My impression is STIR/SHAKEN is only for voice calls, not SMS.
I'm no longer getting almost any robocalls on Verizon as of a couple of months ago when they "turned on" STIR/SHAKEN. What I am getting instead is the same volume of spam text messages.
I’m starting to get those too. From the trump campaign, of all things. Somehow they got ahold of my number and keep asking me to go save America.
Not sure which is worse, someone trying to sell me stuff or that.
How much volume? Is it a daily annoyance? My wife seems to get hit harder than me, but as far as I can tell we’ve both been equally careless about sharing our number online. So I’m dreading the day that these people figure out how to turn text messages into a gmail spam inbox.
It feels like it’s time to just write a Bayesian filter and proxy all text messages through it. It was theoretically easy to do that back when you could send texts just by emailing a special address, but sadly I think carriers ditched that feature. Nowadays I’m not sure where to start if the goal is to proxy our texts like that, but I’d like to.
Isn't there campaigning laws around that? If a political campaign did that in the UK they'd be raked over the coals by the Electoral Commission.
Not that the country's been able to do anything about the sheer volume of scam texts pretending to be the Post Office with a parcel for you or Microsoft telling people their Windows boxes are full of viruses.
In the USA, the law makers exempt themselves from many laws. For example, political campaigns can ignore the "Do not call" list which the government maintains which allows citizens to opt out of cold calls.
Plus, political speech is the "most protected" type of speech in the US. Pretty much anything campaign-related falls under that umbrella. Couple that with the explicit exemptions ldoughty mentions and we tend to get a constant stream of political spam in the lead up to election day (where "lead up" for a presidential election starts about 2 years out - le sigh).
Even worse, SCOTUS ruling over the last decade or so have reaffirmed that donations to political causes are speech, dark-money PACs are legal (donor disclosure not required), and all sorts of other things that many of us view as problematic.
Bloody hell that's truly obnoxious. Reminds me of how MPs are exempt from the UK's surveillance programme, Orwell was bang on the money when he portrayed the inner Party members as being able to turn off their telescreens.
It’s interesting to hear that the UK has sensible laws about this sort of thing. Over here in Murica we get these: https://imgur.com/a/UjELy2y
My guess is that they’re sending this to all numbers in a certain area code. I’m in Missouri, which was mostly red. So they kindly delivered a MAGA to my phone and I’m like “thanks! … tell me who gave you my number so I can hire a hitman on them please”
The political tactics at play are actually quite fascinating to me, because they seem so dumb. But it’s the opposite. In reality it’s effective, and I’ve always wondered why. So it’s interesting to hear that politicians are prohibited from doing this in other countries, and makes me wonder if it’s an effective policy. It seems like it might be.
Of course, that doesn’t help rid us of the silagra spammers, but maybe the FCC can come up with a solution that can prohibit both. It feels sort of hopeless, but then I remember that we could literally proxy every text message through our laptops, run them through a 1997 naive Bayesian filter, and eliminate 97% of the problem with 0.03% false positives. It seems like a matter of time till some service comes along and makes that schlep effortless, and I can just pay $5/mo for the privilege of dodging spammers.
>It’s interesting to hear that the UK has sensible laws about this sort of thing.
"National Security" means the Security Services, Special Branch (the dept between the SS and Police), Police, NHS, Companies House and other Govt depts you've not heard of, can do what they like if you read UK legislation. Just look at the GDPR legislation. https://www.legislation.gov.uk/ukpga/2018/12/part/3/chapter/...
Section 44 Subsection 4d
Section 45 Subsection 4d
Section 48 Subsection 3d
Well back then Rim Blackberry's and BBM were the popular mobile phone communication method, but what alot of people dont know is that RIM Root certs for BBM where in the possession of The Royal Canadian Police, who gave a copy to the UK authorities (5eyes data sharing), so every BBM message sent during the London riots organising disruption, were decrypted and read.
There is no secure telecoms systems, there is "no law" when it comes to National Security in the UK and alot more conspiracy's are closer to the truth than people realise!
Does that mean I can get my opponent's political campaign raked over the coals by sending some false-flag spam?
After all, the whole POINT of these spam messages is that the systems are (and this simply reeks of incompetence) incapable of determining the true source of the messages.
Exactly this. I thought this was common knowledge now. You can't ban a bad actor without truly knowing the source of content. Otherwise I can just sabotage my enemies.
Federal law requires a lot of things, but that doesn't mean people comply. Robocalls are already illegal. Soliciting people on the Do Not Call List over the phone is already illegal. Yet they happen daily for me.
Are you saying that Federal law requires Verizon to truthfully identify the origin of spam text messages I receive? Because they are CLEARLY not doing that.
Getting a call claiming to be from Trump's campaign asking for money doesn't even mean it's actually the Trump campaign, it could be anyone trying to get money from people who are passionate about Trump. And that's one of the problems here: unsolicited calls are real and problematic, unsolicited calls who aren't even from the person they appear to be are also real and even more problematic.
I almost have this (text proxy) set up for myself.
My personal phone number is at twilio so I can set the messaging action to be a function.
My original intent was a proof of concept that I could flatten incoming sms to be something very tight like ascii 128 (or even smaller) and truncate extra characters and white space, etc.
Successful zero click sms would be very difficult if your message was rewritten and flattened in this way …
One time I got a bizarre (anti-Trump pro-Biden) text from the "Czech-American Voter Outreach" group, which I had never been involved with. They probably inferred (correctly) from my last name that I have Czech heritage.
But I have no idea what our coherent interests are as the Czech-American voter block. The only things I can think that would cover, are like, unfair taxation of kolaches, or required subtitles on Czech porn.
Fortunately, there were only two of them, around the 2020 general election. If I got a lot more spam texts, I'd be pretty pissed. The voice calls alone have made my phone useless for receiving calls from randos, and much less useful for day-to-day operations.
I've been getting these spam text messages for a 2-3 years now for Democrats. However, they come to my phone at the name of one of my relatives. I think they simply cross-referenced names and phone numbers to determine who to spam.
There are three items here, party affiliation, name of recipient, and target phone number. Only one of those apply to me, and one was wrong but related. This was data driven not from a signup of any sort.
That’s very interesting. How do you know the data wasn’t from a signup of any sort? I wonder about that constantly — it seems like the #1 vector. And although I’ve been careful not to fill in phone number fields, I’d be lying if I said there were zero cases of me plugging in my number into “the wrong form”. It feels impossible to tell now which forms will bite you.
And they’re always so insidious. Want to try out some new app that’s going viral? “Phone number verification please.” Oh good, now I have the choice of not joining my friends, or risking some spammer from India three years from now will be texting me at 3am to sell me silagra, because Hip New App had a data sharing agreement with Company X, who passed around my phone number like a pipe at a frat party.
The worst part is that it’s somehow possible to detect whether you’re giving them a “real phone number” and not a twilio number. And it turns out that all those services that offer burner lines are all built on twilio. Which means (to my dismay) I couldn’t just set up a damn burner number unless I literally bought a second phone.
At this point the situation is so comical that carrying around a burner phone next to my laptop is suddenly seeming like a rational totally-normal thing to do.
At this point the situation is so comical that carrying around a burner phone next to my laptop is suddenly seeming like a rational totally-normal thing to do.
Heh…as soon as I read this I glanced down at the little Nokia dumb phone I have next to my keyboard. $15/mo AT&T 4G prepaid plan exclusively for “when I’m suspicious of whoever I’m about to give a phone number to”.
Only ever gets “topped up” when I need to use it, and when it’s not in use it just sits in a drawer.
Parties maintain these datasets and then selectively share with candidates. There's always misuse and abuse.
My local (legislative district) party requires candidates sign a contract. We're one of the few (because we have geeks on the executive board). And even then, there's always some yahoo abusing the data.
I'm not aware of the relationship(s) state & national parties have with their large fund raisers. I assume the abuse is rampant. Just like with every other outsourced fund raising operation.
--
I've long been totally against voter profiling and ballot chasing. Harassing voters is another form of disenfranchisement (thru alienation). I've door belled, worked the phones, and done fund raising; voters HATE us.
But every else is utterly opposed to the alternative system. Universal voter registration, compulsory voting, and massively curtail campaigning.
In other words, be like every other mature democracy. But we couldn't possibly have that. Because Murica! or something.
TLDR: Burn it all down. Upgrade to genuine democracy.
This is particularly annoying. I was a fairly apathetic, dedicated non-voter for most of my adult life, avoiding anything political, didn't even register to vote, but once considered living with my grandmother for a brief while and uploaded a resume with her address to see what bites I could get from the local Las Vegas job market. 15 years later, I still get near daily texts during campaign seasons from some Trump-adjacent nonsense thinking I'm my grandmother because it associates my phone number with an address I never lived at, plus a bunch of calls from the 702 area code I never answer.
I've gotten nearly a dozen in the past week. It's pretty unnerving with the recent history of zero-click iMessage exploits. These are SMS, but maybe there's a privately known SMS zero-click exploit.
Spam SMS ought to be even easier for carriers to filter than voice. They need to do it and soon.
“It's pretty unnerving with the recent history of zero-click iMessage exploits.”
Someone can compromise your phone by simply sending an iMessage without the receiver interacting with the message (even to immediately block the sender)?
It's interesting to hear how many spam texts you're getting.
I've got a private phone and a work phone on T-Mobile. My private number gets maybe 1 spam text per month, but 2-3 robocalls per week, while my work phone gets 3~ spam text messages per week and about the same number of robocalls.
Overall, the number of robocalls I've been getting has gone down somewhat, but not noticeably. It's probably decreased by something like less than 10%.
I had no idea anything had been done to robocalls, I really hadn't noticed any sort of decline.
It seems to vary substantially for me. I'll get 2-3 spam calls a day for a week or two on my personal cell number, then nothing for several months, then they'll resume again.
One of the most annoying incidents was when I get new work cell from AT&T. It must have been a recycled number from someone who signed up for a lot of.... crap, because that phone got 10+ spam texts and 5+ spam calls every day I had it, from the moment I put the SIM card in a phone. Eventually had to get a different number from AT&T.
Visible prepaid here & I live in a red state. I get 1-2 Trump campaign spam texts a week and blocking the numbers isn't helping. Generic spam text almost never. Robocalls are a steady 1-10 a week which makes me miss googles automated answering service.
I'm no longer getting almost any robocalls on Verizon as of a couple of months ago when they "turned on" STIR/SHAKEN. What I am getting instead is the same volume of spam text messages.