I know it's overkill, but this is my current setup for my phone numbers. I treat phone numbers the same way I do my email address: I use different numbers for different purposes.
1. I have a "clean" phone number I only share with friends/family. Certain prefixes and phone number actually receive next to zero spam calls. This number has received 2 calls in the years I've had it.
2. I have a phone number I share with companies / loyalty programs / etc.
3. I have a legacy phone number I've had for 10 years that receives multiple spam calls daily. For this number I've set up an incoming handler that uses Google Cloud to ask the caller a simple question (What is five plus two?), parses with the Speech Recognition API, and forwards calls with the correct answer. The rest go to voicemail. It's better to use the speech recognition API than it is to ask the caller to press a DTMF tone, in case they are in a car or are calling from a device without a telephone keypad. If I every need to, I'll add this protection to use numbers 1) and 2).
4. I have a number that rings straight to voicemail.
All numbers use the Whitepages and Nomorobo APIs from Twilio. These score the "spamminess" of calls. Calls with sufficiently high values are forwarded to voicemail.
For incoming calls, I set the caller ID for the calls to my SIP clients to indicate which number is being called, and include the spam score.
When I was younger I used to work for a market research company doing surveys over the phone.
The way their process worked was:
* Big company wanted a survey completed.
* Big company would want it targeted to a specific state/regional area, so would provide a list of post/zip codes.
* Survey company would translate the list of codes into phone prefixes for each area.
* Computer would randomly generate phone numbers in the area - starting from xxxx 0000 through to xxxx 9999 for operators to call.
That meant you'd get disconnected numbers, businesses, private/silent numbers, faxes, modems, etc.
So having a "clean" number didn't protect you. While a few projects were targeted to specific people/numbers - most were just random.
They actually do try to enforce it, but right now it's a losing battle. You can spin up a new voip company and start blasting scam calls from an overseas call center in a weekend, then spin that company down before anyone has any idea who you are.
Customers complain to carriers, who then either get the offending voip provider to block the scamming customer, or just threaten FCC action. But the whole cycle is so slow and you're fighting a never-ending shapeless horde.
I think STIR/SHAKEN will help with this if it ever gets fully implemented and enforced, and voip providers are always trying to come up with better fraud detection to avoid the man-hours associated with assuaging carrier concerns, blocking the customers, etc, etc.
Feasible (as in practical in general to identify spammers/scammers) and possible (as in "could a concerted legal effort identify a single caller who made a threat against an official?") aren't the same thing.
Absolutely. So now that we've established the possibility, the question is, why exactly is it infeasible to use our existing means to identify spammers. And what do we have to do make it feasible?
That sounds like a cool setup. I used to daydream about putting together a neat setup like that with Asterisk but over time I’ve actually regressed and even started giving out my direct cell number instead of my Google Voice.*
Having kids, buying a house/land, starting a business, contracting with services - every once in awhile I’ll get a high priority call that I really don’t want to be delayed (emergency at school or daycare, last minute problem with land/house offer, etc.). One time even my doggie daycare called because my dog had collapsed and they were doing CPR in the background and needed my consent to emergently administer epinephrine.
I also live in a rural area and I wonder if I tried to get a local business or contractor to return a call if they’d assume they had a wrong number if they called and a robot asked them to do a math problem. I know I’d not infrequently get confused voicemails with my Google Voice number (“Not sure I’ve got the right number but ...”).
So in the interest of not wanting to risk those rare important calls being delayed or blackholed I’m one of those luddite bozos who answers every call and has to deal with hanging up on the occasional spam call. :-)
* The other reasons I’m dropping Google Voice are 1) it seems like it noticeably affects call quality, at least in my area (particularly w.r.t. latency; I imagine there are fundamental round tripping issues since I’m in the midwest, and I’m sure the cell networks also have a lot to answer for here compounding the problem with the inherent latency of modern voice calls compared to the old POTS) and 2) I’m trying to get ahead of Google pulling the plug on the service and leaving me to track down and update phone number info everywhere and 3) not being able to do iOS stuff with other “blue text” phones (“call me on my other number in order to Facetime”)
It is an increasing problem. I've defaulted to never answering numbers I don't have saved unless I expect a call. If it's important they should leave a voicemail. I wanna say a few years ago it wasn't this bad, then I realized I had missed a lot of spam calls cause I had my number behind Google Voice (free with Sprint) and now it is just ridiculous.
Also idk about other states, but in FL everything is public record, so after I bought my house I've gotten spam letters and calls like crazy.
This year I've been getting three types of spam calls (in Australia):
1. Spam call from new 03 8xxx xxxx range, I was sure these were VoIP numbers handed out by MyNetFone but haven't been able to prove anything. I can't remember what the content of the call was
2. International spam call from Mozambique (?). The call never connects if I pick up.
3. Private number, recorded voice in Mandarin. I think this is a tax scam.
I'm sure I'd seen some changes in the laws regarding caller ID this year, but I can't find it.
In Denmark, phone sales to consumers are generally illegal though strangely insurance and newspapers are excluded.
There's a national "do not call" list you can sign up to as well. This is amusing called the "Robinson List", presumably after Robinson Crusoe. The same concept is used in a dozen other countries.
I guess the penalties are severe enough that it generally only very shady people call, such as those pretending to be from Microsoft and calling to fix your computer.
It's also illegal in the USA, and we have our own national do not call list. The problem is the spammers are mostly using spoofed numbers (I get calls from my own phone number quite often) and are not actually physically located in the USA. It's difficult to prosecute some call-center warehouse located in Asia.
Rather off-topic, I was surprised by how readable this was to someone who doesn't speak a lick of Danish (me):
> Robinsonlisten er opkaldt efter Robinson Crusoe, som er en fiktiv person, der optræder i romanen Robinson Crusoe af Daniel Defoe. Han strander på en øde ø og lever isoleret.
EDIT: Just FYI this is a clip from a Norwegian comedy program. Danish and Norwegian have very similar written languages but sound very different when spoken. In reality with some practice Danes, Swedes and Norwegians can speak together and understand one another.
It's primarily an American problem, but I've seen in the last year or two an uptick in certain kinds of Spammy activity to my Australian mobile number.
The most prominent type, and have appeared in the last two years are the one-ring-only calls from some foreign country. They're trying to get you to call back to some premium-rate number.
The second are SMS based random spam. Just an hour ago I got spam from "JbHiFi" (even though it's not them, I've never given JB my number) with phishing/spam "you won a contest". I also get random SMS spam from other sources.
Then again, if you have any kind of landline in a regional area you're going to get a ton of fake NBN/Telstra/ATO/etc scammers.
The downside of inventing it is the US has a massive amount of legacy in telephony that few other nations have to deal with. That opens up tremendous opportunities to break the system. But, hey, we get +1 as our international code, so there's that.
All phone numbers in my Contacts app go into a whitelist that is maintained only locally on my phone.
When a call comes in, a notification gets fired off to the Firewall app, and it checks the number against the whitelist. If the number is on the whitelist, then it actually uses a functional replica of the iPhone Phone app UI to "ring" the call through.
If the incoming call is from a number not on my whitelist, then it checks the blacklist of known bad actors. If the caller is on the blacklist, then the call just gets blocked. I get a notification from Firewall that a call from a known bad actor was blocked.
If the incoming call is not on the whitelist or the blacklist, then it goes to voicemail, where it gets transcribed, and I get a notice that Firewall sent a call to voicemail.
I'm hoping that this is basically the same workflow we will see with iOS 13, just built into the basic iPhone Phone app. Then I should be able to stop using Firewall.
But I certainly don't need Nomorobo or any other such tool. Firewall solves all those problems, and does so better than any of the alternatives.
"2. I have a phone number I share with companies / loyalty programs / etc."
How does this one work and who provides this number ?
I ask because a twilio number is not a mobile number and therefore cannot receive 2FA from "short codes".
I am sure you know what I am talking about and have run into this ... so I ask, if you have a number that you give out to "companies" (as I also do) do you have a mobile number that can accept SMS from shortcodes ?
I don't have any trouble receiving SMS messages from short code senders to either my Google Voice or my VoIP number. Is this problem specific to Twilio?
Sometimes sites want to know my mobile provider (why does it matter?), so I just choose Verizon or Other.
The only site that won't accept my GV number is att.com. Oh the irony...
I find sites that won't accept my Google Voice number on a semi-regular basis. I think the most recent was Uber, which I discovered when moving phones a few months back.
I wonder if I have more success because my GV number was originally a cellular number (many many years ago). I've used it with Uber and Lyft successfully.
It’s alright they just locked me out of my account when they transitioned away from email. I use lyft now. Then they did the same thing. When did technology get so shitty?
No, they don't. There is a proper industry definition of what a "mobile" number is and only "mobile" numbers can accept SMS from shortcodes.
All of the 2FA from FANGs and banks and so on come from shortcodes so you can't do a lot of those 2FA workflows with a twilio number (or a number you port to twilio).
As per engineers at the Signal conference, there are no plans to make proper "mobile" numbers available at twilio.
I use Bria, and it's decent. It supports push notifications for calls, which is necessary on iOS. The app costs money, but comes with excellent support if you run into issues. There are free and open source apps, and the quality of these are hit and miss.
The push notification necessitates the app sharing SIP credentials with Counterpath (the company that makes Bria), so it's good to have some fraud protection for the extension in Asterisk in the event that Counterpath gets breached. They are a publicly traded company, so hopefully they have decent security.
It's not useful over the open Internet but on a local WLAN or over a VPN call should work fine. Unless you use a damaged phone book storing SIP URLs for your regular contacts should work too. No messaging or fancy codecs though.
SIP calls through Twilio are $1/month plus $0.004 per minute for incoming calls. The spam scoring APIs are "costly", and maybe cost $0.01 combined per lookup.
Google Speech Recognition and TTS are virtually free for my use case. Asterisk can easily run on a $5/month VPS.
I ported the legacy number to another SIP provider. Twilio is still cheap ($1 a month or so per DID, plus $0.004 per minute), but other providers are less than half that. For that price difference, I had no reason to choose another provider so I mostly did that for fun and experimentation.
I provision fresh DIDs all the time from my VOIP vendor. Robocalls don't work off a list of numbers, they just call every number in order.
The best strategy -- get an area code that's not local and where you don't know anyone. That's what I have on my personal cell phone. Any call that comes in from that area code I know is spam. I don't answer it.
I am strongly inclined to switch over to using a 900 number as my official public number for everything. Anyone who really wants to call me can afford the small charge it would require.
I'm not aware of any documentation that's all in one place. It all uses basic Asterisk functionality with FAGI scripts to do anything with advanced logic.
Twilio essentially provides the phone number. Calls to and from are sent over the internet using the SIP protcol. Twilio can talk to Asterisk or Freeswitch or any similar project. Asterisk has incredible customizability, so that's where I do everything.
I have a mobile phone, and don't want to use the carrier's voicemail. I use Asterisk instead, and also use Speech Recognition to get an email transcript of voicemails.
AFAIK it isn't, but it's Google, so there's a 50/50 chance it could be deprecated tomorrow.
I'm dying to jump ship whether or not it's deprecated though, because the web and Android apps are just unbearably shitty.
The web app simply fails to keep up with my typing speed (I can't even imagine how they accomplish this), and the unread counts are usually incorrect.
The Android app doesn't even handle the compose SMS intent, so you can't use it as the default for outgoing messages... this was briefly fixed when they folded Voice into Hangouts, but then broken again 6 months later or so when they decided to roll that back.
Oof, I don't know how I forgot about this one, but attachments. I just got a "text/x-vcard" attachment from someone. Google Voice helpfully displays it as "file type not supported" -- there is no way to download it, view it as text, or do anything other than tell the sender that I'm using a shitty Google product and please copy/paste the info out of it manually and send it to me.
I hope it gets even more popular soon to keep it from getting killed. Even in the valley, very few people I know are aware of Google Voice let alone use it. Google deprecation is always on my mind which causes me to stay away from any new Google products.
Just what we need, another startup injecting themselves into our lives. And then for the right price, "acceptable robocalls" can be Verified by Twilio™!
SHAKEN/STIR[1] is a much more network-agnostic solution to the same problem, using essentially the same, well-established technology used by internet certificate authorities. As such, it has all the same basic problems that CAs do, but it's a hell of a lot better than tightly coupling yourself to Twilio.
1. The promise being made is different. SHAKEN/STIR doesn't promise to only let through legitimate calls, it only promises to make caller ID accurate to prevent spoofing. This allows the weight of existing laws against robocalls to apply--the government, not Twilio, determines who is legitimate. Existing robocall laws are too lax IMO, but it's a step in the right direction.
2. This is being proposed as part of legislation. All telecoms in the US would be required to implement the technology.
3. I don't think it's accurate to call it "open", but it's not centralized in the same way that Twilio's solution is. It's a federated system analogous to HTTPS certificate authorities. Twilio's service is more analogous to content filtering services like NetNanny. As I mentioned, CAs have problems too, but they're a whole lot more open than NetNanny.
I'm not a lawyer, but my understanding is that robocalls already fall under laws that make them illegal. The problem is that if someone makes an illegal call from a spoofed number, you can't tell where the call is actually coming from, so you can't prosecute the caller. SHAKEN/STIR closes the loophole that allows spoofing phone numbers.
Make the user-facing telco liable for any spam call. The industry will sort out the problem overnight, by disconnecting from the bad carriers from which spam calls originate.
That won't work, because with current technology it's impossible to tell where the calls originate from.
I'm not defending the telcos for dragging their feet on this issue, and I'm also not opposed to regulation, but there's a technological aspect to this problem which I think you're underestimating. The technology needs to be fixed before any regulation will be in any way enforceable.
The technology fix isn't something that can be implemented "overnight" either. If I'm understanding correctly, existing signing was implemented in hardware, because at the time it was implemented, that was the only way to get the performance necessary, and in the US most of the hardware the phone system runs on is legacy hardware. The solution has to be provably secure, support existing network hardware, support existing consumer hardware, be upgradeable, federate to avoid centralization, be agreed upon by all the telcos, be approved by regulators, and finally, be deployed without downtime. That's simply not going to happen overnight, and it's worth it to take the time to do it correctly rather than cutting corners on any of these steps.
Most robocalls are illegal in the US. We have a do not call list and everything. I believe is it a name change is currently working its way through to change the name to "seriously, do not call... please list".
[https://www.forthepeople.com/class-action-lawyers/robocallin...]
The problem is that determining the source is difficult and even if you did it is most likely over seas where enforcing the fine is impossible.
I would love to hear a technical solution that has been implemented somewhere that had a significant impact.
The telephone network is international. The US is limited in its ability to enforce anti-spam laws against operations running out of other countries. (They also seem unwilling or unable to enforce these laws domestically, but that's a completely separate issue.)
In this case I think it's a case of being unable to enforce the laws, because the technology for verifying callers is broken, making it easy to spoof phone numbers--even the US government doesn't know who is calling you illegally. SHAKEN/STIR is intended to close the security hole and make caller ID accurate again.
TL;DR is that it's "unwilling by way of almost unable".
The cooperation needed between telcos, who already have overly complex and archaic internal systems to manage themselves, would be almost impossible to coordinate.
1. Companies like Twilio largely created the explosion in spam calls by providing extremely cheap, programmable calls, so I'm always a little skeptical when the company selling the poison is also selling the antidote.
2. I really don't like the idea of a single company being responsible for a global verification system for something like phone calls. How are decisions made over what is verified (e.g. the example shows "call purpose" snippets on the screen - if I put something there saying "I have an important flight update", but then my call is "You're only getting free peanuts on your flight, but if you enroll in this MileagePlus card you'll get snack mix too!" who judges that?)
Overall I'd just say with all the consolidation of power with US tech giants I am extremely wary of giving them anything else that could consolidate that power further. I would much prefer an open, federated model.
It seems like a small pivot in their model. Before they sold cheap access to programmatic telephony and now they sell access to customer-valued telephony. Assuming there’s some stick against abuse (e.g. company verification + response to complaints about the purpose tag) then Twilio can profit by doing good.
Maybe in the future, yes, but it's an iterative process to solve something big like robocalls. I haven't read too much about this yet but I would imagine there is some method of reporting numbers that abuse this feature.
A really simple CA model would solve this perfectly. In practice it's centralized and "just works" for most people, but it is decentralized in nature and allows you to switch authorities at will.
> 70% of consumers don’t answer a call if the caller’s number is anonymous. While that might cut down the number of unwanted robocalls, it also potentially prevents consumers from receiving vital communications—calls from the doctor, banks that are flagging issues, schools calling about parents’ children.
A message to my doctor, bank, kids' school, etc: if you call me on a private/unknown number and don't leave a voicemail (because I can assure you that I am in that 70%) I will assume that you are spam. You don't need Twilio for this, just some basic phone etiquette.
Patients would call my wife’s office after hours and leave their number with the answering service for a call back. After hours calls were triaged into three groups: Emergency, tell patient to call an ambulance; Urgent, get patient a prescription or tell them to get to an after hours clinics; Non-urgent, patient can wait until the office is open and make an appointment.
Of course, when she made calls back with her desk or cell phone, Caller ID would display a number that was different from the main number of the clinic, and most patients would’t answer, even though they were expecting a call they’d requested. I finally built her an app that would dial the phone and spoof the Caller ID with the clinic’s main number. (This was also helpful because my wife was not the only on-call doctor, so a direct line to her was only occasionally the correct number to dial after-hours. The best move for patients was to always dial the main office number.)
Honestly I'd rather for all that communication to be handled by email and not phone calls. I'm not going to answer the phone either way, so it's not like it's any faster to reach me via phone than email. And the benefit is I don't need to write down what I hear or get tripped up on spelling with names.
I was just reviewing my call detail records on my "home" number yesterday, and realizing that the vast majority are spam - we pretty much don't answer that phone. This got me thinking about alternatives to even ringing for any unrecognised numbers, such as an IVR menu that said something like "Hi, we're screening spam, press 4 2 if you're a real person". I'm not sure how that'd be accepted by, for example, the dentist office though. Has anyone set something like that up?
I really hope Twilio is successful with this - it would definitely help, so long as there's a way to avoid abuse.
Just in case someone asks why I still have a "landline": it's VoIP, and I maintain it for basically two reasons:
* We use our VoIP number anytime we have to give a number out as part of signing up for something, rather than cell numbers
* It typically costs me under $25/year, which is actually mostly the 911 fee (oh, and it's an extra way to call 911, if we need to)
Yes! I did "Captcha for phone calls" for a school project earlier this year. It would play a quick message along the lines of "Hey, to ring my phone just enter these numbers: XYZ", and redirect the call to my phone if the captcha was correct.
The challenge was redirecting calls to the challenge even if they were originally directed to my phone number - the solution was to write a custom call handler (Android) that rejected calls if they weren't in my phone book, and then set up call-forwarding on rejected calls to go to a Twilio number with the challenge. There was a nice edge case where if I actually missed the call, it would just redirect you to the challenge again... but it was good enough for the class.
While testing, I accidentally actually got someone to use it! A guy repairing my watch called me, got directed to the challenge, and actually followed directions! Which was surprising to me. I also caught some obvious spam callers (same first 6 digits), and unsure if there were any other real people who did call and got confused or just hung up.
I've been meaning to clean up the code and publish it, but haven't gotten around to it - there's lots of hardcoded numbers in there.
I want my whitelist to exist exclusively on my phone, not in some central database of some company, regardless of how well-intentioned that company might be.
So, that makes solutions like Nomorobo not work so well for me.
1. How are they partnering with all of the device companies to get this on at least most phones? That'd be interesting to know.
2. I guess somebody has to type that intro text. As long as they're doing that, why bother with a normal call? How about just sending the text instead. Or send a text and let me call back for more details when it suits me, either right away or in 10 minutes. It sounds like whoever is sending these probably has a call center or somebody who's job is to sit around and answer the phone when it rings.
> How are they partnering with all of the device companies to get this on at least most phones?
They are partnering with the existing spam filtering apps that users have already installed on Android and iOS. No need to involve the vendors or carriers.
1. I'm really not sure yet. They haven't given any details publicly or privately. I'm most curious to see how this will be supported on iOS.
2. The demo on the keynote gave a great use case where a school nurse called the speaker about their child, and she was very lucky to pick up and not let it go to voicemail.
There are still a lot of use cases for calls to hammer out important details, even if they are becoming rarer, like health or car maintenance, or places where sms is associated more with spam. This is a great way to get the best of both worlds, even if it's technically during the decline of calls.
> a great use case where a school nurse called the speaker about their child, and she was very lucky to pick up and not let it go to voicemail.
a) if you're a sloppy enough parent that you don't even have your kids' school phone number saved as a contact, I suspect you're accustomed to relying on luck.
b) "Use our service or your children might die" is fairly over the top marketing, even for marketers.
My kids' school doesn't have one number. It varies, and they also use emergency alert systems (presumably via something like Twilio) that don't always come from a predictable number either.
I don't know why I care about this - it's a service offered to business and if business wants to take it up that's their call. But if I were your kids school I would be looking at the far simpler solution of having one outgoing caller id regardless of the extension.
I've had kids in school for 12 years now and have never received emergency communication from them. For the great balance of history, we've trusted schools to be able to make on the spot decisions on our behalf because we didn't have a phone in our pocket. And rightly so - the school has multiples of experience dealing with 8 year olds than I will ever have. What could they possibly need to consult me about in real time?
> What could they possibly need to consult me about in real time?
Your kid had an accident and needs new clothes. Your kid fell and is headed to the hospital by ambulance. Your kid has a headache, can we give them ibuprofen? etc.
I will install whatever app I need to get this service if it works as advertised. Well done and congrats to the team(s) that worked on this project. It's a travesty that we need a private company to solve this problem, or even that the problem exists in the first place when we as a society could have legislated it away a while ago. However, a fix is a fix.
> it also potentially prevents consumers from receiving vital communications—calls from the doctor, banks that are flagging issues, schools calling about parents’ children.
That's bullshit. I have these important number in my address book. In the unlikely case the doctor wants to call me from a phone booth or from their friend's phone (why?), they'll leave a message and I'll call them back. As for the bank, they know my e-mail and I asked them not to use the phone for communication anyway.
Really, for many people there is no reason to answer unknown calls at all, especially if their experience is that most of these is someone wanting to sell something to them. Not to mention in our times asynchronous communication is very important for mental health.
Your response is the same bullshit you call on the message you're replying to.
- I don't have the 10+ numbers that dial out from my doctor's office in my phone
- I don't have the 5+ numbers that dial out from my child's school in my phone
- I don't have the 10+ numbers that dial out from my child's doctor's office in my phone
- Banks (god knows how many numbers each from multiple banks)
- etc
It's literally impossible to have all the numbers I want to allow to reach me in my phone.
The fact that you happen to have a very limited set of numbers you need to be able to be called from does not invalidate the fact that many people have a vast amount of such numbers. Don't assume your anecdotal data speaks for everyone.
> Even more concern, 70% of consumers don’t answer a call if the caller’s number is anonymous. While that might cut down the number of unwanted robocalls, it also potentially prevents consumers from receiving vital communications—calls from the doctor, banks that are flagging issues, schools calling about parents’ children.
I don't understand how this helps with anonymous callers?
My phone is always on silent and I don't pick up any calls except if its from my started contacts or if it's a pre-scheduled meeting. I do check my phone every hour to see if there are any important missed calls. This has helped me so much from distractions and overall well being. It took me a while to realize that there is nothing that requires me to respond immediately and in case of emergency I shouldn't be the one responding. There's 911 for that.
With the new iOS beta allowing non recognized callers (not in address book) go straight to voice mail, I see little use for this service now than before.
It seems this service would allow calls from anonymous numbers to be identified by the receiver. Just routing unknown numbers to voice mail will lose you those calls. For example, my doctor's office always calls from "unknown number".
Unfortunately sometimes important callers use anonymous numbers. I recently had to deal with this in the public healthcare system where I live (not in the US).
A certain person who needed to give me an appointment kept calling at unpredictable afternoon and evening times from an anonymous number, ignoring the voicemails I left with my availability info, and not proposing specific times in her voicemails to me.
I did get the appointment in the end, but only by happening to notice one of her calls in real time - still from an anonymous number - and answering.
I'm told similar important uses of anonymous numbers aren't too rare in this public healthcare system.
Interesting. Wonder if this is going to be a valuable public service in the long run. For sure the monetary incentive is for Twilio to operate this like an "acceptable ads" type shakedown [1], where companies pay Twilio to mark their calls as "valuable information" rather than spam.
Arguably this should be administered by some trusted third party, like EFF.
Received this unsollicited pearl from Twilio subsidiary Sendgrid today:
Hi aithrow,
One of my special interests is Whitebox machine learning, and has been for many years
With the dominance of Blackbox techniques causing lots of ethical questions to be raised on the uses of AI, I think it's time to revisit Whitebox techniques.
I’ve written a couple of non-technical articles on the subject on Medium:
Why, if you're planning to use AI you need a Whitebox system
Why are tech firms ignoring half of AI?
If you want to read about our Whitebox solutions please look at darl.ai
Whitebox machine learning is available (free) through our GraphQL API at darl.dev
Thanks for reading,
Andy Edmonds
Doctor Andy’s IP
sales@darl.ai
P.S. A glitch in our mail handling software meant that a small number of unsubscribes were missed on our last mailshot. If you were one of these my apologies. Just unsubscribe again, we won’t miss you this time!
Sent by Dr Andy’s Back Office AI system
If you'd like to unsubscribe and stop receiving these emails click here .
I wonder how many of the spam calls are actually powered by Twilio? Is this an instance of a company trying to make money by getting paid by businesses on one hand to do spam calls, and getting paid by consumers on the other hand to block spam calls?
>I wonder how many of the spam calls are actually powered by Twilio?
Probably not very many. Think about it: the spammer has to pay for each minute of call time on Twilio. Let's say a spammer spams for 12 hours a day at $0.013 a minute. On average that's $9.36 a day. So if they want to do this with 24 "lines", that's $224.46 a day.
Now consider the the cost of (on-premise) phone lines provided by a company like Time Warner Cable: $25-$45 per line per month (the last time I checked). That's more like $36 a day. So with Twilio the spammer would be paying 6x the cost.
Whenever you receive a call you know beforehand if it's spam or not. Maybe a handful of times in the last year I've received a spam call that wasn't marked as spam. You can block callers and report as spam much like in Gmail.
When the call is not spam Android looks up on Google where the number is from and it shows the name of the business in the call screen.
This is working great for me. A year ago I received 2-3 spam calls per day which of course I've been blocking. Now I receive 1-2 spam calls per week at the most. Some weeks I don't receive any.
All the Pixels use Assistant to screen calls from numbers that aren't in your contacts. You watch a live transcript of the caller / bot and you can answer if it's legitimate or have it deliver a canned "stopping calling me and take me off your list" which also reports the caller[1]
I can see few cases when I have not picked up calls but with this kind of verification I would pick up if they ID correctly. Calls coming from
1: hospital
2: library
3: my cable or phone company
4: my car or insurance company etc.
I don’t have their corp numbers saved and if we can see who is calling then it could be helpful.
iOS call blockers using the built-in API don't have this issue, it's like the content blocking for Safari but for calls. You enable them under Settings->Phone->Call blocking. See https://news.ycombinator.com/item?id=15025709
I have several pbx systems running, and granted this is a newer concept. Maybe this will help residential calls, business calls on the other hand will most likely allow the consumer to still take the path of least resistance.
Typically, they do not handle their own phone numbers, their vendor for the dialer does. This is entirely dependent on the priorities of the vendor.
Due to the FDCPA, we are unable to give out the reason for our call as that would inform any 3rd party that the person we are calling to speak to is in debt.
The agents on the front line are scripted to advise them that we are calling in regards to a personal matter, or in response to the letter they received.
This gets even worse if your company name includes "Collections" or any variation of that, as they cannot give out their company name in that case unless prompted (UDAAP requires them to answer direct questions not about the loan in a straight forward way).
It presumably prevents it by forcing them to use a single verified number per corporate entity — this once I blacklist that entity, I can be done with them. The real problem these days, IMHO, is not repeated calls but spoofed calls where the source number changes every day, and thus cannot be blocked. This would solve that.
>Imagine a world where you receive a phone call and know exactly who it’s coming from and what they’re calling about before you press the answer button. Crazy, right?
Now realize that it's not you who knows it, but rather a company that is tracking all your phonecalls and decides for you whether you should answer or not.
>Through the programmability of the Twilio platform, businesses will also be able to assign a purpose for each call to give further context.
So a malicious actor can assign a legitimate purpose to his phone call ? No thanks
The spam operations are usually overseas, not US based. This makes enforcement harder and takes longer time. It still happens, because I see news about busts in the press from time to time.
My final and unfortunate solution for this was to stop accepting phone calls altogether. Friends/relatives know to use Skype and IM, all important stuff goes to voicemail, everything else is on permanent mute and ignore. I wonder if it is the case for more and more people.
Nothing to do with Twilio: If the recipient is a mobile number, can't just the caller text the recipient when they don't pick up? E.g. IM YOUR DOCTOR, CALL THIS NUMBER
FFS USA, not every problem is a problem to solve by "the free market". You can see the America-Is-Great Mindset in a lot of these comments: Even the US has a problem with robocalls, so that must mean it's an unsolved problem obviously. So we have to solve it with our superior technology!!
Just no. Almost nobody else in the western world has this problem. How? Regulation. In Germany, if you get reported for unsolicited calling, the Bundesnetzagentur will come to you and give you a very hefty fine, per violation. Problem solved. I remember exactly four unsolicited calls in my life, two of them on a number which was published in a phone book for 15 years.
Spam calling is not something were there is net value created for society so we need an elaborated discussion of what is ok and what is not (like e.g. paid universities). It just sucks. Make it illegal, and then actually enforce that. The idea of creating a million dollar industry to create a telemarket arms race is...not good.
Would you please not post nationalistic flamebait to HN? It's against the guidelines and we don't want it here, regardless of which nation you have an issue with.
I have lived in the U.K. for more than 8 years. I receive spam calls daily from a combination of London and blocked numbers. Everyone I know here also receives them frequently. I’m on the U.K. do not call list. It’s endless PPI, “your recent accident”, and just normal phishing attempts. When I’m in the Middle East it’s endless spam texts. I guess Germany has it figured out but by no means is this an American only problem, or a solved problem in the Western world.
I'm in the UK and have had the same number for a decade or so, I probably get one a year? They are mainly from foreign companies. If said countries also had our regulations, and a sharing agreement in place, it wouldn't be an issue.
I am in the same situation yet I know people who are plagued by such calls. There must be something that triggers this off?
Having said that, these people will also give their phone number and email address to anyone who asks whereas I do not. If I have to enter a phone number on a form and it's isn't immediately obvious why I should do that then I'll make-up a number.
I'm in the US and I almost never get spam/scam calls, yet people here say they get them multiple times a day. I don't know why some people have such an issue and some people just don't.
A fair number of them are foreign companies, but the “our records show you were in an accident” calls are very much from the UK.
The foreign companies are basically criminal operations and countries like the US have taken action against them in the past by working with local law enforcement[1].
As a counterpoint, I've lived in the U.K. most of my life and very rarely get spam calls (maybe ~5 a year). When I do it's almost always people trying to sell stuff / services to my startup.
Yeah, I get robocalls to my mobile almost daily. My late grandfather would also get calls once a week from the scum running those "Windows security issue" calls. Luckily we were about to give them a right good talking to - it's illegal, but they still do it.
Do you own domain names? I began getting this after I was silly enough to leave my mobile number on a WHOIS register. Most of the calls I receive though aren't from legitimate companies and if you call back the number, it'll fail
I used to think this, then I worked at a telco for a while.. The problem is a lot more complicated..
Due to how ILECs and CLECs (incumbent/parent phone companies who own the infrastructure and then wholesalers/resellers who operate on top of them due to competition laws) integrate, how they share and allocate phone number prefixes and lists (this whole process alone is mind-blowingly arcane), and how all phone companies cooperate internationally, it's extremely hard - almost impossible - for them to identify and block these kinds of nuisance calls in real-time.
And don't get me wrong, they could do it.. But the amount of coordination and cooperation that would be required is a non-starter because most phone companies don't talk to each other enough to get this kind of initiative off the ground, even if the money and motivation was there.
Edit: Remember that most (Western) phone companies are 100-year-old institutions, and many still have 50+ year-old infrastructure that runs the underlying systems, and that they can't just throw that away and start over, due to how deeply integrated they are in the public/private communication infrastructure of society, and many of their modern systems are really just shims built on top of that older tech.
Breaking up AT&T into regional bell operating companies[1] (the ILEC thing) was a very stupid decision in hindsight. I don't know what actually happened. Did AT&T simply have smarter people than the US Government did?
Note I don't disagree, but that source was on hn a few days ago and is a pretty poor propaganda site. The article:
* redefines poverty multiple times and then comes to the surprising conclusion that the results differ from the NY Times article
* uses consumption in USD as a measure, which is highly problematic, because a) different countries have different purchasing power, which is is the reason almost noone in poverty research compares international poverty using gross consumption b) consumption heavily reflects economic inefficency (e.g. health care costs: If a say Danish poor gets her broken arm fixed for free, she would consume 0$ according to this figure, while achieving the same quality of life out of it)
The usual threshold for poverty (for good reasons) is 50 or 60% of the median income in a country. Which the NY Times article used.
You are free to find that delusional, but if you want to partake in the scientific discourse about poverty, it would be advantageous if you don't redefine the core concept.
Yes, and my point is it's an entirely useless definition. If 40% of the population were billionaires and the remaining 60% were millionaires. The millionaires aren't in poverty.
"delusion: an idiosyncratic belief or impression that is firmly maintained despite being contradicted by what is generally accepted as reality or rational argument, typically a symptom of mental disorder."
It is quite delusional to create new metrics on poverty because ones based on income or consumption don't get you to the result you like.
Are you aware of the difference between absolute and relative poverty?
I mean, really, take a step back and consider these two possibilities:
a) Thousands of researchers have researched the topic for decades, and no one ever considered it problematic to directly compare the poverty in Congo and the US using the same metric. But finally, after als these decades, during a few seconds of flying over a blog link, commenter
fuzz4lyfe on hn finds the error and renders decades of research obsolete.
That measure won't work on the vast majority of the planet. The global per-capita median income is less that three thousand dollars a year. People making 4 grand a year aren't out of poverty.
I don't know why people don't get spam calls in Germany, but it's not because of regulation. The U.S. has similiar regulation, and in fact individual consumers can sue telemarketers for $500-$1000 per call.
The problem is that the callers disguise their identity and in most cases are overseas beyond the reach of U.S. law enforcement.
The telcos are working on solving the problem. The FCC recently changed a rule[1] that was, in part, preventing them from acting. The telcos are also working out the technology that will allow them to block them at the source, and all the major ones are planning to roll it out soon. It's not as if they've been intentionally negligent here.
The telcos are part of the problem. I work for a company that deals with incoming robocalls -- thousands a day. I have a very long email conversation in my inbox between us (company) and Verizon. The general theme in this conversation thread is
COMPANY: we're getting thousands of these robocalls into our various numbers, will you please help to stop it?
VERIZON: We don't see a problem, everything is fine. Your bill will be there soon.
COMPANY: attached is a log showing 4,000 calls in the last two hours sent through your network and terminating at our location. Will you please help to stop it?
VERIZON: we have investigated the provided calls and we see nothing showing these calls originated from us. Please contact the upstream telco and ask them. Your bill should have arrived by now, pay it.
COMPANY: but Verizon does not provide us with information on the upstream telcos, we need your assistance in stopping the robocallers. This bill is considerably larger than usual because of all these robocalls. Will you please help up stop them?
VERIZON: we recommend your legal team contact our legal team if you feel we are actually allowing robocalls to pass through our network to yours. Pay your bill immediately.
Recently, there as been a lot of calls where older people got called by a fake police detective. The display reads "110" (which is the emergency number for the police in germany). So, if there are countermeasures, they are not effective.
Well, normally they use the call to get to know if the older people have something of value in their house. They usually tell stories that there has been a heap of crimes lately in the area, and that they'd like to help the people to secure valuable stuff.
If they have, they'll show up after some time, and collect it, to store it safe in the "police department" (which they don't, of cours). Or they'll show up as two, and one will pretend to do some questioning, while the second walks around the house and searches the rooms to find something of value.
That's at least how's written in the newspapers. So yes, it's a scam that is far more targeted, and not that easy to do - because you have to be physically in the area. Or you need straw men.
You can watch Kitboga on YouTube. He calls these centers and walks through the whole scam. Basically they use fear of an arrest to get the target to buy gift cards. It sounds dumb but it works on vulnerable members of society.
I live in Germany and got multiple spam calls in a relatively small time frame (days) from spoofed numbers. I am pretty sure this is not allowed and might be fined too if caught. But i also know for sure there is not much telcos do against this if you are already in a position to route calls, probably for technical reasons. That said this was the only occasion i got those calls that i can sharply remember and it happened some years ago already.
The issue is that the callers speak English, not German. If you go to Nordic countries where everyone speaks English you get similar calls as in the US.
Could it be that it's because the calls would need to come from outside the country(probably outside the EU) and there is disproportionately more English speaking people outside Germany?
It's a problem similar to why there are more viruses for Windows, well, it's why there's more Windows machines in the world.
How is it not because of regulation? Robocalls are illegal in Germany and there are very high fines. That seems exactly what regulation is supposed to do and I never got a single random robocall. I got a few calls from my ISP for marketing reasons but after telling them not to call me they added me to the list and I haven't heard from them since. I probably allowed to call me when I signed up.
It’s just not worth the trouble for foreign criminals to develop German language capabilities.
German regulation does exactly nothing to prevent foreign criminals from spamming Germans with robocalls from foreign numbers, Germans just aren’t an attractive target.
Good to see this comment. As a European citizen I never understood what this whole robocalling thing was about.
In the Netherlands, there is the 'bel me niet' (don't call me) register. If you have your number put on the list, marketeers are not allowed to call you. If they do, they risk a hefty fine.
The measures aren't necessarily technical in a lot of cases. Anyone can claim a US number with very little effort. Claiming European numbers usually requires business address verification.
Huh? Robocallers fake the caller ids, I can fake any European number that I want. Even without faking I can claim an European number without any verification.
For an example what prevents me as an American to get a British or polish number?
Not sure if I can agree totally, I get less spam calls on my danish phone number than on my US phone, however I do get missed calls every now and then followed by a call from a "Microsoft Tech Support" which are an awful similar in style to those reported on in the podcast "Reply All"[1] I suspect those are number spoofing as they rarely get the length of the local phone numbers correct.
In case of calls originating from another country will laws and regulation actually be able to do anything here?
We have very similar in UK, but scammers don't care about no-call lists, and some companies offering physical goods will use Indian (exclusively in my experience) call centres - I don't know the UK law in this area but suspect is not sophisticated enough to apply upstream to those booking people to make nuisance calls.
European here, too, lived in several EU countries, received very few robocalls in my life.
Do not think this is due to regulation. Exactly, caller IDs can be spoofed, and who gets the fine then? Should be something else: the way how we are used to purchase services, goods, etc... Or the markets here are too small compared to US that blanket dialing does not justify call termination fees... But not 100% sure.
I am from Europe and and I remember that robocalls were a problem in the past. Until like 10 years ago I received multiple spam calls per week, but then it suddently ended. Now I cannot even remember when I got the last spam call, but it has to be years ago.
So I don't think it must have been a language barrier or a market size thing.
Thanks for the lecture but we do have regulations regarding phone calls. The laws are just being broken by citizens outside of the United States. This isn't uncommon in countries where English is the most widely spoken language.
Germany has "CPP" (calling party pays) billing, compared to RPP (receiving party pays) in the US.
Effectively, a call to a mobile phone costs at least about 0.01 EUR per minute. This puts a lower bound on the cost per robocall.
I wonder how much of the difference in the number of robocalls simply comes down to economics rather than to efficiency of regulators and legal frameworks.
One explanation is that a lot of the scams are for things that wouldn't work in Germany. Like health insurance, extended car warranties, etc. For those sorts of things, lots of commission based referalls are available to the call centers for the US. They just have to send leads or sales, and get money in return.
Also, they are often manned by call centers in places like India where English speakers are easy to find, German less so.
Crazy how this gets downvoted. European exceptionalism is exactly what this is.
No-one here has identified any specific effective methods through which Germany or any other European country combats these calls, it's because they can't. Fines only keep local businesses from doing this, but the people making these calls to the US are criminal gangs based out of India.
I'm in the UK, and I used to receive 2-3 spam calls per year. About five years ago, something changed (not my phone number) and I haven't had a single spam call since.
Get off your high horse, you clearly don’t understand what’s going on here. No country in the world has solved this problem, it simply doesn’t exist in some.
Fines do nothing to discourage this behaviour by criminals, the fact that Germans speak German has everything to do with the lack of English robocalls.
In Spain is also solved. You register in a free and public service called "Lista Robinson" (Robinson List) and from that time you won't receive commercial phone calls.
How does that work if someone spoofs the caller ID?
I'm in the UK and I get multiple spam/junk/scam calls a day. What I've noticed is if I try to call back, I'll just get an error tone because the number doesn't exist.
I really don't get the negativity, I'd love to have some system like Verified by Twilio!
I did that and they kept calling me twice a day from different numbers for months (without leaving a message). Solution was to buy an app for 2€ and block the whole range (Vorwahl). Android should be able to block ranges of phone numbers but I didn't figure out how. Germany this year.
>Spam calling is not something were there is net value created for society so we need an elaborated discussion of what is ok and what is not (like e.g. paid universities).
Stanford is a "paid university". Harvard is too. Are you saying these institutions are a net negative to society? With free market capitalism you get the good and the bad, just like every other system in the world. The difference is you're given a choice.
Americans have a do not call list. People are prosecuted for abusing it. Yet we still get Spam calls. This has nothing to do with lack of regulation, but by ease of abuse and difficulty in preventing these calls without impacting legitimate uses. Like, say, creating Twilio which uses a bunch of random numbers?
1. I have a "clean" phone number I only share with friends/family. Certain prefixes and phone number actually receive next to zero spam calls. This number has received 2 calls in the years I've had it.
2. I have a phone number I share with companies / loyalty programs / etc.
3. I have a legacy phone number I've had for 10 years that receives multiple spam calls daily. For this number I've set up an incoming handler that uses Google Cloud to ask the caller a simple question (What is five plus two?), parses with the Speech Recognition API, and forwards calls with the correct answer. The rest go to voicemail. It's better to use the speech recognition API than it is to ask the caller to press a DTMF tone, in case they are in a car or are calling from a device without a telephone keypad. If I every need to, I'll add this protection to use numbers 1) and 2).
4. I have a number that rings straight to voicemail.
All numbers use the Whitepages and Nomorobo APIs from Twilio. These score the "spamminess" of calls. Calls with sufficiently high values are forwarded to voicemail.
For incoming calls, I set the caller ID for the calls to my SIP clients to indicate which number is being called, and include the spam score.