| ▲ | ggm 5 hours ago |
| I've yet to read a good explanation of why the telcos permit CLID faking and reinjection of apparently local CLID by overseas inputs. I'm assuming there's a technical and/or willpower reason or some counterfactual like VOIP depends on it. Even just flagging it would help. Or, rejecting numbers they can know lie inside their own routing architecture, or asserts within their own number plan where the CLID does not match. Morally it's like BCP38 in the customer facing internet systems: reject customer input they don't pay you to assert. |
|
| ▲ | edent 4 hours ago | parent | next [-] |
| I used to work at two (UK) telcos. There's a historic reason and a modern reason. The historic reason was, just like the Internet, the international phone network was built on gentlemen agreements by engineers who largely trusted each other. A big national telco is unlikely to attack its peers, so there was little need for safety measures. As smaller telcos came in to the mix via deregulation, that understanding changed - but it was hard to retroactively fit controls. The more modern reason is outsourced call centres. You want outbound calls from your Philippines based staff to show as if they were calling from a local number. When large and reputable entities were doing this it was fine. Just like showing a different reply-to address on an email. If you were designing a modern network, it wouldn't be like this. But international telephony is over a hundred years old and has a huge amount of legacy technology and legal agreements. |
| |
| ▲ | BLKNSLVR 4 hours ago | parent | next [-] | | > You want outbound calls from your Philippines based staff to show as if they were calling from a local number. The company that has offshored it's support to the Philippines might want that, but I doubt any consumers want that. That shouldn't have happened, but regulation comes (20+ years?) after harmful business profit decisions have been made and implemented. But, thank you for the explanation. I have heard similar explanations before, and it has always sounded to me like a situation where the telcos are able to offer a service for a profit for the customers to hide the origin of their offshore call centres (that mostly nobody wants to speak to anyway). I think I just ranted twice, sorry. Thank you! | | |
| ▲ | brainwad 3 hours ago | parent | next [-] | | The consumers 'want' it because if they get disconnected and try to recall, by spoofing a local number it costs them nothing/little since it's a local number (maybe toll-free?) instead of a lot for an international call. Of course, they might want a local call centre even more, but spoofing a local number for overseas call centres does have a purpose. | | |
| ▲ | 2 hours ago | parent | next [-] | | [deleted] | |
| ▲ | realusername 3 hours ago | parent | prev [-] | | I've never seen an hotline where you can call back and resume the call you were doing. | | |
| ▲ | traceroute66 2 hours ago | parent | next [-] | | > I've never seen an hotline where you can call back and resume the call you were doing. Assuming they even accept inbound calls to the CLI number in the first place. I frequently encounter companies where I miss a call due to $reason, I then try to call back the CLI number and it just says "This was $megacorp trying to call you, we will try again later". Or, if you're really lucky, the CLI will just dump you into IVR-hell which, of course, is "AI powered" today, so you have to spend 30 minutes telling the stupid robot they mis-intepreted your voice. | |
| ▲ | orwin 3 hours ago | parent | prev | next [-] | | My electric company gave me a number (UID, not phone number) to resume a call if the issue wasn't fixed within 24 hours, and I'm pretty sure internet operators have the same protocol (at least used to). | | |
| ▲ | arethuza 2 hours ago | parent | next [-] | | Is that to restart the call to the same person or a case id that gives details of your request and that could be passed to anyone? | | |
| ▲ | embedding-shape 12 minutes ago | parent [-] | | Can literally be a "Desk ID" basically, so using that would reach the phone next to the agent. Used to work both with outgoing cold calls and incoming customer support, had a setup that worked like that for the latter. |
| |
| ▲ | traceroute66 2 hours ago | parent | prev [-] | | > My electric company gave me a number (UID, not phone number) to resume a call if the issue wasn't fixed within 24 hours What planet do you live on ? Seriously. Where I am it is guaranteed that a utility company would never even consider such a concept let alone have the technical competence to actually implement it. I'm jealous. ;) |
| |
| ▲ | brainwad 2 hours ago | parent | prev [-] | | The call centre for my Australian bank's KYC is seemingly backed by a single person. I've spoken to her a few times now... so calling them back more or less does work, though you might have to wait on hold again. |
|
| |
| ▲ | alexjurkiewicz 3 hours ago | parent | prev [-] | | Showing overseas based workers of Microsoft as another company name on caller ID is a phishing risk. | | |
| ▲ | jstanley 2 hours ago | parent [-] | | Showing workers of companies other than Microsoft as Microsoft on caller ID is a phishing risk. |
|
| |
| ▲ | arethuza 3 hours ago | parent | prev | next [-] | | Just looking at my incoming call list on my phone for yesterday: "Suspected Spam", "Suspected Spam", "Suspected Spam", "Potential Fraud", "Suspected Spam", "Suspected Spam", a real call, "Suspected Spam", "Suspected Spam"... Phone is set to only notify me for numbers for known contacts - does mean that I occasionally miss calls from other people, but I can live with that. | | |
| ▲ | nephihaha 3 hours ago | parent [-] | | I often get calls from people I don't know for legitimate purposes. Spam calls happen but I'm not interested in social credit ratings for callers. | | |
| ▲ | petre a few seconds ago | parent | next [-] | | If some unknown numbers calls me and they're not a courier or the bank (which rarely calls) I immediately assume it's a scammer. | |
| ▲ | arethuza 2 hours ago | parent | prev | next [-] | | Yes, was just relating my experience - it's just go the the point where I personally opt to play safe. Like everyone I do get calls from people who aren't in my contact list but it was getting silly so I've defaulted to ignoring them and it works for me. Anyone serious is going to be happy leaving a message - which suits me anyway as I spend a large part of my work day in Teams calls. | |
| ▲ | magicalhippo an hour ago | parent | prev [-] | | I too, but I never take them before I've looked up the number. If it's important they'll take my call or call back. |
|
| |
| ▲ | WhyNotHugo 31 minutes ago | parent | prev | next [-] | | > The more modern reason is outsourced call centres. You want outbound calls from your Philippines based staff to show as if they were calling from a local number. When large and reputable entities were doing this it was fine. Just like showing a different reply-to address on an email. For this particular case, do they really spoof the caller ID on an (expensive) international phone call, or do they actually just re-route via a local phone number? | |
| ▲ | amluto 4 hours ago | parent | prev | next [-] | | > You want outbound calls from your Philippines based staff to show as if they were calling from a local number. This is a valid use case, but I’m a bit surprised that the mechanism isn’t better controlled. Surely a better design would be for an actual local entity to forward the call, possibly with an optimization to allow the voice data to bypass the local entity once the call is connected. | | |
| ▲ | edent 2 hours ago | parent | next [-] | | The mechanism is https://en.wikipedia.org/wiki/STIR/SHAKEN But it is slow to roll out. | |
| ▲ | rusk 3 hours ago | parent | prev [-] | | Just whitelist the caller ID and have the originating network guarantor The second part is the hard part and requires coordination It wouldn’t be expensive or especially hard to do but there is no payoff for the network. Remember they make money off scam calls too Since as long as I can remember these organisations have been optimised for profit, not for GAF and that’s why they’re being savaged by regulation and OTT competitors now There has been no market forces compelling them to do this and until recently when it got really bad, no political or regulatory forces tl;dr na bro |
| |
| ▲ | Affric an hour ago | parent | prev | next [-] | | It's been a while since I did telecoms related stuff but also you might want a different CLI and ANI for forwarded calls so you can preserve the original line being used. Obviously the whole scam call centre has changed how it has to work but we actually had a working system that had quite a few useful features. | |
| ▲ | realusername 3 hours ago | parent | prev | next [-] | | > You want outbound calls from your Philippines based staff to show as if they were calling from a local number I personally don't? Why would I want that. The companies might want to hide that info but I don't think that's a legitimate use case. | | |
| ▲ | edent an hour ago | parent [-] | | Because it is useful for most people to see that they're receiving a call from their bank, insurance company, hospital, whoever. The hospital's call staff might not be in the same building as the doctor - so showing a familiar number is useful. In an ideal world you would be able to trust that number but, as per the above, that isn't always the case. |
| |
| ▲ | freefaler 4 hours ago | parent | prev | next [-] | | It's a solved problem. VoIP plus leased trunk lines by the a telco in the market you want to work at. You are limited to fixed set of numbers and you are "local" in the market you want to work at. | | |
| ▲ | ben_w 3 hours ago | parent [-] | | That we can do better now isn't important to why something existed to be grandfathered-in in the first place. Call centres were getting outsourced before e.g. Skype was a twinkle in the eyes of Priit Kasesalu and Jaan Tallinn. |
| |
| ▲ | redsocksfan45 an hour ago | parent | prev [-] | | [dead] |
|
|
| ▲ | ale42 2 hours ago | parent | prev | next [-] |
| > I've yet to read a good explanation of why the telcos permit CLID faking and reinjection of apparently local CLID by overseas inputs. Actually, there are several legitimate use cases: • Call divert: Local number calls a number abroad and that one is diverted back a another local number. It's probably rare, but it's a totally legit use case. • 2G/3G roaming: I'm not an expert on this one, but as far as I understood it, roaming calls placed on 2G/3G networks are initiated in the visiting country, and use the local number of the caller. • Getting better rates using VoIP. Whether this is legit or not might be subject to discussion, however I was using a foreign VoIP provider (because they had better rates for local calls than any local providers, for my low call volume) sending out my own local number (had to be validated by them by callback, although that's their own security measure, not the network's one). Now in several EU countries and Switzerland this doesn't work any more, as calls bearing national IDs coming from abroad must be displayed as anonymous. And it's quite annoying that there isn't a way to "authentify" those numbers so the owner can use them as they wish. |
|
| ▲ | fmajid 3 hours ago | parent | prev | next [-] |
| That's why in 2020 the FCC belatedly mandated SHAKEN/STIR to authenticate Caller ID in the US using public-key cryptography. Deployment is still work in progress, and it does not cover SMS/MMS, however. A bigger problem is Russia or Saudi Arabia using the SS7 signalling network to track their dissidents in the US because those legacy telco protocols have basically no authentication whatsoever, and won't blink if a Saudi Telco sends Verizon a MAP message saying "what is the cell location of Jamal Khashoggi's phone?" |
|
| ▲ | fowl2 4 hours ago | parent | prev | next [-] |
| Telco networks are sprawling and accurately defining the boundary might be harder than it sounds. Traditionally they have a bias towards "working"/delivering traffic. It's easier to issue a refund than answer a urgent support request. I can also imagine the biggest customers have all sorts of multi-vendor failover plans that may be affected. |
|
| ▲ | stymaar 4 hours ago | parent | prev | next [-] |
| > Even just flagging it would help. That's what's mandated by ARCEP (the French regulator) since the beginning of this year, and now all faked numbers are marked as “hidden caller”, and indeed it helps a lot. |
| |
| ▲ | orwin 3 hours ago | parent [-] | | The Sitbon family didn't lobby hard enough to prevent this. |
|
|
| ▲ | bxk76 4 hours ago | parent | prev | next [-] |
| Cost. Cost to spam and scam tends to 0 at industrial scale. Meanwhile amount of time and resources telco want to spend on fighting it is Bounded by how much regulators are going to allow them to pass on to customers. |
|
| ▲ | dools 3 hours ago | parent | prev [-] |
| I rely on the ability to set the outbound caller ID but I would happily register it if required. |
