Comment by ramenmeal
1 year ago
I think "SHAKEN/STIR" is supposed to fix this long term. I'm not sure why it's taking so long, but I believe phones will already indicate if the phone call has a verified caller id. Probably next step is to just block any non-verified caller. I'm assuming there's just a lot of migration work to happen.
I would say that money is the root of the problem. I think that most VOIP providers don't want to loose out on unencrypted traffic (both legitimate and spam).
Also, why do I seem to always get spam from a few providers? And why aren't we holding them accountable?
Money is always the problem. In the carrier world, the party accepting ("terminating") the call gets paid by the party originating it. This is why there are VoIP services that will give you a free inbound-only number and why others only charge for outbound calls.
If you're a carrier, it pays to terminate all calls -- spam or not -- by delivering them to your actual customer. You get paid by the originating carrier, and in a lot of cases you also get to charge your customer per-minute fees (or use up their prepaid minutes).
> This is why there are VoIP services that will give you a free inbound-only number and why others only charge for outbound calls.
This is the norm for standard carriers in Europe too.
Currently, STIR/SHAKEN is only required for VOIP and intermediate carriers but a lot of carriers have implemented or are in progress. Here's a recent report from the GSMA: https://www.gsma.com/get-involved/gsma-membership/gsma_resou...
> Signed traffic between Tier-1 carriers increased to 85% in 2023
We're getting there, just not soon enough. The whole world will have transitioned to never answering their phone before this actually is fully enforced.
My spam volume has fallen to close to zero recently. AT&T seems to be blocking quite a few of them.
I also get very few spam calls, but I ended up buying Verizon's thing that prevents spam calls. It is all a scam but before signing up I got a ton of spam.
(What makes me sad is that I mostly use Google Voice; and that blocks spam pretty well. But people can still call my actual mobile number by guessing it, and they do.)
Google Voice has gotten somewhat difficult recently because some API-to-SMS services consider it "VOIP", and so they flat-out refuse to send text messages. Some places do this on purpose (Discord won't let me use it for 2FA because 2FA is really their anti-spam mechanism, not a security feature), and some places do it by accident (I couldn't add my Fidelity FSA debit card to Apple Pay because it simply won't send the verification code to my number on file). So some people have my "real" phone number now and it makes me sad, but that's why they call it the Internet Of Shit. (I don't even WANT SMS 2FA. Less secure than making your password 1234. Harder to use than a Nomad. Please let me use my Yubikey or a Passkey.)