I either disagree or am ignorant about SS7. See my other post on this page. Interested to read others thoughts about implementing a "opt-in, call back only or GTFO system".
If I have full control of a DID, implementing callback isn't hard. That would be a bandaid type solution built on top of the existing phone network, however. Fixing ss7 at a systemic level so that all call routing in and outbound is verifiable, CID spoofing is impossible, is what is nigh impossible.
Are there any proposed replacements? Even SIP has vulnerabilities, foot gun features, and fundamental design problems like use of MD5 digest, NAT intolerance, and vendor and device specific bugs.