FCC closing loophole that gave robocallers easy access to US phone numbers

fne8w2ah@lemmy.world to Technology@lemmy.world – 575 points –
FCC closing loophole that gave robocallers easy access to US phone numbers
arstechnica.com
49

I swear to god I've heard that the telemarketer/robocaller problem is finally solved like ten times over the course of my life.

You build a 10 foot high wall, they will build an 11 foot ladder. Stir/shaken was good for like 6 months before spam callers were able to bypass that security measure.

If only the phone system in the US, like the rest of the modern world, had robust authentication. It’s all a bit hacked together, much like the solution.

I've been saying for years now that providers should try converting to cert based auth. You get issued a cert with a private key from the provider. You are the only one who can use that number and authenticate to the network with that number.

STIR/SHAKEN had yet to be fully implemented, so while most carriers are now signing calls, almost none are taking action against unsigned calls.

I have hope that it will become a useful tool in the future for blocking spam and even bad carriers who are signing anything and everything.

The one good thing that W did was the do not call registry, that worked for a while at least.

Also then became the best phone number list for scammers

It can be solved with robocallers honeypots

Need to figure out a way to go after posters soliciting this kind of coders in the USA on rentacoder sites, but then there’s the poor coders from other countries who will do it for a few cents on the dollar.

Yeah, same. I'll fuckin' believe it when I see it. Can't tell you how many times I have people tell me about the national do-not-call list as if I haven't been on it already for a decade and scammers and spammers don't respect it anyway and are unpunished for ignoring it.

The existence in the first place of robo-dialing loopholes is criminal, and we ought to be able to prosecute it as such. I have no doubt that FCC leaders have accepted bribes to make everyone's phones shittier.

It would be really nice for everyone if we could get a consistent streak of non-criminals leading the FCC.

The FCC order will take effect 30 days after it's published in the Federal Register. A public draft of the order was released ahead of the FCC meeting.

So bad actors have at least 30 days to pull as much data as they can right now. People who keep their existing phone numbers may very well still be targets of robocalls because a database can be compiled right now, if it hasn't already happened. And unless you change your number and your new number is a currently unassigned number, you could still be targeted, since the number is in a list of phone numbers; your new number just wouldn't be listed as assigned to you. So maybe 10-15% of the people who change their phone numbers will be OK?

these new rules have nothing to do with how the bad guys obtain targets' phone numbers, they're about how they get assigned phone numbers.

It’s tangentially related so I can discuss it.

4 more...

This explains the 4 different "Hey! I got your number at the XX meetup." and "Hey, let's go play golf tomorrow!" type texts ove gotten this week. Trying to validate info.

EDIT: RTFA (says to myself)... this just makes it harder for shell companies to setup shop in the US and get blocks of US numbers to make VOIP calls/texts from. Someone will at least be held accountable, so they have to burn people (in jail) or get fined etc in their home country.

Ive been thinking of changing carriers. may just do this after the 30 days and go for a new number.

I just have any calls that aren't from my contacts forwarded to Google voice using Yet Another Call Blocker.

https://gitlab.com/xynngh/YetAnotherCallBlocker

Besides, I don't use my phone number for calls - that all happens with messengers these days (Telegram, etc), so I know you're a telemarketer anyway.

thats fine for most individuals but hospitals and doctors offices for those with medical issues. Well that makes it hard. They often to not call from the "official number".

Yea, that sucks.

For those I give my Google voice number.

Not an elegant solution, for sure. Fortunately my Healthcare system also uses video calls via their app for security purposes.

Not sure what else can really be done.

oh the word app (assuming cell phone) and me do not mix.

Yea, I hear ya. Lots of shitty apps these days with excessive perms.

I root, run a firewall, and lock the little bastards down. No, you don't get location perms. No, you don't launch at boot, or when I plug in to charge, or when a media button is pressed. So many shitty receiver registrations, and running in the background. Nope, removing that too.

I just don't even want a smart phone. I have one for work because I have to but only work stuff goes on it. Im surprised most will run like that. I have a hard time getting them to run on a tablet.

I can understand the sentiment, for sure.

I just want my pocket computer, with everything controlled by me.

With today's storage capability, I can have all my dictionaries local, I could probably host a decent encyclopedia, and my physiology apps, etc.

Everything else will go through a vpn, with no location/identifiers, etc, being sent.

Lineage with Magisk Root & XPrivacy modules, plus MicroG can do this.

And with self-hosting, I can use messaging apps like Snikket, Litewire, Simplex, etc (the challenge being getting others on board, which is where my self-hosting comes in. I can create accounts for friends/family, and they don't have to do anything).

yeah. One of my dreams is a feature phone with internet tethering capability so I can just use a standard tablet or laptop with it.

Ooh, that's an interesting idea. Not sure if it exists - using my Treo years ago as a Hotspot was pretty challenging, and it was an early smart phone.

Many laptops today have a SIM slot - just get a cheap data plan. You can also get a cell card that plugs into USB. Back in the day we had PCCARD slot cell cards. That was nice.

Xfinity had a deal when we switched from Verizon - a data-only Sim for $10/mo that uses the shared data on our plan. Great for the iPad.

yeah would love to do it though without a smart phone. Oh also im pretty sure it does not exist. I look for something like it every so often. I basically don't bother with a cell phone just use google voice and my work one.

5 more...
5 more...
5 more...
5 more...
5 more...
5 more...
5 more...

Huh. Better than one of my providers that requires Zoom.

5 more...
5 more...
5 more...
5 more...
9 more...

Giant Mug

Remember when like every address in America (including the White House) sent in a letter with the exact same text saying the did not support net neutrality and then when questioned about it the FCC said they were attacked and wiped their servers?

I'm an American living abroad and I use a VoIP service to maintain my US number. It had actually gotten more difficult to do this because of the changes they are making.

A few weeks ago I needed to submit docs proving I was a legitimate business with US tax id and whatnot.. If you don't have that, you have to provide an alternate number from a traditional phone contract of someone who lives in the US. Unless I were to pay for a phone subscription in America, there is no option for an individual to do this independently. I needed to use a family member's number.

My American phone number is very much necessary but I only use it on very rare occasions.. Paying something like $30-40 per month for an American phone contract (that I'll never use) plus the $15-20 per month fee for the voip provider is excessive.

If they just had an id verification system for American citizens and didn't tie it to a domestic account holder, that would be something.

Like my ssn which was stolen in the last decade that I just got back under COVID relief because I couldn’t get it back without stolen copies of prior filings?

Easy access to phone numbers? Did they flash an amnesia light to make them forget how Arabic numerals work? Literally all you have to do is look at a phone book to see what the valid area codes and exchanges are then robodial away.

In the article it's pretty clear they mean US numbers to call from.

Couldn't we just replace phone numbers with IPv6 addresses? Who the fuck uses a POTS landline these days?

Plenty of people for valid reasons, like people on home dialysis, breathing apparatus etc in a rural area that has problems staying on the grid during large storms or drivers hitting a power pole at the end of the nearest road.

This is the best summary I could come up with:


In one of its many attempts to curb robocalls, the Federal Communications Commission said it is making it harder for Voice over Internet Protocol (VoIP) providers to obtain direct access to US telephone numbers.

Before that, they could only get numbers by making a request through a traditional carrier," FCC Chairwoman Jessica Rosenworcel said in a statement for yesterday's commission meeting.

Describing One Owl, the FCC said the company's efforts "to operate under the cloak of ever-changing corporate formations to serve the same dubious clientele demonstrate willful attempts to circumvent the law to originate and carry illegal traffic."

"Right now, it is very easy for bad actors who get caught facilitating illegal robocalls to set up shop under a new name and carry on with business as usual, and these rules will make it harder to do that," Nicholas Garcia, policy counsel for consumer-advocacy group Public Knowledge, told Ars.

Garcia noted that "false or fraudulent registration and compliance reports would be an obvious way for the most dedicated bad actors to circumvent these new rules.

But that itself may provide new avenues for enforcement, and more requirements and friction raise the cost and risks" for VoIP operators that don't follow the rules.


The original article contains 770 words, the summary contains 202 words. Saved 74%. I'm a bot and I'm open source!