We really just need telcos to stop allowing caller id spoofing. Doesn’t even need your name, but with a real number we could actually report these scams.
You can still allow people to hide it, but then by default every non-business phone should block calls with hidden numbers.
What ever happened to SHAKEN/STIR? I thought this was supposed to happen 5 years ago. Did they just chicken out on the prospect of actually shutting down telcos sending spam volume? I still get loads of spam phone calls, so clearly something went wrong (or slow enough to be indistinguishable from wrong).
> SHAKEN system, short for Signature-based Handling of Asserted information using toKENs [...]
> The name was inspired by Ian Fleming's character James Bond, who famously prefers his martinis "shaken, not stirred". STIR having existed already, the creators of SHAKEN "tortured the English language until [they] came up with an acronym."
LLMs are really good at making backronyms, in fact it might be one of the things they're best at. Try prompting any soulless overlord with "give me a backronym for <WORD> that relates to <SUBJECT>".
So maybe it's bad backronyms that demonstrate the soul. I don't know who's idea it was to allow a computer to generate whimsy, that should be interdicted by a fourth law of robotics.
I'm not certain, but I think on my phone incoming calls that fail SHAKEN/STIR show the caller id in red rather than black text. I'm on T-Mobile. It also shows "Number Verified" or something like that.
Now that you mention it, I believe I have seen a couple of red flagged calls, but I still get ~3 calls a day from a very aggressive business loan spammer, it's always a new number and never flagged.
Do they actually need to purchase numbers to do that, though?
I always imagined that there are certain shady providers ("grey-market Twilio" sort of idea) that just let you run single outbound call/text requests through a giant pool of numbers shared with other customers of the service. Perhaps specifically a bank of residential numbers plugged into banks of regular cell phones, like a residential IP proxy service provider.
Somebody at some point is purchasing them, probably not the spammers/scammers themselves.
It's very unlikely anybody is placing spam/scam calls with regular cell phones when VoIP numbers are easy and cheap to get, and when VoIP systems are far easier to manage.
Anybody desperate enough to consider telemarketed merchant cash advances (MCAs) should look into them very carefully first. The contracts often have stipulations that allow them to draw money from your bank account at will, penalty interest rates that jump up 400% APR, have been known to use mafia enforcers to violently extract payments, and the list goes on. There was a more perfect union video (titled something about texting back a loan shark) with a bracing, if sensationalized, look at some of the worst ones.
According to a defcon talk, spammers just make sure all their spam gets routed through legacy TDM systems which discard the shaken/stir header because they're too old to support it. The other side then re-adds a "we got this from somewhere that didn't support this header" header.
Easy fix. It should be opt-in to accept a call that is routed through one of these. I know they allow it so some grandma in rural France that still uses a dial phone on a copper line that hasn't been touched since 1962 can call her son in New York, but for the rest of us who are not in that situation, we can just blacklist all those calls and lose nothing. This would even fix spam for the people who opt-in, because so few people have grandmas in rural France that it's not worth it for the spammers to bother anymore.
It is opt/in. There's three categories (according to that defcon talk): call originates from the number it says it does, call originates from our network but we're not sure about the number, and call came to us unverified (only allowed by regulation on legacy links).
Now, operators of those legacy links make A LOT of money for operating them since they carry 100% of the country's spam traffic, and they're not going to shut them down just because you think they should. The government would have to make them do it and they'll pretend upgrading is super expensive.
> call originates from our network but we're not sure about the number, and call came to us unverified
I'm saying these two categories should be denied by default by my telecom provider, and the user must opt-in to receiving them.
> Now, operators of those legacy links make A LOT of money for operating them since they carry 100% of the country's spam traffic, and they're not going to shut them down just because you think they should.
Those operators are not my concern, they can do whatever they want. I want my telecom provider to block unknown/unverified calls by default. I have no reason to ever receive a call from an unverified source. Some people might, because they have business or relatives or whatever in such a region, and they can opt-in to receiving them if so.
> Easy fix. It should be opt-in to accept a call that is routed through one of these.
Easier (and correct) fix: Telecoms operators should not be permitted to provide transit to a call that's routed through one of these.
> I know they allow it so some grandma in rural France that still uses a dial phone on a copper line that hasn't been touched since 1962...
This doesn't make sense. Even my inexpensive Mikrotik switches can augment packets with the ID of the port that they originated from. I do not believe for even a second that Telecoms Grade switching equipment is unable to do the same. The fact that that grandma can send and receive calls tells you that both that that equipment exists and that it knows what port her phone is connected to.
> I do not believe for even a second that Telecoms Grade switching equipment is unable to do the same.
The example should rather have been some telecom carrier in Africa or India. Telco equipment is expensive, the technology is ridiculously complex and getting companies especially in less well-off regions to replace aging stuff and updating it to modern standards is next to impossible. Think about it, the globally connected phone system includes countries where you get 10 GBit/s symmetric fiber in your home and it includes countries where people don't even have running water because they're so poor.
The fact that we in Western countries can have a realtime conversation with someone in the Saharan desert or in an Indian village that requires days worth of travel [1] is nothing short of a miracle.
I am, more in tune with "just get it over with" than ever. Ipv6? 25 years of this crap? should have just said, Jan 1 2001, all routers must support 64 bit ipv4 addresses. Like the chrome HTTPS switch over, JUST DO IT
Just because a call is a spam call doesn't mean it is spoofed. STIR/SHAKEN ends spoofing but anyone can ultimately buy a phone and make calls that are spammy.
Mine literally come from the verified coinbase phone number and say coinbase and everything. If I didn't know for sure they are not calling me I'd think it was real 100%.
Sure, but with phone numbers that can't be spoofed, telcos can terminate service, and filtering technologies can block calls. Spam gets expensive if you have to buy new service every five calls.
Preventing spoofing doesn't have to make spam cost-prohibitive for every spammer to greatly reduce the volume, and it does not interfere with ordinary people obtaining phone service anonymously.
From what I’ve investigated as a recipient of spam calls, I’ve been called from legitimate mobile numbers from my own mobile telco. The only thing that explains that are SIM card banks.
Unfortunately there isn’t an easy way to report abuse to the telcos (and regulators).
STIR/SHAKEN up to this point has only been a self-certification that a telecom company has the right to use a number. What the FCC is trying to do is set up a legal obligation for the STIR/SHAKEN header to match a KYC verified identity.
If the FCC implements this, I expect a lot litigation because of the burden and legal liability this would place on telecom and VOIP companies. There are other less burdensome approaches to preventing spam that the FCC has not tried.
I am constantly amazed how few people understand that preventing spam is below the last thing the FCC is actually interested in.
First of all, the decision makers at the FCC profit from directly from spam, Christ.
Secondly, the indirect value of spam to the FCC is that it helps to justify initiatives to ruin the privacy of ordinary people via the constant push for KYC.
Just like "age verification", Flock cameras, license plate scanners, ubiquitous IoT with microphones and cameras, etc. Governments and corporations both profit from shredding every molecule of your privacy.
The FCC issued a report on this very subject[1]. TLDR, there have been four exceptions to the SHAKEN/STIR requirements:
- Providers that can't afford it implement it
- Non-IP networks
- Small voice service providers that originate calls via satellite using U.S. NANP
- Providers that lack control over the network infrastructure necessary to implement
Nothing is going to change as long as those holes exist.
The can't afford it exception is disappearing soon, as it isn't true for any business. Total setup costs for STIR/SHAKEN are under $2000 these days. Providers that lack control over the network infrastructure (i.e. they don't have the ability to control the stir/shaken headers so by definition they can't spoof numbers) will likely continue to be a thing as changing it would force pretty much every small business in the VOIP industry out of business and allow only large companies to be VOIP service providers.
But that's not a consumer initiative. Advertising can come from all sorts of places that the consumer doesn't like, and in economies where advanced levels of consumer choice are limited to the state bureaucrats.
Medical offices hide their numbers for very good reasons: if you've got an abusive spouse, you often don't want the medical office in your call history. Which results in a lot of very important calls being ignored.
Stopping caller ID spoofing doesn't have to mean caller ID is always enabled. You should be able to make a call with NO caller id, but not a call with somebody else's caller id.
We don't, but the entire world currently does, and the amount of equipment deployed that depends on it is substantial.
I would be willing to bet money that any "better call addressing system" would be a design by committee where this just gets litigated there. And we'd end up with either a system that requires KYC per-call, or has compromises similar to what we're complaining about now.
Having worked with telco companies, 99% of it is "Yeah, but this stuff still works just fine;) And if a government compels us to change our equipment for reasons other than national security, we're going to pitch a fit and demand financial incentives beyond reason." A lot of the pressure to boot Huawei from tech stacks globally ran straight into that wall and flopped. Even with national security at its back.
Considering most of those same telcos are donors and employers of large numbers of people across many constituencies of almost every nation, usually no politician has or is willing to spend political capital to shoot themselves in the foot like that. And no nation with a national telco company runs it well enough to ever even dream of spending money for something like IP addresses, they typically barely keep the lights on.
We were able to tack a bunch of domain and header functionality on top of the email system that helped us know if the sender was authentic which is much more than we can say for the POTS
What valid purpose does hidden numbers have? Government departments in my country hide their caller ID.
I find that abusive on its own but let’s not forget about the fact that now you have victims of domestic violence being forced to answer hidden numbers in case it’s welfare, or the cops, or their abusive spouse.
unfortunately, the grift economy is hyper-meritocratic: If you can figure out a scam and it makes money, who are we, as capitalists, to stop you? You take out the lower rungs of the grift economy, then whose to say who can fleece the tax payer with a repainting of a reflecting pool on tax payer's dime. It's a slippery slope, really.
It's even worse: Since cell phones broadcast your location at all times, this means telling hundreds of companies (and a number of governments) your location at basically all times.
That's already an issue with most cell phones. Making this apply to prepaid phones is even worse.
One thing I wonder is if this is just one step removed from 'Now we know the identity of every user so we can now have both probable cause and verified identity to arrest over statements containing speech we do not like.' "
Like that is Carr's FCC in a nutshell - he wants to control speech by controlling the airwaves. That is a raw fact in his behavior. But when the news stations say the thing they want them to say, what happens next other than slightly extending the definitions of public good to the internet and then restricting speech?
If you have to wonder, you don't need to wonder. So now not only can "antifa"-related speech qualify you as a terrorist (https://www.whitehouse.gov/presidential-actions/2025/09/coun...), now your phone is legally required to track you and report your location at all times. The legal infrastructure is in place to track and bring a wide range of consequences down on just about any and all political enemy, whether that be ruining their life by dragging them through years of criminal charges or simply black-bagging them and whisking them off to a prison for "enemy combatants" without any oversight from a court. All of this is being done in full view of Congress and the Supreme Court, therefore one can only conclude that they are comfortable with and complicit in what is going on.
They won't do that because that'll cause an uproar.
What they'll do, what they always do, what you can see them actively doing (albeit on other policy axis) even at the local government level, is simply scrutinize these people for other laws they've broken or rules they've run afoul of and then enforce the shit out of those.
It's important to remember that Carr is but a bureaucrat doing what he needs to do to make his boss (or, rather, his boss's boss) happy.
We have a real problem with people in government buying into the idea that it's basically a private company set up for the benefit of one man in particular.
> Note: By checking this box, I acknowledge that I am filing a document into an official FCC proceeding. All information submitted, including names and addresses, will be publicly available via the web.
Is there really not a way to submit an express FCC comment that avoids all my personal info being publicly published to the web? Yeesh.
I spend a lot of time filing requests to take down my home address. Most low-hanging fruit options have been scrubbed. I am hesitant to increase the count.
You mean the link between your name and home address? Impossible to scrub. If you're registered to vote, own a home, or many other things, that is legally a matter of public record.
Yes. You need to stand up as a citizen to have the impact (they cross check).
Publication is probably a bit much as a default and chills speech a bit, but it’s also important that the federal register can remain public with all public comment on the web. These are official comments on the record.
Im USA based use prepaid service because I dont want to provide information for a credit check to obtain postpay service.
Theres absolutely no reason for a US based telephony provider to retain the most sensitive PII on their customers.
Every large provider has a history of breaches and selling customer data.
The telephone companies are already tracking, storing, selling; so many data points on their customers.
They cant be trusted with any information.
I got ATT prepaid in January and still had to give my ID, but it was weirdly not upfront but later on when I was trying to actually activate the service. Not sure what the deal is.
Counterpoint: for my part I would like it to be the case that any phone line that can dial or message my phone can be traced back to a known human being who can be held accountable for abuse of that phone line in terms of generating spam, abuse or harassment.
Seems that we can’t both get what we want.
A potential solution is that you get your anonymous phone line but my phone provider simply refuses to let you call me with it.
Of course then we need to extend the same principle to data and to IP traffic originating from your device. If you don’t want to be traceable it seems reasonable that services should have the right to refuse to handle IP traffic you generate.
Would such a half-baked level of network access suit your needs?
Why can't you? They don't want to provide info for a credit check, you want human accountability. All that requires is for them to use a debit card for whatever service (prepaid or postpaid). Law enforcement can trace that if needed. No need for credit checks or really any other information directly in the hands of the telco.
> my phone provider simply refuses to let you call me with it.
I don't think it's necessary to go this far. The provider could indicate something like "CANNOT VERIFY NUMBER". I imagine most people would block such calls.
Isn’t that the same thing? I was making the assumption that the way I would block such calls would be by telling my phone provider they don’t need to route them to me in the first place.
The problem of the government tracking down people for political posts is supposed to be solved by having laws that constrain the government, not by having corporations provide anonymity as a service.
There's no "supposed to" here. Humans, (including governments) are inclined to do bad things; both law and technology are necessary to restrain those tendencies.
People should file comments at that Federal Register link as well as FCC. (The FR is the official way for citizens to comment on proposed agency rulemaking. Since it's independent, it might go farther, but it's worth doing both.)
In my opinion, the real fix to scam, spam, and robocalls is to pass along the REAL(TM) Caller ID information not just the caller ID but the actual billed Caller ID information and allow the recipient easy ways to drop the calls when those two don't match. I don't know exactly the technical details of Stir/Shaken but someone somewhere is paying / getting paid for each call and this information should be transparently available to the call or message recipient. For "legitimate" reasons like doctors or call centers, they should already provide a separate work phone and not make them use their personal line. For leaky carriers, those should be blocked entirely. Nothing good comes from them. Basically what I am suggesting is if the full attestation level ("A-level") is not available, drop those calls and text messages by default unless the customer opts in (I have no idea why anyone would)
I was nodding in agreement, but I realized there must be some catch here. If this was that simple it probably could've been implemented a while ago.
My guess is that there's some requirement that if it's a working number, it must be able to dial emergency services and that's the loophole that's being exploited. So the FCC's answer is if all numbers must work, push the check directly on the subscriber.
In theory, yes. I would hope all the things that are "common sense" and "simple" would have already been implemented. However, as my professor of History from college loved to say "follow the money". If something could be simple and straightforward but is implemented in a convoluted way that is clearly suboptimal, someone somewhere makes more money as a result. It could be as transparent as Google Chrome implementing auto play with a "Media Engagement Index (MEI)", Apple being forced to implement USB-C on the iPhone kicking and screaming, or carriers and large call centers dragging their feet on doing STIR/SHAKEN correctly and passing along the billing information that I will remind you they already have because they like to get paid. So, while we hope common sense previals, at the end of the day, it only does so automatically when it makes business sense.
To your point about emergency services—while it's true that any unactivated phone must be allowed to dial 911, that rule only opens a one-way path to emergency dispatch. It doesn't give a device the ability to place outbound calls to everyday citizens. The real loophole isn't a public safety mandate; it's the wholesale VoIP market.
I mean I think that is ok as long as I explicitly allowed you to.
The problem is, with a phone number anyone can. Phone numbers need to operate more like a shared secret.
I was getting an oil change the other day and the guy asked me for my phone number...
I said why? Do you need to call me?
He said, no we just need it to put in the system and it won't let me proceed without one.
I said ok well here is a fake number since you don't need to contact me.
He was visibily frustrated with me, yet inputed the fake number and it allowed him to proceed.
My point with sharing this story is it seems like we have forgotten as a society what the purpose of the phone number is. Your supposed share it when you want to be able to communicate that's it.
It's turned into a required chokepoint to do anything.
Any particular reason yall can't just argue in court that by creating opportunities for your PII to be stolen your governments (state or federal or both) are actively harming you economically?
Sure, not much money to be had by fighting that fight but basically any PAC should have the means to do this and by claiming money is at stake and not people's actual safety you do have a better chance at this not being dismissed because of how your justice system /is/.
Unless you've had fraud committed against you, that's a hard sell. What dollar figure do you use as the basis? Are you suing for years of credit monitoring? Because that's typically the solution for people who are the victims of PII leaks.
One could argue that it's a failure of law enforcement or telcos or regulators to do enough to prevent fraud and maaaaybe bring a class action or something, but that's a massive stretch.
Given it's a physical impossibility to create an impregnable fortress for your data and said data both already has a dollar amount attached to it in the black market and an obligation to be cared for, the argument could be that the government is setting up companies to lose money unless they too get to sell that data themselves, which regulations -and basic decency- say they can't.
Look, a lot of people make the mistake you're making.
Not every unjust, stupid, or evil thing is illegal.
Even when something is illegal, that doesn't mean you have standing to challenge it in court, or that a given court has jurisdiction to do anything about it.
Courts (theoretically) follow rules. They can't just randomly set things aside without some basis in those rules. Lawsuits are not a magic universal remedy.
You could definitely argue that courts don't always follow rules, and that the Trump administration is doing everything it can to make that worse, but the changes they're making aren't going to work in your favor, because those changes are in the nature of "we can do whatever we want, and fuck the courts if they don't like it".
I mean, ok? Guess the official consensus is all you can do about literally anything that is detrimental to everyone is just sit on your ass and look pretty until it's too late and every asshole who could conceivably benefit from stealing from you is already done.
Well, the assholes currently screwing up the the USA got there by decades of miscellaneous political maneuvers, both fair and foul (most of the fair ones done by an earlier generation), culminating in actually getting elected (basically on a platform of then acting unconstitutionally, because that appealed to enough morons). And the people they replaced also got in through politics.
What they did not do was to sue their way into power. I mean, yes, they used the courts at a few key points, but that wasn't the core of it, and the smart money says they could have done it without, say, Bush v. Gore.
The new court approaches of the 1950s through 1970s were a product of politics way, way more than a driver of it, and so is the present reactionary judicial backlash. In fact, the biggest thing I'd say you could argue was the courts leading, Roe v. Wade, worked for a few decades, but at the same time set up a ton of resentment that was later exploited to help blow up the whole system around it.
And if you go back far enough, you run up against a violent revolution, also not conducted in court. Although even there it's important to remember that revolutions invariably fail if they don't have huge political support first.
So, if you want to actually do something, go elect some politicians who will clean up the mess. By the way, that doesn't just mean going back to the way things were one day before Trump. It means fixing the long-term institutional decay that let Trump and his manipulators cause so much chaos when they happened to win an election with honestly not overwhelming support.
[By the way, I need to edit this: This particular authoritarian move is relatively bipartisan and represents an attitude that's become depressingly common all over the planet. Nonetheless, if you want to do something even about this, the answer is still political.]
Well, I tried to file an FCC comment using the link in the article but reCAPCHA doesn't think I'm a real person. I gave up after about completing about 20 puzzles successfully.
Honestly I'm at the point where I'm like lets just kill the POTS. It makes little sense to me that it's become a sort of user ID for many things, that we have better alternatives (WebRTC, FaceTime et al) that we should push. Like where it currently says "Telephone number" i should be able to put in a URL like "webrtc://<a pseudonym for my IMEI>" (which itself could be a dropdown box for "This device" on the phone itself...)
For example, why isn't it the default that when a telemarketer calls me it's not a video call? And why can't I preview their video stream prior to answering?
I get its "impossible" to make everyone change, but i do think we should push forwards...
IMEI is tied to the physical phone, Facetime is Apple-specific, idk what the webrtc option would be. I'm actually glad phone won as digital ID, not cause it's the best choice but because it could've been a lot worse.
For background on KYC in the banking context @patio11's podcasts and essays are worth consuming:
Patrick: Yes, so "Know Your Customer" (KYC) and "Anti-Money Laundering" (AML)
are mandatory elements of the international compliance regime that have been
in place in the United States since the early 1980s. Over time, this regime
spread globally, largely fueled by the U.S. leveraging the dollar as a tool
of foreign policy—a point where I find myself agreeing with critiques from
the crypto community. Their complaints about this are largely accurate. You
can see this clearly in the documents as these laws were passed and as
supranational bodies increasingly tightened regulations on banking secrecy
havens.
Reading this line in Lopp's article: "FCC even asks whether providers should consult lists of terrorists, terrorist organizations, and “criminal persons” maintained by law enforcement entities," brings to mind McKenzie's work describing the outsourced role of NGO's in vetting banking customers.
KYC and AML are the most blatant attempts at subverting due process I’ve ever seen.
Instead of the government actually trying to catch money laundering, they just make 3rd parties like banks and payment processors judge, jury, executioner. Effectively giving them the power to decide who can do business. And if they decide you can’t, you have no recourse. If the government didn’t give this power to private companies, they would have to prove in court that you are doing something unsavory. And to people saying KYC/AML works, sure. HSBC was laundering billions and these guys know how to get around KYC. You’re just screwing over common people at this point and giving banks and financial institutions power to skirt due process.
"Effectively giving them the power to decide who can do business." well it's giving the government the power to decide who can do business. The banks and merchants already had that power, but now they have additional legal risk of doing business with whoever the govt doesn't like.
Ever since 2020, I've seen more stores that won't take cash, and refuse to go there on principle even if I was going to pay with card anyway.
> the most blatant attempts at subverting due process
This seems so clear to me; KYC is an end run around the constitution.
But how do we stop it? If we legislate "no KYC" then what is my recourse when an imposter empties my accounts? You'd want it to be at least allowed.
But if we allow industry to require KYC "we will only deposit your pay to a verified bank account" then you may end up with de facto KYC if not de jure. But if you tell businesses they may not require it, it enables other kinds of fraud.
Legislation does not constrain people who will to do evil.
Use Monero as much as possible. If enough people adopted it, there's absolutely nothing they could do to stop it short of turning off the internet entirely. Even China, with the strictest internet controls in the world, hasn't managed to stop people paying for banned goods and services in crypto there.
How do you get or spend Monero without KYC? It's illegal to do so without reporting every transaction on your taxes. Maybe you can get away with it for small purchases, but with inflation the way it is, any meaningful purchase pushes you over a tax red flag line. Crypto is dead in the water legally speaking in the US.
I'm all for cryptocurrency as a way to fight both KYC and money-dilution, but it's still not user-friendly. Regular people need a way to clog the gears too.
We're making our law enforcement's job marginally easier, by making the criminals' job infinitely easier by creating millions of juicy PII honeypots.
No, you don't need my phone #, real name, captcha.. if you think you do, realign your incentives, and rethink what else can be used for your real need instead.
Absolutely. And this is why I don't give any business my real name, phone number, or other personal information. Starbucks does not need to know my name or email to make my coffee. If a company insists on an app or some kind of registration, they lose my business, plain and simple.
This means the parents of adult scammers too. Every scammer has a mother and father who are failing them. If they were doing their jobs, this wouldn't be happening.
Yeah if US mail is as spam compromised as it is, you can forget about phone calls ever being cleaned up.
In the era of Target specialized AI that can mimic voices, writing styles, communication is now fundamentally compromised without some sort of actual reform
Let me give you an analogy: Someone keeps blaring an airhorn outside your window at 4am. It's making it difficult for you to sleep. The government, in their bountiful wisdom, decides to hold an emergency meeting, and agrees to pass a law that people need to show an ID to buy an airhorn. You're appalled. This is an invasion of privacy! You protest outside of city hall. You try to get some of your neighbors onboard, but find that they're already protesting! Their protest is demanding that the government do something about the annoying airhorns.
The funny thing is most of the world had already pioneered the airhorn ID long ago. Very few of them saw any decrease in 4 AM airhorn activity, yet some are already well-known to arrest and harass airhorn users to international human rights observers' condemnation.
In theory, it could help. In practice, for KYC to reduce spam and scam calls, FCC would have to be willing to drop hammer big time on people and telcos who allow it to happen. With current political climate in the US, I don't see that happening since companies would scream "Poor pitiful us" and fines would be the cost of doing business.
It did in every other country that did it. What's different about this one? If you get a spam call in Europe from Europe, you call the police and the spammer gets located and punished.
Europe does not consistently have KYC for phone service, at least for mobile connections. Normal phone companies in Ireland don't ask for information when buying SIMs (physical ones, at least). Some eSIM providers in Europe don't ask for information at all, and accept cryptocurrency payments. (I'm also aware that some other European countries have very different requirements, up to actually needing copies of identification.)
More widely, however, there do seem to be differences that I don't know the details of. VOIP seems quite different (I use it for my old phones): DID numbers in the US seem extremely cheap and available instantly, with little information, while European ones seem to have an actual verification process and prices that would make large-scale spamming difficult.
As an additional anecdote, I've never heard of a number-porting/2FA attack using social engineering or other methods in Ireland - but we have our own unique issues now with Robocalls and phishing on WhatsApp and SMS.
You don’t see the harm in requiring telcos - famous for handing over data without warrants or court orders - being forced to have identifying data for every subscriber?
I can think of a half dozen ways that can get abused. Remember that in the states policing is decentralized. There is always some department somewhere willing to abuse their power. Look at how flock has been used to stalk partners, or how geofencing was used to sweep up everyone in the area of a protest, or how stingray is used to listen to all calls in an area. This is opening up avenues of abuse for almost no benefit.
> famous for handing over data without warrants or court orders
More concretely, famous for supplying bulk data to the surveillance industry for a nominal fee. That is ostensibly the goals behind this development - all of these companies demanding phone numbers for "verification" and snake oil "2FA" want to reliably dox 100% of their users rather than just 80%.
Realistically, it is for 99.9% of people who have phones. The 0.1% have to go out of their way to buy, with cash or crypto, prepaid SIM top-ups on flip phones, and by doing so they stand out like a sore thumb.
Back in the days of rotary phones, not only did the phone providers have your name, they even listed it, your home address, and your phone number in the white pages of the phone book, and everyone in town had a copy of it. Before the rise of microcomputers which enabled data tracking and robocalls, which in turn gave rise to demand for privacy from spam, having that information out in public wasn't a problem except for edge cases like domestic abuse victims or people in a witness protection program. The 99.9%, though, are still getting tracked no matter what, and I sometimes wonder if we've sacrificed the convenience and confidence of the phone-book age for an illusion of privacy that relies on anxiety.
I grew up in the phone book age. We had one phone with a really long cable, but it wasn't long enough to take it with me everywhere I went. And, as you point out, nobody had robots to call it, either.
at times? we can't even decide if women are allowed to control their own bodies. we're now open to states stopping people with dark skin from voting, and we have giant internment camps where we keep innocent men, women, children because they have a spanish accent. vaccines are apparently not a worldwide health miracle, education is overrated, we're bringing back jobs in coal and oil, and invading/destabilizing latin american countries is back in vogue. in two years we might be so backwards that women's suffrage becomes questionable (https://en.wikipedia.org/wiki/Democratic_backsliding_in_the_...).
> we're now open to states stopping people with dark skin from voting, and we have giant internment camps where we keep innocent men, women, children because they have a spanish accent.
you weren't aware of the recent revocation of laws that prevent southern states from gerrymandering black communities out of a vote, in addition to voter ID laws?
there are many, many public reports of ICE detaining individuals merely for having a spanish accent. they've detained US citizens multiple times, even deported some, because they were hispanic.
Almost no one has physical phone lines anymore. It also used to be a given because they had to send a physical paper bill to someone, and hence needed an address.
Neither of these are true anymore.
Also, the tone is set from the top.
Do you think the current admin cares about actually tackling fraud and abuse?
"Call to Action" is a needlessly impotent threat. Like high school students walking out of their own lunch period to protest the loss of salisbury steak on the menu.
Most major telcos worldwide outside the US have strict KYC rules, this is not a battle you are going to win, because there are very few legitimate reasons in support.
We really just need telcos to stop allowing caller id spoofing. Doesn’t even need your name, but with a real number we could actually report these scams.
You can still allow people to hide it, but then by default every non-business phone should block calls with hidden numbers.
What ever happened to SHAKEN/STIR? I thought this was supposed to happen 5 years ago. Did they just chicken out on the prospect of actually shutting down telcos sending spam volume? I still get loads of spam phone calls, so clearly something went wrong (or slow enough to be indistinguishable from wrong).
I love a good tortured acronym:
> SHAKEN system, short for Signature-based Handling of Asserted information using toKENs [...]
> The name was inspired by Ian Fleming's character James Bond, who famously prefers his martinis "shaken, not stirred". STIR having existed already, the creators of SHAKEN "tortured the English language until [they] came up with an acronym."
https://en.wikipedia.org/wiki/STIR/SHAKEN
(Unrelatedly, seeing a slash used casually within the URL slug feels so wrong)
I like backronyms because it tells me someone with a soul was involved
LLMs are really good at making backronyms, in fact it might be one of the things they're best at. Try prompting any soulless overlord with "give me a backronym for <WORD> that relates to <SUBJECT>".
So maybe it's bad backronyms that demonstrate the soul. I don't know who's idea it was to allow a computer to generate whimsy, that should be interdicted by a fourth law of robotics.
I'm not certain, but I think on my phone incoming calls that fail SHAKEN/STIR show the caller id in red rather than black text. I'm on T-Mobile. It also shows "Number Verified" or something like that.
Now that you mention it, I believe I have seen a couple of red flagged calls, but I still get ~3 calls a day from a very aggressive business loan spammer, it's always a new number and never flagged.
That's because they are bulk purchasing numbers from voip providers, cycling through probably hundreds per day.
Do they actually need to purchase numbers to do that, though?
I always imagined that there are certain shady providers ("grey-market Twilio" sort of idea) that just let you run single outbound call/text requests through a giant pool of numbers shared with other customers of the service. Perhaps specifically a bank of residential numbers plugged into banks of regular cell phones, like a residential IP proxy service provider.
Somebody at some point is purchasing them, probably not the spammers/scammers themselves.
It's very unlikely anybody is placing spam/scam calls with regular cell phones when VoIP numbers are easy and cheap to get, and when VoIP systems are far easier to manage.
Anybody desperate enough to consider telemarketed merchant cash advances (MCAs) should look into them very carefully first. The contracts often have stipulations that allow them to draw money from your bank account at will, penalty interest rates that jump up 400% APR, have been known to use mafia enforcers to violently extract payments, and the list goes on. There was a more perfect union video (titled something about texting back a loan shark) with a bracing, if sensationalized, look at some of the worst ones.
According to a defcon talk, spammers just make sure all their spam gets routed through legacy TDM systems which discard the shaken/stir header because they're too old to support it. The other side then re-adds a "we got this from somewhere that didn't support this header" header.
> legacy TDM systems
Easy fix. It should be opt-in to accept a call that is routed through one of these. I know they allow it so some grandma in rural France that still uses a dial phone on a copper line that hasn't been touched since 1962 can call her son in New York, but for the rest of us who are not in that situation, we can just blacklist all those calls and lose nothing. This would even fix spam for the people who opt-in, because so few people have grandmas in rural France that it's not worth it for the spammers to bother anymore.
It is opt/in. There's three categories (according to that defcon talk): call originates from the number it says it does, call originates from our network but we're not sure about the number, and call came to us unverified (only allowed by regulation on legacy links).
Now, operators of those legacy links make A LOT of money for operating them since they carry 100% of the country's spam traffic, and they're not going to shut them down just because you think they should. The government would have to make them do it and they'll pretend upgrading is super expensive.
> call originates from our network but we're not sure about the number, and call came to us unverified
I'm saying these two categories should be denied by default by my telecom provider, and the user must opt-in to receiving them.
> Now, operators of those legacy links make A LOT of money for operating them since they carry 100% of the country's spam traffic, and they're not going to shut them down just because you think they should.
Those operators are not my concern, they can do whatever they want. I want my telecom provider to block unknown/unverified calls by default. I have no reason to ever receive a call from an unverified source. Some people might, because they have business or relatives or whatever in such a region, and they can opt-in to receiving them if so.
Sure, but why do I care? Let them run the legacy links. Just don't make my phone ring.
> Easy fix. It should be opt-in to accept a call that is routed through one of these.
Easier (and correct) fix: Telecoms operators should not be permitted to provide transit to a call that's routed through one of these.
> I know they allow it so some grandma in rural France that still uses a dial phone on a copper line that hasn't been touched since 1962...
This doesn't make sense. Even my inexpensive Mikrotik switches can augment packets with the ID of the port that they originated from. I do not believe for even a second that Telecoms Grade switching equipment is unable to do the same. The fact that that grandma can send and receive calls tells you that both that that equipment exists and that it knows what port her phone is connected to.
> I do not believe for even a second that Telecoms Grade switching equipment is unable to do the same
Mikrotik is a young spring chick compared to the dinosaurs in telecom.
> I do not believe for even a second that Telecoms Grade switching equipment is unable to do the same.
The example should rather have been some telecom carrier in Africa or India. Telco equipment is expensive, the technology is ridiculously complex and getting companies especially in less well-off regions to replace aging stuff and updating it to modern standards is next to impossible. Think about it, the globally connected phone system includes countries where you get 10 GBit/s symmetric fiber in your home and it includes countries where people don't even have running water because they're so poor.
The fact that we in Western countries can have a realtime conversation with someone in the Saharan desert or in an Indian village that requires days worth of travel [1] is nothing short of a miracle.
[1] https://www.aljazeera.com/gallery/2024/5/8/an-election-booth...
I am, more in tune with "just get it over with" than ever. Ipv6? 25 years of this crap? should have just said, Jan 1 2001, all routers must support 64 bit ipv4 addresses. Like the chrome HTTPS switch over, JUST DO IT
You mean 128 bit? That's called ipv6. It's ipv4 with 128 bit addresses.
Just because a call is a spam call doesn't mean it is spoofed. STIR/SHAKEN ends spoofing but anyone can ultimately buy a phone and make calls that are spammy.
Spoofing isn’t ended at all
Almost every spam call has that I get, is spoofed.
Someone here explained it, once.
I think the spoofed calls use a legacy transport tech that can’t be forced to validate.
Can't that legacy transport be blocked / not-be-peered with then? That's what usually happens with old insecure tech that is being phased out.
How do you verify it is spoofed? Have you asked your carrier to drop unverified calls from your service?
> How do you verify it is spoofed?
Not my job to "verify," in the technical sense.
When a call for an Indian crypto pump comes in as "SMITH, ROBERT", and a local exchange, I call that "spoofed."
Mine literally come from the verified coinbase phone number and say coinbase and everything. If I didn't know for sure they are not calling me I'd think it was real 100%.
Sure, but with phone numbers that can't be spoofed, telcos can terminate service, and filtering technologies can block calls. Spam gets expensive if you have to buy new service every five calls.
It does. But the spammers still do it. Because eventually they hit one person who gives them a thousand dollars or whatever and it pays off.
Preventing spoofing doesn't have to make spam cost-prohibitive for every spammer to greatly reduce the volume, and it does not interfere with ordinary people obtaining phone service anonymously.
Nobody is making spam calls with cell phones. Spammers use VOIP services and old TDM systems.
There’s SIM card banks for SMS spam… I’d be surprised if there wasn’t anything similar for calling. Not that I support this bill but it is a thing.
From what I’ve investigated as a recipient of spam calls, I’ve been called from legitimate mobile numbers from my own mobile telco. The only thing that explains that are SIM card banks.
Unfortunately there isn’t an easy way to report abuse to the telcos (and regulators).
STIR/SHAKEN up to this point has only been a self-certification that a telecom company has the right to use a number. What the FCC is trying to do is set up a legal obligation for the STIR/SHAKEN header to match a KYC verified identity.
If the FCC implements this, I expect a lot litigation because of the burden and legal liability this would place on telecom and VOIP companies. There are other less burdensome approaches to preventing spam that the FCC has not tried.
I am constantly amazed how few people understand that preventing spam is below the last thing the FCC is actually interested in.
First of all, the decision makers at the FCC profit from directly from spam, Christ.
Secondly, the indirect value of spam to the FCC is that it helps to justify initiatives to ruin the privacy of ordinary people via the constant push for KYC.
Just like "age verification", Flock cameras, license plate scanners, ubiquitous IoT with microphones and cameras, etc. Governments and corporations both profit from shredding every molecule of your privacy.
The FCC issued a report on this very subject[1]. TLDR, there have been four exceptions to the SHAKEN/STIR requirements:
- Providers that can't afford it implement it - Non-IP networks - Small voice service providers that originate calls via satellite using U.S. NANP - Providers that lack control over the network infrastructure necessary to implement
Nothing is going to change as long as those holes exist.
1: https://docs.fcc.gov/public/attachments/DOC-416732A1.pdf
The can't afford it exception is disappearing soon, as it isn't true for any business. Total setup costs for STIR/SHAKEN are under $2000 these days. Providers that lack control over the network infrastructure (i.e. they don't have the ability to control the stir/shaken headers so by definition they can't spoof numbers) will likely continue to be a thing as changing it would force pretty much every small business in the VOIP industry out of business and allow only large companies to be VOIP service providers.
> I thought this was supposed to happen 5 years ago. Did they just chicken out on the prospect of actually shutting down telcos sending spam volume?
It would certainly hurt a consumption-based economy, for starters.
Why would that hurt a consumption-based economy?
Telcos make money off of scammer activity.
Maybe in the same way that Office Depot makes money on the envelopes used in mail fraud
It's a vector for advertising.
But that's not a consumer initiative. Advertising can come from all sorts of places that the consumer doesn't like, and in economies where advanced levels of consumer choice are limited to the state bureaucrats.
Medical offices hide their numbers for very good reasons: if you've got an abusive spouse, you often don't want the medical office in your call history. Which results in a lot of very important calls being ignored.
Stopping caller ID spoofing doesn't have to mean caller ID is always enabled. You should be able to make a call with NO caller id, but not a call with somebody else's caller id.
Unless I'm missing something, this doesn't seem hard to fix: just let users decide whether hidden numbers should be ignored or received.
Doesn't that make it more likely people are going to miss important calls from their Doctor's office?
and cut off a million dollar annum laundering scheme to provide such service to the scammer networks? nah... they would never.
This is already not allowed.
If your carrier accepts a spoofed call they're already violating FCC recommendations.
Recommendations aren't requirements; you're allowed to violate them.
Of course
Why do we even need to run on the 20th century system of numbers anyways? Why is there not a better call addressing system?
We don't, but the entire world currently does, and the amount of equipment deployed that depends on it is substantial.
I would be willing to bet money that any "better call addressing system" would be a design by committee where this just gets litigated there. And we'd end up with either a system that requires KYC per-call, or has compromises similar to what we're complaining about now.
Having worked with telco companies, 99% of it is "Yeah, but this stuff still works just fine;) And if a government compels us to change our equipment for reasons other than national security, we're going to pitch a fit and demand financial incentives beyond reason." A lot of the pressure to boot Huawei from tech stacks globally ran straight into that wall and flopped. Even with national security at its back.
Considering most of those same telcos are donors and employers of large numbers of people across many constituencies of almost every nation, usually no politician has or is willing to spend political capital to shoot themselves in the foot like that. And no nation with a national telco company runs it well enough to ever even dream of spending money for something like IP addresses, they typically barely keep the lights on.
I suppose you'd like to replace it with Email since that doesn't have any spam, hmm?
We were able to tack a bunch of domain and header functionality on top of the email system that helped us know if the sender was authentic which is much more than we can say for the POTS
Because the concept of numbers is so heavily baked into many systems. Momentum is a beast.
What valid purpose does hidden numbers have? Government departments in my country hide their caller ID.
I find that abusive on its own but let’s not forget about the fact that now you have victims of domestic violence being forced to answer hidden numbers in case it’s welfare, or the cops, or their abusive spouse.
Calling in an anonymous tip to the police and such.
I’d say to use a payphone if you need to do that, but then my age is showing, as this is not possible anymore.
unfortunately, the grift economy is hyper-meritocratic: If you can figure out a scam and it makes money, who are we, as capitalists, to stop you? You take out the lower rungs of the grift economy, then whose to say who can fleece the tax payer with a repainting of a reflecting pool on tax payer's dime. It's a slippery slope, really.
It's even worse: Since cell phones broadcast your location at all times, this means telling hundreds of companies (and a number of governments) your location at basically all times.
That's already an issue with most cell phones. Making this apply to prepaid phones is even worse.
One thing I wonder is if this is just one step removed from 'Now we know the identity of every user so we can now have both probable cause and verified identity to arrest over statements containing speech we do not like.' "
Like that is Carr's FCC in a nutshell - he wants to control speech by controlling the airwaves. That is a raw fact in his behavior. But when the news stations say the thing they want them to say, what happens next other than slightly extending the definitions of public good to the internet and then restricting speech?
If you have to wonder, you don't need to wonder. So now not only can "antifa"-related speech qualify you as a terrorist (https://www.whitehouse.gov/presidential-actions/2025/09/coun...), now your phone is legally required to track you and report your location at all times. The legal infrastructure is in place to track and bring a wide range of consequences down on just about any and all political enemy, whether that be ruining their life by dragging them through years of criminal charges or simply black-bagging them and whisking them off to a prison for "enemy combatants" without any oversight from a court. All of this is being done in full view of Congress and the Supreme Court, therefore one can only conclude that they are comfortable with and complicit in what is going on.
Are you trying to imply that there isn’t coordinated attacks by fringe groups just because they’re leftist?
They won't do that because that'll cause an uproar.
What they'll do, what they always do, what you can see them actively doing (albeit on other policy axis) even at the local government level, is simply scrutinize these people for other laws they've broken or rules they've run afoul of and then enforce the shit out of those.
It's important to remember that Carr is but a bureaucrat doing what he needs to do to make his boss (or, rather, his boss's boss) happy.
We have a real problem with people in government buying into the idea that it's basically a private company set up for the benefit of one man in particular.
Apple has implemented a mitigation for this in their new modems, but unfortunately its a carrier opt-in, so only actually useful in Europe.
https://www.pcmag.com/news/apple-expands-this-location-focus...
"Downstream collection" would have a field day with this data.
> Note: By checking this box, I acknowledge that I am filing a document into an official FCC proceeding. All information submitted, including names and addresses, will be publicly available via the web.
Is there really not a way to submit an express FCC comment that avoids all my personal info being publicly published to the web? Yeesh.
Think of it like a petition or testifying before Congress. The whole point is that you are putting your real name behind it.
And if you think your name and address are private, then I have some bad news for you.
I spend a lot of time filing requests to take down my home address. Most low-hanging fruit options have been scrubbed. I am hesitant to increase the count.
You mean the link between your name and home address? Impossible to scrub. If you're registered to vote, own a home, or many other things, that is legally a matter of public record.
Some people put their home in a trust to avoid this, and not everyone registers to vote.
Username checks out
Yes. You need to stand up as a citizen to have the impact (they cross check).
Publication is probably a bit much as a default and chills speech a bit, but it’s also important that the federal register can remain public with all public comment on the web. These are official comments on the record.
call your congress critter instead
what, they keep no records, or as lege branch they aren't foi-able so you won't ever know if they do or not?
They aren't publishing them on the web.
They probably do keep records, but something doesn't have to be perfect in order to be better.
Im USA based use prepaid service because I dont want to provide information for a credit check to obtain postpay service. Theres absolutely no reason for a US based telephony provider to retain the most sensitive PII on their customers. Every large provider has a history of breaches and selling customer data. The telephone companies are already tracking, storing, selling; so many data points on their customers. They cant be trusted with any information.
My primary phone number has been a Google Voice account since 2010.
It's unclear to me how I'd be impacted by these new rules, but I don't believe there's any requirement to provide PII to get a VOIP number.
Google Voice now requires identity verification for new numbers or porting a number into an account that does not have a number assigned: https://support.google.com/voice/answer/16768664
I got ATT prepaid in January and still had to give my ID, but it was weirdly not upfront but later on when I was trying to actually activate the service. Not sure what the deal is.
Counterpoint: for my part I would like it to be the case that any phone line that can dial or message my phone can be traced back to a known human being who can be held accountable for abuse of that phone line in terms of generating spam, abuse or harassment.
Seems that we can’t both get what we want.
A potential solution is that you get your anonymous phone line but my phone provider simply refuses to let you call me with it.
Of course then we need to extend the same principle to data and to IP traffic originating from your device. If you don’t want to be traceable it seems reasonable that services should have the right to refuse to handle IP traffic you generate.
Would such a half-baked level of network access suit your needs?
> Seems that we can’t both get what we want.
Why can't you? They don't want to provide info for a credit check, you want human accountability. All that requires is for them to use a debit card for whatever service (prepaid or postpaid). Law enforcement can trace that if needed. No need for credit checks or really any other information directly in the hands of the telco.
This is an argument in favor of KYC requirements for telcos, just that it assumes they can outsource it to banks.
Indeed. Given the KYC requirements for getting a credit card, it seems that paying with a credit card should confer traceability for LE.
> my phone provider simply refuses to let you call me with it.
I don't think it's necessary to go this far. The provider could indicate something like "CANNOT VERIFY NUMBER". I imagine most people would block such calls.
Isn’t that the same thing? I was making the assumption that the way I would block such calls would be by telling my phone provider they don’t need to route them to me in the first place.
It should show up as anonymous. And you should have a setting: allow anonymous calls y/n
.. precisely what I asked for?
I would like any message that is spam to be able to be traced back to the offending human.
I would like anonymous political posts to be untraceable by the government.
I can't even get all of what I want.
The problem of the government tracking down people for political posts is supposed to be solved by having laws that constrain the government, not by having corporations provide anonymity as a service.
There's no "supposed to" here. Humans, (including governments) are inclined to do bad things; both law and technology are necessary to restrain those tendencies.
They would do well to make a better CTA for their call to action. Here's the link from the article:
https://www.federalregister.gov/documents/2026/05/26/2026-10...
I think that gets you most of the way to a link that somebody on HN dropped a few days ago:
https://www.fcc.gov/ecfs/filings/express
It requires the docket-id to complete:
Docket No: 17-59
You can double check that Docket Number here: https://www.fcc.gov/document/fcc-seeks-comment-enhanced-know...
People should file comments at that Federal Register link as well as FCC. (The FR is the official way for citizens to comment on proposed agency rulemaking. Since it's independent, it might go farther, but it's worth doing both.)
In my opinion, the real fix to scam, spam, and robocalls is to pass along the REAL(TM) Caller ID information not just the caller ID but the actual billed Caller ID information and allow the recipient easy ways to drop the calls when those two don't match. I don't know exactly the technical details of Stir/Shaken but someone somewhere is paying / getting paid for each call and this information should be transparently available to the call or message recipient. For "legitimate" reasons like doctors or call centers, they should already provide a separate work phone and not make them use their personal line. For leaky carriers, those should be blocked entirely. Nothing good comes from them. Basically what I am suggesting is if the full attestation level ("A-level") is not available, drop those calls and text messages by default unless the customer opts in (I have no idea why anyone would)
I was nodding in agreement, but I realized there must be some catch here. If this was that simple it probably could've been implemented a while ago.
My guess is that there's some requirement that if it's a working number, it must be able to dial emergency services and that's the loophole that's being exploited. So the FCC's answer is if all numbers must work, push the check directly on the subscriber.
In theory, yes. I would hope all the things that are "common sense" and "simple" would have already been implemented. However, as my professor of History from college loved to say "follow the money". If something could be simple and straightforward but is implemented in a convoluted way that is clearly suboptimal, someone somewhere makes more money as a result. It could be as transparent as Google Chrome implementing auto play with a "Media Engagement Index (MEI)", Apple being forced to implement USB-C on the iPhone kicking and screaming, or carriers and large call centers dragging their feet on doing STIR/SHAKEN correctly and passing along the billing information that I will remind you they already have because they like to get paid. So, while we hope common sense previals, at the end of the day, it only does so automatically when it makes business sense.
To your point about emergency services—while it's true that any unactivated phone must be allowed to dial 911, that rule only opens a one-way path to emergency dispatch. It doesn't give a device the ability to place outbound calls to everyday citizens. The real loophole isn't a public safety mandate; it's the wholesale VoIP market.
They make too much money from the spammers. Who wants to cut out such a large revenue stream?
We just need a new phone system where 'phone numbers' are designed to be disposable.
Phone numbers were designed with the idea that they need to be easily memorizable in your head but I don't think that's really needed today.
At any moment I should be able to discard my contact and redistribute it on my own.
The idea that old numbers get recycled is completely ridiculous as well.
We need to get rid of phones straight up. No one should be able to interrupt someone else by randomly ringing them and demanding attention.
I mean I think that is ok as long as I explicitly allowed you to.
The problem is, with a phone number anyone can. Phone numbers need to operate more like a shared secret.
I was getting an oil change the other day and the guy asked me for my phone number...
I said why? Do you need to call me?
He said, no we just need it to put in the system and it won't let me proceed without one.
I said ok well here is a fake number since you don't need to contact me.
He was visibily frustrated with me, yet inputed the fake number and it allowed him to proceed.
My point with sharing this story is it seems like we have forgotten as a society what the purpose of the phone number is. Your supposed share it when you want to be able to communicate that's it.
It's turned into a required chokepoint to do anything.
You can trivially accomplish this under the current system. There is no need for a change that imposes your preferences on everyone.
Do tell for a laymen like me.
Cancel your phone service and then no one can call you or interrupt you. Set it to Do Not Disturb. You got multiple choices.
How about instead we do "know your company" and consumers get intel about the ones doing the calls?
Any particular reason yall can't just argue in court that by creating opportunities for your PII to be stolen your governments (state or federal or both) are actively harming you economically?
Sure, not much money to be had by fighting that fight but basically any PAC should have the means to do this and by claiming money is at stake and not people's actual safety you do have a better chance at this not being dismissed because of how your justice system /is/.
Unless you've had fraud committed against you, that's a hard sell. What dollar figure do you use as the basis? Are you suing for years of credit monitoring? Because that's typically the solution for people who are the victims of PII leaks.
One could argue that it's a failure of law enforcement or telcos or regulators to do enough to prevent fraud and maaaaybe bring a class action or something, but that's a massive stretch.
Given it's a physical impossibility to create an impregnable fortress for your data and said data both already has a dollar amount attached to it in the black market and an obligation to be cared for, the argument could be that the government is setting up companies to lose money unless they too get to sell that data themselves, which regulations -and basic decency- say they can't.
https://www.newsnationnow.com/business/your-money/annoyance-...
Suggest phone scams are a $26 B per year industry.
The government is allowed to create regulations that harm people economically. Not much money to be had by instantly losing that fight.
Do those regulations often involve the creation and protection of the profit motive for foreign black markets?
Sometimes. Your point?
Here: https://news.ycombinator.com/item?id=48505550 glad to help
Look, a lot of people make the mistake you're making.
Not every unjust, stupid, or evil thing is illegal.
Even when something is illegal, that doesn't mean you have standing to challenge it in court, or that a given court has jurisdiction to do anything about it.
Courts (theoretically) follow rules. They can't just randomly set things aside without some basis in those rules. Lawsuits are not a magic universal remedy.
You could definitely argue that courts don't always follow rules, and that the Trump administration is doing everything it can to make that worse, but the changes they're making aren't going to work in your favor, because those changes are in the nature of "we can do whatever we want, and fuck the courts if they don't like it".
I mean, ok? Guess the official consensus is all you can do about literally anything that is detrimental to everyone is just sit on your ass and look pretty until it's too late and every asshole who could conceivably benefit from stealing from you is already done.
The true american dream.
Well, the assholes currently screwing up the the USA got there by decades of miscellaneous political maneuvers, both fair and foul (most of the fair ones done by an earlier generation), culminating in actually getting elected (basically on a platform of then acting unconstitutionally, because that appealed to enough morons). And the people they replaced also got in through politics.
What they did not do was to sue their way into power. I mean, yes, they used the courts at a few key points, but that wasn't the core of it, and the smart money says they could have done it without, say, Bush v. Gore.
The new court approaches of the 1950s through 1970s were a product of politics way, way more than a driver of it, and so is the present reactionary judicial backlash. In fact, the biggest thing I'd say you could argue was the courts leading, Roe v. Wade, worked for a few decades, but at the same time set up a ton of resentment that was later exploited to help blow up the whole system around it.
And if you go back far enough, you run up against a violent revolution, also not conducted in court. Although even there it's important to remember that revolutions invariably fail if they don't have huge political support first.
So, if you want to actually do something, go elect some politicians who will clean up the mess. By the way, that doesn't just mean going back to the way things were one day before Trump. It means fixing the long-term institutional decay that let Trump and his manipulators cause so much chaos when they happened to win an election with honestly not overwhelming support.
[By the way, I need to edit this: This particular authoritarian move is relatively bipartisan and represents an attitude that's become depressingly common all over the planet. Nonetheless, if you want to do something even about this, the answer is still political.]
Well, I tried to file an FCC comment using the link in the article but reCAPCHA doesn't think I'm a real person. I gave up after about completing about 20 puzzles successfully.
Our democracy in action.
Honestly I'm at the point where I'm like lets just kill the POTS. It makes little sense to me that it's become a sort of user ID for many things, that we have better alternatives (WebRTC, FaceTime et al) that we should push. Like where it currently says "Telephone number" i should be able to put in a URL like "webrtc://<a pseudonym for my IMEI>" (which itself could be a dropdown box for "This device" on the phone itself...)
For example, why isn't it the default that when a telemarketer calls me it's not a video call? And why can't I preview their video stream prior to answering?
I get its "impossible" to make everyone change, but i do think we should push forwards...
IMEI is tied to the physical phone, Facetime is Apple-specific, idk what the webrtc option would be. I'm actually glad phone won as digital ID, not cause it's the best choice but because it could've been a lot worse.
Careful, you are one capital letter 'U' away from having the FBI, NSA, SWAT team at your door!
And how exactly are they going/hoping to do that with GV?
For background on KYC in the banking context @patio11's podcasts and essays are worth consuming:
https://www.complexsystemspodcast.com/episodes/true-crime-ba...https://www.bitsaboutmoney.com/archive/kyc-and-aml-beyond-th...
Reading this line in Lopp's article: "FCC even asks whether providers should consult lists of terrorists, terrorist organizations, and “criminal persons” maintained by law enforcement entities," brings to mind McKenzie's work describing the outsourced role of NGO's in vetting banking customers.
https://www.bitsaboutmoney.com/archive/nonprofit-indicted-ba...
https://www.complexsystemspodcast.com/episodes/splc-financia...
https://www.complexsystemspodcast.com/episodes/defendant-cen...
KYC == ''Know Your Customer''
KYC and AML are the most blatant attempts at subverting due process I’ve ever seen.
Instead of the government actually trying to catch money laundering, they just make 3rd parties like banks and payment processors judge, jury, executioner. Effectively giving them the power to decide who can do business. And if they decide you can’t, you have no recourse. If the government didn’t give this power to private companies, they would have to prove in court that you are doing something unsavory. And to people saying KYC/AML works, sure. HSBC was laundering billions and these guys know how to get around KYC. You’re just screwing over common people at this point and giving banks and financial institutions power to skirt due process.
"Effectively giving them the power to decide who can do business." well it's giving the government the power to decide who can do business. The banks and merchants already had that power, but now they have additional legal risk of doing business with whoever the govt doesn't like.
Ever since 2020, I've seen more stores that won't take cash, and refuse to go there on principle even if I was going to pay with card anyway.
> the most blatant attempts at subverting due process
This seems so clear to me; KYC is an end run around the constitution.
But how do we stop it? If we legislate "no KYC" then what is my recourse when an imposter empties my accounts? You'd want it to be at least allowed.
But if we allow industry to require KYC "we will only deposit your pay to a verified bank account" then you may end up with de facto KYC if not de jure. But if you tell businesses they may not require it, it enables other kinds of fraud.
Legislation does not constrain people who will to do evil.
>But how do we stop it?
Use Monero as much as possible. If enough people adopted it, there's absolutely nothing they could do to stop it short of turning off the internet entirely. Even China, with the strictest internet controls in the world, hasn't managed to stop people paying for banned goods and services in crypto there.
How do you get or spend Monero without KYC? It's illegal to do so without reporting every transaction on your taxes. Maybe you can get away with it for small purchases, but with inflation the way it is, any meaningful purchase pushes you over a tax red flag line. Crypto is dead in the water legally speaking in the US.
I'm all for cryptocurrency as a way to fight both KYC and money-dilution, but it's still not user-friendly. Regular people need a way to clog the gears too.
Honestly, stop the KYC regime everywhere else.
We're making our law enforcement's job marginally easier, by making the criminals' job infinitely easier by creating millions of juicy PII honeypots.
No, you don't need my phone #, real name, captcha.. if you think you do, realign your incentives, and rethink what else can be used for your real need instead.
Absolutely. And this is why I don't give any business my real name, phone number, or other personal information. Starbucks does not need to know my name or email to make my coffee. If a company insists on an app or some kind of registration, they lose my business, plain and simple.
Parents need to parent. Full stop.
This means the parents of adult scammers too. Every scammer has a mother and father who are failing them. If they were doing their jobs, this wouldn't be happening.
They're always calling from random countries anyway. Maybe we can tell (not ask) other countries to do their job and clamp down on these scam houses.
Do they not have parents in random countries?
Probably, maybe not. Yeah it'd be great if the entire world were prosperous and happy, until then we need a way to make spam calls harder.
A LOT of this is from the chinese triad in the Golden Triangle in Cambodia who use kidnapped people and abuse them
Yeah if US mail is as spam compromised as it is, you can forget about phone calls ever being cleaned up.
In the era of Target specialized AI that can mimic voices, writing styles, communication is now fundamentally compromised without some sort of actual reform
Let me give you an analogy: Someone keeps blaring an airhorn outside your window at 4am. It's making it difficult for you to sleep. The government, in their bountiful wisdom, decides to hold an emergency meeting, and agrees to pass a law that people need to show an ID to buy an airhorn. You're appalled. This is an invasion of privacy! You protest outside of city hall. You try to get some of your neighbors onboard, but find that they're already protesting! Their protest is demanding that the government do something about the annoying airhorns.
The funny thing is most of the world had already pioneered the airhorn ID long ago. Very few of them saw any decrease in 4 AM airhorn activity, yet some are already well-known to arrest and harass airhorn users to international human rights observers' condemnation.
Will this KYC reduce spam and scam calls?
In theory, it could help. In practice, for KYC to reduce spam and scam calls, FCC would have to be willing to drop hammer big time on people and telcos who allow it to happen. With current political climate in the US, I don't see that happening since companies would scream "Poor pitiful us" and fines would be the cost of doing business.
Italy had forced KYC for all mobile numbers at least since the early 2000's and no, it doesn't fix the spam/scam calls problem at all.
No.
It did in every other country that did it. What's different about this one? If you get a spam call in Europe from Europe, you call the police and the spammer gets located and punished.
> It did in every other country that did it
Citation required.
SMS farm/machines don't work in the UK at least, I suspect not even in NL
Of course they do but every SIM is registered to your ID so it's extremely risky for you.
Europe does not consistently have KYC for phone service, at least for mobile connections. Normal phone companies in Ireland don't ask for information when buying SIMs (physical ones, at least). Some eSIM providers in Europe don't ask for information at all, and accept cryptocurrency payments. (I'm also aware that some other European countries have very different requirements, up to actually needing copies of identification.)
More widely, however, there do seem to be differences that I don't know the details of. VOIP seems quite different (I use it for my old phones): DID numbers in the US seem extremely cheap and available instantly, with little information, while European ones seem to have an actual verification process and prices that would make large-scale spamming difficult.
As an additional anecdote, I've never heard of a number-porting/2FA attack using social engineering or other methods in Ireland - but we have our own unique issues now with Robocalls and phishing on WhatsApp and SMS.
> It did in every other country that did it
Italy has mandatory KYC for all mobile numbers, and scam/spam calls are a common problem. So no, it doesn't fix the problem at all.
From Italy or from other countries?
Has it?
Spam calls frequently don't have a source in the same country as their target victim.
No
Stopped reading at the slop image
I will not be called to action by a page with a big slop image at the top.
Leave it to the Trump administration to implement mass surveillance as the solution to spam.
>open link
>AI slop art right at the start
Instant close
Phone numbers are just a liability:
- It is kind of expensive,
- You are forced to provide it to many official institutions,
- It is the default or mandatory insecure 2FA for many institutions,
- It always get leaked somewhere and is one of the most common/reliable identifier.
We still have them around governments and telcos love it and old people and scammers are its last users.
The cost is a feature. Kinda also the case with IPv4 addresses.
"force phone providers to collect identity information from ordinary people before they can acquire or renew service with a phone carrier."
don't see the harm in this? isn't this already the case for 99.9% of phoneline havers already?
You don’t see the harm in requiring telcos - famous for handing over data without warrants or court orders - being forced to have identifying data for every subscriber?
I can think of a half dozen ways that can get abused. Remember that in the states policing is decentralized. There is always some department somewhere willing to abuse their power. Look at how flock has been used to stalk partners, or how geofencing was used to sweep up everyone in the area of a protest, or how stingray is used to listen to all calls in an area. This is opening up avenues of abuse for almost no benefit.
> famous for handing over data without warrants or court orders
More concretely, famous for supplying bulk data to the surveillance industry for a nominal fee. That is ostensibly the goals behind this development - all of these companies demanding phone numbers for "verification" and snake oil "2FA" want to reliably dox 100% of their users rather than just 80%.
Realistically, it is for 99.9% of people who have phones. The 0.1% have to go out of their way to buy, with cash or crypto, prepaid SIM top-ups on flip phones, and by doing so they stand out like a sore thumb.
Back in the days of rotary phones, not only did the phone providers have your name, they even listed it, your home address, and your phone number in the white pages of the phone book, and everyone in town had a copy of it. Before the rise of microcomputers which enabled data tracking and robocalls, which in turn gave rise to demand for privacy from spam, having that information out in public wasn't a problem except for edge cases like domestic abuse victims or people in a witness protection program. The 99.9%, though, are still getting tracked no matter what, and I sometimes wonder if we've sacrificed the convenience and confidence of the phone-book age for an illusion of privacy that relies on anxiety.
I grew up in the phone book age. We had one phone with a really long cable, but it wasn't long enough to take it with me everywhere I went. And, as you point out, nobody had robots to call it, either.
The big ones already force you to give SSN for service. Then they lose it in a data breach.
The crazy thing is that a simple 9-digit number (that you must give away for many things) can ruin your life if it gets public.
The US seems so backwards at times.
at times? we can't even decide if women are allowed to control their own bodies. we're now open to states stopping people with dark skin from voting, and we have giant internment camps where we keep innocent men, women, children because they have a spanish accent. vaccines are apparently not a worldwide health miracle, education is overrated, we're bringing back jobs in coal and oil, and invading/destabilizing latin american countries is back in vogue. in two years we might be so backwards that women's suffrage becomes questionable (https://en.wikipedia.org/wiki/Democratic_backsliding_in_the_...).
> we're now open to states stopping people with dark skin from voting, and we have giant internment camps where we keep innocent men, women, children because they have a spanish accent.
Nonsense TDS.
you weren't aware of the recent revocation of laws that prevent southern states from gerrymandering black communities out of a vote, in addition to voter ID laws?
there are many, many public reports of ICE detaining individuals merely for having a spanish accent. they've detained US citizens multiple times, even deported some, because they were hispanic.
I highly recommend reading the news...
Please don't spew hyperbolic slop in the service of ideological warfare. Thats not what HN is for.
Almost no one has physical phone lines anymore. It also used to be a given because they had to send a physical paper bill to someone, and hence needed an address.
Neither of these are true anymore.
Also, the tone is set from the top.
Do you think the current admin cares about actually tackling fraud and abuse?
"Call to Action" is a needlessly impotent threat. Like high school students walking out of their own lunch period to protest the loss of salisbury steak on the menu.
Most major telcos worldwide outside the US have strict KYC rules, this is not a battle you are going to win, because there are very few legitimate reasons in support.
There's a very strong legitimate reason, the right for privacy online.