As an update to my previous post, there is apparently some movement afoot to implement a method of secure verification of caller ID info. It is similar to how e-mail and websites are encrypted and authenticated, using certificates.
STIR/SHAKEN is a technology standard that incorporates an authentication service, a verification service, and a certificate repository. When a call is made, the authentication certificate issued by the caller's provider is looked up by the recipient's provider, and the call info is verified as being authentic or not.
The standard appears to be designed to be implemented at the service provider level. As I stated previously, carriers will be slow to adopt anything that will cost them money, due to the amount of power they wield, and this case is no exception. The call for them to adopt such a standard was put out by the FCC in 2014. Nonetheless, 5 years later some providers, including Verizon, are going public with announcements that they intend to implement this standard, which would conceivably have a major impact on the type of robocalling - and by extension, the entire robocall industry. By preventing the misuse/abuse of caller ID information, customers can then, in turn, effectively utilize tools such as spam filters to recognize and block calls from spammy sources.
As for when this all happens, Verizon says that in March, 2019 they begin offering their anti-spam service for free for their wire-line customers, which they say supports the STIR/SHAKEN call authentication. Even if you are not a Verizon customer, it is a good thing for it to be adopted by any of the big providers. At worst, it will reduce the cost effectiveness of these robocalls, and the volume will begin to drop, which will affect everyone.
Let's all hope this happens without a hitch, and our telephone infrastructure can become sane again.
Tuesday, February 05, 2019
Wednesday, January 30, 2019
Robocalls are Changing The Way We Use Telephones
If you are over the age of 30, you probably remember, at least at one time, answering the phone with "Hello?" Not as in "Hello (friend's name)", but as in "Hello, who is this?" Well, thanks to caller ID, those days are a distant memory, and thanks to Robocalls, there may soon come a day when you won't even get a phone call from someone you don't know.
Robocalls are massive amounts of unsolicited phone calls, using the help of computer autodialers. For the poor souls who pick them up (usually the most vulnerable demographic, such as the elderly), a sales call for life insurance, extended car warranties, vacation package, or a fraudulent business proposal awaits them. Many calls even use recorders in order to commit identity theft.
The concept of these calls are nothing new, but the sheer volume of them, and growth rate are staggering. Many Americans complain of getting dozens of calls a day, such as the ones in this Reddit Thread.
They go on to say that it is "prohibited to present misleading or inaccurate caller ID information with the intent to defraud, cause harm or wrongly obtain anything of value", and is punishable by a fine of up to $10,000 per violation. They say telemarketers should "Display a telephone number you can call during regular business hours to ask to no longer be called"
However, it's pretty obvious that it's gotten out of hand. As best as I can tell, things start to break down around the following issues:
Robocalls are massive amounts of unsolicited phone calls, using the help of computer autodialers. For the poor souls who pick them up (usually the most vulnerable demographic, such as the elderly), a sales call for life insurance, extended car warranties, vacation package, or a fraudulent business proposal awaits them. Many calls even use recorders in order to commit identity theft.
The concept of these calls are nothing new, but the sheer volume of them, and growth rate are staggering. Many Americans complain of getting dozens of calls a day, such as the ones in this Reddit Thread.
The "Do Not Call List" Does Not
Years ago, congress was roused to deal with this growing problem, so they came up with something called the "Do Not Call Registry". The idea was that every American who didn't want to get unsolicited phone calls from businesses would put their info on this list, and then THE TELEMARKETERS would, before calling you, CHECK TO SEE IF YOU WERE ON THE LIST, and not call you if so. Wow congress, perhaps you should just ask them to send a handwritten note of apology as well. Anyway, that system works about as well as you can guess. In fact, the List, in a sick twist of irony, probably acts as a damned fine source of telephone numbers that have an high likelihood of being answered.
Spoof Your Neighbor
Another thing that has gotten worse, and promises to drive this ship into the ground, is the use of "Neighbor spoofing". This is when the caller changes their caller ID info to be random number, usually one in your state, which theoretically increases the chances that you will pick up. If the caller ID information was consistent, it would be quite trivial to develop a list of calls that have been reported negatively, and compare incoming calls to it. However, the randomization of "Neighbor Spoofing" makes it impossible to detect robocalls with any degree of accuracy, when using the caller ID info alone.Where is the FCC?
At least outwardly, this is an important issue to the FCC. The FCC says,"Unwanted calls – including illegal and spoofed robocalls - are the FCC's top consumer complaint and our top consumer protection priority" - From Consumer Guide on FCC.gov
They go on to say that it is "prohibited to present misleading or inaccurate caller ID information with the intent to defraud, cause harm or wrongly obtain anything of value", and is punishable by a fine of up to $10,000 per violation. They say telemarketers should "Display a telephone number you can call during regular business hours to ask to no longer be called"
- The FCC seems to believe that most people NEED to present alternate caller ID info in order to conduct legitimate business over the phone, and that this needs to be protected. Their statement on third party services and apps that attempt to surmount the impossible problem of robocall attacks suggests that they are almost more concerned for the businesses that call people.
- This term "telemarketers" is a quaint term with a narrow, and probably easily circumvented, definition.
- It is impossible to track, let alone follow up on, all of the violations of these rules. There is a complaint form on the FCC page, but ironically, in order to fill it out, you have to provide info about the caller, which means you need to have answered the call.
A Backwards View
The bottom line is that the whole system seems to rely too much on self-policing. Caller ID spoofing legality (or lack thereof) seems to have very little impact, due to lack of enforcement. The government wants to protect callers, seemingly more than they want to protect the recipients. To me that is completely backwards. The recipients are the ones who have the most to lose. As usual, the government is bought and paid for by businesses, and they want to be able to call people and make sales.
The solution is: Eliminate (or demote calls with) spoofed caller ID. Caller ID info sent by callers must be verified and consistent. This is similar to how email works. Servers identify themselves to each other, and if they are not verified, no one pays attention to them. The spam is still out there, but it can be classified.
Doing this would require some help from Congress. We need legislation that stops protecting caller ID spoofing, and starts exposing it. Telephone companies needs to require authentic and consistent caller ID info, and provide this info to their customers when calls come to them. It will affect their bottom line, and you can bet they won't do it without a literal act of congress.
But even if you don't have a stomach for my rather socialist point of view, maybe this will speak to you:
If you don't preserve the integrity of the telephone service, people will abandon it.
What does the Ghost-of-Telephone-Future show us? The net effect will be the same. A world where all calls will be subject to white-listing or screening. That means that, the days in which a person or company, with lawful intent, may call someone and speak to them on the first try, are effectively over. We are moving to a system where callers must present some piece of authenticity before the call will be routed. And eventually the robocallers will spoof that too. The telephone system will eventually disintegrate, in favor of chat messaging apps and VOIP services that are not bound by the antiquated limitations and freedoms of the old telephone service. If you think they won't do it, go talk to a 25 year old person. Ask them how often they intentionally use their phone to speak (voice) to another person.
Ironically, this is exactly the scenario the FCC is trying to prevent.
Thursday, January 24, 2019
A Guide to Craigslist Etiquette
In a world where the amount of trash we generate and the cost of living keep going up, while wages and employment opportunities don't, Craigslist is a God send.
One of the perks of living in Vermont is that we have a healthy Craigslist market, with a relatively low scam rate. Sure, I get stood up occasionally, but almost all of the time, if I can actually meet up with someone to make a deal, everything is on the up-and-up. I think this comes from a long tradition of bartering in a state where the climate is rough, and most of it is remote.
In the interest of keeping this market healthy, I thought I would provide a few of my rules and expectations when it comes to buying and selling on Craigslist.
Always
- Deals are cash, and in person
- At an agreed upon meeting location. Must be in a public place unless both parties are comfortable with a house meeting.
As a buyer
- Only talk to local sellers.
- Expect to pay with cash, unless the deal is a barter/trade.
- Expect to do most of the driving, if not all of it. If the seller offers to meet you somewhere closer, they are doing you a favor.
- Be honest about how serious you are, and when you can make an appearance. Don't call at the last minute and cancel/try to reschedule.
- Call/text the seller again when you are leaving to meet them.
- Don't ever assume items will be held for you (but you can ask)
- If the item is sold before you can schedule a meeting, fair's fair.
- Know the market value of what you are trying to buy. If the asking price is significantly below this value, it is at least unbecoming, and at worst, rude, to attempt to negotiate the price even lower.
As a seller
- Only talk to local buyers.
- Be honest about the condition of an item. If you don't know something, say that.
- Ask a fair price. Set an appointment with a potential buyer, and don't sell it to someone else before the meeting.
- Answer contacts in the order they came - first come, first serve.
- Clearly communicate your expectations about how a deal will commence.
- Stay open and transparent with all buyers. Lying or hiding something will only lead to a sour deal.
It is okay to tell someone "well, someone's coming to look at it tonight at 7pm... if it's still available after that, I'll let you know." If you do, keep track, and follow up. It's NOT okay to do this: "someone is coming to look at it tonight at 7pm, but if you get here first, I'll sell it to you."
If in doubt, always stay true to your word.
If you get into a jam, contact all the involved parties and tell them what is happening.
The bottom line is, don't piss off your buyer or seller. There are of course situations where people are crazy and it's unavoidable, but... do unto others. If we all work to keep the market fair, it will stay healthy.
Subscribe to:
Posts (Atom)