Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is the kind of solution that only works because basically nobody is doing it. If a big provider deployed it, it would take five seconds for it to be defeated.


The OP didn't exhaust their solutions. They found a simple solution which works (for them), and shares it. Once the solution gets widely adopted, it will also get more attack surface. In the meantime, the solution works well because the risk (getting spam calls once more) is worth the small investment. Its essentially a no-brainer to implement this, if you suffer from this issue (I don't, I'm eagerly waiting for a fun phone call with Miclosoft customer support despite owning no such products).


This is hacker news so this kind of solution is cool. And whatever the big guys are doing this user can always change his approach to defeat the spammers. Not globally but just for himself.


Yeah. This is so much like greylisting for email, but simpler. Greylisting has been around since at least 2007 and most spammers still don't bother getting around it.


I agree.


Exactly. With phone number spoofing, all the scammer needs is the phone number of someone on your list. With social media how long do you think it would take to generate such a list, and to get propagated to every scammer?


In UK some of the call centres use a fake local number.

It seems to me that phone companies can detect that, but they don't want to reduce the number of calls, do they?


How is a spammer going to figure out phone numbers of people on my list from social media? I don't know about you, but I don't have my Facebook friends publicly viewable.

And that's an awful lot of work just to cold-call someone to try to sell them insurance or whatever.


With a handy-dandy facebook bug that allows them to scrape such data at scale?

This has happened multiple times before, at least two separate incidents have made the news.


This doesn't seem like a reliable way of running a business: just hoping that you can exploit a bug in Facebook (which will surely be fixed before long) so you can grab people's friends, try to figure out their phone numbers, then spoof them, then cold-call them trying to sell them crap insurance.

I'm sorry, this just sounds far-fetched to me. History seems to have shown that when hurdles are just a little too high, the spammers just don't bother.


Why just facebook? Spammers have been exploiting bugs like this in everything for years. The data gets scraped and then sold and resold.


This would need to be spoofed for every individual though. I imagine this would be cost prohibitive enough that it would at least in the short term kill most spam phone calls.


On the contrary, it represents a revenue opportunity for the first person who can generate a list of matching pairs of phone number and friend phone number. I wouldn't expect the list to be prohibitively expensive because it will be resold thousands of time.


Can you explain phone number spoofing to me? Is there truly phone spoofing that is more than faking the dialer on the client?


There is no way for you to verify whether the caller's phone number is actually the real source. Anyone can impersonate anyone. It's like the source address in an IP packet. You can put whatever you want in there.

This is mostly a US problem though. In Europe, the operators tend to be more strict on this, AFAIK.


You should read the book "Ghost in the Wires" by Kevin Mitnick. It will really open your eyes as to what is possible with phones.


can I borrow your copy? I will pay shipping to and fro' :)


Sure! But honestly, it will probably be cheaper for you to just buy it from Amazon for $8. Or, read it for free using Overdrive (if you have a Kindle/ereader).


But this way I get to bug you about my discoveries and compare interpretations with yours... the knowledge comes with instruction hehe


I like the idea of using a 'enter code' (where code is pseudo randomly generated) to request your number be added to the white list. This could be done for all users not in your contacts. Then, the user could leave, say a voicemail, which is converted to text that goes into a list that you could later scan for valid requests.

I currently use the "Should I Answer" app, mentioned below, which is about as good as it gets in terms of pissed off people working together to fight the good fight I think.

However, all of this crap is still jist a bandaid for a lack of our governmental ability (at least in the U.S.) to hold phone utilities accountable for the illegal use of phone numbers.(1) Fine the phone companies hard and the problem goes away.

1. https://www.consumerreports.org/consumerist/phone-companies-...


I just love the thought of identifying a CAPTCHA-like obscured audio everytime I am calling someone.. :D


"Laurel" "Sorry, the expected answer was Yannie."


I love the idea of using that to train my new speech-to-text AI.


While I agree, if you randomize the number that needs to be pressed to get by the prompt it could become a serious roadblock for most autodialer systems.


Go the ReCaptcha route and have them listen to 9 sounds and tell you which one of them are store fronts.


Google Voice offers this as an option; they're fairly big.


They have a "Press 1 to be connected" option? Where?


Not who you're replying to, but I just looked and the only option I see is you can turn on screening and so when you pick up, you hear the person's name and can decide to take the call or not.


Yeah, plus spam filtering, which AFAIK doesn't work like the GP's solution. I think the other commenter was just confused.


And you can choose to disable screening for numbers that are already in your contacts.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: