[MyFirstSass]

I'm in Northern Europe and lately spam calls, and especially spoofing from random peoples numbers have become so bad i know multiple who stopped taking any calls, or even changed their phone numbers because they got too many calls, or angry people called them because their number was spoofed.

To me the whole system is archaic - i know gen z would never ever take a call from someone they don't know, or even call each other - it's simply not something you do - it would be like reading your spam mails.

And i'm coming to the same conclusion, answering random people is naive.

Practically we need something new though.

[harrall]

Phone calls now produce JSON Web Tokens that identify users with cryptographic signatures. This was codified around 2018 by the IETF, SIP Forum, and ATIS.

So the public phone system now supports it, but the problem is that not all providers support it yet, which fundamentally weakens the system. Of course, you can’t just add a new “protocol version” to an over-100 year old phone system with zero time to do a migration.*

But now that it’s been a few years, we are reaching a point where, at least for the US, the FCC wants to ban any provider who hasn’t added support.

*simplification

[derekp7]

Are the signatures available to the end user? I would love to set up a call screener that only accepts verified calls, as most spam uses spoofed numbers. I'm assuming that the major players implement the protocol at least .. I'm ok if the filter rejects things that aren't real land lines or cell phones.

[wolrah]

> Are the signatures available to the end user?

That's up to your carrier.

In general "hosted" services will hide the actual token from the end user, though they may offer either filtering features or the ability to tag calls in the Caller ID based on their signature.

Trunking services designed to feed in to a customer-controlled PBX will usually offer either the same sorts of filtering/tagging or complete passthrough of the token.

[nsporillo]

This is only possible if the call transits through all IP networks. If the call at any point goes over TDM, and out of band shaken is not implemented, then the signature is lost.

End to end authenticated calls is the ideal state, but I don't think we're fully there yet.

[harrall]

Definitely not even close to fully there yet but getting the VoIP providers to do it is an important step.

Rolling this out is like when the world first rolled out DKIM/SPF for email. You need to reach a critical mass of adoption before the data is useful.

[pavel_lishin]

> And i'm coming to the same conclusion, answering random people is naive.

Which is why people who pick up are great targets for whatever garbage is being peddled.

[stuckkeys]

I get at least 10 calls a day lol. They are all from India. Insurance scams, life insurance scams, you name it. I had to switch to only accept calls from known numbers. The rest are just sent to voicemail. I will probably miss on something important, but I have had it.

[spacecadet]

I pick them up on purpose, bate them, waste their time, call them back, waste more time. It can be fun sometimes, had one hanging on me the other day, I was laughing so hard. "Stop calling us!", "Stop calling you?! Bro stop calling and scamming people!" lol... Im also always looking out for AI phone systems as well. It's real fun messing with those, specially when you can get them off the rails.

[ajorgensen]

I recently did the same thing, as 95% of my incoming call volume in a week was spam calls. It's been great. The friction I feel is when interacting with ephemeral contacts like contractors, etc. I've had to try to be diligent about adding them as contacts if I expect a call back, or hoping they leave a voicemail.

It's sad there really isn't much you can do about it. I tried do-not-call lists, answering and telling them to stop calling me, reporting them - all was apparently a waste of time.

[TheRealDunkirk]

In our modern world, every last vestige of trust is being abused. Government bureaucracy is an increasingly-visible problem, and a lot of it is insulation to protect lobbied interests, but some of it is a good-faith reaction to the way various actors abuse trust in a market. Eventually, there will be no trust left in society, whether due to law or personal technology. Apple would do well to take the lead on better ways to handle this on the personal side.

[blackoil]

We need better control in the phone. In your case blocking all calls from India will help.

[charles_f]

They show up as a local number though

[bombcar]

This is why you have a cell phone whose area code has nothing to do with the one you live in.

And then block all calls from the same area code as your cell phone.

[kevin_thibedeau]

This is the way. But get a secondary GV number with your area code for handing out as a burner number.

[stuckkeys]

Yeah. All local numbers haha. Spoofed the hell out.

[BehindBlueEyes]

yup, anyone who knows me knows to email if they want a reply, and that I only take calls by appointment. Leave a message and I might call back, otherwise my phone's not on me, doesn't ring if the caller isn't in my contacts and doesn't even have cell reception most of the time.

[usr1106]

Which country? I am in Finland and have had the same number for over 20 years. It is publicly listed. I receive maybe 1-2 marketing calls a month and less than one SMS scam per year. I am somewhat restrcitive filling in my contact details when I don't expect any real business. I only use deposable email addresses, but that should be completely unrelated.

The last "Microsoft" support call was years ago.

[mschuster91]

> Which country? I am in Finland

That's your answer right there. Finland is a small country with a very niche language of just about 5M people - it's too expensive to teach people Finnish good enough to convincingly scam off the elderly, not enough marks to return that investment, and you need a sizable population of poor and desperate/dumb people to act unknowingly as money mules.

In contrast, for English language scams, you got 340 million Americans, 68 million Brits and dozens if not hundreds of millions of people speaking primarily English in former colonies (India, Australia) that are potential marks. And to make it better for Indian scammers, people there are already used to Indian call center accents so their alarm bells don't go off immediately.

For German language scams, it's 84M in Germany, 9M in Austria and 4.4 million German speakers in Switzerland. For us, it's mostly scams based in Turkey, because there are a lot of Turks who learn German because they have relatives here or their parents had a stint in the 60s-90s.

[mgkimsal]

We've also had a couple generations of folks trained to treat 'foreign' sounding speakers as authoritative, due to most call center and support work being shuffled to non-US-based places. Calling a 'local' cable company and getting someone in Phillipines or India giving support is the norm, and many folks are now accustomed to giving details and account authorization for things to people who sometimes can't form coherent or natural-flowing sentences.

[eitland]

Norwegian here.

Just read [1] that our local telecom authorities (NKOM) report good progress when it comes to preventing people from abusing Norwegian telephone numbers to spam/scam Norwegians.

[1]: https://www.tek.no/nyheter/nyhet/i/jQgEl0/nytt-digitalt-skjo...

[kl_r]

Sweden here. I would say that I get somewhere around 3-5 spam calls per week.

[sandos]

Sweden here, and I get less than one spamm call per year I would say, likely from abroad since in Sweden you can easily opt-out of marketing calls, except from companies where you are already a customer, which can be annoying enough.

[Symbiote]

Similar in Denmark.

My work mobile number is listed on the company website. I need to answer unknown calls from anywhere in the world, although I only get them every two months or so.

I can easily look through my whole call history. This year I seem to have had about six spam calls, and for the first time I bothered to work out how to block a number on Android — three of the calls were from the same number within a few days of each other.

I'm curious how this works in the USA for people that need to answer work calls — does the receptionist at a large company find 9 out of 10 calls coming in are spam? In some countries there are specific ranges for different types of numbers (all UK mobile phone numbers begin with 7, all numbers beginning with 3 are businesses/etc) which allows the spammer some basic filtering, but that's not the case in the USA.

[Shinchy]

Here is the UK it is very common, I must get 4-5 a week and I am also very cautious about who I give my number to.

[alex_duf]

In France since the first of October you can't spoof a French phone number anymore. (Edit: at least with the existing ways of spoofing. I'm sure it's a matter of time before someone hacks an operator and signs their calls through them.) Anecdotally, I haven't had any spam call.

French link: https://www.fftelecoms.org/nos-travaux-et-champs-dactions/ca...

[eightysixfour]

I've wondered more than once if our contact information should be more like Apple's hidden emails - generated for the specific person or business we want to be able to contact us, and revocable - with a public fallback which is expected to go to a voicemail of some sort.

[rungeen__panda]

My personal data has been part of 2 major leaks so I'd definitely pay for this feature. I already use a service which generates random emails and forwards it to my primary email address so having such a service for phone numbers would be a great idea.

[LoganDark]

I use Firefox Relay, it's great. (Unique email address for each website)

Unfortunately some businesses have started marking them as spam because they don't like not having the direct personal email of each user

[pembrook]

That has nothing to do with it.

Businesses block fake email generators because they’re overwhelmingly used by fraudsters/spammers/etc trying to abuse systems.

Anybody who’s ever run an internet service that allows open registration or has a free plan knows this the hard way.

[LoganDark]

Exactly. They want to only have direct personal emails so that if someone is a spammer they can easily be blocked/banned. And so that there are consequences for spamming. This is sort of the same principle as KYC.

[musicale]

It is an immutable law of commerce that any effort (be it legal, technical or otherwise) to protect people from obnoxious and/or harmful behavior by businesses will be fought tooth and nail by obnoxious and/or harmful businesses.

[Semaphor]

I (in Germany) still wonder why I’m lucky. I’m not complaining, I’d like to keep it this way. But my phone number is relatively ancient, as it’s still the same I got with my first phone around 22 years ago (maybe almost exactly? I think I got it for Christmas when I was 16 :D), and it even was included in the Facebook leak a while ago.

After the FB leak, I got a maybe 6-8 spam calls over the next month, and that was it again. It’s maybe 1-2 per year, and they are easy to recognize because they call from different countries.

I thought it was maybe Germany having stricter regulations, but people on Reddits /r/de do complain about spam calls, so no idea.

[Sweepi]

I agree.

On this front, the Bundesnetzagentur (https://www.bundesnetzagentur.de/DE/Vportal/TK/Aerger/start....) does its job quite well, for decades at this point.

[ghaff]

Experiences seem to differ a lot. In the US, I only have a cell phone so I have to give out the number and I only get junk calls once a month or so. It's certainly not in the disable incoming calls category. (Although I also suspect that different people have different tolerances and different perspectives on people being able to reach them from possibly unknown numbers.)

[nielsole]

I think I've not had a single spam call in more than ten years. (Also Germany)

Whenever I get a temporary number for the US I get spam SMS and calls.

[Izkata]

In the US, I've had my number for about as long as GP and get something like one spam call every couple of months.

[patrickmcnamara]

I get spam on my landline about once a year in Germany. It woke me up from a nap yesterday. :(

[Towaway69]

I haven’t had a landline for nah on 15 years - well not one connected since it remains a requirement to have one if you have DSL at home in Germany.

Occasionally I check the caller list on my dsl box - probably low single figure spam calls per year.

[nickpsecurity]

I get up to ten a day or something like that. It used to be a smaller number of actual people. I’d answer it to listen to them, counsel/encourage them, and tell them about Jesus Christ. Even the scammers might in rare cases change their lives.

They’re almost all AI calls now. The AI’s force a specific progression, are rude, and will argue with you. Some are programmed to claim to be human. It’s usually the same AI’s selling the same products connecting me to the same telemarketers. Some know my voice.

I can’t stand robocalls because nothing good comes from it either way. I don’t get to encourage new people. Their sales hurt by contacting the same people for stuff they’ve already been disqualified for. If I heard new offerings, I might buy or donate. For example, one was St. Jude’s reminder which I responded to on their web site.

Others are taking action. There’s regulatory penalties for repeated calls, calls outside a certain time, etc. You need to be on the do not call list to be sure. You can send the companies a cease and desist or a lawsuit in small claims under the TCPA. There’s law firms semi-automating that, too. If in the U.S., use that if they keep harassing you.

[irjustin]

> And i'm coming to the same conclusion, answering random people is naive.

In Singapore, they've enacted SMS identifiers and you've got to register your company to send SMSes via shorthand.

Looks like we'll want to do the same to general phone numbers. If I knew my bank or a government office was calling me I'd happily answer.

But 99% of the time it's robo callers claiming to be the bank hahaha sigh.

[rtkwe]

One day years ago back when our desks still had phones on them someone called back and they had spoofed my desk number as their call back. Took a bit to get down to that because I had no idea if it was someone in the company or not trying to reach me. (We checked into to desks at the time I think so the number could have been forwarded or listed as mine for the day at the time I think)

[ghaff]

>To me the whole system is archaic - i know gen z would never ever take a call from someone they don't know, or even call each other

I suspect folks in Gen Z are also less concerned with calls from medical/emergency/etc. services. That said, habits have certainly shifted. With very few exceptions, I'm not going to make a personal call out of the blue at this point.

[Grimblewald]

Easy, call via some voip implementation or another i often have internet access when i dont have phone service, not rarely have service without internet and therefore voip is already more relible. Moreover, its also quite clear who is calling me, so spoofing isn't viable. cellular based calls are dead and belong buried.

[jalk]

Can you elaborate on how using a VoIP client, makes it clear who is calling?

[Grimblewald]

Not all would, but most worthwhile clients support end to end encryption, or some form of authentication which is time consuming to circumvent, meaning it becomes quite difficult to efficiently spoof random identities.

[tarboreus]

I read my spam mails. Google dumps 90% of non-Google or MS domains in there.

[dicknuckle]

What a weird generalization. I've had no issues receiving email from plenty of other domains.

On the flip side, it only took me a few days to fix my friend's business domain so they could send emails to Gmail users.

[eleveriven]

Maybe the future of communication is less about traditional calls and more about apps or systems where verification is baked in...

[TeMPOraL]

The problem is not that the phone system is old or "archaic", or that it uses old technologies - rather, the system is as bad as it is, because it's been ravaged by a cancer - a cancer on modern society known as advertising[0].

All of this has happened before, and it will happen again.

Any new media, any form of communications we invent, develops this cancer as it grows into mainstream awareness. The more people a new tool can reach, the more rewarding it becomes to marketers and salesmen, who all flock to it - and as they do, they accelerate the growth of the medium while also displacing and degrading the intended/legitimate usages of it. Soon enough, the medium turns into barren wasteland full of threats to users' sanity and wallets. Only once it goes so bad that people stop using the medium, and/or find a better alternative, do things get better - the cancer dies off as its nourishment supply, i.e. the audience, goes elsewhere. But the disease follows them there. And, if didn't inflict terminal damage to the old medium, chances are that old medium will experience a second spring[1], albeit in a much more diminished shape, becoming a niche hobby or internal technical tool[1].

Advertising is what destroyed AM/FM radio (remains a niche). It's what destroyed outdoor information displays (now existing only to show ads). It's what denies us beautiful vistas (all obstructed by billboards). It's what killed OTA TV, then cable TV[2]. It's what killed e-mail[3]. It's what killed the phone system, and it's what will kill any new thing we move to.

This problem will not go away until we start treating the actual disease - advertising. And by treating I mean the equivalent of radiation therapy[4]; anything else, anything narrowly targeted, leaves space for the disease to come back with extra force - the line between "outright scam" and "legitimate communication" is fuzzy, and salesmen and marketers are very creative at blurring it further.

And no, adding crypto (the legitimate kind) to the mix - authentication protocols, encrypted handshakes, whatnot - will not help, for the same reason your immune system isn't of much help against real cancer either. Sure, it'll get harder for a random Joe the Scammer to do their fly-by-night salesmanship, but advertisers in general can afford to implement all the schemes marking them as AAA tier 1 legitimate communication.

After all, if you look at the web, who's actually pushing most of the security stuff? Unsurprisingly, biggest players in adtech. Improving the medium's immune system is in their interest - they're still invisible to it, and getting rid of the most obnoxious scams secures their own ability to feed on all of us.

--

[0] - Well, kinda. It also includes bits of activities classified under "sales" and "marketing". I think the closest term encompassing them all might be "marketing communications", but "advertising" as understood by regular people covers most of it.

[1] - In rare cases, it may turn into a kind of "zombie mode", a blob of glowing radioactive mutated cancer, able to live out of background cosmic radiation, or such. I mean, how else can you describe the Fax system? You plug it in, wait a moment or three, and suddenly it starts spitting out ads!

[2] - The prime example why paying doesn't protect you from the disease. Once medium contracts advertising, the option to "pay instead of seeing ads" quickly turns into "pay and see ads anyway", and then "fuck you, pay more and see even more ads".

[3] - No, spam filter only catches the worst of it. "Legitimate" advertising still fills most of everyone's inboxes, which is a big reason why people flock to closed, gate-kept alternatives.

[4] - Or nuking it from orbit. Pick your own favorite exaggerated metaphor; it's the only way to be sure.

[SoftTalker]

Yeah I’m old enough to almost be a boomer and I don’t answer the phone if the caller is not in my contacts.

[analog31]

I am a boomer, and I don't answer the phone. "If it's important, they'll leave a message."

[charles_f]

Though I deactivated my voicemail cause I was tired of getting spam on it.

[analog31]

Admittedly, I have to let some things through because I'm a freelance musician and if I don't take a call, the client will move on to the next person on their list. But at least leaving a voice mail means the caller doesn't know if they've reached a live line or not.

[SoftTalker]

And if it’s really important they’ll send a letter.

[nkrisc]

All the important stuff comes by either certified mail or a legal process server.

[Fade_Dance]

I only accept and send Horde Mail.

A personalized Viking Raider takes your package on a saga to your chosen destination, looting and pillaging on the way while yelling battlecries and occasionally throwing an axe.

Extra charge if longboat is required.

[nmeagent]

Yeah, but I bet they just pass any resulting weregild right back on to the customer...

[imoverclocked]

And once they have done that in triplicate, I might answer the phone.

[canucker2016]

I'm with all of you - not in contacts, not gonna pick up the call.

But I read about a situation which would probably open the doors a bit...

see https://toronto.citynews.ca/2024/12/02/toronto-public-librar...

A girl got lost. She wanted to call her mom, but the girl had left her phone at home. So she went to the library to phone her mom. The librarian refused to let the girl make a call. [N.B. Yes, the librarian got in hot water for that move]

The girl eventually convinced a stranger to let the girl call her mom using the stranger's phone.

The mom, who was frantically trying to locate her daughter, took the call even though it was from an unknown number.

How many people would make an exception in that case of an unknown number calling?

[MichaelRo]

>> The mom, who was frantically trying to locate her daughter, took the call even though it was from an unknown number.

>> How many people would make an exception in that case of an unknown number calling?

Duh! What a stupid question. Almost everyone in extreme distress due to losing their child would take anything, call, stranger knocking at the door, medium talking to the ether. Anything! :)

I get this is an Idiocracy-level type of question: "If you have one bucket that contains 2 gallons and another bucket that contains 7 gallons, how many buckets do you have?"

[GoblinSlayer]

>The girl eventually convinced a stranger to let the girl call her mom using the stranger's phone.

She could send an SMS.

[jfengel]

"When you hear the beep, please hang up and send me a freaking text."

[marcus_holmes]

GenX here and I'm the same - I always hang up on an unknown caller, and consider calling someone without texting first to be rude.

I don't think it's a generation thing, I think it's that what we generally consider normal has changed, but that some people got left behind in the old normal.

[dcow]

It’s definitely not rude to call someone without asking first. If you don’t want to answer the call then don’t and if it’s important I’ll text or leave a voicemail.

[aydyn]

Actually, it is rude nowadays. You dont call a personal line if that person doesnt know your number. You send a text.

[dcow]

That’s completely different.

[marcus_holmes]

I don't know why that's completely different - that's the behaviour I was describing.

[dcow]

“if that person doesnt know your number“

I’m saying that if two people have each other in their contacts lists and are on friendly terms, it’s not rude to call them if you need to talk to them.

Maybe I misunderstood, though. Sounds like you were talking about cold calling someone you don’t know. I agree that’s rude if the person is not expecting random inbound calls or isn’t in a professional context were there’s an expectation of receiving a call, and has been for generations.

[exploderate]

> I don't think it's a generation thing, I think it's that what we generally consider normal has changed, but that some people got left behind in the old normal.

Isn't that the definition of a "generational thing"?

Now I have to think every time, is this someone I have to text first? Or do they consider texting then calling redundant? Anyhow, I think both are important communication techniques, adults should be able to do remote direct verbal and async written.

[ghaff]

I take "generational" to mean different behavior patterns in different current generations. Of course, behaviors and norms can also change for most people over time.

[marcus_holmes]

yes, this.

[pasc1878]

This will cause problems with many things.

Delivery Drivers/taxis use their own phones to tell you if their arrival times will change.

Medical calls can come from personal phones.

[DirkH]

Delivery drivers/taxis just text me when calling fails. The upsides far outweigh the downsides of blocking all calls not in my contacts. Humans and institutions adapt to new normals. Some just slower than others.

[pasc1878]

Mine don't they just phone.

[tokai]

Will cause? We are a lot of people doing that right now, and its working fine,

[pasc1878]

Not for me - I have just had to turn the block off.