AT&T, Comcast Announce Verification Milestone To Help Fight Robocalls (usatoday.com) 90
"The fight against robocalls can even bring telecom rivals together," reports USA Today:
AT&T and Comcast said Wednesday that they can authenticate calls made between the two different phone providers' networks, a potential industry first and the latest in the long-running battle against spam calls... The system, which uses a method developed in recent years, verifies that a legitimate call is being made instead of one that has been spoofed by spammers, scammers or robocallers with a "digital signature." The recipient network then confirms the signature on its side. The companies said consumers will get a notification that a call is verified, but exactly what that will look like is not yet known.
Both AT&T and Comcast will roll out the system to home phone users later this year at no extra charge. AT&T also said it will introduce the feature to its mobile users this year... Other major wireless and traditional home voice providers have pledged support for the verification method, including Verizon, T-Mobile, Sprint, Charter, Cox and Vonage, with several announcing plans to roll out or test the feature in 2019.
The day Comcast and AT&T made their announcement, AT&T's CEO was giving a live interview that was interrupted by a robocall.
Both AT&T and Comcast will roll out the system to home phone users later this year at no extra charge. AT&T also said it will introduce the feature to its mobile users this year... Other major wireless and traditional home voice providers have pledged support for the verification method, including Verizon, T-Mobile, Sprint, Charter, Cox and Vonage, with several announcing plans to roll out or test the feature in 2019.
The day Comcast and AT&T made their announcement, AT&T's CEO was giving a live interview that was interrupted by a robocall.
Re: (Score:1)
Watched Maddow cry like a little girl. Her ratings will surely drop now that she is implicated in the lies and distortions.
Prison is too good for evil media creatures. Time for purge.
Legitimate use (Score:2)
I'm interested how they'll handle legitimate use cases. I call my patients via calling service that spoofs my number to look like my office. If I have to use my genuine cell number I will simply stop communicating this way.
Re: (Score:2)
Re: (Score:2)
Theoretically, yes.... which is why this idea won't work.
The only way I can see to make verified caller ID using the existing phone switching network is via an out-of-band reverse lookup that is done by the receiving phone. It the call is spoofed, then the reverse lookup will end up reaching a phone number other than the one the caller is actually calling from (if any). This would mean that you could only spoof real numbers that the person you are calling could actually call back, and where you actuall
"the one they are calling from" is a problem (Score:2)
> will end up reaching a phone number other than the one the caller is actually calling from (if any).
Your proposal will not work because: ...
F) it relies on first solving the problem, then using the results to solve the problem
The receiving end has no way of knowing which "number they are actually calling from", in general. In fact, there are no such thing as the number they are calling from.
in the industry a phone number is called a DID number. DID stands for Direct INWARD Dial. The destination in ne
Re: (Score:2)
The receiving end does have a way to know that the caller is *CLAIMING* to be calling from.... that's the number that the receiver does a reverse lookup on.
Unless the number that they are spoofing is also controlled by the caller, a reverse lookup on a spoofed number would always fail.
Lookup what? Home address by domain name? (Score:2)
Let's explore your idea. Maybe there is a kernel of a possible idea there; perhaps you just don't know the terminology to express it clearly.
What information, exactly, are you expecting to get from this reverse lookup? I take it the input is the CID (caller ID).
Do you have some idea of what you plan to send this reverse lookup to?
Here's some background information on how the phone system and CID works, using a real example I did for a Coca-Cola facility. Note, btw, that DIDs and bandwidth connections come f
Re: (Score:2)
Yes... the number. Essentially, you basically would be making a kind of special "call" to this number from your own phone, effectively performing a reverse lookup that is completely independent of the incoming phone call. This special call wouldn't be identical to a regular phone call, more resembling a "ping", to use tcp/ip terminology, but the idea would be that a phone line that wasn't actually calling you at the time wouldn't even
Thanks for the explanation. Answer 1 and 10, then (Score:2)
Thanks for the explanation.
You propose to replace the existing world wide phone network with new protocol.
https://craphound.com/spamsolu... [craphound.com]
1, 10, 2 & 9 & 10, none, 1
Re: (Score:2)
Re: (Score:2)
No, I'm pretty sure that backward compatibility could be retained while it is being rolled out.
Caller ID didn't work either until at least the source and destination exchanges had been updated, but phone calls continued to work normally.
Point of fact: can still use a 1980 phone (Score:2)
As a factual point, you can actually still use a 1980 phone, to either make or receive calls. I still have a box of 1980s phone equipment that still works fine. Just because you have caller ID capability does NOT require me to update my stations, my PBX, or anything else in order to call you. You just won't get a caller ID frame if I don't send one, sonon your end it will show up as "unknown".
PS you may use non-caller Id capable (Score:2)
PS if by chance you do network or server admin, you may have a modem you can dial to work on the equipment. (You can't use the network to connect to a router that it down.). If you've ever done that, you've probably used telephone equipment that isn't caller ID capable. Many modems aren't.
The point being - they don't have to be. Caller ID does not and did not require everyone around the world to simultaneously replace everything.
Thanks for the idea, though. We'll put it in the file.
To clarify (Score:3)
To clarify, if I'm understanding your proposal correctly:
In order to make a call and not have it show up as suspicious, the caller would need to both switch their service to handle incoming calls while an outgoing call is ringing, and upgrade their equipment.
The receiving station would otherwise show the call as suspicious. Therefore, upon initial rollout by a station manufacturer, almost all calls would show as suspicious.
Is that correct?
Assuming that's correct, people would quickly learn that all calls th
Re: (Score:2)
Kind of like Caller ID itelf when it was first being rolled out flagged most incoming calls as :"unknown", or "no caller info sent".
No, because it didn't require most callers to chan (Score:2)
Caller ID didn't require most callers to get a second line, so no, most calls showed the number.
But let's pretend it had. In every other case, it would show the caller's number - useful information.
A call-back system could only flag an incoming call as suspicious (after the third ring). Before it is widely adopted, it would flag all calls as suspicious.
If you're going to introduce a new protocol and get everyone to start using it, a certificate works after the first ring, rather than the third.
Again, thank
Re: (Score:2)
No... most calls did not show the number... the separate call display unit I had at the time either said "unknown" or "no caller info sent", with the the area where the phone number itself would appear on the device being blank. Other times, when the number did show up, in the text area for the display, it only showed the city and province or state that the caller was calling from, and not the caller's actual na
That's enhanced caller ID (Score:2)
Name and area is enhanced caller ID, a separate protocol launched several years later. The additional information is fetched via Analog Display Services Interface. It has a lookup delay and is subject to DIP fraud. Anyway that's a different topic than caller ID, which sends the phone number.
> Why do you figure it would take until after the third ring?
The first ring "wakes up" the receiving station. It is then ready to receive the 1500 baud, 450ms FSK caller ID frame. In your proposal, it would then call
Also don't forget the logic error (Score:5, Informative)
Btw before even trying to figure out a technical protocol, don't forget you need to fix the logic. A station is not a DID and a DID is not a station. It *may* be that your station (phone) has a phone number, only one phone number, and you never use call forwarding, and no other phone uses that number. Those things might be true for you today, but those are absolutely not rules in the phone system. Some people DO have call forwarding, and a a lot more.
It's a lot like the name Google.com - that does NOT identify a particular server. A dialed number doesn't identify a particular phone any more than Google.com identifies a particular computer. There are many buildings full of servers, and any request for Google.com will use several randomly selected servers from among thousands.
For example, I volunteer to receive calls for a crisis hotline which gets a few calls per month. The person in need of help calls the crisis number. They know which service they are trying to reach. They have no idea which phones will ring, and they don't care. They are asking for a service (1-800-help), not for a specific device (an IMEI or other station ID).
I'm not always able to answer the phone of course, so the crisis line doesn't just forward the call to my mobile phone. It rings my phone, and while it's ringing my phone if I don't answer within 10 seconds it starts also ringing another volunteer, ten seconds later it adds a third, etc, until someone both answers and presses 1 to accept the call.
Now suppose my phone were to call the person back, asking "did you call Ray's phone?" Their phone has no idea whether they called my phone or not! They called 1-800-help, not "Ray's LG phone, the one he just bought". Their phone has no way of answering that question.
The number you dial doesn't identify a device. "Did you call Ray's mobile" isn't an answerable question.
Similarly, if I miss a call that rings my mobile, I don't know if the caller was calling the crisis line, my business number, or my personal number. Any of those three numbers, identifying three different services, might ring the same device.
So get it out of your head that there is some fixed relationship between a phone and a number that someone can call. There isn't.
Re: (Score:2)
They don't ask "did you call Ray's phone", they ask "did you call 1-800-help", and it may be able to do this even before it finished forwarding the incoming call to the -800 number to your phone.
Re: (Score:2)
Er... no, your phone would ask did the other phone call 1-800 help, not the service that provides the number... I just realized that wouldn't work at all., because the 1-800 help exchange is not physically connected to your phone.
That would mean that the caller has to give you the number it is calling in addition to its own CID info, and then you, as a recognized user of the 1-800 help number, would be able to authenticate the call against one that the 1-800 help number really did forward to you by askin
Re: (Score:2)
> and you would only do this since the 1-800 line is not your actual phone number.
Which if the four numbers that may ring my phone is my "real" number, in your opinion?
Again, there is no fixed mapping between DIDs and stations. When you first start thinking about phones, if you've never used anything more complex than the default Cricket setup it's easy to start off thinking that way, but that in way lays madness. You will drive yourself crazy trying to decide which DID is the "real" or "first" DID for
Re: (Score:2)
If X spoofs, the callback query from Y doesn't end up going to X, and so X has no control over whether the response is going to succeed or fail.
Re: (Score:2)
Nice conspiracy theory, but no.
The only agent that knows who to bill is the one that is directly connected to the caller, but even their own exchange still doesn't have any way to know if the caller is going to route the call through another exchange that will enable them to spoof their number. The end result is that the receiving exchange has no way to currently identify the caller, or know who to bill. They only know the exchange that the number came from, but the call may have been forwarded throu
Re: (Score:2)
I'm interested how they'll handle legitimate use cases.
Why not just make robocalls illegal . . . ? I live in Germany, and get zero robocalls . . . because they are illegal.
All my relatives in the US complain about them . . . nobody seems to like them . . . why it is a problem to make them illegal . . . ?
Oh, maybe the AT&T and their pals who make lots of money the calls . . .
Re: (Score:2)
Enforcement. A switched telephone network does not have any way to verify that a call which is coming in from an exchange that they don't have any control over actually originated in that exchange or was simply being passed along from some other exchange, and so has no possible way to enforce ramifications on someone who fakes a call.
Re: (Score:2)
Re: (Score:3)
Re: (Score:1)
That seems rather a redundant phrase...
Re: (Score:2)
Because this will probably *break* Google Voice or at least make calls show as unverified.
Re: (Score:2)
Because they spoof numbers outside of their network.
You'll note that this new system doesn't mention anything about verifying the caller ID data being sent by the call originator, it only mentions verifying the networks the call traverses.
No, this article doesn't mention it. AT&T's own press release does.
https://about.att.com/story/20... [att.com]
Re: (Score:2)
Fortunately, I only use Google Voice as the recipient of my voicemail, which lets me do things like having separate responses for separate call groups (such as the " This number is no longer in service" message that telemarketers et. al. get.)
Wonderful but I already know when a call is spam (Score:5, Insightful)
I don't want my phone to ring with a little alert that something is a scam. My phone already tells me when something is a potential scam. In fact if its a number I don't recognize, I know that 99 times out of 100 it's a scam. I want my phone not to ring at all. I want the call to get stopped before my phone is even involved. It's not answering a robocall that annoys me, it's having my phone ring in the first place.
There's an app for that (Score:2)
There are a number of apps that do indeed block pam calls from ringing through, two I use are Hiya and NoMoRobo.
I have for a while been mulling over building a regex based one though as it would be lots simpler and probably more effective.
Re: (Score:1)
This is why I love the Do Not Disturb mode in Android Pie (9.0) You can tell it things in great detail like "Don't ring or show a text unless the call is from someone on my contacts (or even a subset)"
It makes all the call block apps that were necessary the past couple years completely unnecessary. I'm sure if I was in Sales or had some other reason to have to answer calls from numbers I don't know it would suck, but I identified early on in my career all the reasons I was NOT EVER going into sales.
Home users versus mobile users (Score:2)
Re: (Score:2)
I don't understand this at all - I am not 85, but I still have a phone, and it's the only thing that works reliably. I have had several cell phones, and even in Silicon Valley, they don't connect at my house reliably, they don't connect at my work (parking lot) reliably, they can't be used in the building at all (prohibited and shielded anyway), they don't work at any hotel I go to. I don't talk while driving, but when I check, they aren't connected when you are on the highway aside from poulated areas. Bas
Re: (Score:2)
Same here...I have a wired home phone for several reasons, including long-duration work- and tech-related calls.
I can't recall the last time I got an actual legit call coming in on it, it's probably been years. The phone (2 lines, actually) are only about ~$10/month so it's not much of a cost.
And I admit that I enjoy driving the phone scammers insane and wasting their time in all sorts of ways. It's fun and I always come away feeling refreshed at having ruined a scammer's morning or whatever.
Re: (Score:1)
I no longer have a landline because for 5 straight years, the only calls that came to it were from scammers, telemarketers and similar filth. I asked myself "Why the fuck am I paying for this?" and I couldn't find an answer, so I got rid of the thing.
Now I do live in a major metro area, and have great signal on my cell.
Your other points about mobile not being reliable in places away from home don't exactly do much to sell the idea that landlines are still relevant. Unless you have one really fucking long co
Re: (Score:2)
I work in telecommunications and can say without hesitation that there's very little new money in actual phone conversations.
Have you noticed that even the bare bones $15 per month cellular plans are either unlimited calls, or have a large bucket of minutes assigned to them?
The cost and profit is so low that it realistically costs more to generate an itemized bill than it does to nickle and dime people for service.
There must be cost involved. (Score:2)
Re: (Score:2)
If it does not cost any money or revenue, there is no incentive for Telco A to be vigilant or sincere in the authentication issue.
They've made a reciprocal agreement. They both get the same thing out of it.
digital signatures (Score:3)
Wow. Its about time. It's been more than 3 years since I started writing online, everywhere I could, and telling every single service provider's support manager I talked to, that they should standardize this exact technology between all carriers. If all device connections into each telecom network were verified in a standard way, and exchanged during handover, this problem would have been solved years ago.
The biggest problem is with the addition of VOIP, the spammers are able to put whatever they want into a database and thus spoof the number at the other end where it goes back into a telcom network. Enforcement of a digital signatures for each device would fix the problem and with that the exchanged caller id, though much larger in size, would finally be useable for something. So, If you think blocking numbers is useful or effective, you are just wasting time. A blocklist is just blocking random phone numbers of honest people who are not actually calling you anyway.
No extra charge to solve the problem they cause? (Score:2)
It's embarrassing that we're in 2019 and we can't authenticate callers. I think it's amazing that we haven't seen some massive DoS type attack because phone providers just trust each other like "Well, you're in the club, you must be legit". So now they're going to solve the problem which is caused by their inadequate system, and do it free of charge? WTF?
Maybe instead there should be a tax on every call which is NOT end-to-end authenticated, and then let the free market take care of things.
Stop "allowing" spoofing, Switch it off. (Score:1)