect any real business. I only use deposable email addresses, but that should be completely unrelated.
That's your answer right there. Finland is a small country with a very niche language of just about 5M people - it's too expensive to teach people Finnish good enough to convincingly scam off the elderly, not enough marks to return that investment, and you need a sizable population of poor and desperate/dumb people to act unknowingly as money mules.
In contrast, for English language scams, you got 340 million Americans, 68 million Brits and dozens if not hundreds of millions of people speaking primarily English in former colonies (India, Australia) that are potential marks. And to make it better for Indian scammers, people there are already used to Indian call center accents so their alarm bells don't go off immediately.
For German language scams, it's 84M in Germany, 9M in Austria and 4.4 million German speakers in Switzerland. For us, it's mostly scams based in Turkey, because there are a lot of Turks who learn German because they have relatives here or their parents had a stint in the 60s-90s.
We've also had a couple generations of folks trained to treat 'foreign' sounding speakers as authoritative, due to most call center and support work being shuffled to non-US-based places. Calling a 'local' cable company and getting someone in Phillipines or India giving support is the norm, and many folks are now accustomed to giving details and account authorization for things to people who sometimes can't form coherent or natural-flowing sentences.
Just read [1] that our local telecom authorities (NKOM) report good progress when it comes to preventing people from abusing Norwegian telephone numbers to spam/scam Norwegians.
Sweden here, and I get less than one spamm call per year I would say, likely from abroad since in Sweden you can easily opt-out of marketing calls, except from companies where you are already a customer, which can be annoying enough.
My work mobile number is listed on the company website. I need to answer unknown calls from anywhere in the world, although I only get them every two months or so.
I can easily look through my whole call history. This year I seem to have had about six spam calls, and for the first time I bothered to work out how to block a number on Android — three of the calls were from the same number within a few days of each other.
I'm curious how this works in the USA for people that need to answer work calls — does the receptionist at a large company find 9 out of 10 calls coming in are spam? In some countries there are specific ranges for different types of numbers (all UK mobile phone numbers begin with 7, all numbers beginning with 3 are businesses/etc) which allows the spammer some basic filtering, but that's not the case in the USA.
In France since the first of October you can't spoof a French phone number anymore. (Edit: at least with the existing ways of spoofing. I'm sure it's a matter of time before someone hacks an operator and signs their calls through them.)
Anecdotally, I haven't had any spam call.
I've wondered more than once if our contact information should be more like Apple's hidden emails - generated for the specific person or business we want to be able to contact us, and revocable - with a public fallback which is expected to go to a voicemail of some sort.
My personal data has been part of 2 major leaks so I'd definitely pay for this feature. I already use a service which generates random emails and forwards it to my primary email address so having such a service for phone numbers would be a great idea.
Exactly. They want to only have direct personal emails so that if someone is a spammer they can easily be blocked/banned. And so that there are consequences for spamming. This is sort of the same principle as KYC.
It is an immutable law of commerce that any effort (be it legal, technical or otherwise) to protect people from obnoxious and/or harmful behavior by businesses will be fought tooth and nail by obnoxious and/or harmful businesses.
I (in Germany) still wonder why I’m lucky. I’m not complaining, I’d like to keep it this way. But my phone number is relatively ancient, as it’s still the same I got with my first phone around 22 years ago (maybe almost exactly? I think I got it for Christmas when I was 16 :D), and it even was included in the Facebook leak a while ago.
After the FB leak, I got a maybe 6-8 spam calls over the next month, and that was it again. It’s maybe 1-2 per year, and they are easy to recognize because they call from different countries.
I thought it was maybe Germany having stricter regulations, but people on Reddits /r/de do complain about spam calls, so no idea.
Experiences seem to differ a lot. In the US, I only have a cell phone so I have to give out the number and I only get junk calls once a month or so. It's certainly not in the disable incoming calls category. (Although I also suspect that different people have different tolerances and different perspectives on people being able to reach them from possibly unknown numbers.)
I get up to ten a day or something like that. It used to be a smaller number of actual people. I’d answer it to listen to them, counsel/encourage them, and tell them about Jesus Christ. Even the scammers might in rare cases change their lives.
They’re almost all AI calls now. The AI’s force a specific progression, are rude, and will argue with you. Some are programmed to claim to be human. It’s usually the same AI’s selling the same products connecting me to the same telemarketers. Some know my voice.
I can’t stand robocalls because nothing good comes from it either way. I don’t get to encourage new people. Their sales hurt by contacting the same people for stuff they’ve already been disqualified for. If I heard new offerings, I might buy or donate. For example, one was St. Jude’s reminder which I responded to on their web site.
Others are taking action. There’s regulatory penalties for repeated calls, calls outside a certain time, etc. You need to be on the do not call list to be sure. You can send the companies a cease and desist or a lawsuit in small claims under the TCPA. There’s law firms semi-automating that, too. If in the U.S., use that if they keep harassing you.
One day years ago back when our desks still had phones on them someone called back and they had spoofed my desk number as their call back. Took a bit to get down to that because I had no idea if it was someone in the company or not trying to reach me. (We checked into to desks at the time I think so the number could have been forwarded or listed as mine for the day at the time I think)
>To me the whole system is archaic - i know gen z would never ever take a call from someone they don't know, or even call each other
I suspect folks in Gen Z are also less concerned with calls from medical/emergency/etc. services. That said, habits have certainly shifted. With very few exceptions, I'm not going to make a personal call out of the blue at this point.
Easy, call via some voip implementation or another i often have internet access when i dont have phone service, not rarely have service without internet and therefore voip is already more relible. Moreover, its also quite clear who is calling me, so spoofing isn't viable. cellular based calls are dead and belong buried.
Not all would, but most worthwhile clients support end to end encryption, or some form of authentication which is time consuming to circumvent, meaning it becomes quite difficult to efficiently spoof random identities.
The problem is not that the phone system is old or "archaic", or that it uses old technologies - rather, the system is as bad as it is, because it's been ravaged by a cancer - a cancer on modern society known as advertising[0].
All of this has happened before, and it will happen again.
Any new media, any form of communications we invent, develops this cancer as it grows into mainstream awareness. The more people a new tool can reach, the more rewarding it becomes to marketers and salesmen, who all flock to it - and as they do, they accelerate the growth of the medium while also displacing and degrading the intended/legitimate usages of it. Soon enough, the medium turns into barren wasteland full of threats to users' sanity and wallets. Only once it goes so bad that people stop using the medium, and/or find a better alternative, do things get better - the cancer dies off as its nourishment supply, i.e. the audience, goes elsewhere. But the disease follows them there. And, if didn't inflict terminal damage to the old medium, chances are that old medium will experience a second spring[1], albeit in a much more diminished shape, becoming a niche hobby or internal technical tool[1].
Advertising is what destroyed AM/FM radio (remains a niche). It's what destroyed outdoor information displays (now existing only to show ads). It's what denies us beautiful vistas (all obstructed by billboards). It's what killed OTA TV, then cable TV[2]. It's what killed e-mail[3]. It's what killed the phone system, and it's what will kill any new thing we move to.
This problem will not go away until we start treating the actual disease - advertising. And by treating I mean the equivalent of radiation therapy[4]; anything else, anything narrowly targeted, leaves space for the disease to come back with extra force - the line between "outright scam" and "legitimate communication" is fuzzy, and salesmen and marketers are very creative at blurring it further.
And no, adding crypto (the legitimate kind) to the mix - authentication protocols, encrypted handshakes, whatnot - will not help, for the same reason your immune system isn't of much help against real cancer either. Sure, it'll get harder for a random Joe the Scammer to do their fly-by-night salesmanship, but advertisers in general can afford to implement all the schemes marking them as AAA tier 1 legitimate communication.
After all, if you look at the web, who's actually pushing most of the security stuff? Unsurprisingly, biggest players in adtech. Improving the medium's immune system is in their interest - they're still invisible to it, and getting rid of the most obnoxious scams secures their own ability to feed on all of us.
--
[0] - Well, kinda. It also includes bits of activities classified under "sales" and "marketing". I think the closest term encompassing them all might be "marketing communications", but "advertising" as understood by regular people covers most of it.
[1] - In rare cases, it may turn into a kind of "zombie mode", a blob of glowing radioactive mutated cancer, able to live out of background cosmic radiation, or such. I mean, how else can you describe the Fax system? You plug it in, wait a moment or three, and suddenly it starts spitting out ads!
[2] - The prime example why paying doesn't protect you from the disease. Once medium contracts advertising, the option to "pay instead of seeing ads" quickly turns into "pay and see ads anyway", and then "fuck you, pay more and see even more ads".
[3] - No, spam filter only catches the worst of it. "Legitimate" advertising still fills most of everyone's inboxes, which is a big reason why people flock to closed, gate-kept alternatives.
[4] - Or nuking it from orbit. Pick your own favorite exaggerated metaphor; it's the only way to be sure.
Admittedly, I have to let some things through because I'm a freelance musician and if I don't take a call, the client will move on to the next person on their list. But at least leaving a voice mail means the caller doesn't know if they've reached a live line or not.
A personalized Viking Raider takes your package on a saga to your chosen destination, looting and pillaging on the way while yelling battlecries and occasionally throwing an axe.
A girl got lost. She wanted to call her mom, but the girl had left her phone at home. So she went to the library to phone her mom. The librarian refused to let the girl make a call. [N.B. Yes, the librarian got in hot water for that move]
The girl eventually convinced a stranger to let the girl call her mom using the stranger's phone.
The mom, who was frantically trying to locate her daughter, took the call even though it was from an unknown number.
How many people would make an exception in that case of an unknown number calling?
>> The mom, who was frantically trying to locate her daughter, took the call even though it was from an unknown number.
>> How many people would make an exception in that case of an unknown number calling?
Duh! What a stupid question. Almost everyone in extreme distress due to losing their child would take anything, call, stranger knocking at the door, medium talking to the ether. Anything! :)
I get this is an Idiocracy-level type of question: "If you have one bucket that contains 2 gallons and another bucket that contains 7 gallons, how many buckets do you have?"
That's the point - all the people who said, "Not in contact list, do not pickup" (including me), did they think about an exception list?
I know I didn't. Short-sighted reaction after getting inundated with mandarin-speaking spammers.
I don't know what the globally correct answer is. But "never pickup" seems too extreme (even if the person, calling on the unknown number, leaves a voicemail, if you can't reach them with a return call, what then?)
Well at least where I live, the obvious exception to "don't pickup unknown numbers" rule is shipping services. Some of my online orders will arrive by courier and their drivers will call me when they arrive near my flat so I go out and pick my package. Completely unknown random numbers although companies do have the option to associate phone numbers with caller ID so I can see it's a delivery service. But by some reason (cost, convenience, no idea), they don't.
I can usually infer from the fact that I made an online order, sometimes they'll send me an SMS prior to sending but not always. Anyhow I did have my share of picking spam calls because of the necessity to ignore the "no unknowns" rule while expecting a package.
Overall I don't get that many calls yet that I'd have to configure the phone to reject ALL numbers not in the phone book. But call spam is definitely increasing, along with plain scam. I almost got my card stolen by a post office spoofing scam. And recently my bank cancelled my card and had to get a new one after someone from US tried to buy jewelry with it (I live in Romania) - probably leaked from one of the many online services I pay for. Now I switched to single-one-time-use cards from Revolut for all non-recurring payments, unfortunately it's too much of a hassle to do so for recurring ones. And with increasing security vulnerabilities my only protection is separate bank accounts and keeping only small amounts of money on the account linked to the debit card. No credit, only debit.
GenX here and I'm the same - I always hang up on an unknown caller, and consider calling someone without texting first to be rude.
I don't think it's a generation thing, I think it's that what we generally consider normal has changed, but that some people got left behind in the old normal.
It’s definitely not rude to call someone without asking first. If you don’t want to answer the call then don’t and if it’s important I’ll text or leave a voicemail.
I’m saying that if two people have each other in their contacts lists and are on friendly terms, it’s not rude to call them if you need to talk to them.
Maybe I misunderstood, though. Sounds like you were talking about cold calling someone you don’t know. I agree that’s rude if the person is not expecting random inbound calls or isn’t in a professional context were there’s an expectation of receiving a call, and has been for generations.
Yeah, it's subtle. There are friends I can call out of the blue no problem, and others that I definitely need to text first. Generally determined by how well I know them, or in what context I met them. If it's someone I haven't called before, I'd consider it rude to just call them without texting first.
And, obviously, in a work/professional/commercial setting it's always OK to call if they've given you their number. It feels weird, but it's OK.
> I don't think it's a generation thing, I think it's that what we generally consider normal has changed, but that some people got left behind in the old normal.
Isn't that the definition of a "generational thing"?
Now I have to think every time, is this someone I have to text first? Or do they consider texting then calling redundant?
Anyhow, I think both are important communication techniques, adults should be able to do remote direct verbal and async written.
I take "generational" to mean different behavior patterns in different current generations. Of course, behaviors and norms can also change for most people over time.
Delivery drivers/taxis just text me when calling fails. The upsides far outweigh the downsides of blocking all calls not in my contacts. Humans and institutions adapt to new normals. Some just slower than others.
To me the whole system is archaic - i know gen z would never ever take a call from someone they don't know, or even call each other - it's simply not something you do - it would be like reading your spam mails.
And i'm coming to the same conclusion, answering random people is naive.
Practically we need something new though.