[treve]

The phone system seems pretty absurd. Just the fact that we can't trust originating phone numbers seems odd. There's lots of good ideas to go around, and there's so much in internet technology that could be applied to the phone system, but I'd love to read an article on why its hard to update the phone system.

[dade_]

There are many reasons:

-You forward your office phone to your cell phone. You want the number of the original person calling to show up on your cell phone. This means that the office phone system needs to spoof the original caller's phone number. This could be a local call, an overseas call, etc.

This is not a simple update issue. How does the telco know that this is a legitimate spoof? Further, if this is blocked and the number is rewritten to the billing telephone number, the client will complain that they are answering outside calls, thinking it is their office calling.

-How the carriers are integrated, how do they trust the incoming call info from another carrier? Blacklists and whitelists are impossible to keep up as scammers are randomizing the data.

This is an expensive problem, and one that carriers would love to solve - there isn't a lack of incentive either. I've seen a few solutions out there, but I am not convinced they work as advertised.

[jjeaff]

If I want to call someone using a different caller ID through twilio, twilio makes me verify ownership of that number.

But of course, then twilio is only doing this to keep scammers off their own platform. Since the telcos don't validate anything, there are plenty of less scrupulous providers that don't validate anything.

So all the telcos need to do is require anyone providing access to their networks to validate their caller ID numbers.

[to11mtm]

Hahaha So true.

I actually deal with (part of) this problem from the other side: I maintain text messaging for the biggest company in our sector.

Within the last few months, we've been running into issues where our phone numbers are actually being stolen by these third parties.

Service providers are SUPPOSED to receive letters of authorization before porting a number. I.e. if I want to use my phone number on Twilio, I need to provide a letter showing ownership of the number (or blocks of numbers) I wish to provision on their platform.

Twilio, BTW, is one of the good guys on this. But FWIW, if the number's already provisioned they can't really tell you when a number's been hijacked, you won't know till you try to use it and Twilio's API gives errors.

Anyway... big takeaway is our numbers keep winding up 'stolen' by another provider (not Twilio). Every time we email them, they release the numbers back to us, but asking for LOAs to see how this happened gets crickets. Oh and this process leaves the numbers unusable for 1-3 business days.

[smnrchrds]

Take the difficulties of IPv6 migration and remove the ticking clock of running out of IPv4 addresses. How long would the migration take? 10 years? 10000 years? I bet it would be closer to the latter than the former.

[tonyarkles]

And add in the fact that Nortel made a ton of the currently deployed phone switch gear, and they haven’t existed for almost 20 years now.

[dade_]

The businesses were purchased by Avaya (enterprise) and Genband (carrier). There are support and upgrade paths available. This fact also has nothing to do with the problem.

[Sharlin]

The internet has been slowly getting better but remember that in general we can’t trust the ”from” field of an email message either. No need to even spoof it as it’s literally whatever the sender wants to put there, by design.