The FCC wants to legally force telecoms to collect new and renewing customers’ government issued identity number and physical address, impacting everyone from the privacy-conscious to domestic abuse survivors. “We never thought that would happen here.”
They did this in Hong Kong already. Everyone still gets spam. People who make a living off of this will find a way.
Has nothing to do with spam and everything to know who you are. Spammers don’t use “burner phones”.
yes, I know, I’m just pointing out that it won’t even work on its supposed intended goal lol
I literally never get spam calls. NEVER.
you’re in the wrong country then lol
No I’m not. I’d hate getting spam calls.
Doesn’t matter where I go to, though. I’ve had this phone number since like 96 and it’s always been non-listed, so commercial services can’t get it unless I give it to them.
I had some calls for a gym membership a few years after I drunkenly put it into some lottery or another but I told them there’s a marketing ban on the number and they gave up.
“…but it’s to protect the children!!!”
Is the usual excuse
“Ok Mr Senator, then how about we add free school lunches to this bill. For a large portion of children this is the only meal they get per day.”
“fuck off”
Spam was never done with “burner phones” in the first place, it’s mostly done via VoIP through shady telecoms companies that can’t be bothered to validate their customers. Due to the age of the phone system it’s incredibly easy to spoof phone numbers because it’s essentially a trust system. Phone exchange A talks to exchange B and says phone number 123 is calling number 456. How does exchange B know that it’s actually 123 calling? They don’t at all, they just trust that exchange A is telling the truth. It’s really hard to get into the system, but once you’re there you essentially have unlimited power with virtually no safeguards in place.
Basically from a security perspective the phone system looks a lot like the 1980s internet, there is technically some security in place, but significantly less than there actually should be.
In the US at least they’ve been implementing STIR/SHAKEN since about 2020. You can typically see the result of this on your cell phone. Incoming calls should have a little checkmark next to them meaning they’re a verified caller. It’s similar to SSL certs for domain names but for callers instead. (Shady crap for the root CAs but that’s a different issue…cause America).
This isn’t a perfect system as parts of the world that call into the US don’t have VoIP equipment but the FCC has other guidelines on top of STIR/SHAKEN. They are actively trying to mitigate spam but it takes awhile to revamp something as old as the worlds phone system.
It really isn’t difficult to get into telcom systems as there are many countries with almost no requirements to sign up as a telco.
One of the things that surprised me the most when I started working on vishings for a Cybersecurity Red Team was how extremely easy it is to spoof any phone number.
It’s the nunber one tip I give to anyone who asks about security, a lot of people don’t know that, and spear-vishings are extremely effective.
People have learned to mostly not trust Microsoft Support numbers asking for your CC, but when an internal company number that your phone matches to your bosses boss calls you, a lot of people fall for that.
This isn’t to fight spam, it’s to fight the populace