[HN Gopher] FCC threatens to disconnect Twilio for illegal roboc...
___________________________________________________________________
FCC threatens to disconnect Twilio for illegal robocalls
Author : from
Score : 383 points
Date : 2023-01-29 17:02 UTC (5 hours ago)
(HTM) web link (commsrisk.com)
(TXT) w3m dump (commsrisk.com)
| goplayoutside wrote:
| What does the FCC accept as 'proof' of consent to receive
| automated calls?
|
| Could Twilio simply add a boolean to their 'make a call' API
| endpoint where the user has to declare that they have, in fact,
| obtained consent to call a particular number?
|
| That would provide no technical barrier against fraud, but it may
| suffice as a legal CYA for Twilio.
| dragonwriter wrote:
| > What does the FCC accept as 'proof' of consent to receive
| automated calls?
|
| Actual FCC C&D letter is at https://www.fcc.gov/document/fcc-
| issues-robocall-cease-and-d...
|
| Key takeaway, there is no safe harbor CYA of the type you
| suggest, they need (and basically immediately) to take
| _effective_ steps to prevent robocalls that are factually
| illegal, they don 't have the option of getting CYA
| certificates from their users to insulate them if the users
| keep making illegal calls.
| goplayoutside wrote:
| Yes, I read the letter. Thank you for the link.
|
| While I'm certainly far from being a contract lawyer, it
| looks to me like the FCC is interested in receiving evidence
| of consent for the offending calls, if it exists:
|
| >The Traceback Consortium conducted tracebacks and determined
| that Twilio was originating apparently unlawful robocalls on
| behalf of MV Realty through its dialing provider PhoneBurner.
| The Traceback Consortium notified Twilio of these calls and
| provided access to supporting data identifying each call, as
| indicated in Attachment A. Twilio told the Traceback
| Consortium that PhoneBurner had obtained called parties'
| consent for the robocalls. Neither Twilio nor PhoneBurner
| provided the Traceback Consortium with evidence of consent.
|
| And:
|
| >If Twilio has evidence that the transmissions identified in
| Attachment A were legal calls, present that evidence to the
| Commission and the Traceback Consortium.
|
| In any event, if consent to place calls is required, then
| there has to be some mechanism for call origination services
| (here, Twilio) to demonstrate receipt of that consent. My
| question is, what exactly does the FCC require as proof of
| consent?
| dragonwriter wrote:
| The consent requirement, under FCC rules adopted in 2012,
| is "prior advance written consent" of the called consumer,
| and to include a functioning opt out mechanism as part of
| the message. [0] So, I would assume the preferred evidence
| would start with a copy of the written consent.
|
| [0] https://www.fcc.gov/general/telemarketing-and-robocalls
| sb8244 wrote:
| I don't quite get the hate for Twilio here. I've found them to be
| generally responsive when issues are brought up.
|
| How would it be possible for them to police every action of their
| customers? I expect actions to be brought against the individual
| violators, and then escalated to Twilio, and handled
| appropriately. As is the case here.
|
| It would be different if they actively support systemic
| violation, but I don't think that's the case?
| tomnipotent wrote:
| Twilio is a public company with the pressures of consistent
| growth expectations. It has a perverse incentive to allow as
| much abusive customer behavior as it can get away with; even
| spammers pay their bills. That means being lenient when
| enforcing compliance, and not being proactive enough even when
| they're aware of these bad actors but not enough people are
| complaining.
| from wrote:
| It's not. There was 1 or 2 customers who were bad out of
| probably hundreds of thousands. I'm not sure why that required
| them to publicly shame Twilio when they probably do more to
| stop robocalls than most other companies in this field (for
| instance Twilio banned caller ID spoofing in 2019, way before
| STIR/SHAKEN became mandatory). I think the FCC can try to
| create a tough guy image all they want but this kind of whack a
| mole enforcement will not work at scale.
| [deleted]
| rhacker wrote:
| This is the first time I heard about twilio and robocalls. Are we
| sure they are a large source of this or just a tech lightning
| rod?
| ezfe wrote:
| I've gotten calls and messages from Twilio registered numbers,
| so it's not completely fabricated
| testbjjl wrote:
| No read article? Just ask question?
| xeromal wrote:
| The article states that the FCC has been on Twilio about a
| specific robocaller.
|
| The Traceback Consortium conducted tracebacks and determined
| that Twilio was originating apparently unlawful robocalls on
| behalf of MV Realty through its dialing provider PhoneBurner.
| The Traceback Consortium notified Twilio of these calls and
| provided access to supporting data identifying each call...
| Twilio told the Traceback Consortium that PhoneBurner had
| obtained called parties' consent for the robocalls. Neither
| Twilio nor PhoneBurner provided the Traceback Consortium with
| evidence of consent.
| bdcravens wrote:
| Twilio has admitted the problem exists, and has actively taken
| steps to combat it.
|
| https://www.forbes.com/sites/kenrickcai/2020/02/11/twilio-je...
|
| https://www.twilio.com/press/releases/twilio-joins-state-att...
|
| https://www.twilio.com/press/releases/twilio-achieves-full-c...
| shagie wrote:
| The Forbes article is from Feb 2020... The first Twilio press
| release is two weeks later.
|
| The second Twilio press release (Twilio Achieves Full
| Compliance with STIR/SHAKEN Protocols to Combat Illegal
| Robocalls) is dated July 22, 2021.
|
| The FCC complaint has calls dated July and August of 2022.
| bdcravens wrote:
| Yes, I was addressing the comment "This is the first time I
| heard about twilio and robocalls" - not saying Twilio has
| acted correctly, but saying that Twilio has known about it
| for years, so it's definitely not a new phenomenon.
| [deleted]
| evilantnie wrote:
| The article skims over the details from the FCC, in this
| situation Twilio is guilty by association. They are the CPaaS
| provider for a company called PhoneBurner, which in-turn
| provides services to a Mortgage company (MV realty) who is the
| primary offender of the robocalls.
|
| The FCC is taking a firmer stand and threatening those that
| support robocalls all the way down the chain. All CPaaS
| providers need to do a better job managing their customer
| vetting processes.
| shagie wrote:
| > in this situation Twilio is guilty by association
|
| Note that this isn't a "we didn't know about this" and is
| part of the "this is what you sign up for when you're a
| telephone service provider."
|
| 47 CFR SS 64.1200 - Delivery restrictions. -
| https://www.law.cornell.edu/cfr/text/47/64.1200
|
| > (4) A provider may block voice calls or cease to accept
| traffic from an originating or intermediate provider without
| liability under the Communications Act or the Commission's
| rules where the originating or intermediate provider, when
| notified by the Commission, fails to effectively mitigate
| illegal traffic within 48 hours or fails to implement
| effective measures to prevent new and renewing customers from
| using its network to originate illegal calls. Prior to
| initiating blocking, the provider shall provide the
| Commission with notice and a brief summary of the basis for
| its determination that the originating or intermediate
| provider meets one or more of these two conditions for
| blocking.
|
| There are some other fun things in section (n) about the
| requirements for a voice provider.
|
| > (n) A voice service provider must:
|
| > (2) Take steps to effectively mitigate illegal traffic when
| it receives actual written notice of such traffic from the
| Commission through its Enforcement Bureau. In providing
| notice, the Enforcement Bureau shall identify with as much
| particularity as possible the suspected traffic; provide the
| basis for the Enforcement Bureau's reasonable belief that the
| identified traffic is unlawful; cite the statutory or
| regulatory provisions the suspected traffic appears to
| violate; and direct the voice service provider receiving the
| notice that it must comply with this section. Each notified
| provider must promptly investigate the identified traffic.
| Each notified provider must then promptly report the results
| of its investigation to the Enforcement Bureau, including any
| steps the provider has taken to effectively mitigate the
| identified traffic or an explanation as to why the provider
| has reasonably concluded that the identified calls were not
| illegal and what steps it took to reach that conclusion. ...
|
| > (3) Take affirmative, effective measures to prevent new and
| renewing customers from using its network to originate
| illegal calls, including knowing its customers and exercising
| due diligence in ensuring that its services are not used to
| originate illegal traffic.
| dragonwriter wrote:
| > The article skims over the details from the FCC, in this
| situation Twilio is guilty by association.
|
| Its not "guilt by association"; Twilio has, under the
| relevant laws, a positive obligation to prevent illegal use
| of its platform on pain of disconnection.
| mynameisvlad wrote:
| I think what the parent comment means by that is that
| Twilio itself is not robocalling people. Another company is
| using their services to do so.
|
| The title could make it clearer, both interpretations could
| come from it.
| dminvs wrote:
| A few years ago I received a VM from a spam caller, the content
| of which was a Twilio tutorial, verbatim ("You did not reveal
| yourself to be human. Goodbye!")
|
| https://www.twilio.com/blog/2016/02/tracking-call-status-how...
|
| This has been going on a while.
| aag wrote:
| For a tiny personal project (delivering alarms for calendar
| entries to my Light Phone 2), I used Twilio for several years. I
| was always impressed by how easy and cheap they made it to
| implement SMS delivery, even for a hobbyist.
|
| Late last ever, they started sending me warning notes insisting
| that I fill out all kinds of paperwork for my "business" if I
| wanted to continue sending SMS messages. None of the paperwork
| made any sense for a hobbyist, but they insisted. It was clear
| that this requirement was coming from outside of Twilio, so I
| wonder whether it was the result of earlier discussions with the
| FCC. Since I don't use the Light Phone any more (couldn't do
| without a camera), I just turned off SMS delivery rather than
| deal with all the new bureaucracy. But I still use them for
| another hack: I can call a Twilio number and leave myself a
| message, which they will then deliver to a hook on my web server,
| along with a transcription.
|
| I'm impressed with Twilio technically, and I can sympathize. I
| wouldn't want to be caught between the FCC and a bunch of SMS
| spammers, especially if the spammers were customers.
| aag wrote:
| P.S.: I hate robocalls, too.
| 8n4vidtmkvmk wrote:
| The sms functionality is great, their API and UI design is
| awful. I wish there was a decent alternative.
| bevenky wrote:
| Plivo is one of the alternatives https://www.plivo.com/
| smt88 wrote:
| I haven't used them in a couple of years, but their API
| version was still something like "2013" and was not intuitive
| or functional
| simfree wrote:
| This was due to the 3 big US wireless carrier's colluding to
| form the Campaign Registry, which is trying to force any
| business users of SMS to pay a verification fee ($50 iirc) and
| monthly fees ($ to $$ per month) just so you can send SMS for
| business reasons, even if it's person to person traffic where
| your just replying to your clients that texted you.
|
| Had the FCC implemented something like this the rules would be
| much more consistent and the fee structure would not be so
| exorbitant, but instead the big 3 have formed a cartel to
| attempt to control SMS messages in the USA.
| mshake2 wrote:
| Not to mention TCR just raised (last november) their monthly
| prices for the starter brand campaign from $0.75 to $2.00 and
| included a $4.00 setup fee (which was previously $0) for each
| starter brand. On top of that they added all kinds of
| additional registration paperwork for the law-abiding SMS
| sender. It's infuriating how this organization exists to
| extort legitimate businesses, and yet we still all receive
| massive amounts of spam.
| andygmb wrote:
| I would love to know if TCR has actually made a meaningful
| impact to stop spam.
| simfree wrote:
| Doubtful,it seems spammers just moved to toll free or moved
| to P2P routes.
| vdjao wrote:
| I had a similar setup with Twilio, I switched to using Signal
| via signalbot framework. It's a fairly straightforward process
| and it runs on my Pi in a docker container.I can even send it
| attachments and it will archive them for me. Sky is the limit.
|
| https://pypi.org/project/signalbot/
| shrubble wrote:
| I have found a good site for checking info on a number is
| unlec.com (no affiliation). Put in a phone number, press Enter...
|
| OCN = operating company name, name of company that has the number
| CNAM = Caller-ID name is textable -y/n nntype = mobile or
| landline
| WarOnPrivacy wrote:
| https://web.archive.org/web/20230129172233/https://commsrisk...
|
| (hug'd)
| fxtentacle wrote:
| Move fast and break things!
| KingOfCoders wrote:
| Sorry for the downvote, gave you an upvote, sarcasm is not
| understood and even less appreciated here.
| theptip wrote:
| It's not that it's not understood; it's that it is understood
| to be a slippery slope to Reddit.
| miken123 wrote:
| https://status.phoneburner.com/incidents/q55r8f62p437
|
| I guess it was taken care of.
|
| > Our system is currently down due to upstream telephone carrier
| issues
| Shank wrote:
| Except it's "resolved":
|
| > A quick Saturday evening update - outbound dialing was fully
| restored and stabilized Friday. Whisper/Barge was restored late
| Friday evening. We anticipate click-to-call will be restored
| before end of day Monday, if not sooner. SMS, Inbound, and
| number purchasing is expected to be restored by end of day
| Wednesday, if not sooner.
|
| The game of whack-a-mole continues!
| allisdust wrote:
| What's stopping robo call companies from using regular sim cards
| once all voip providers close their doors.
| Scoundreller wrote:
| Already happens.
|
| You can buy jigs on aliexpress that hold 128 SIMs and round-
| Robin across 8 GSM radios.
|
| It's not all for spam per se. Some countries/providers charge a
| ton for international incoming calls, so bypassing this by IP
| and making calls in-provider only saves a lot of $$$ for gray-
| market connectivity.
|
| And it's cheaper for setting up of in-bound calls too than a
| business line.
|
| https://m.aliexpress.com/item/32947688074.html?spm=a2g0n.pro...
|
| Or 32 SIMs with 32 radios:
|
| https://m.aliexpress.com/item/32819345650.html?spm=a2g0n.det...
| BenjiWiebe wrote:
| Way more complicated and expensive.
| from wrote:
| Be Amazed: https://globalvoipforum.com/forums/i-sell-voip-
| routes.2/
|
| Most of these guys will charge you 10-20% less than
| bandwidth.com or Twilio will in return for slightly lower
| reliability. nCLI means you can't set caller ID because the
| call is coming over GSM, i.e. a simbox type setup. TDM
| usually means they are reselling traditional phone lines
| meant for businesses. If you think this already isn't being
| used to facilitate scams you'd be wrong:
| https://globalvoipforum.com/threads/offering-russia-for-
| fore... (unless by "forex traffic" they mean promoting
| Interactive Brokers). That's an example I found in 5 seconds.
| Go on some Facebook groups and you will find people offering
| grey routes to call America for "Amazon traffic," "bank
| traffic," "crypto traffic." I never really took the time to
| investigate what those terms mean but it does not sound good
| to me.
| simfree wrote:
| Nothing besides cost, SIM banks attached to LTE modems are a
| thing in many other countries.
| MiddleEndian wrote:
| Aside from increased costs, if the phone system were fixed to
| give us all the stack from the caller info, we could just block
| any call from outside the US.
| schneems wrote:
| My biggest gripe is with Action Network.org and related tools
| like NPGvan.
|
| I'll get multiple texts from politicians on the same day when
| I've actively "unsubscribe and report as junk" for several years
| now. I'm political active but don't want to be text spammed.
|
| I've reached out multiple times asking to remove my contact or to
| add me to a global deny list and they say "that's not possible,
| we don't control who our clients send to" which is absolute
| garbage. But if they had that feature the people who pay them
| would get fewer messages delivered so they don't want to
| implement it.
|
| No matter how many lists I take myself off, there's no way to
| prevent someone from adding it back on to a different list and
| these days candidates each have dozens.
|
| It's frustrating to lose agency like that and I've stopped
| donating through them all together :(
| brookst wrote:
| NGPVan is a scourge. I gave several thousand dollars to
| political causes in the 2020 cycle and I have regretted it ever
| since. Never again, and I sincerely hope they are bankrupted by
| a huge class action.
| teraflop wrote:
| The trick to removing yourself from ActionNetwork's mailings is
| in how you phrase it.
|
| If you ask to be "removed from mailing lists", they will tell
| you that the only way to do so is to click the "Unsubscribe"
| link in the footer, and that there's no way to prevent yourself
| from being added to new lists.
|
| But if you're persistent, they'll admit that there's another
| option: you can ask to be added to the "global block list",
| which they'll warn you is irrevocable. (I'm sure there's no
| good reason for the irrevocability, except to make people think
| twice about taking that option.)
|
| Like you, I have stopped donating to candidates who use them.
| rtpg wrote:
| You need to email NGPVan directly. Tell them you want off all
| of their systems. They will say they don't have a way to do
| this. You then reply that they are lying. You can also threaten
| to contact the FCC (a bluff given political spam is exempted
| from so much). They will then remove you.
| raldi wrote:
| In many jurisdictions (e.g., California), there's no
| requirement for a registered voter to have a phone or email
| account. Political campaigns are allowed to use voter
| registration records to generate their spam lists, and most of
| them do.
|
| Years ago I updated my voter record to remove the email address
| and phone number, and by the next election, my text, voice, and
| email political spam dropped to near zero.
| thewebcount wrote:
| Do you happen to know the link to do this? I'd love to do
| this!
| raldi wrote:
| Just google wherever you live plus "voter registration"
| InCityDreams wrote:
| ..call the politicians office?
| bhhaskin wrote:
| I have the spam filters set to the max on my phone. I was getting
| 10+ text messages a day and 2-5 calls per day. Someone was using
| my number to sign up for things. The best one was enabling Google
| call screening. It has completed cut out all of the spam calls
| and texts.
| kbuck wrote:
| Good. Spam calls and texts are a blight, and nobody was doing
| anything about it until regulation kicked in.
|
| Last year, after receiving several spam texts from numbers that
| were registered to Bandwidth.com (which was already difficult to
| discover), I sent an abuse report. I was not only told that
| Bandwidth.com couldn't do anything about it (other than forward
| the report to the reseller), but also they couldn't even tell me
| who they were reselling services to due to privacy reasons, and
| did not even know who the end customer was. They advised me to
| contact the police... To report text message spam.
| robocat wrote:
| > They advised me to contact the police... To report text
| message spam.
|
| That is a cunningly devious misdirection!
| [deleted]
| shagie wrote:
| The full letter can be found at https://www.fcc.gov/document/fcc-
| issues-robocall-cease-and-d... as a pdf. There are several spots
| in there where the FCC uses bold and italic.
|
| ---
|
| Some of the interesting parts: Dear Mr. Lawson:
| We have determined that Twilio Inc. (Twilio) is apparently
| originating illegal robocall traffic on behalf of one or more of
| its clients. As explained further below, this letter provides
| notice of important legal obligations and steps Twilio must take
| to address this apparently illegal traffic. Twilio should
| investigate the identified traffic and take the steps described
| below, including blocking the traffic if necessary, and take
| steps to prevent Twilio's network from continuing to be a source
| of apparently illegal robocalls. Failure to comply with the steps
| outlined in this letter may result in downstream voice service
| providers blocking all of Twilio's traffic, permanently.
|
| ... Applicable FCC Rules. This letter is based
| on FCC rules that apply to originating providers like Twilio.
| First, under the safe harbor set forth in section 64.1200(k)(4),4
| any provider may block all traffic from an originating provider
| that, when notified by the Commission, fails to effectively
| mitigate illegal traffic within 48 hours or fails to implement
| effective measures to prevent new and renewing customers from
| using its network to originate illegal calls. This letter
| provides notice under section 64.1200(k)(4) and describes the
| mitigation steps you must take. Second, section 64.6305(e)5
| permits providers to accept calls directly from an originating
| provider only if that originating provider's filing appears in
| the FCC's Robocall Mitigation Database. As explained below, if
| Twilio continues to transmit illegal robocalls, the Bureau may
| initiate proceedings to remove Twilio's certification from the
| database, thereby requiring providers to cease accepting calls
| directly from Twilio. Third, sections 64.1200(n)6 and 64.6305
| prescribe various additional obligations for mitigating and
| preventing illegal robocalls. We remind Twilio that failure to
| comply with any of these obligations may result in additional
| enforcement action pursuant to the Communications Act and the
| Commission's rules.7
|
| ... If after 48 hours Twilio continues to
| originate unlawful robocall traffic from the entities involved in
| this campaign, downstream U.S.-based voice service providers may
| begin blocking all calls from Twilio after notifying the
| Commission of their decision and providing a brief summary of
| their basis for making such a determination.15 Furthermore, if
| after 14 days, Twilio has not taken sufficient actions to prevent
| its network from continuing to be used to transmit illegal
| robocalls, then downstream U.S.-based providers may block calls
| following notice to the Commission.16 U.S.-based voice service
| providers may block ALL call traffic transmitting from Twilio's
| network if it fails to act within either deadline.
| [deleted]
| beefman wrote:
| Better 10 years too late than never.
| troydavis wrote:
| Of the robocalls and text message spam that I tracked back to the
| originating carrier (OCN), by far the two largest source carriers
| were:
|
| 1. Commio and its subsidiaries Teli and thinQ (commio.com and
| teli.net)
|
| 2. Telnyx (telnyx.com)
|
| If the FCC reads this comment: look into those two. In
| particular, both companies do a poor job of policing their
| resellers/affiliates. Even when a recipient is savvy enough to
| find the source OCN and report it to them, the spammers just move
| from one reseller to a different reseller of the same carrier.
|
| Both carriers know this and look the other way, since it's
| cheaper than than investing more resources (content blocking,
| tighter velocity limits, carrier-verified opt-in) or removing the
| resellers who repeatably sign up spammers. Twilio was in the top
| 5, but as a % of their total traffic, nowhere near Commio/Teli
| and Telnyx.
|
| (And if the FCC is reading this, a wish: add a "SPAM" or "ABUSE"
| SMS keyword that carriers are required to process. Operationally,
| it would behave similar to "STOP", with a couple differences: it
| would be entirely processed by the carrier; the carrier would be
| required to respond with the name and full contact info of both
| the carrier and their customer; and it would give responsible
| carriers a way to hear about/act on abuse complaints. Right now,
| 10DLC spam is so hard for regular people to track that abuse
| mostly goes unreported.)
| roywashere wrote:
| I'm in Europe and hardly ever receive unsolicited SMS or phone
| calls. Somehow, at least to me, this seems like a US problem.
| Why is that? What does EU do that it is not a problem here? Or
| does it just mean that we have a 'business opportunity' here?
| watwut wrote:
| Afaik, some aspect of it is just not legal. And when someone
| calls you, you have right to ask to be removed from database
| and they have to remove you.
| [deleted]
| dottedmag wrote:
| Looks like it depends on the local regulatory agency.
|
| I have never had a spam SMS or call in Norway, while on Malta
| it's a regular occurrence, thought not as bad as described by
| US folks.
| codetrotter wrote:
| I live in Norway. I've received both SMS spam and scam
| phone calls. However, it is still a rare occurrence. Only a
| few times per year.
| scooke wrote:
| I was a micro-entrepeneur, or auto-entrepeneur, in France,
| and unsolicited calls and messages started the very next day
| I registered. Don't ask me the about the email spam.
| [deleted]
| nibbleshifter wrote:
| In Europe and I get a shitload of them.
| reaperducer wrote:
| _I'm in Europe and hardly ever receive unsolicited SMS or
| phone calls. Somehow, at least to me, this seems like a US
| problem._
|
| Every single time the subject of robocalls or spam texts is
| brought up on HN, someone claiming to be from Europe shows up
| to ask why it's a U.S.-only problem.
|
| Then people from Germany and France and Greece and the U.K.,
| and elsewhere in Europe show up and say how they have to deal
| with it, too, and it's not just an American thing.
|
| In my RSS feed are several European news sources, and they
| all talk about robocalls occasionally.
|
| Who are these apparently very few people in Europe who
| allegedly have never dealt with telephonic spam, and why do
| they always feel the need to talk about their personal
| situation when it has no bearing on the discussion at hand?
|
| You state that you "hardly ever receive unsolicited SMS or
| phone calls."
|
| I'm in America, and I too get unsolicited messages "hardly
| ever": about one unsolicited SMS per month, and spam phone
| calls about six times a year on my work phone, and maybe once
| each year on my personal phone. Don't delude yourself into
| believing that every phone in the nation is flooded with spam
| all the time.
| Barrin92 wrote:
| >Then people from Germany
|
| Here in Germany at the very least this isn't the case as
| robo calling as well as unsolicited cold calling to private
| households can be fined with high fines of 10k+ Euros per
| call. I've maybe had two calls like this in the last 20
| years.
| lxgr wrote:
| It definitely does happen in Germany, but infrequently
| enough that people consider it an oddity.
|
| It's definitely no so bad that people don't pick up for
| unknown numbers/callers anymore, which seems to not be
| uncommon in the US.
| foobiekr wrote:
| Another aspect is language. A lot of the calls are from
| india and Pakistan where English fluency is high and non-
| English European fluency is very low.
| grammers wrote:
| I agree, that's the most likely reason. You can't to
| robocalls in German or Italian because cost it too
| high...
| dtech wrote:
| You're being pedantic. "once a month" isn't what I would
| call "hardly ever". If have 2 EU numbers, on one I've never
| received a robocall/spam SMS (10+ years), on another I got
| 3 robocalls in the 2 years I have it, _that 's_ hardly
| ever.
|
| This mirrors the experience of everyone I know. When an
| active robo-scam-call campaign was happening to people it
| made national news.
|
| That's a very large difference with the typical US
| experience...
| pbhjpbhj wrote:
| I've maybe twice (in ~20 years) had an unsolicited SMS (I'm
| in UK), my phone number is online too. I know people get
| them, but it's hard to tell how they're selected, just luck
| I guess.
|
| Used to get a lot of phone spam before the telephone
| preference service (TPS) came in, but not since. Quite a
| bit of spam in relative terms when running a business
| landline in a retail shop; tech support scams, service
| switch scams, invoice scams, but only about once a month.
| kostarelo wrote:
| Greek here and I can tell you for sure that it's a big
| issue here, especially robocalls the past few years.
| tifik wrote:
| I spend roughly 50% of time in Canada and the other 50% in
| Europe, mostly Czech Republic.
|
| I have two phones, and usually just put the one for the
| country Im not currently in on a charger and hide it away
| in a drawer, and take it out only when Im packing to go to
| the other continent again.
|
| The Canadian phone usually gets 50-100 spam messages and
| missed calls during the 2-3 months Im not using it.
|
| The Czech phone has never had a spam message or missed call
| on it ever.
|
| I dont see why strories like this would have no bearing on
| this discussion. Its relevant, anecdotal evidence.
| kelnos wrote:
| It's not relevant or useful, though. You're telling us a
| story about how you use those phones, the implication
| being that it's unlikely that those numbers have made it
| onto spam lists because of your usage patterns.
|
| But carriers recycle numbers, often pretty quickly after
| someone ends their service. The number on the Canadian
| phone of yours may have previously belonged to someone
| who plastered the number all over the internet, and used
| it to sign up for a bunch of things run by people who had
| no qualms over selling their customer data to spammers.
|
| So no, these stories are not particularly relevant or
| useful, because they can never take into account the full
| history.
| tifik wrote:
| But like.. Im not claiming its the while story, but
| definitely a piece of it.
|
| And you just took the info I provided, and added another
| piece of the puzzle. The observation that more spam
| exists in US/Canada still applies, is supported by my
| anecdote, and explained by your analysis. To me, very
| much proving this info is indeed relevant to the debate.
|
| Unless we want to go super meta about relevance and
| usefulness.
|
| I learned new things, thank you.
| Xylakant wrote:
| My phone number is all over the internet - it was listed
| as the contact number for our company for about a decade.
| I occasionally receive an unsolicited call from a human
| trying to sell something business related, but no
| robocalls or anything. I don't know anyone who does
| receive any. It's anecdotal evidence, but there's a
| trend. It's useful.
|
| One of the reasons I can imagine is that the
| Bundesnetzagentur is actually pretty quick about
| disconnecting abusers.
| [deleted]
| lfodofod wrote:
| You're just lucky, plenty of spam calls in the EU.
| Karellen wrote:
| I think it might be because in Europe the sender pays for SMS
| messages, but in the US, apparently the _recipient_ pays for
| SMS messages (!)
|
| AIUI, this is because in the US they don't set aside
| different prefixes/area codes for mobile/cell numbers, so
| when they were first introduced and mobile calls cost more,
| it was unfair to bill callers extra because they had no way
| of knowing they would be calling a mobile number. Therefore,
| they put the extra cost onto the receiver of mobile calls.
| With this billing expectation in place, they put the cost of
| SMSs onto the receiver also.
|
| It does mean that in the US, businesses sending SMSs to
| individuals are supposed to go through a "double opt-in"
| process and have really easy opt-out procedures, on pain of
| the FCC having some kind of punitive actions available. But I
| guess they must not be working, or something.
|
| Or my info may be out of date?
| jeroenhd wrote:
| > I think it might be because in Europe the sender pays for
| SMS messages, but in the US, apparently the recipient pays
| for SMS messages (!)
|
| That explains all the weird messages apps show about
| verification SMS "incurring charges"! Back in high school I
| avoided so many apps for no clear reason because I was
| afraid I needed to pay a fee every time I used these apps
| and only found out years later that none of that stuff
| would've cost me anything.
|
| A service where you have no real say in the charges you
| need to pay when someone else contacts you through it
| sounds so crazy to me! I'm pretty sure most people in most
| countries don't get charged per SMS anymore, though.
| to11mtm wrote:
| > It does mean that in the US, businesses sending SMSs to
| individuals are supposed to go through a "double opt-in"
| process and have really easy opt-out procedures, on pain of
| the FCC having some kind of punitive actions available. But
| I guess they must not be working, or something.
|
| Technically, the FCC cares about as much about unsolicited
| robocalls as they do for unsolicited SMS messages for the
| TCPA. And the penalties can add up quickly; $500-$1,500 USD
| -per violation-, not per person you violated the TCPA (IOW,
| if your automated system sends 10 texts to 10 people that
| it shouldn't have, it's potentially $50,000-$150,000 and
| not $5,000-15,000).
|
| The upshot for -consumers-, is that there are lots of
| hungry TCPA lawyers that will happily take your case. Some
| people even try to file claims themselves, even if it may
| not be fully legitimate[0].
|
| The issue with robocalls, versus SMS messages: I've found
| that even if you follow the TCPA 'Script', you'll at best
| wind up in a weird state in the robocaller's system where
| they will still call you, but the system immediately
| disconnects. On top of that, the numbers are often spoofed
| _anyway_ [1] so it's difficult to get the right number.
| AFAIK SMS messages, it's harder to spoof the number.[2]
|
| [0] - 'Illegitimate claim' can range from "Somebody didn't
| pay attention to a box they checked on an online form" to
| "Welp this guy's going to jail for stalking... I guess
| stupid criminals do exist."
|
| [1] - IDK if SHAKEN/STIR will help much, but here's hoping
|
| [2] - OTOH There is a real problem with numbers getting
| 'poached', even if they are already registered with a VOIP
| carrier that follows all the proper processes around
| porting. One bad actor makes it easy to mess up the system.
| lxgr wrote:
| This was definitely true at some point, but I don't know
| any plan (including prepaid) that charges for incoming SMS
| anymore these days.
|
| That said, unlike in Europe, there are also effectively no
| truly free (i.e. no monthly fee) prepaid plans in the US.
|
| So in a way, you could also say that users are still
| sharing the cost of inbound texts, although at an implied
| flat rate (blended into the monthly minimum that exists
| even for pay-as-you-go plans), rather than per message.
| oytis wrote:
| Wait, you have never received a call from "Europol"?
| kej wrote:
| How does one go about tracking a robocall back to the OCN? I
| have time and a strong dislike of scammers.
| troydavis wrote:
| (Update: Commenter "homero" mentioned that Twilio's CNAM API
| response includes the carrier:
| https://support.twilio.com/hc/en-
| us/articles/360050891214-Ge... . Twilio's docs make it sound
| like this API does incorporate mobile number portability,
| which is what you need, but I haven't personally verified.
| Can anyone from Twitter confirm that the LNP info is at least
| near-realtime?)
|
| You'll need either access to an SS7 routing system or, more
| likely, an HTTP API that exposes 10-digit number routing
| info. Google for '10 digit OCN lookup' or 'realtime CNAM
| lookup API' and you'll be on the right track. You need one
| that handles mobile number portability. Most APIs charge a
| small per-query fee because it's not static data. Any one
| number can be ported at any time and the only way to know is
| to see where (in SS7) it's actually routed.
|
| And be aware that there's a fair number of gotchas. I have a
| lot of experience in the telco world[1]. The two big gotchas
| are:
|
| 1. Inbound and outbound carriers can be and often are
| different, and outbound caller ID can be spoofed. The source
| number on an SMS from a 10-digit number (a "10DLC" SMS) is
| much, much less likely to be spoofed than the caller ID on a
| robocall. You can fairly reliably report source numbers on
| SMSes.
|
| To keep it simple, consider starting by reporting SMSes.
|
| For robocalls, expect that many robocall CIDs are spoofed,
| and the most interesting robocalls are the ones that ask the
| recipient to contact them at the same number. Or, where both
| the CID and the callback/contact number are DIDs from the
| same carrier.
|
| 2. Number portability means that all the old static databases
| (LERG and NPA-NXX-Y Number Pooling[2] databases) aren't
| enough. One phone number might be routed to one carrier and
| the sequentially-next number might be routed to a completely
| different carrier, and either of them might change the next
| day.
|
| This is just the start - there are other gotchas and a pretty
| significant learning curve. Stay polite and professional,
| assume good intentions, and assume you're wrong about
| something.
|
| [1]: Back in 2010, I made the first free, public REST API for
| looking up phone data:
| https://www.slideshare.net/troyd/cloudvox-digits-phone-
| api-l..., https://www.prnewswire.com/news-releases/cloudvox-
| launches-f...
|
| [2]: https://nationalnanpa.com/ and for thousands-block
| reports, https://www.nationalpooling.com/ -> Reports -> Block
| Report by Region
| bevenky wrote:
| In general most APIs incorporate number portability for US.
| It's much more harder to do this for countries
| internationally.
|
| We at Plivo also provide such an API which incorporates
| number portability for US:
| https://www.plivo.com/docs/lookup/
|
| Plivo's API above is updated on a daily basis for
| portability information.
|
| Caller ID as you mention for voice calls is quite easy to
| spoof, however with the STIR SHAKEN rollout, the intention
| is to make carriers accountable. SMS however with 10DLC is
| almost impossible to spoof the number.
| homero wrote:
| You can actually use twilio to find the carrier on cnam
|
| https://support.twilio.com/hc/en-
| us/articles/360050891214-Ge...
| cgb223 wrote:
| Interested in this as well.
|
| Been getting spam texts out the wazoo and have felt powerless
| to do anything about it beyond delete them
| lolinder wrote:
| One thing I do to exert some control is use WHOIS to find
| out who their domain name and web hosting providers are and
| forward them the phishing texts. I've gotten multiple
| domains revoked through this process (though I've also been
| ghosted plenty).
|
| Doesn't help if there are no domains linked, and I'd still
| love to attack their SMS instead because I suspect that's
| harder to replace.
| BenjiWiebe wrote:
| In a similar vein I've had success surprisingly often
| when reporting spam email domains to the hosting company
| and Google safe browsing, which gives a big red warning
| page when someone tries to access the site (in Firefox
| and Chrome at least).
| Scoundreller wrote:
| I've also had some success getting the SSL cert revoked.
|
| Is there any way to send the SSL-encrypted webpage to
| _prove_ to the SSL provider that the website came from
| them though?
|
| I guess in my case they could open the link, but that may
| not always work.
| mikeytown2 wrote:
| I call the spam texts (hi Bob, it's Alice, we met last
| night type) and it's usually a Google voice number that
| want you to sign up for their whats app channel. I now text
| back them that we met last night and they can join my
| crypto investing WhatsApp group and I've gotten a lot less
| sms spam as a result. Must be on their black list now
| jareklupinski wrote:
| She was trying to scam him using a lonely hearts pull
|
| He was trying to scam her with the promises of riches
|
| This summer, sparks fly in the romantic comedy of 2023:
| "Phish into my Heart"
| ethbr0 wrote:
| This makes me feel old.
|
| Cinema when I grew up was calling into advice radio shows
| because someone couldn't sleep on their architect-
| affordable houseboat in Seattle.
|
| None of that exists anymore.
| dylan604 wrote:
| okay, so this made me smile. just finished exporting a
| montage scene that could fit right into that script.
| timing is priceless
| Magicstatic wrote:
| I use Lookify.io which lets you look up a carrier without
| creating an account - you can also see if anyone else flags
| it as spammy but who knows if the reports are anything other
| than anecdotal
| andrei_says_ wrote:
| How would abuse of such system be prevented? Require a minimal
| percentage of spam/abuse responses per number?
| troydavis wrote:
| Here's how others address it. For phone calls and texts:
|
| - Slowly increase velocity limits on new DIDs/TNs. Often,
| examine the outbound content before raising limits - is it
| something anyone would request? where/how?
|
| - Require the recipient to have opted-in on the same carrier
| (ie, no importing lists)
|
| - Don't let the affiliate/reseller sign up customers on their
| own. Centralize onboarding/KYC.
|
| - Verify the end customer's government-issued ID.
|
| For texts:
|
| - Block (and flag/escalate) based on message content, like
| the domain name/URL they're linking to or a pitch phrase
| they've used.
| from wrote:
| > - Verify the end customer's government-issued ID.
|
| This never happens. Lots of PPP or bank fraud
| investigations go nowhere because the perpetrators used
| fake IDs all the way down. No company is actually checking
| the governments database of drivers licenses or state ID
| cards. Only recently did eCBSV come out which would allow
| companies to digitally check that an SSN actually exists
| (mostly to stop synthetic identity fraud) but that still
| doesn't stop identity theft.
| troydavis wrote:
| Some of this is about increasing friction, not collecting
| flawless info. Is it possible to fool Stripe Identity
| (https://stripe.com/identity) repeatedly? Probably. But
| it's a pain to make new fake docs (or switch carriers)
| every time an account is flagged.
| metadat wrote:
| Telcl industry lingo terms I looked up (posting in case
| this will be helpful to others):
|
| DID: Direct Inward Dialing is a method organizations use to
| route incoming calls to specific private branch exchange
| (PBX) systems without an operator. Organizations purchase
| DID numbers from a telephone company or service provider
| and assign them to individual extensions within the
| organization.
|
| TN: Telephone Number, this initialism is interchangeable
| with DID.
|
| DLC: Installations using Digital Loop Carriers connect
| analog phone lines of individual users into a single signal
| sent on single lines to the central office of a phone
| company. The combined signal is separated into original
| signals at the central office.
| yardstick wrote:
| Provide personal identification back to the carrier, not just
| the reseller?
|
| Ie Passport/valid driving license.
|
| Not fool proof and comes with its own set of problems. But
| it'll likely get us most of the way.
| dheera wrote:
| For what it's worth, I use Twilio to combat robocalls and
| telemarketers ...
| giancarlostoro wrote:
| I did a hackathon a few years back a few years in a row and
| Telnyx was a sponsor the first year. One of the sponsors
| started asking for legitimate company information in order to
| keep your account with them. I wonder if this is something the
| FCC should request from these companies, I also wonder how
| effective it would be. I dont think all robocalls will die, but
| a significant number probably will.
|
| Once you have an actual company behind the robo calls you can
| sue. Telecoms providers should be required to be helpful in
| providing information when abuse is reported or be liable
| themselves as if they were responsible.
|
| It seems like a solvable problem but nobody is actually solving
| it.
| charcircuit wrote:
| >the carrier would be required to respond with the name and
| full contact info of both the carrier and their customer
|
| This would be used for doxxing people. Anyone you text can get
| all the information they need to swat you.
| troydavis wrote:
| I was referring to vendors of commercial 10DLC and short code
| messages, not consumer-facing mobile providers. Consumer-
| facing mobile providers (where doxxing is a risk) could reply
| with just the carrier's abuse contact (ie, abuse@ and/or a
| phone number). And even if it was only implemented for 10DLC,
| not consumer-facing mobile, that would be a start.
| tomnipotent wrote:
| I can't imagine even combined these companies are more than a
| single percentage of Twilio's volume. A quick search shows
| these two at ~300 employees to Twilio's ~7,900 - if you assume
| volume is somewhat linear to costs and subsequently revenue,
| Twilio is an order of magnitude larger. Even a smaller
| percentage of Twilio being spam is much more volume than a
| large percentage of these companies.
| DevX101 wrote:
| Can you submit a report to the FCC detailing your findings at
| https://consumercomplaints.fcc.gov/hc/en-us?
| troydavis wrote:
| I've done this many times. It goes into a Zendesk-powered
| black hole. Looks like the oldest Zendesk autoresponse I have
| is from 2014. There's no way to tell whether it's making a
| difference (is anyone even aggregating reports by volume?),
| so I stopped.
| simfree wrote:
| Commio's shutdown of the Teli platform has been a mess,
| outbound calling never got STIR/Shaken compliance.
|
| The ThinQ side of the house seems to let dialer traffic
| slide: https://lowendtalk.com/discussion/183904/lowend-sip-
| trunking...
| kbuck wrote:
| On most (all?) carriers, you can forward spam SMS messages to
| 7726 ("spam" on the keypad) to report messages as spam.
|
| That said, I've got no idea if they actually do anything
| actionable with this data. It certainly doesn't seem to have
| reduced my spam volume. Now I just let Android Messages filter
| the spam out.
| troydavis wrote:
| I've wondered the same thing. I've used 7726 to report large,
| long-lived campaigns (to AT&T Mobile's 7726) and as far as I
| could tell, nothing happened. The senders rotate TNs so often
| that AT&T would either need to track it back to the point of
| ingress or do content-aware blocking.
| aendruk wrote:
| My most recent experience was enduring several weeks of
| daily spam, all diligently forwarded to 7726 ("Thank you
| for reporting SPAM. We'll take it from here."), only to
| finally get fed up enough to send a complaint to the FCC
| after which the spam stopped immediately.
| aendruk wrote:
| In iOS when you forward a message, bafflingly, it does _not_
| copy the original source address, rather just the body so
| depending on the message you're likely to be either
| misleading the recipient, plagiarizing without attribution,
| or sending spam content firsthand. Contrast with email in
| which convention is to copy a few headers to preserve context
| through forwarding.
|
| In the case of 7726, I'm further confused that there seems to
| be no acknowledgement of this source of ambiguity. Do they
| want to know the source of the spam, so I should manually add
| it to the message? Or are they just training a content
| recognition model and by sending anything other than the
| original text verbatim I'm throwing it off?
|
| Also, when the forwarded spam contains a URL, iOS often
| automaticity chops off that part of the message and shows an
| unhelpfully truncated version of it below the message in a
| separate bubble. Is iOS treating the forwarded spam as
| trusted data and probing the spammer's URL, tracking
| parameters and all?
| badcppdev wrote:
| Sending it to 7726 prompts your service provider to
| identify the matching incoming message (which it has in its
| logs) as spam and investigate, etc.
| wl wrote:
| AT&T asks for the number it came from after you forward
| the spam message.
| reaperducer wrote:
| _On most (all?) carriers, you can forward spam SMS messages
| to 7726 ( "spam" on the keypad) to report messages as spam._
|
| I wonder if that's what the iPhone's "Report Junk" button
| does with text messages.
|
| For some reasons, my iPhones on AT&T always offer the option
| to report a text message as spam, but my iPhones on Verizon
| do not. Another curiosity.
| aendruk wrote:
| Tell me more about this report button! I've long wished for
| such a feature but thought it didn't exist. This is
| something built in to iOS?
| onetimeusename wrote:
| Are offshore carriers responsible for spam calls that spoof
| numbers (based on your data)? Those two carriers are onshore so
| I think they would have to comply with the SHAKEN/STIR protocol
| which would make calls originating from their network easier to
| identify and block. Offshore carriers don't have those
| restrictions. I am surprised a company is able to operate like
| this onshore.
| bevenky wrote:
| Founder & CEO of Plivo - https://www.plivo.com/ here. At Plivo
| we offer similar API services to Twilio for voice calls and
| SMS. While API offerings have made it easier for developers and
| tech team to integrate communications into their applications,
| one of the challenges here is the scale at which spammers and
| folks using stolen credit cards are always attempting to abuse
| all of our platforms.
|
| Most of us companies, work quite hard to deter these spammers
| at sign up and later using automated systems to analyze usage
| patterns including content filtering, but its quite a cat and
| mouse game.
|
| Something that has worked for us has been to restrict signups
| to only work emails. It does have it's disadvantages but we
| have been able to limit the random gmail id signups at scale by
| bot/spammers that abuse the system for use cases like
| robocalling and more.
| calibas wrote:
| I looked up the carrier for my most recent spam calls using
| lookify.io:
|
| 1. PEERLESS NETWORK OF OHIO
|
| 2. PEERLESS NETWORK OF FLORIDA
|
| 3. PEERLESS NETWORK OF CALIFORNIA
|
| 4. PEERLESS NETWORK OF CALIFORNIA
|
| Nothing from Twilio, but Peerless Network certainly stands out.
| I see they describe themselves as "A Disruptor and Aggressive
| Innovator".
| bevenky wrote:
| Peerless is now owned by Infobip.
|
| https://techcrunch.com/2022/07/26/us-and-european-comms-
| plat...
| devwastaken wrote:
| Don't threaten, do it. Threatening means the service has time to
| think creatively on how to make it less obvious. No money lost.
| Until it's more expensive to break the law, it will continue to
| be broken.
| rabidonrails wrote:
| It's not so simple to shut off people's telephone numbers.
| Consider some customers might be using the service for health
| and safety reasons. Better to threaten and then follow through
| that take the liability hit of just shutting off services.
| luckylion wrote:
| Say what you will about US regulatory agencies, I wish we had
| even a whiff of that in Germany. Over here, the best you can hope
| for is for the regulators to negotiate with the companies to shut
| down individual numbers that have been used for illegal
| activities for months.
|
| They might fine the companies running the robocallers/callcenters
| if they're in Germany, but they're absolutely never touching the
| providers who are happily supporting the criminals and instead
| throw their hands in the air and say "guess we can't do
| anything".
| ryandrake wrote:
| Even so, the US treats corporations with kid gloves. If I, as a
| mere human, blatantly and continuously committed crime, they'd
| kick in my door, shoot my family dog, and charge me with
| everything they could, expecting a plea deal. But when a
| company does it, they send them friendly letters: "Pretty
| please, with sugar on top, would it bother you much to stop
| committing crimes? We will give you a popsicle if you at least
| write us a letter saying you're trying!" You can tell who's in
| charge, and it's not the general public.
| luckylion wrote:
| Yeah, that's the kind of thing that erodes people's trust in
| "the system". I'm sure it's harder to go after corporations
| and their armies of lawyers, but their crimes are usually
| appropriately larger, too. But still, easier to go after
| individuals 10000 times than go after one corporation once to
| have the same impact.
| V__ wrote:
| I think one major reason is the lesser extent to which this is
| a problem. I can't remember the last time I got spam calls. A
| year or two ago it was much worse, but even then I got maybe
| one a month on mobile and one a week on my landline. Both
| numbers are publicly listed.
| luckylion wrote:
| I don't know how it works, I only get like two a month. A
| friend of mine gets two or three _a day_ and has just
| disconnected his phone and advised friends and family to only
| use his mobile.
|
| The same applies to the large scale phone fraud though, which
| quickly gets into tens to hundreds of millions of euros per
| year. Police won't do much because the criminals are outside
| Germany and cooperating with e.g. Turkey is hard, and with
| India it's impossible. Phone companies don't care because
| they're making money and the regulator is asleep at the
| wheel.
|
| Let's just make the phone companies liable for damages where
| they can't produce the customer (no KYC) or the customer is
| international. They'll quickly figure out who is legit and
| who isn't when it actually hurts their bottom line.
| narag wrote:
| Meanwhile in Spain: past month I finally convinced my
| mother that they should give up the land line for good. She
| uses Internet through the cell phone only, where it's easy
| to block all the spam.
|
| The land line calls were mostly spam, mostly from
| established companies, and some scams. A side effect: they
| went from 70EUR/month to 15EUR, 22EUR after the first year.
|
| I had got them a 35EUR contract (land/fiber + 2 cellphones)
| three or four years ago, but somehow Movistar managed to
| creep the bill to double and had announced that it will
| start charging 120EUR this year. Because reasons.
| luckylion wrote:
| Protecting your parents from scam & spam will matter a
| lot in the future. I've trained my mother on erring on
| the side of not believing whatever the email or person on
| the phone says and calling me to verify. It works great,
| she'll happily take a note from them e.g. when her mobile
| provider (or someone claiming to be her provider...)
| calls and asks how I can reach them. The legit calls will
| be happy to provide a callback number, and the other ones
| will give up when she's persistent that she can't help
| them. They'll move on to easier victims.
|
| The cost cutting can be immense as you mentioned. Plenty
| of people have ancient contracts that they never changed.
| from wrote:
| > Let's just make the phone companies liable for damages
| where they can't produce the customer (no KYC) or the
| customer is international. They'll quickly figure out who
| is legit and who isn't when it actually hurts their bottom
| line.
|
| This would result in prepaid sim cards going away which
| would create a lot of problems for homeless people and
| illegal immigrants.
| luckylion wrote:
| In the US, maybe. In Germany, prepaid sim cards already
| require full KYC with ID. There's no problem, you can get
| them with a preliminary ID card the government hands out
| to asylum seekers. There's barely any undocumented
| migrants in Germany because there's little reason to: if
| you're from most of Europe, you can come here legally, if
| you're from Africa or Western Asia, you can claim asylum.
| noAnswer wrote:
| It's just not true. https://www.heise.de/news/Telefonabzocke-
| Ueber-150-000-Besch...
|
| Especially in regards to expensive numbers, some critics go so
| far and say they got an "employment ban". They are not soft at
| all. But obviously they can only react.
| luckylion wrote:
| They could just do the same thing the FCC does: threaten the
| providers with revoking their licenses unless they get their
| KYC in order and do spam detection & prevention.
|
| But they don't. You can check their actions: https://www.bund
| esnetzagentur.de/DE/Vportal/TK/Aerger/Aktuel...
|
| They're fining ~20 companies per year for spam and have shut
| down a few numbers and stopped billing on a few foreign
| premium numbers. Other than that: nothing. They're simply
| ignoring the companies that are complicit.
|
| If they're not the right organization to enforce rules,
| that's fine, let's create one that does and hasn't been
| closely embedded within the industry for the past decades.
| timdaub wrote:
| hopefully they do it. Twillio is an awful paternalistic company
| and getting SMS numbers in Germany is the actual worst. For a
| client, I ended up having to buy an RPI and a SIM myself because
| Twillio restricts service severely for anyone not having a big
| company.
| westoque wrote:
| I was CTO of a company that was doing consumer text messaging
| through Twilio. I would say Twilio actually does a good job of
| monitoring messages going through its system. Our system at times
| were used by spammers to send spam text and Twilio's automated
| bot would catch these and would then ask us for reports if we
| have permission to send automated text messages to the numbers.
| kostarelo wrote:
| Do companies like Twilio do anything about spam the same or
| similar way Google for example handles spam?
|
| I guess that they are not obliged to deal with it at least in
| most countries. I honestly don't know much on this space but this
| article raised my curiosity.
| aliqot wrote:
| Good. Twilio sucks anyway.
| PM_me_your_math wrote:
| What is a better alternative?
| PopAlongKid wrote:
| Sinch.
|
| https://html.duckduckgo.com/html?q=sinch%20versus%20twilio
| bevenky wrote:
| A list of alternatives
| https://www.g2.com/categories/communication-platform-as-a-
| se...
|
| Checkout Plivo https://www.plivo.com/
| gkoberger wrote:
| So, I totally agree with the premise (robocalls are horrible,
| Twilio shouldn't allow them, etc).
|
| However, to defend Twilio... I have about a dozen numbers, all
| for little automations, and the past 6 months they've been REALLY
| heavy handed about requiring them all to be registered and a
| bunch of other requirements. I get a ton of emails like "Register
| your 10DLC numbers to avoid unregistered fees", etc. They've been
| tightening the requirements, too. At first it was 3,000+
| messages/day, now it's my 1-message-a-day-to-the-same-number
| accounts they're cracking down on.
| maxk42 wrote:
| About fucking time!
| nodesocket wrote:
| I wonder what percentage of their revenue is spam and scammers.
| They certainly are turning a blind eye.
| WirelessGigabit wrote:
| First of all: the FCC is getting its teeth back.
|
| Second: At a larger scale this is the balance between providing a
| service that is cheap and ensuring your service isn't used for
| nefarious purposes.
|
| What happens next is that there will be more stringent
| identification needs, and then apps like MySudo get into
| trouble...
| metadat wrote:
| Why don't iOS and Android support sending calls from unknown
| numbers straight to VoiceMail (or block entirely). Why isn't this
| a first-tier feature?
|
| If such functionality were well-implemented, you'd be able to
| disable it for a limited amount of time if you're expecting a
| call, and then the setting would kick back on automatically.
|
| Apple and Google could work together (or even 100% independently)
| to tackle this at the handset endpoint level, yet there is no
| serious investment. They both have the data to create extremely
| robust solutions that could kill such life nuisances once and for
| all. Why do they continue to sit on their laurels rather than
| treating this as the serious abuse it is?
|
| I get more text-message and phonecall spam than ever. Whatever
| [meager] measures have already been attempted are completely
| insufficient and have failed.
|
| Imagining a future where my children perceive this as normal
| doesn't seem right. What can we do about this?
| FPGAhacker wrote:
| > Why don't iOS and Android support sending calls from unknown
| numbers straight to VoiceMail
|
| iOS does. It's called "Silence unknown callers" in the phone
| app settings.
|
| I expect android has this as well.
| metadat wrote:
| Thanks, that's a start for the phonecall spam.
|
| The iOS texts are especially bothersome because they appear
| on every device and machine hooked up to iMessage.
|
| I just looked and Android does have this setting buried under
| several slices of the phone app settings layer cake. It's
| better than nothing but I'm unwilling to accept that this is
| respectful to end users. It's really hanging all out non-
| experts to dry, when they absolutely should be in control.
| chadlavi wrote:
| quite a lot of companies would have a bad day if twilio suddenly
| turned off
| MiddleEndian wrote:
| The phone system needs to be changed so we get the full stack
| with every call, along with the name of the caller, so customers
| can block shit en masse uBlock Origin style.
|
| The number of VOIP callers I want to contact me: 1 (my doorbell
| (I assume it's VOIP, not sure))
|
| The number of non-US callers I want to contact me: 2 (family
| members who could just contact me in other ways)
|
| Even if I have "agreed" to let some company contact me, like the
| phone company or my ISP, I'd still rather not receive calls from
| them.
| from wrote:
| > The number of non-US callers I want to contact me
|
| But non-US callers can get US numbers. Do you want the phone
| company to fax over a passport scan of everyone who calls you?
| MiddleEndian wrote:
| I don't care about an individual's actual country of origin.
| Plenty of my friends are not American. But if I get a call
| that has any hops from an international network, then I want
| to block it, because it is spam (barring my two family
| members).
|
| If a phone company does not provide information about all the
| hops, then all calls from that company should be blocked as
| well. Ideally phone providers would not be allowed to forward
| calls from such a network at all.
| beckingz wrote:
| Honestly, yes.
| ohyoutravel wrote:
| Finally some consequences for these awful robocalls. I love and
| use Twilio but they can burn as far as I'm concerned because they
| allow such abuse.
| andrei_says_ wrote:
| What's a good alternative to twilio for sending transactional
| sms?
| PopAlongKid wrote:
| Sinch maybe?
|
| https://help.moengage.com/hc/en-
| us/articles/360049013671-Con...
| bevenky wrote:
| Here is a list of alternatives
| https://www.g2.com/categories/communication-platform-as-a-
| se...
|
| Plivo is one of the leading alternatives
| https://www.plivo.com/
| PenguinCoder wrote:
| I have had good experience with https://signalwire.com/
|
| I run a few projects that interact with their API for SMS. I
| recently had to go through some extra hoops to 'verify my
| business' with them, due to the newer carrier regulations.
| But overall, works how I expect it to and with minimal
| issues.
| FearlessNebula wrote:
| I think AWS has a service?
| fiznool wrote:
| A couple I've used:
|
| - Vonage: https://www.vonage.co.uk/communications-apis/sms/ -
| CM: https://www.cm.com/en-gb/sms/
| tobinfekkes wrote:
| Couldn't agree more. I've used Twilio for years and love what
| it provides for me, but I'd trade in my SMS services to make
| robo calls end.
___________________________________________________________________
(page generated 2023-01-29 23:00 UTC)