[kjellsbells]

Yes, but. SS makes a cryptographically based attestation about the origin of a call. For a user A on, say AT&T mobile calling a user B on Verizon, this is straightforward: the AT&T server can make a strong "type A" assertion: they know A, they control the access network that A is on, everything is copacetic.

However there are other tiers of attestation that are less strong, and because telcos also do a screaming business in bulk transport of other people's calls, these calls still get connected. So for example user C in say, Telenor Pakistan calls user A on AT&T, but the call is carried across the world by some transit carrier, like Lumen or BICS. This happens all the time. Then all that ATT see is that BICS attest that they trust Telenor, but have no control over the source number C.

It gets real murky real fast. On top of all this there are yet more complex cases, like American Express buying a block of phone numbers from one phone company but actually being connected to the global phone network by another. Or wanting to have those domestic numbers route offshore but still appear as US numbers when they call you stateside.

Its a mess, and SS helps as best as it can, but I think the real solution requires a change in how telcos get paid, and route one another's traffic for money, and that is not changing anytime soon.

[smelendez]

This and the grandparent explanation are very helpful. Thank you both!

The frustrating thing is I would bet that the vast, vast majority of people in the US do not want anything except those “type A assertion” calls: calls from trusted users of trusted carriers. And I say this as someone who regularly communicates with friends and business associates overseas but essentially never through the traditional phone network.

It seems like that would also cover the situations some people often mention regarding emergencies, since a hospital, school, or random person on the street won’t be calling through some fly-by-night carrier.

I get some people and businesses have more complex needs, and I’m sure there are a million corner cases. But it feels like if you let people easily opt in to a sensible but restrictive plan, and allowlist trusted carriers in other countries, you’d solve a lot of this problem?

[kjellsbells]

> opt in to a sensible but restrictive plan, and allowlist trusted

The irony is that the end users have built this by themselves: ignore all calls unless they are from a known contact, at best, diverting the rest to voicemail. Basically each user builds a 1-deep network of trust. Sad that it had to come to this.

There's are argument that says this is all a side effect of a technological innovation: the rise of VoIP/SIP over TDM.

[dmurray]

It seems like a failure of the free market. If instead it were prohibitively expensive to run a telecommunications provider, and no country would have more than two or three, the spam calls could be regulated away. Perhaps at the expense of other technological or financial innovation.

[MiddleEndian]

Is there a reason why I can't tell my phone company "Don't take any calls from anything less than Full Attestation"?

[_rs]

How does this work in Europe, where the above comment says this isn't an issue?

[kjellsbells]

I can only speculate, since Europe is a huge place with multiple telco regulatory regimes and lots of transnational telcos. For example:

- France has a version of STIR/SHAKEN - Germany's Deutsche Telekom has massive presence via local operating entities in poland, austria, czechia etc etc. So it might be that they can assert tighter knowledge of a caller across countries and carriers because its all really DT. - Similarly Orange/Hutchison in France, Austria, and IIRC north Africa.

Beyond that, i dont know.

[yurishimo]

Could it be due to pricing differences? I have only been in the EU for 6 months, but one thing I noticed when signing up for cell service, is that SMS and Calling is expensive when calling to a different country. For me to call someone in Germany from The Netherlands, it is €0.23/min.

At that rate, scamming someone on the phone from a different country is prohibitive. The other option would be to setup shop and purchase numbers from all EU nations, which is also prohibitively expensive and probably not as easy since LLC's aren't really a thing.

My guess is the large population of the US + the advantageous legal system for new companies is what makes this a unique issue for Americans.

[Fradow]

The above comment exagerates based on anecdota.

From what I gathered, it's a lot less of an issue compared to the US, but scam calls & SMS do happen.

My anecdota: I'm French, and receive scam calls from time to time. They are different from the ones you see in the US. Here it's mainly "CPF" scam calls, which is training credits every working person automatically get and they are trying to scam you into paying for a illegitimate training with those (don't ask me for more details, I've not researched it further).

In France, it tends to be less of an issue because the government is at least somewhat invested in fighting such scams, and because the language isn't as universally spoken as English (which is true for most of Europe). You can usually spot a foreigner speaking French miles away, and it's a red flag for any sane person when an incoming call has an accent.